Laptop running Extremely slow- Infected

dashelter · Sep 19, 2021

Here are the 2 logs requested:

FRST scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-09-2021
Ran by Sinikka (administrator) on HOME (Hewlett-Packard HP Pavilion Sleekbook 15) (18-09-2021 21:26:27)
Running from C:\Users\Sinikka\Downloads
Loaded Profiles: Sinikka
Platform: Windows 10 Home Version 21H1 19043.1237 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink -> CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <36>
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Impulse Point LLC -> Impulse Point,LLC) C:\Program Files (x86)\SafeConnect\SafeConnectClient.exe
(Impulse Point LLC -> Impulse Point,LLC) C:\Program Files (x86)\SafeConnect\scManager.sys
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2108.25001.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20388.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20388.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\NisSrv.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realsil Microelectronics Inc.) [File not signed] C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\EPSON Software\PMA_A\PMA.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\EPSON Software\PMA_A\PMAService.exe
(SEIKO EPSON Corporation -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink -> CyberLink Corp.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1092304 2016-03-14] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [653352 2017-07-20] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [862248 2017-07-20] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle America, Inc. -> Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2038757326-2490540420-1122988387-1002\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35093120 2021-09-10] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2038757326-2490540420-1122988387-1002\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Sinikka\AppData\Local\Microsoft\Teams\Update.exe [2342544 2020-04-03] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKLM\...\Print\Monitors\EPSON Universal Print Driver 64MonitorBE: C:\WINDOWS\system32\E_2LM0DE.DLL [183296 2017-12-11] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\EPSON WF-3620 Series 64MonitorBE: C:\WINDOWS\system32\E_YLMBKEE.DLL [179712 2013-10-22] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\EpsonNet Print Port: C:\WINDOWS\system32\enppmon.dll [500736 2016-09-14] (SEIKO EPSON CORPORATION) [File not signed]
HKLM\...\Print\Monitors\HP Universal Port Monitor: C:\WINDOWS\system32\hpbprtmon.dll [355840 2012-08-08] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\93.0.4577.82\Installer\chrmstp.exe [2021-09-17] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SafeConnect.lnk [2021-06-21]
ShortcutTarget: SafeConnect.lnk -> C:\Program Files (x86)\SafeConnect\scClient.exe (Impulse Point LLC -> Impulse Point,LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0279A04E-88AE-497F-AB54-9D95FC62A3C2} - System32\Tasks\EPSON WF-3620 Series Update {730E568F-07C2-4CCF-A22F-5BCEE96E5785} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
Task: {094CD275-5C71-4753-B57E-5566CA859498} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {0F6DBBD1-1FA5-490B-A482-1F43FCC689E6} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {17B0C444-6312-4EDE-A8B1-54AB05161084} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\A49861B6-2DB7-4134-B219-4CC9DEC6D1FC\Schedule to run OMADMClient by server => C:\WINDOWS\system32\omadmclient.exe [435712 2021-09-18] (Microsoft Windows -> Microsoft Corporation)
Task: {205091E5-1902-4A4E-9C65-AE283F190863} - System32\Tasks\HPPSDrTelemetryWatch => C:\Program Files (x86)\HP\Diagnostics\TelemetryWatch\PSDrTelemetryWatch.exe [32776 2020-08-21] (HP Inc. -> )
Task: {20AD2E19-A84D-4B92-8D45-C73B522CAE3D} - System32\Tasks\R@1n-KMS\Office16ProPlus => wmic path SoftwareLicensingProduct where (ID="d450596f-894d-49e0-966a-fd39ed4c4c64") call Activate
Task: {25F9AF29-2EE5-459F-BADA-6FD5E4806197} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\A49861B6-2DB7-4134-B219-4CC9DEC6D1FC\Schedule #1 created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [458752 2021-09-18] (Microsoft Windows -> Microsoft Corporation)
Task: {2780204E-0247-400A-B909-8D0ABC6B8256} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\A49861B6-2DB7-4134-B219-4CC9DEC6D1FC\OS Edition Upgrade event listener created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [458752 2021-09-18] (Microsoft Windows -> Microsoft Corporation)
Task: {28E8D465-5311-42E9-AD7E-9A89E19B7554} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-08-07] (Google Inc -> Google Inc.)
Task: {2A46E3CF-A40A-4019-8904-815BF29C69E0} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\A49861B6-2DB7-4134-B219-4CC9DEC6D1FC\Schedule #2 created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [458752 2021-09-18] (Microsoft Windows -> Microsoft Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3938708E-8AA6-493D-AB71-1F95C967DBEF} - System32\Tasks\EPSON WF-3620 Series Invitation {730E568F-07C2-4CCF-A22F-5BCEE96E5785} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
Task: {39F5B586-941B-4E0F-8110-C92FD48A2DB6} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\A49861B6-2DB7-4134-B219-4CC9DEC6D1FC\Win10 S Mode event listener created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [458752 2021-09-18] (Microsoft Windows -> Microsoft Corporation)
Task: {3EF3D183-7DF1-4C8D-B75A-EA2430E08A40} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {43245810-DBAA-4FB6-A905-EDA7AED51F77} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {536BF69D-E9AF-4913-A4F0-F4BA867CACC5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpCmdRun.exe [851472 2021-09-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5569B940-9B6B-4D9A-8649-C83F1F6BEB49} - System32\Tasks\HPGenoobeReminder => C:\Program Files (x86)\Hewlett-Packard\HP Registration Service\HP GenOOBE\HPGenOOBE.exe
Task: {5936E948-D96D-4633-B9F7-6B5E52CEBD8A} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\A49861B6-2DB7-4134-B219-4CC9DEC6D1FC\Schedule to run OMADMClient by client => C:\WINDOWS\system32\omadmclient.exe [435712 2021-09-18] (Microsoft Windows -> Microsoft Corporation)
Task: {61535E3E-7A96-4CF1-9FAC-0BCF5168EE01} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
Task: {6B9ABB2F-16CE-4BB2-A973-85444878ADEC} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\A49861B6-2DB7-4134-B219-4CC9DEC6D1FC\PushRenewal => C:\WINDOWS\system32\deviceenroller.exe [458752 2021-09-18] (Microsoft Windows -> Microsoft Corporation)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {778B8783-8AE2-4B7B-A3CE-F1031C8052F6} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\A49861B6-2DB7-4134-B219-4CC9DEC6D1FC\Schedule #3 created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [458752 2021-09-18] (Microsoft Windows -> Microsoft Corporation)
Task: {7B200950-84EC-4B37-B19B-24265AFD6FC5} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\A49861B6-2DB7-4134-B219-4CC9DEC6D1FC\Passport for Work alert created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [458752 2021-09-18] (Microsoft Windows -> Microsoft Corporation)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {875DC823-264F-4BC8-8AC1-B181FFA73B36} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {88916005-51CA-4CDF-8749-7F802EFCF0E1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [592288 2012-09-05] (Hewlett-Packard Company -> Hewlett-Packard Company)
Task: {88ACECE3-4225-4772-8C15-652C02A2E6F4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpCmdRun.exe [851472 2021-09-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8B6759EE-1C08-4B8F-955C-774AB5A6544E} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {8EF1CDE2-35EB-4E3B-8B4D-1FB5207E6D49} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\A49861B6-2DB7-4134-B219-4CC9DEC6D1FC\Schedule created by enrollment client for renewal of certificate warning => C:\WINDOWS\system32\deviceenroller.exe [458752 2021-09-18] (Microsoft Windows -> Microsoft Corporation)
Task: {92CD0A89-7ED8-4987-B516-C5EF9049593B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {9C694999-C852-43DA-8BBC-2AB8502F41D7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [29155968 2021-09-10] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {A06B3FF7-86D8-40EA-96B0-6DB543A6A695} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\A49861B6-2DB7-4134-B219-4CC9DEC6D1FC\Provisioning initiated session => C:\WINDOWS\system32\deviceenroller.exe [458752 2021-09-18] (Microsoft Windows -> Microsoft Corporation)
Task: {AC7E4E71-DA3D-4448-B7EA-5E4FECFAE8B9} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2012-10-12] (CyberLink -> CyberLink)
Task: {B29C58E9-4CA2-456C-84E1-6E9C7A67F13D} - System32\Tasks\CCleanerSkipUAC - Sinikka => C:\Program Files\CCleaner\CCleaner.exe [29155968 2021-09-10] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {B8DCAFAC-73EB-4A16-BEB3-6147DE98C0F1} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [316632 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {BD0B898F-7D4C-4EF2-B503-6AD6C1981603} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
Task: {C2B8561D-00EC-4EEB-AEA3-2FE9AD5E583E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpCmdRun.exe [851472 2021-09-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C79DDBFB-3747-452C-95FC-549BC1F4A1E2} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [4388440 2017-12-11] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {C8D8E182-D919-4069-945C-BA2030F0DB2C} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-09-10] (Piriform Software Ltd -> Piriform)
Task: {C9DCF59E-6B97-4C0C-8641-B8261089C8CA} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {D04F0F9E-7A05-436A-BBC1-65FCE38CAE34} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\A49861B6-2DB7-4134-B219-4CC9DEC6D1FC\PushUpgrade => C:\WINDOWS\system32\deviceenroller.exe [458752 2021-09-18] (Microsoft Windows -> Microsoft Corporation)
Task: {DB21EF32-6BA9-4118-BBC1-BC4FF48961E5} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {DFF2716A-9978-4791-98AE-2BF5C363692A} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {E1E22498-8799-4E7C-B031-EC190B6519CB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-08-07] (Google Inc -> Google Inc.)
Task: {EC5BCCE5-B3B8-4658-AB5F-9B87DA2346DB} - System32\Tasks\Microsoft\Windows\WaaSMedic\MaintenanceWork => {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32}
Task: {FFC9E96B-4B22-4402-9505-C39752BEFA12} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\A49861B6-2DB7-4134-B219-4CC9DEC6D1FC\PushLaunch => C:\WINDOWS\system32\deviceenroller.exe [458752 2021-09-18] (Microsoft Windows -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\EPSON WF-3620 Series Invitation {730E568F-07C2-4CCF-A22F-5BCEE96E5785}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE
Task: C:\WINDOWS\Tasks\EPSON WF-3620 Series Update {730E568F-07C2-4CCF-A22F-5BCEE96E5785}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE:/EXE:{730E568F-07C2-4CCF-A22F-5BCEE96E5785} /F:UpdateWORKGROUP\HOME$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1 app.drivereasy.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{eeda8407-9547-44b5-bd11-55c4f8747b94}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{fef856c4-b340-4516-88fc-6a8952bf1a25}: [DhcpNameServer] 192.168.1.254

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Sinikka\AppData\Local\Microsoft\Edge\User Data\Default [2021-09-18]
Edge Notifications: Default -> hxxps://teams.microsoft.com

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-11-01] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-11-01] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-04-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-09-09] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Sinikka\AppData\Local\Google\Chrome\User Data\Default [2021-09-18]
CHR Extension: (Slides) - C:\Users\Sinikka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-17]
CHR Extension: (Docs) - C:\Users\Sinikka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-17]
CHR Extension: (Google Drive) - C:\Users\Sinikka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-24]
CHR Extension: (YouTube) - C:\Users\Sinikka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-07]
CHR Extension: (Sheets) - C:\Users\Sinikka\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-17]
CHR Extension: (Google Docs Offline) - C:\Users\Sinikka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-07-02]
CHR Extension: (Ibotta: Cash back made easy) - C:\Users\Sinikka\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfaedmjlefifhnhpgipjjiiekchaimpk [2021-09-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Sinikka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-04]
CHR Extension: (Gmail) - C:\Users\Sinikka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-24]
CHR Profile: C:\Users\Sinikka\AppData\Local\Google\Chrome\User Data\System Profile [2021-09-18]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-10-18] (Advanced Micro Devices, Inc.) [File not signed]
R2 Epson PMAService A; C:\Program Files (x86)\Epson Software\PMA_A\PMAService.exe [113144 2017-03-28] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (SEIKO EPSON Corporation -> Seiko Epson Corporation)
S2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [299680 2021-09-17] (HP Inc. -> HP Inc.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 SCManager; C:\Program Files (x86)\SafeConnect\scManager.sys [2764448 2018-09-24] (Impulse Point LLC -> Impulse Point,LLC)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2108.7-0\NisSrv.exe [2772856 2021-09-17] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2108.7-0\MsMpEng.exe [136640 2021-09-17] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R3 HpqKbFiltr; C:\WINDOWS\System32\drivers\HpqKbFiltr64.sys [37112 2017-10-11] (Hewlett-Packard Company -> Hewlett-Packard Company)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [329184 2017-10-11] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2021-09-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [433384 2021-09-17] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86264 2021-09-17] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [34944 2018-05-11] (HP Inc. -> HP)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-09-18 21:26 - 2021-09-18 21:29 - 000024788 _____ C:\Users\Sinikka\Downloads\FRST.txt
2021-09-18 21:24 - 2021-09-18 21:28 - 000000000 ____D C:\FRST
2021-09-18 21:23 - 2021-09-18 21:24 - 002304000 _____ (Farbar) C:\Users\Sinikka\Downloads\FRST64.exe
2021-09-18 19:01 - 2021-09-18 19:01 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-09-18 19:01 - 2021-09-18 19:01 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-09-18 19:00 - 2021-09-18 19:00 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-09-18 19:00 - 2021-09-18 19:00 - 001313608 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-09-18 19:00 - 2021-09-18 19:00 - 000672768 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2021-09-18 19:00 - 2021-09-18 19:00 - 000570368 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-09-18 19:00 - 2021-09-18 19:00 - 000122880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
2021-09-18 19:00 - 2021-09-18 19:00 - 000011355 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-09-18 18:59 - 2021-09-18 18:59 - 002111488 _____ (Digimarc) C:\WINDOWS\SysWOW64\DMRCDecoder.dll
2021-09-18 18:59 - 2021-09-18 18:59 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-09-18 18:59 - 2021-09-18 18:59 - 001164288 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-09-18 18:59 - 2021-09-18 18:59 - 000426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-09-18 18:59 - 2021-09-18 18:59 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-09-18 18:58 - 2021-09-18 18:58 - 001823304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-09-18 18:58 - 2021-09-18 18:58 - 001393480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-09-18 18:58 - 2021-09-18 18:58 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2021-09-18 18:57 - 2021-09-18 18:57 - 002295296 _____ (Digimarc) C:\WINDOWS\system32\DMRCDecoder.dll
2021-09-18 18:57 - 2021-09-18 18:57 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-09-18 18:57 - 2021-09-18 18:57 - 000098816 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-09-18 18:56 - 2021-09-18 18:56 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-09-18 18:56 - 2021-09-18 18:56 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2021-09-18 18:56 - 2021-09-18 18:56 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-09-18 18:56 - 2021-09-18 18:56 - 000162816 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-09-18 18:07 - 2021-09-18 18:07 - 000000000 ___HD C:\$WinREAgent
2021-09-18 08:46 - 2021-09-18 08:46 - 000000000 ____D C:\Users\Sinikka\AppData\Local\ElevatedDiagnostics
2021-09-17 10:27 - 2021-09-17 07:14 - 000000000 ____D C:\Windows.old
2021-09-17 10:18 - 2021-09-17 10:27 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2021-09-17 10:15 - 2021-09-17 10:18 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2021-09-17 10:15 - 2021-09-17 10:15 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2021-09-17 10:05 - 2021-09-17 10:05 - 000000000 ____D C:\ProgramData\ssh
2021-09-17 09:53 - 2021-09-17 09:53 - 001687040 _____ C:\WINDOWS\system32\libcrypto.dll
2021-09-17 09:53 - 2021-09-17 09:53 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsraLegacy.tlb
2021-09-17 09:53 - 2021-09-17 09:53 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsraLegacy.tlb
2021-09-17 09:53 - 2021-09-17 09:53 - 000006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rendezvousSession.tlb
2021-09-17 09:53 - 2021-09-17 09:53 - 000006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\rendezvousSession.tlb
2021-09-17 09:51 - 2021-09-17 09:51 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-09-17 09:51 - 2021-09-17 09:51 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-09-17 09:51 - 2021-09-17 09:51 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-09-17 09:51 - 2021-09-17 09:51 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpg2splt.ax
2021-09-17 09:51 - 2021-09-17 09:51 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-09-17 09:51 - 2021-09-17 09:51 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-09-17 09:51 - 2021-09-17 09:51 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-09-17 09:50 - 2021-09-17 09:50 - 002371072 _____ C:\WINDOWS\system32\rdpnano.dll
2021-09-17 09:50 - 2021-09-17 09:50 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-09-17 09:50 - 2021-09-17 09:50 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-09-17 09:50 - 2021-09-17 09:50 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-09-17 09:50 - 2021-09-17 09:50 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpg2splt.ax
2021-09-17 09:50 - 2021-09-17 09:50 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-09-17 09:50 - 2021-09-17 09:50 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-09-17 09:50 - 2021-09-17 09:50 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-09-17 09:50 - 2021-09-17 09:50 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-09-17 09:50 - 2021-09-17 09:50 - 000045880 _____ C:\WINDOWS\system32\HvSocket.dll
2021-09-17 09:49 - 2021-09-17 09:49 - 003860832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpltfm.dll
2021-09-17 09:49 - 2021-09-17 09:49 - 000980320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpal.dll
2021-09-17 09:49 - 2021-09-17 09:49 - 000915296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmcodecs.dll
2021-09-17 09:49 - 2021-09-17 09:49 - 000732000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ortcengine.dll
2021-09-17 09:49 - 2021-09-17 09:49 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-09-17 09:49 - 2021-09-17 09:49 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-09-17 09:49 - 2021-09-17 09:49 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-09-17 09:49 - 2021-09-17 09:49 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncpa.cpl
2021-09-17 09:49 - 2021-09-17 09:49 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-09-17 09:49 - 2021-09-17 09:49 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-09-17 09:49 - 2021-09-17 09:49 - 000055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmmvrortc.dll
2021-09-17 09:48 - 2021-09-17 09:48 - 001864192 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll
2021-09-17 09:48 - 2021-09-17 09:48 - 000611952 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-09-17 09:48 - 2021-09-17 09:48 - 000468440 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-09-17 09:48 - 2021-09-17 09:48 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-09-17 09:48 - 2021-09-17 09:48 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-09-17 09:48 - 2021-09-17 09:48 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bthprops.cpl
2021-09-17 09:48 - 2021-09-17 09:48 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\activeds.tlb
2021-09-17 09:48 - 2021-09-17 09:48 - 000047472 _____ C:\WINDOWS\SysWOW64\umpdc.dll
2021-09-17 09:48 - 2021-09-17 09:48 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2021-09-17 09:47 - 2021-09-17 09:47 - 004898144 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpltfm.dll
2021-09-17 09:47 - 2021-09-17 09:47 - 001354080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpal.dll
2021-09-17 09:47 - 2021-09-17 09:47 - 001091936 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmcodecs.dll
2021-09-17 09:47 - 2021-09-17 09:47 - 001032544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ortcengine.dll
2021-09-17 09:47 - 2021-09-17 09:47 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-09-17 09:47 - 2021-09-17 09:47 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-09-17 09:47 - 2021-09-17 09:47 - 000240640 _____ C:\WINDOWS\SysWOW64\CoreMas.dll
2021-09-17 09:47 - 2021-09-17 09:47 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-09-17 09:47 - 2021-09-17 09:47 - 000056672 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmmvrortc.dll
2021-09-17 09:47 - 2021-09-17 09:47 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msacm32.drv
2021-09-17 09:47 - 2021-09-17 09:47 - 000010752 _____ C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe
2021-09-17 09:46 - 2021-09-17 09:46 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-09-17 09:46 - 2021-09-17 09:46 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncpa.cpl
2021-09-17 09:46 - 2021-09-17 09:46 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2021-09-17 09:45 - 2021-09-17 09:45 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2021-09-17 09:45 - 2021-09-17 09:45 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-09-17 09:45 - 2021-09-17 09:45 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthprops.cpl
2021-09-17 09:45 - 2021-09-17 09:45 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-09-17 09:45 - 2021-09-17 09:45 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2021-09-17 09:45 - 2021-09-17 09:45 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\activeds.tlb
2021-09-17 09:45 - 2021-09-17 09:45 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-09-17 09:45 - 2021-09-17 09:45 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt
2021-09-17 09:44 - 2021-09-17 09:44 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2021-09-17 09:44 - 2021-09-17 09:44 - 000707016 _____ C:\WINDOWS\system32\TextShaping.dll
2021-09-17 09:44 - 2021-09-17 09:44 - 000657464 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-09-17 09:44 - 2021-09-17 09:44 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2021-09-17 09:44 - 2021-09-17 09:44 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-09-17 09:44 - 2021-09-17 09:44 - 000029696 _____ (The ICU Project) C:\WINDOWS\system32\icuuc.dll
2021-09-17 09:44 - 2021-09-17 09:44 - 000025088 _____ (The ICU Project) C:\WINDOWS\system32\icuin.dll
2021-09-17 09:43 - 2021-09-17 09:43 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-09-17 09:42 - 2021-09-17 09:42 - 004227116 _____ C:\WINDOWS\system32\DefaultHrtfs.bin
2021-09-17 09:42 - 2021-09-17 09:42 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2021-09-17 09:42 - 2021-09-17 09:42 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2021-09-17 09:42 - 2021-09-17 09:42 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-09-17 09:42 - 2021-09-17 09:42 - 000197632 _____ C:\WINDOWS\system32\IHDS.dll
2021-09-17 09:42 - 2021-09-17 09:42 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2021-09-17 09:42 - 2021-09-17 09:42 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-09-17 09:42 - 2021-09-17 09:42 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2021-09-17 09:42 - 2021-09-17 09:42 - 000064552 _____ C:\WINDOWS\system32\umpdc.dll
2021-09-17 09:42 - 2021-09-17 09:42 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.drv
2021-09-17 09:42 - 2021-09-17 09:42 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2021-09-17 09:19 - 2021-09-17 09:19 - 000076060 _____ C:\WINDOWS\SysWOW64\xpsrchvw.xml
2021-09-17 09:19 - 2021-09-17 09:19 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml
2021-09-17 09:04 - 2021-09-17 09:04 - 000000000 ____D C:\Program Files\Reference Assemblies
2021-09-17 09:04 - 2021-09-17 09:04 - 000000000 ____D C:\Program Files\MSBuild
2021-09-17 09:04 - 2021-09-17 09:04 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2021-09-17 09:04 - 2021-09-17 09:04 - 000000000 ____D C:\Program Files (x86)\MSBuild
2021-09-17 09:04 - 2021-09-17 09:04 - 000000000 ____D C:\inetpub
2021-09-17 07:37 - 2021-09-17 07:37 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime
2021-09-17 07:25 - 2021-09-17 07:25 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2021-09-17 07:17 - 2021-09-17 07:17 - 000000020 ___SH C:\Users\Sinikka\ntuser.ini
2021-09-17 07:10 - 2021-09-18 20:50 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-09-17 07:10 - 2021-09-17 07:13 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-09-17 07:10 - 2021-09-17 07:13 - 000003070 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{F5DDAC53-FF7B-46F0-B525-1D60B5C3EAEE}
2021-09-17 07:10 - 2021-09-17 07:13 - 000002812 _____ C:\WINDOWS\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2038757326-2490540420-1122988387-1002
2021-09-17 07:10 - 2021-09-17 07:12 - 000003408 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-09-17 07:10 - 2021-09-17 07:12 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2038757326-2490540420-1122988387-1002
2021-09-17 07:10 - 2021-09-17 07:12 - 000002258 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC - Sinikka
2021-09-17 07:10 - 2021-09-17 07:12 - 000002220 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC
2021-09-17 07:10 - 2021-09-17 07:11 - 000003482 _____ C:\WINDOWS\system32\Tasks\EPSON WF-3620 Series Update {730E568F-07C2-4CCF-A22F-5BCEE96E5785}
2021-09-17 07:10 - 2021-09-17 07:11 - 000003304 _____ C:\WINDOWS\system32\Tasks\EPSON WF-3620 Series Invitation {730E568F-07C2-4CCF-A22F-5BCEE96E5785}
2021-09-17 07:10 - 2021-09-17 07:11 - 000002850 _____ C:\WINDOWS\system32\Tasks\HPPSDrTelemetryWatch
2021-09-17 07:10 - 2021-09-17 07:11 - 000002340 _____ C:\WINDOWS\system32\Tasks\MirageAgent
2021-09-17 07:10 - 2021-09-17 07:11 - 000002040 _____ C:\WINDOWS\system32\Tasks\Synaptics TouchPad Enhancements
2021-09-17 07:10 - 2021-09-17 07:10 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-09-17 07:10 - 2021-09-17 07:10 - 000003184 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-09-17 07:10 - 2021-09-17 07:10 - 000003124 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-09-17 07:10 - 2021-09-17 07:10 - 000003092 _____ C:\WINDOWS\system32\Tasks\HPGenoobeReminder
2021-09-17 07:10 - 2021-09-17 07:10 - 000002988 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-09-17 07:10 - 2021-09-17 07:10 - 000000000 ____D C:\WINDOWS\system32\Tasks\WPD
2021-09-17 07:10 - 2021-09-17 07:10 - 000000000 ____D C:\WINDOWS\system32\Tasks\S-1-5-21-2038757326-2490540420-1122988387-1002
2021-09-17 07:10 - 2021-09-17 07:10 - 000000000 ____D C:\WINDOWS\system32\Tasks\R@1n-KMS
2021-09-17 07:10 - 2021-09-17 07:10 - 000000000 ____D C:\WINDOWS\system32\Tasks\Hewlett-Packard
2021-09-17 07:07 - 2021-09-17 07:10 - 000007623 _____ C:\WINDOWS\diagwrn.xml
2021-09-17 07:07 - 2021-09-17 07:10 - 000007623 _____ C:\WINDOWS\diagerr.xml
2021-09-17 06:51 - 2021-09-18 20:58 - 000934898 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-09-17 06:36 - 2021-09-17 07:17 - 000000000 ____D C:\Users\Sinikka
2021-09-17 06:36 - 2019-12-07 05:10 - 000001105 _____ C:\Users\Sinikka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-09-17 06:28 - 2021-09-18 20:51 - 000443496 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-09-17 06:28 - 2021-09-18 20:39 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-09-05 16:22 - 2021-09-05 16:22 - 001867201 _____ C:\Users\Sinikka\Documents\August 21.pdf
2021-09-03 05:15 - 2021-09-03 05:15 - 003572090 _____ C:\Users\Sinikka\Documents\vero2020.pdf
2021-08-25 15:54 - 2021-08-25 15:54 - 004269480 _____ C:\Users\Sinikka\Documents\peggy hightower.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-09-18 21:23 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-09-18 21:20 - 2017-12-28 07:00 - 000000000 ____D C:\Users\Sinikka\Desktop\Maintenance
2021-09-18 21:06 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF
2021-09-18 20:57 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-09-18 20:57 - 2017-08-07 20:59 - 000000000 ____D C:\Program Files (x86)\Google
2021-09-18 20:55 - 2017-10-11 10:53 - 000000000 ____D C:\Program Files\CCleaner
2021-09-18 20:50 - 2020-07-30 06:44 - 000008192 ___SH C:\DumpStack.log.tmp
2021-09-18 20:50 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-09-18 20:49 - 2019-12-07 05:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-09-18 20:49 - 2017-08-03 17:20 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2021-09-18 20:46 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-09-18 20:46 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-09-18 20:46 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-09-18 20:46 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-09-18 20:46 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-09-18 20:46 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-09-18 20:46 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-09-18 20:46 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-09-18 20:46 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-09-18 20:46 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-09-18 20:46 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-09-18 20:46 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2021-09-18 20:46 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2021-09-18 20:46 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-09-18 20:46 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-09-18 20:46 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-09-18 20:46 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\servicing
2021-09-18 19:48 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-09-18 19:14 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-09-18 18:05 - 2021-01-27 20:37 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-09-18 17:57 - 2017-08-01 01:13 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-09-18 17:56 - 2017-08-01 01:13 - 135637312 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-09-18 17:40 - 2020-04-10 11:33 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-09-18 17:40 - 2020-04-10 11:33 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-09-18 09:11 - 2021-08-10 05:39 - 000000000 ___DC C:\WINDOWS\Panther
2021-09-18 09:03 - 2017-08-07 21:29 - 000000000 ____D C:\Users\Sinikka\AppData\Local\ClassicShell
2021-09-18 09:01 - 2019-02-02 19:03 - 000000000 ____D C:\Users\Sinikka\AppData\Local\PlaceholderTileLogoFolder
2021-09-18 08:45 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-09-18 04:46 - 2021-05-04 19:48 - 000000000 ____D C:\Program Files\HPPrintScanDoctor
2021-09-17 10:27 - 2019-12-07 05:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2021-09-17 10:27 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2021-09-17 10:27 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2021-09-17 10:27 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\spool
2021-09-17 10:27 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\InputMethod
2021-09-17 10:27 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\Registration
2021-09-17 10:27 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-09-17 10:27 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\InputMethod
2021-09-17 10:27 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-09-17 10:27 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-09-17 10:27 - 2019-06-22 11:59 - 000000000 ____D C:\Program Files\UNP
2021-09-17 10:27 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2021-09-17 10:27 - 2018-02-03 10:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bloodshed Dev-C++
2021-09-17 10:27 - 2017-10-13 16:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2021-09-17 10:27 - 2017-10-11 10:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2021-09-17 10:27 - 2017-10-10 15:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2021-09-17 10:27 - 2017-08-23 06:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken 2017
2021-09-17 10:27 - 2017-08-09 00:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2021-09-17 10:27 - 2017-08-08 22:53 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2021-09-17 10:27 - 2017-08-08 22:47 - 000000000 ____D C:\WINDOWS\SHELLNEW
2021-09-17 10:27 - 2017-08-07 21:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-09-17 10:27 - 2017-08-03 17:06 - 000000000 ____D C:\Program Files\AMD
2021-09-17 10:27 - 2017-08-01 20:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2021-09-17 10:27 - 2017-07-31 21:23 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2021-09-17 10:27 - 2017-07-31 21:19 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2021-09-17 10:27 - 2017-07-31 21:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2021-09-17 10:27 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2021-09-17 10:27 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2021-09-17 10:26 - 2019-12-07 05:18 - 000000000 ____D C:\WINDOWS\Setup
2021-09-17 10:26 - 2019-12-07 05:14 - 000000000 __RHD C:\Users\Public\Libraries
2021-09-17 10:26 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\USOPrivate
2021-09-17 10:19 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2021-09-17 10:19 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2021-09-17 10:19 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2021-09-17 10:19 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2021-09-17 10:19 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-09-17 10:19 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-09-17 10:19 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\IME
2021-09-17 10:19 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-09-17 10:18 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\Resources
2021-09-17 10:18 - 2017-10-13 16:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2021-09-17 10:18 - 2017-08-03 17:07 - 000000000 ____D C:\Program Files\Synaptics
2021-09-17 10:18 - 2017-08-03 17:06 - 000000000 ____D C:\Program Files\Common Files\ATI Technologies
2021-09-17 10:18 - 2017-07-31 21:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2021-09-17 10:06 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-09-17 10:06 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-09-17 10:06 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-09-17 10:06 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-09-17 10:06 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2021-09-17 10:06 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
2021-09-17 10:06 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2021-09-17 10:06 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2021-09-17 10:06 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-09-17 10:06 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-09-17 10:06 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-09-17 10:06 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2021-09-17 10:05 - 2019-12-07 05:52 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-09-17 10:05 - 2019-12-07 05:52 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-09-17 10:05 - 2019-12-07 05:50 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2021-09-17 10:05 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-09-17 10:05 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-09-17 10:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2021-09-17 10:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-09-17 10:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-09-17 10:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Keywords
2021-09-17 10:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2021-09-17 10:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-09-17 10:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Com
2021-09-17 10:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-09-17 10:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-09-17 10:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-09-17 10:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\IME
2021-09-17 10:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-09-17 10:05 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2021-09-17 10:02 - 2019-12-07 05:52 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2021-09-17 10:02 - 2019-12-07 05:52 - 000020908 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2021-09-17 08:59 - 2017-08-07 21:00 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-09-17 08:59 - 2017-08-07 21:00 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-09-17 08:57 - 2017-12-11 08:32 - 000000000 ____D C:\Users\Sinikka\AppData\Local\Packages
2021-09-17 07:37 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-09-17 07:18 - 2017-12-11 08:54 - 000000000 ___RD C:\Users\Sinikka\3D Objects
2021-09-17 07:18 - 2017-07-31 21:55 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-09-17 07:12 - 2019-12-07 05:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-09-17 07:10 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-09-17 06:50 - 2019-12-07 05:14 - 000000000 __RSD C:\WINDOWS\Media
2021-09-17 06:42 - 2017-08-07 21:42 - 000000000 ____D C:\Users\Sinikka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-09-17 06:34 - 2017-08-03 17:07 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2021-09-17 06:33 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\appcompat
2021-09-17 03:58 - 2017-08-01 20:38 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-09-17 03:48 - 2018-02-19 01:39 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-09-05 16:54 - 2020-04-20 10:20 - 000000000 ____D C:\Users\Sinikka\Desktop\Valencia milage
2021-09-01 18:30 - 2017-08-01 02:13 - 000803176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-09-2021
Ran by Sankka (18-09-2021 21:45:00)
Running from C:\Users\Sankka\Downloads
Windows 10 Home Version 21H1 19043.1237 (X64) (2021-09-17 11:14:20)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2038757326-2490540420-1122988387-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2038757326-2490540420-1122988387-503 - Limited - Disabled)
Guest (S-1-5-21-2038757326-2490540420-1122988387-501 - Limited - Disabled)
Sinikka (S-1-5-21-2038757326-2490540420-1122988387-1002 - Administrator - Enabled) => C:\Users\Sinikka
WDAGUtilityAccount (S-1-5-21-2038757326-2490540420-1122988387-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.007.20091 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{8FE9C1D4-F5E4-B855-1D79-FF5D11F54A19}) (Version: 8.0.891.0 - Advanced Micro Devices, Inc.)
AMD VISION Engine Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.85 - Piriform)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.2.2114 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.2.3317 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.2.2126 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.7.4528 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.5.5811 - CyberLink Corp.)
Dev-C++ (HKLM-x32\...\Dev-C++) (Version: 5.11 - Bloodshed Software)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.4.0 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{006C8256-3855-43BF-8BA5-4B4C40F41F71}) (Version: 3.10.0065 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 2.20.00 - Seiko Epson Corporation)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - Seiko Epson Corporation)
Epson ReadyInk Agent (A) (HKLM-x32\...\{A9B4584F-A29E-4880-97E6-1744B4AF2AF8}) (Version: 1.0.1.0 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{60A3CB9F-4429-4C7A-AA97-77CC4FE10671}) (Version: 4.4.9 - Seiko Epson Corporation)
EPSON Universal Print Driver Printer Uninstall (HKLM\...\EPSON Universal Print Driver) (Version: - SEIKO EPSON Corporation)
EPSON WF-3620 Series Printer Uninstall (HKLM\...\EPSON WF-3620 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM\...\{96ED1D58-440C-4345-8FEE-C4781366C67F}) (Version: 3.1.4.0 - SEIKO EPSON Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 93.0.4577.82 - Google LLC)
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.8 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
Java 8 Update 191 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
K-Lite Mega Codec Pack 13.4.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.4.0 - KLCP)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 93.0.961.52 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2038757326-2490540420-1122988387-1002\...\OneDriveSetup.exe) (Version: 21.160.0808.0002 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-2038757326-2490540420-1122988387-1002\...\Teams) (Version: 1.3.00.4461 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B981965-2FBC-433C-B4B3-E183EE97CD29}) (Version: 2.83.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Quicken 2017 (HKLM-x32\...\{E5AE4F66-CDA1-432A-A69E-C685D454ABDA}) (Version: 26.1.20.6 - Quicken)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29031 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
SafeConnect PolicyKey (HKLM-x32\...\SafeConnect) (Version: - Impulse Point, LLC)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.31 - Synaptics Incorporated)
Update for Skype for Business 2016 (KB4493155) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{5376168B-3DBF-4B19-9F74-2ECBDC1BFB46}) (Version: - Microsoft)
Update for Skype for Business 2016 (KB4493155) 64-Bit Edition (HKLM\...\{90160000-00C1-0000-1000-0000000FF1CE}_Office16.PROPLUS_{5376168B-3DBF-4B19-9F74-2ECBDC1BFB46}) (Version: - Microsoft)
Update for Skype for Business 2016 (KB4493155) 64-Bit Edition (HKLM\...\{90160000-012B-0409-1000-0000000FF1CE}_Office16.PROPLUS_{5376168B-3DBF-4B19-9F74-2ECBDC1BFB46}) (Version: - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C99F4AFA-B32C-4063-865C-D7B5CC0A78FB}) (Version: 2.54.0.0 - Microsoft Corporation)
WinRAR 5.50 beta 6 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.6 - win.rar GmbH)

Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-07] (Autodesk Inc.)
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_7.8.33.0_x86__kgqvnymyfvs32 [2021-09-18] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.202.400.0_x86__kgqvnymyfvs32 [2021-09-18] (king.com)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_130.1.323.0_x64__v10z8vjag6ke6 [2021-09-17] (HP Inc.)
March of Empires: War of Lords -> C:\Program Files\WindowsApps\A278AB0D.MarchofEmpires_5.8.7.0_x86__h6adky7gbf63m [2021-09-18] (Gameloft SE)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-13] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-13] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.7290.0_x64__8wekyb3d8bbwe [2021-09-18] (Microsoft Studios) [MS Ad]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.17.1101.0_x64__8wekyb3d8bbwe [2021-09-18] (Microsoft Studios)
MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2017-08-02] (Microsoft Corporation) [MS Ad]
MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2017-08-02] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2017-08-02] (Microsoft Corporation) [MS Ad]
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-23] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-11-10] (Microsoft Corporation)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-17] (Twitter Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2038757326-2490540420-1122988387-1002_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Sinikka\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20031.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2038757326-2490540420-1122988387-1002_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Sinikka\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20031.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2038757326-2490540420-1122988387-1002_Classes\CLSID\{D9AC5E73-BB10-467b-B884-AA1E475C51F5}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-02] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-02] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-02] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-02] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.LAGS] => C:\WINDOWS\system32\lagarith.dll [148992 2011-12-07] () [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\WINDOWS\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\WINDOWS\system32\xvidvfw.dll [309248 2015-12-18] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\WINDOWS\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] () [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [282112 2015-12-18] () [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-24] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2012-10-18 10:28 - 2012-10-18 10:28 - 000073728 _____ () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2017-07-31 21:05 - 2012-02-07 18:59 - 000166912 _____ (Realtek Semiconductor Corp.) [File not signed] C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RsCRLib.dll
2016-09-14 14:31 - 2016-09-14 14:31 - 000500736 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enppmon.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2021-04-15] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2018-07-20] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2021-04-14] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll [2018-11-01] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2018-07-22] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-11-01] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll => No File
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2021-08-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2021-08-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2021-08-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2021-08-18] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2038757326-2490540420-1122988387-1002\...\sharepoint.com -> hxxps://mailvalenciacc-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2017-10-11 13:55 - 000000862 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 app.drivereasy.com

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2038757326-2490540420-1122988387-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "HP Quick Launch"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "EEventManager"
HKLM\...\StartupApproved\Run32: => "FUFAXRCV"
HKLM\...\StartupApproved\Run32: => "FUFAXSTM"
HKU\S-1-5-21-2038757326-2490540420-1122988387-1002\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2038757326-2490540420-1122988387-1002\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2038757326-2490540420-1122988387-1002\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
HKU\S-1-5-21-2038757326-2490540420-1122988387-1002\...\StartupApproved\Run: => "QuickenScheduledUpdates"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{F3FDE4B0-977F-43C0-823F-4B7C5384F0AA}C:\program files (x86)\hp\diagnostics\telemetrywatch\psdrtelemetrywatch.exe] => (Allow) C:\program files (x86)\hp\diagnostics\telemetrywatch\psdrtelemetrywatch.exe (HP Inc. -> )
FirewallRules: [TCP Query User{45FB7B25-F945-4F9A-B440-821FFF381E00}C:\program files (x86)\hp\diagnostics\telemetrywatch\psdrtelemetrywatch.exe] => (Allow) C:\program files (x86)\hp\diagnostics\telemetrywatch\psdrtelemetrywatch.exe (HP Inc. -> )
FirewallRules: [{3491117B-1770-4F55-8E3E-A62F22ECE43E}] => (Allow) C:\Users\Sinikka\AppData\Local\Temp\7zS2441\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{710543CE-4793-41AE-B310-265B06A41659}] => (Allow) C:\Users\Sinikka\AppData\Local\Temp\7zS2441\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{CECE17D4-0780-43A8-9EA1-95AB71BAADA2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0A4946EC-580A-4249-A9E2-654FEB74C0D2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{23450FC5-F563-4097-BC69-6E96B1E903F4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F3411DCB-43A0-4F77-93DB-8F9792633879}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{00AD20A8-0A06-4B4C-B30A-60E0D1A481AB}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE (CyberLink -> CyberLink Corp.)
FirewallRules: [{A31299BC-30F4-4925-BE3C-6F3DB3FD2CF5}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE (CyberLink -> CyberLink Corp.)
FirewallRules: [{12A88403-9B2C-4585-B749-C33E8830CD28}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe => No File
FirewallRules: [{E9805EC8-068D-4496-94D5-57C797BEAA99}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe => No File
FirewallRules: [{BB754820-545C-48D4-86D3-B081D1528497}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe => No File
FirewallRules: [{F0F3EF6C-40FA-4B74-8BA2-A9AC85BC18F6}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe => No File
FirewallRules: [{159ED1AC-E63F-443C-925D-FAB290EC0826}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F95AF484-F7FE-4BA8-85A4-F9FA9BA05EDF}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B86FA8E3-7683-47F2-80FD-D6EFCBB98B23}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0BB68EFD-BF0E-4F82-BEA9-47EF170F95B9}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{23D0768E-68C7-48D8-934D-CA548E729B0E}] => (Allow) C:\Windows\KMS-R@1n.exe => No File
FirewallRules: [{2AEE02AA-3BA4-439A-B9CB-9A1720C2DAB8}] => (Allow) C:\Windows\KMS-R@1n.exe => No File
FirewallRules: [{1A226B5E-3505-4128-8301-23F1C39323AD}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{1FC7779A-94EE-4862-BBB9-41DCBEB60C94}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{92F624A0-E3C4-47BA-AFBC-222FD8FE1D89}] => (Allow) C:\Users\Sinikka\AppData\Local\Temp\WF-3620\Common\EpsonNet Setup\ENEasyApp.exe => No File
FirewallRules: [{F02DA83D-3919-4578-91AA-A0A87E49B56B}] => (Allow) C:\Users\Sinikka\AppData\Local\Temp\WF-3620\Common\EpsonNet Setup\ENEasyApp.exe => No File
FirewallRules: [{C4B61AA0-4C7E-43F0-9A8E-57BD7C76E936}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{F136A758-DA06-445C-888F-7BFA382CECB6}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{DB621404-C4E5-4BAE-BA6A-4BD2B60B9323}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [{CDEEA2E8-A5BE-441B-91FD-190F85AA0302}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [{7818D18F-1993-4478-959B-1BA7FF8A8B56}] => (Allow) C:\Users\Sinikka\AppData\Local\Temp\7zS2EAD\HP.EasyStart.exe => No File
FirewallRules: [{83B9C27D-517F-425B-8CE3-52100E4BF0A1}] => (Allow) C:\Users\Sinikka\AppData\Local\Temp\7zS3327\HP.EasyStart.exe => No File
FirewallRules: [{325B0FCE-4603-457E-9D6C-408CE6F4EEA4}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BD111D1E-94BB-4DBA-AA0D-2CDD55D04830}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4DD13BD8-B7AF-4AD9-A987-7039F1666E08}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1C3A6417-E6ED-4F0A-BE31-B9A36453FF8C}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{039B63EA-151A-4F71-B716-B56DA03BD9B6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{AA5B7434-D3EC-4164-89B6-A878076C3C2B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FAEEB751-810A-4CD4-8E66-89ED63D02DE1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8A86173C-86CD-411B-9F15-EC3F7E32153C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{42C0DE6C-F800-46B8-BE8F-F4ED13BCB36E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

==================== Restore Points =========================

17-09-2021 07:20:50 Windows Update
18-09-2021 09:05:34 Removed Classic Shell
18-09-2021 18:19:07 Windows Modules Installer

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (09/18/2021 08:55:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CCleaner64.exe, version: 5.85.0.9170, time stamp: 0x613b5e0a
Faulting module name: CCleaner64.exe, version: 5.85.0.9170, time stamp: 0x613b5e0a
Exception code: 0xc0000409
Fault offset: 0x0000000000c4c455
Faulting process id: 0x1aa4
Faulting application start time: 0x01d7acf10721ac7d
Faulting application path: C:\Program Files\CCleaner\CCleaner64.exe
Faulting module path: C:\Program Files\CCleaner\CCleaner64.exe
Report Id: 78031be7-bed4-4777-a1f2-82802c68400b
Faulting package full name:
Faulting package-relative application ID:

Error: (09/18/2021 08:53:27 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed

Error: (09/18/2021 08:43:22 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed

Error: (09/18/2021 06:19:51 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (09/18/2021 06:01:18 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed

Error: (09/18/2021 05:57:42 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed

Error: (09/18/2021 09:06:17 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (09/18/2021 09:00:41 AM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed

System errors:
=============
Error: (09/18/2021 08:51:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HPPrintScanDoctorService service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (09/18/2021 08:51:24 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the HPPrintScanDoctorService service to connect.

Error: (09/18/2021 08:50:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.2.0 service failed to start due to the following error:
The system cannot find the file specified.

Error: (09/18/2021 08:08:29 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

Error: (09/18/2021 07:27:21 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9WZDNCRFJBH4-Microsoft.Windows.Photos.

Error: (09/18/2021 07:20:21 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9WZDNCRFJ364-MICROSOFT.SKYPEAPP.

Error: (09/18/2021 07:16:29 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073cf3: 9WZDNCRFJ140-9E2F88E3.TWITTER.

Error: (09/18/2021 06:00:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.2.0 service failed to start due to the following error:
The system cannot find the file specified.

Windows Defender:
================
Date: 2021-09-18 21:43:47
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li.../PiriformBundler&threatid=277517&enterprise=1
Name: PUA:Win32/PiriformBundler
Severity: Severe
Category: Potentially Unwanted Software
Path: containerfile:_C:\Users\Sinikka\Downloads\ccsetup561.exe; file:_C:\Users\Sinikka\Downloads\ccsetup561.exe; file:_C:\Users\Sinikka\Downloads\ccsetup561.exe->(nsis-instdata)
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.349.1002.0, AS: 1.349.1002.0, NIS: 1.349.1002.0
Engine Version: AM: 1.1.18500.10, NIS: 1.1.18500.10

Date: 2021-09-18 21:43:36
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li.../PiriformBundler&threatid=277517&enterprise=1
Name: PUA:Win32/PiriformBundler
Severity: Severe
Category: Potentially Unwanted Software
Path: containerfile:_C:\Users\Sinikka\Downloads\ccsetup561.exe; file:_C:\Users\Sinikka\Downloads\ccsetup561.exe; file:_C:\Users\Sinikka\Downloads\ccsetup561.exe->(nsis-instdata)
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Users\Sinikka\Downloads\FRST64.exe
Security intelligence Version: AV: 1.349.1002.0, AS: 1.349.1002.0, NIS: 1.349.1002.0
Engine Version: AM: 1.1.18500.10, NIS: 1.1.18500.10

==================== Memory info ===========================

BIOS: Insyde F.1C 09/09/2013
Motherboard: Hewlett-Packard 193B
Processor: AMD A6-4455M APU with Radeon(tm) HD Graphics
Percentage of memory in use: 85%
Total physical RAM: 3554.26 MB
Available physical RAM: 505.05 MB
Total Virtual: 5474.26 MB
Available Virtual: 862.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:434.31 GB) (Free:299.42 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:29 GB) (Free:3.36 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: () (Fixed) (Total:0.91 GB) (Free:0.27 GB) NTFS

\\?\Volume{8bbd2a27-1bc7-489d-bf1b-a3c6af4c2eae}\ (WINRE) (Fixed) (Total:0.39 GB) (Free:0.14 GB) NTFS
\\?\Volume{ae7c97a0-8309-4658-9308-4d5f633188df}\ () (Fixed) (Total:0.77 GB) (Free:0.75 GB) NTFS
\\?\Volume{ff905bca-7094-4f23-b857-ec711ed7b8f7}\ () (Fixed) (Total:0.25 GB) (Free:0.16 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 16A83E64)

Partition: GPT.

==================== End of Addition.txt =======================

Please help with laptop running slow.

Thanks and advise.

broni · Sep 19, 2021

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===============================

Your laptop has only 4GB of RAM so it may be your main issue but we'll run more checks.

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs

Double click on downloaded setup.exe file to install the program.

Click on Start Scan button.

Click on another Start Scan button.

Wait until the Status box shows Scan Finished

Click on Remove Selected.

Wait until the Status box shows Deleting Finished.

Click on Report and copy/paste the content of the Notepad into your next reply.

RKreport.txt could also be found on your desktop.

If more than one log is produced post all logs.

Please download Malwarebytes to your desktop.

Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.

Then click Finish.

Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.

If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.

When the scan is complete, make sure that all Threats are selected, and click Remove Selected.

Restart your computer when prompted to do so.

The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8/10 users right-click and select Run As Administrator

The tool will start to update the database if one is required.

Click on the Scan button.

AdwCleaner will begin...be patient as the scan may take some time to complete.

After the scan has finished, click on the Logfile button.

A window will open which lists the logs of your scans.

Click on the Scan tab.

Double-click the most recent scan which will be at the top of the list....the log will appear.

Review the results...see note below

After reviewing the log, click on the Clean button.

Press OK when asked to close all programs and follow the onscreen prompts.

Press OK again to allow AdwCleaner to restart the computer and complete the removal process.

After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).

To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.

Copy and paste the contents of AdwCleaner[CX].txt in your next reply.

A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

dashelter · Sep 19, 2021

Here are the reports

Program : RogueKiller Anti-Malware
Version : 15.1.0.0
x64 : Yes
Program Date : Sep 2 2021
Location : C:\Program Files\RogueKiller\RogueKiller64.exe
Premium : No
Company : Adlice Software
Website : https://www.adlice.com/
Contact : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.19043) 64-bit
64-bit OS : Yes
Startup : 0
WindowsPE : No
User : Sinkka
User is Admin : Yes
Date : 2021/09/19 22:07:56
Type : Removal
Aborted : No
Scan Mode : Standard
Duration : 3823
Found items : 4
Total scanned : 65585
Signatures Version : 20210913_130501
Truesight Driver : Yes
Arguments : -minimize

************************* Warnings *************************

************************* Removal *************************
[PUP.HackTool (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{23D0768E-68C7-48D8-934D-CA548E729B0E} -- [%SystemRoot%\KMS-R@1n.exe] -> Deleted
[+] scan_what : 1
[+] vendors : PUP.HackTool
[+] Name : HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{23D0768E-68C7-48D8-934D-CA548E729B0E}
[+] value : [%SystemRoot%\KMS-R@1n.exe]
[+] Type : Registry
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 0
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[PUP.HackTool (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{2AEE02AA-3BA4-439A-B9CB-9A1720C2DAB8} -- [%SystemRoot%\KMS-R@1n.exe] -> Deleted
[+] scan_what : 1
[+] vendors : PUP.HackTool
[+] Name : HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{2AEE02AA-3BA4-439A-B9CB-9A1720C2DAB8}
[+] value : [%SystemRoot%\KMS-R@1n.exe]
[+] Type : Registry
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 1
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{92F624A0-E3C4-47BA-AFBC-222FD8FE1D89} -- [%localappdata%\Temp\WF-3620\Common\EpsonNet Setup\ENEasyApp.exe] -> Deleted
[+] scan_what : 1
[+] vendors : Suspicious.Path
[+] Name : HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{92F624A0-E3C4-47BA-AFBC-222FD8FE1D89}
[+] value : [%localappdata%\Temp\WF-3620\Common\EpsonNet Setup\ENEasyApp.exe]
[+] Type : Registry
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 2
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{F02DA83D-3919-4578-91AA-A0A87E49B56B} -- [%localappdata%\Temp\WF-3620\Common\EpsonNet Setup\ENEasyApp.exe] -> Deleted
[+] scan_what : 1
[+] vendors : Suspicious.Path
[+] Name : HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{F02DA83D-3919-4578-91AA-A0A87E49B56B}
[+] value : [%localappdata%\Temp\WF-3620\Common\EpsonNet Setup\ENEasyApp.exe]
[+] Type : Registry
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 3
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 9/19/21
Scan Time: 6:17 PM
Log File: 71ae0ae6-1997-11ec-9087-d4c9ef65d16f.json

-Software Information-
Version: 4.4.6.132
Components Version: 1.0.1453
Update Package Version: 1.0.45132
License: Trial

-System Information-
OS: Windows 10 (Build 19043.1237)
CPU: x64
File System: NTFS
User: Home\Sinikka

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 320354
Threats Detected: 5
Threats Quarantined: 5
Time Elapsed: 17 min, 0 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 3
RiskWare.KMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\R@1n-KMS\Office16ProPlus, Quarantined, 930, 820459, , , , , ,
RiskWare.KMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{20AD2E19-A84D-4B92-8D45-C73B522CAE3D}, Quarantined, 930, 820459, , , , , ,
RiskWare.KMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{20AD2E19-A84D-4B92-8D45-C73B522CAE3D}, Quarantined, 930, 820459, , , , , ,

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 1
RiskWare.KMS, C:\WINDOWS\SYSTEM32\TASKS\R@1N-KMS, Quarantined, 930, 820459, 1.0.45132, , ame, , ,

File: 1
RiskWare.KMS, C:\Windows\System32\Tasks\R@1n-KMS\Office16ProPlus, Quarantined, 930, 820459, , , , , 356A8921D9DA0FCD4A52A78887F7DBA0, 914E873F49E2B671CE9DC35B06B31E46C0CC6868C6B03BA6E492C37023E93FDF

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

(end)

# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build: 06-29-2021
# Database: 2021-09-09.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 09-19-2021
# Duration: 00:00:33
# OS: Windows 10 Home
# Scanned: 31997
# Detected: 26

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.HPCoolSense Folder C:\Users\Sinikka\AppData\Local\HEWLETT-PACKARD\HP COOLSENSE
Preinstalled.HPHealthCheck Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP HEALTH CHECK
Preinstalled.HPHealthCheck Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{6F340107-F9AA-47C6-B54C-C3A19F11553F}
Preinstalled.HPMediaSmart Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC7E4E71-DA3D-4448-B7EA-5E4FECFAE8B9}
Preinstalled.HPMediaSmart Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MirageAgent
Preinstalled.HPMediaSmart Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}
Preinstalled.HPMediaSmart Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{01FB4998-33C4-4431-85ED-079E3EEFE75D}
Preinstalled.HPMediaSmart Task C:\Windows\System32\Tasks\MIRAGEAGENT
Preinstalled.HPRegistrationService Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP REGISTRATION SERVICE
Preinstalled.HPRegistrationService Folder C:\ProgramData\HEWLETT-PACKARD\HP REGISTRATION SERVICE
Preinstalled.HPRegistrationService Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5569B940-9B6B-4D9A-8649-C83F1F6BEB49}
Preinstalled.HPRegistrationService Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPGenoobeReminder
Preinstalled.HPRegistrationService Task C:\Windows\System32\Tasks\HPGENOOBEREMINDER
Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Users\Sinikka\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Users\Sinikka\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}
Preinstalled.LenovoPowerDVD Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|RemoteControl10
Preinstalled.LenovoPowerDVD Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|RemoteControl10
Preinstalled.LenovoPowerDVD Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}
Preinstalled.LenovoPowerDVD Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

These are the 3 logs requested.
If I add more memory to it to get it to 8GB or 12/16, I am assuming that it will also run faster, in addition to the cleaning that we are doing.

Awaiting next steps.
Many thanks!

broni · Sep 22, 2021

I'm on vacation now, so it'll be some delay with my replies.

broni · Sep 30, 2021

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

Double click to run it.

Press Scan button.

Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

dashelter · Oct 1, 2021

Here are the scan results:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-09-2021 02
Ran by Sinikka (administrator) on HOME (Hewlett-Packard HP Pavilion Sleekbook 15) (01-10-2021 05:27:09)
Running from C:\Users\Sinikka\Downloads
Loaded Profiles: Sinikka
Platform: Windows 10 Home Version 21H1 19043.1237 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink -> CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <28>
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(Impulse Point LLC -> Impulse Point,LLC) C:\Program Files (x86)\SafeConnect\SafeConnectClient.exe
(Impulse Point LLC -> Impulse Point,LLC) C:\Program Files (x86)\SafeConnect\scManager.sys
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Delta.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2108.25001.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20436.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20436.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpCmdRun.exe <2>
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\NisSrv.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Quicken Inc. -> Quicken Inc.) C:\Program Files (x86)\Quicken\qw.exe
(Quicken Inc. -> Quicken Inc.) C:\Program Files (x86)\Quicken\qwSubprocess.exe
(Realsil Microelectronics Inc.) [File not signed] C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\EPSON Software\PMA_A\PMA.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\EPSON Software\PMA_A\PMAService.exe
(SEIKO EPSON Corporation -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
Failed to access process -> chrome.exe
Failed to access process -> chrome.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink -> CyberLink Corp.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1092304 2016-03-14] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [653352 2017-07-20] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [862248 2017-07-20] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706344 2021-06-09] (Oracle America, Inc. -> Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2038757326-2490540420-1122988387-1002\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35093120 2021-09-10] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2038757326-2490540420-1122988387-1002\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Sinikka\AppData\Local\Microsoft\Teams\Update.exe [2342544 2020-04-03] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKLM\...\Print\Monitors\EPSON Universal Print Driver 64MonitorBE: C:\WINDOWS\system32\E_2LM0DE.DLL [183296 2017-12-11] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\EPSON WF-3620 Series 64MonitorBE: C:\WINDOWS\system32\E_YLMBKEE.DLL [179712 2013-10-22] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\EpsonNet Print Port: C:\WINDOWS\system32\enppmon.dll [500736 2016-09-14] (SEIKO EPSON CORPORATION) [File not signed]
HKLM\...\Print\Monitors\HP Universal Port Monitor: C:\WINDOWS\system32\hpbprtmon.dll [355840 2012-08-08] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\94.0.4606.61\Installer\chrmstp.exe [2021-09-26] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SafeConnect.lnk [2021-06-21]
ShortcutTarget: SafeConnect.lnk -> C:\Program Files (x86)\SafeConnect\scClient.exe (Impulse Point LLC -> Impulse Point,LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0279A04E-88AE-497F-AB54-9D95FC62A3C2} - System32\Tasks\EPSON WF-3620 Series Update {730E568F-07C2-4CCF-A22F-5BCEE96E5785} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
Task: {094CD275-5C71-4753-B57E-5566CA859498} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {0F6DBBD1-1FA5-490B-A482-1F43FCC689E6} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {17B0C444-6312-4EDE-A8B1-54AB05161084} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\A49861B6-2DB7-4134-B219-4CC9DEC6D1FC\Schedule to run OMADMClient by server => C:\WINDOWS\system32\omadmclient.exe [435712 2021-09-18] (Microsoft Windows -> Microsoft Corporation)
Task: {205091E5-1902-4A4E-9C65-AE283F190863} - System32\Tasks\HPPSDrTelemetryWatch => C:\Program Files (x86)\HP\Diagnostics\TelemetryWatch\PSDrTelemetryWatch.exe [32776 2020-08-21] (HP Inc. -> )
Task: {25F9AF29-2EE5-459F-BADA-6FD5E4806197} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\A49861B6-2DB7-4134-B219-4CC9DEC6D1FC\Schedule #1 created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [458752 2021-09-18] (Microsoft Windows -> Microsoft Corporation)
Task: {2780204E-0247-400A-B909-8D0ABC6B8256} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\A49861B6-2DB7-4134-B219-4CC9DEC6D1FC\OS Edition Upgrade event listener created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [458752 2021-09-18] (Microsoft Windows -> Microsoft Corporation)
Task: {28E8D465-5311-42E9-AD7E-9A89E19B7554} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-08-07] (Google Inc -> Google Inc.)
Task: {2A46E3CF-A40A-4019-8904-815BF29C69E0} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\A49861B6-2DB7-4134-B219-4CC9DEC6D1FC\Schedule #2 created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [458752 2021-09-18] (Microsoft Windows -> Microsoft Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3938708E-8AA6-493D-AB71-1F95C967DBEF} - System32\Tasks\EPSON WF-3620 Series Invitation {730E568F-07C2-4CCF-A22F-5BCEE96E5785} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
Task: {39F5B586-941B-4E0F-8110-C92FD48A2DB6} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\A49861B6-2DB7-4134-B219-4CC9DEC6D1FC\Win10 S Mode event listener created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [458752 2021-09-18] (Microsoft Windows -> Microsoft Corporation)
Task: {3EF3D183-7DF1-4C8D-B75A-EA2430E08A40} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {43245810-DBAA-4FB6-A905-EDA7AED51F77} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {5569B940-9B6B-4D9A-8649-C83F1F6BEB49} - System32\Tasks\HPGenoobeReminder => C:\Program Files (x86)\Hewlett-Packard\HP Registration Service\HP GenOOBE\HPGenOOBE.exe
Task: {5936E948-D96D-4633-B9F7-6B5E52CEBD8A} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\A49861B6-2DB7-4134-B219-4CC9DEC6D1FC\Schedule to run OMADMClient by client => C:\WINDOWS\system32\omadmclient.exe [435712 2021-09-18] (Microsoft Windows -> Microsoft Corporation)
Task: {61535E3E-7A96-4CF1-9FAC-0BCF5168EE01} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
Task: {6B9ABB2F-16CE-4BB2-A973-85444878ADEC} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\A49861B6-2DB7-4134-B219-4CC9DEC6D1FC\PushRenewal => C:\WINDOWS\system32\deviceenroller.exe [458752 2021-09-18] (Microsoft Windows -> Microsoft Corporation)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {778B8783-8AE2-4B7B-A3CE-F1031C8052F6} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\A49861B6-2DB7-4134-B219-4CC9DEC6D1FC\Schedule #3 created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [458752 2021-09-18] (Microsoft Windows -> Microsoft Corporation)
Task: {7B200950-84EC-4B37-B19B-24265AFD6FC5} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\A49861B6-2DB7-4134-B219-4CC9DEC6D1FC\Passport for Work alert created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [458752 2021-09-18] (Microsoft Windows -> Microsoft Corporation)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {875DC823-264F-4BC8-8AC1-B181FFA73B36} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {88916005-51CA-4CDF-8749-7F802EFCF0E1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [592288 2012-09-05] (Hewlett-Packard Company -> Hewlett-Packard Company)
Task: {8B6759EE-1C08-4B8F-955C-774AB5A6544E} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {8EF1CDE2-35EB-4E3B-8B4D-1FB5207E6D49} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\A49861B6-2DB7-4134-B219-4CC9DEC6D1FC\Schedule created by enrollment client for renewal of certificate warning => C:\WINDOWS\system32\deviceenroller.exe [458752 2021-09-18] (Microsoft Windows -> Microsoft Corporation)
Task: {92CD0A89-7ED8-4987-B516-C5EF9049593B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {9C694999-C852-43DA-8BBC-2AB8502F41D7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [29155968 2021-09-10] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {A06B3FF7-86D8-40EA-96B0-6DB543A6A695} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\A49861B6-2DB7-4134-B219-4CC9DEC6D1FC\Provisioning initiated session => C:\WINDOWS\system32\deviceenroller.exe [458752 2021-09-18] (Microsoft Windows -> Microsoft Corporation)
Task: {AB8E246C-B1AC-4403-A821-57DBFF8D5879} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1907712 2021-09-17] () [File not signed]
Task: {AC7E4E71-DA3D-4448-B7EA-5E4FECFAE8B9} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2012-10-12] (CyberLink -> CyberLink)
Task: {B29C58E9-4CA2-456C-84E1-6E9C7A67F13D} - System32\Tasks\CCleanerSkipUAC - Sinikka => C:\Program Files\CCleaner\CCleaner.exe [29155968 2021-09-10] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {B8DCAFAC-73EB-4A16-BEB3-6147DE98C0F1} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [316632 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {BD0B898F-7D4C-4EF2-B503-6AD6C1981603} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
Task: {C79DDBFB-3747-452C-95FC-549BC1F4A1E2} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [4388440 2017-12-11] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {C8D8E182-D919-4069-945C-BA2030F0DB2C} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-09-10] (Piriform Software Ltd -> Piriform)
Task: {C9DCF59E-6B97-4C0C-8641-B8261089C8CA} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {D04F0F9E-7A05-436A-BBC1-65FCE38CAE34} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\A49861B6-2DB7-4134-B219-4CC9DEC6D1FC\PushUpgrade => C:\WINDOWS\system32\deviceenroller.exe [458752 2021-09-18] (Microsoft Windows -> Microsoft Corporation)
Task: {DB21EF32-6BA9-4118-BBC1-BC4FF48961E5} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {DFF2716A-9978-4791-98AE-2BF5C363692A} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {E1E22498-8799-4E7C-B031-EC190B6519CB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-08-07] (Google Inc -> Google Inc.)
Task: {EC5BCCE5-B3B8-4658-AB5F-9B87DA2346DB} - System32\Tasks\Microsoft\Windows\WaaSMedic\MaintenanceWork => {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32}
Task: {FFC9E96B-4B22-4402-9505-C39752BEFA12} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\A49861B6-2DB7-4134-B219-4CC9DEC6D1FC\PushLaunch => C:\WINDOWS\system32\deviceenroller.exe [458752 2021-09-18] (Microsoft Windows -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\EPSON WF-3620 Series Invitation {730E568F-07C2-4CCF-A22F-5BCEE96E5785}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE
Task: C:\WINDOWS\Tasks\EPSON WF-3620 Series Update {730E568F-07C2-4CCF-A22F-5BCEE96E5785}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE:/EXE:{730E568F-07C2-4CCF-A22F-5BCEE96E5785} /F:UpdateWORKGROUP\HOME$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1 app.drivereasy.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{eeda8407-9547-44b5-bd11-55c4f8747b94}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{fef856c4-b340-4516-88fc-6a8952bf1a25}: [DhcpNameServer] 192.168.1.254

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Sinikka\AppData\Local\Microsoft\Edge\User Data\Default [2021-10-01]
Edge Notifications: Default -> hxxps://teams.microsoft.com

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.301.2 -> C:\Program Files (x86)\Java\jre1.8.0_301\bin\dtplugin\npDeployJava1.dll [2021-09-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.301.2 -> C:\Program Files (x86)\Java\jre1.8.0_301\bin\plugin2\npjp2.dll [2021-09-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-04-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-09-25] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Sinikka\AppData\Local\Google\Chrome\User Data\Default [2021-10-01]
CHR Extension: (Slides) - C:\Users\Sinikka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-17]
CHR Extension: (Docs) - C:\Users\Sinikka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-17]
CHR Extension: (Google Drive) - C:\Users\Sinikka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-24]
CHR Extension: (YouTube) - C:\Users\Sinikka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-07]
CHR Extension: (Sheets) - C:\Users\Sinikka\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-17]
CHR Extension: (Google Docs Offline) - C:\Users\Sinikka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-09-29]
CHR Extension: (Ibotta: Cash back made easy) - C:\Users\Sinikka\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfaedmjlefifhnhpgipjjiiekchaimpk [2021-09-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Sinikka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-04]
CHR Extension: (Gmail) - C:\Users\Sinikka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-24]
CHR Profile: C:\Users\Sinikka\AppData\Local\Google\Chrome\User Data\System Profile [2021-09-18]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-10-18] (Advanced Micro Devices, Inc.) [File not signed]
R2 Epson PMAService A; C:\Program Files (x86)\Epson Software\PMA_A\PMAService.exe [113144 2017-03-28] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (SEIKO EPSON Corporation -> Seiko Epson Corporation)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [299680 2021-09-17] (HP Inc. -> HP Inc.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7789240 2021-09-30] (Malwarebytes Inc -> Malwarebytes)
S2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [14021976 2021-09-02] (ADLICE (ASCOET JULIEN) -> )
R2 SCManager; C:\Program Files (x86)\SafeConnect\scManager.sys [2764448 2018-09-24] (Impulse Point LLC -> Impulse Point,LLC)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2108.7-0\NisSrv.exe [2772856 2021-09-17] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2108.7-0\MsMpEng.exe [136640 2021-09-17] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R3 HpqKbFiltr; C:\WINDOWS\System32\drivers\HpqKbFiltr64.sys [37112 2017-10-11] (Hewlett-Packard Company -> Hewlett-Packard Company)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-09-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-09-30] (Malwarebytes Inc -> Malwarebytes)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [329184 2017-10-11] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2021-09-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [433384 2021-09-17] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86264 2021-09-17] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [34944 2018-05-11] (HP Inc. -> HP)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-10-01 05:25 - 2021-10-01 05:26 - 002304512 _____ (Farbar) C:\Users\Sinikka\Downloads\FRST64 (2).exe
2021-09-30 04:34 - 2021-09-30 04:34 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-09-26 17:28 - 2021-09-26 17:28 - 000038032 _____ C:\WINDOWS\system32\Drivers\truesight.sys
2021-09-26 17:06 - 2021-10-01 02:40 - 000000000 ____D C:\Users\Sinikka\AppData\LocalLow\IGDump
2021-09-26 13:06 - 2021-09-26 13:06 - 000074001 _____ C:\Users\Sinikka\Downloads\Valtakirja, Kuolinpesä POP Lea Aalto.pdf
2021-09-26 11:54 - 2021-10-01 05:23 - 000000000 ____D C:\Users\Sinikka\AppData\Local\CrashDumps
2021-09-23 03:46 - 2021-09-23 03:46 - 000001955 _____ C:\Users\Sinikka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Work or school account.lnk
2021-09-19 19:08 - 2021-09-19 19:08 - 000003300 _____ C:\WINDOWS\system32\Tasks\klcp_update
2021-09-19 19:08 - 2019-12-28 05:00 - 000784384 _____ C:\WINDOWS\system32\xvidcore.dll
2021-09-19 19:08 - 2019-12-28 05:00 - 000310784 _____ C:\WINDOWS\system32\xvidvfw.dll
2021-09-19 19:00 - 2021-09-19 19:00 - 000000837 _____ C:\Users\Public\Desktop\UCheck.lnk
2021-09-19 19:00 - 2021-09-19 19:00 - 000000000 ____D C:\ProgramData\UCheck
2021-09-19 19:00 - 2021-09-19 19:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UCheck
2021-09-19 19:00 - 2021-09-19 19:00 - 000000000 ____D C:\Program Files\UCheck
2021-09-19 18:58 - 2021-09-19 18:59 - 027864488 _____ (Adlice Software ) C:\Users\Sinikka\Downloads\UCheck_setup.exe
2021-09-19 18:40 - 2021-09-19 18:41 - 000000000 ____D C:\AdwCleaner
2021-09-19 18:38 - 2021-09-19 18:39 - 008553680 _____ (Malwarebytes) C:\Users\Sinikka\Downloads\AdwCleaner.exe
2021-09-19 18:36 - 2021-09-19 18:36 - 000001917 _____ C:\Users\Sinikka\Desktop\malwarebytes rpt.txt
2021-09-19 18:15 - 2021-09-19 18:15 - 000000000 ____D C:\Users\Sinikka\AppData\Local\mbam
2021-09-19 18:14 - 2021-09-19 18:14 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-09-19 18:14 - 2021-09-19 18:14 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-09-19 18:13 - 2021-09-19 18:13 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-09-19 18:13 - 2021-09-19 18:12 - 000160176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-09-19 18:13 - 2021-09-19 18:12 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-09-19 18:12 - 2021-09-19 18:12 - 000000000 ____D C:\Program Files\Malwarebytes
2021-09-19 18:11 - 2021-09-19 18:11 - 002101944 _____ (Malwarebytes) C:\Users\Sinikka\Downloads\MBSetup-10789.10789-consumer.exe
2021-09-19 16:22 - 2021-09-19 17:30 - 000000000 ____D C:\ProgramData\RogueKiller
2021-09-19 16:22 - 2021-09-19 16:22 - 000000899 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2021-09-19 16:22 - 2021-09-19 16:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2021-09-19 16:22 - 2021-09-19 16:22 - 000000000 ____D C:\Program Files\RogueKiller
2021-09-19 16:19 - 2021-09-19 16:20 - 041898552 _____ (Adlice Software ) C:\Users\Sinikka\Downloads\RogueKiller_setup.exe
2021-09-19 01:04 - 2021-09-19 01:04 - 002304000 _____ (Farbar) C:\Users\Sinikka\Downloads\FRST64 (1).exe
2021-09-18 21:45 - 2021-09-18 21:52 - 000033440 _____ C:\Users\Sinikka\Downloads\Addition.txt
2021-09-18 21:26 - 2021-10-01 05:30 - 000025377 _____ C:\Users\Sinikka\Downloads\FRST.txt
2021-09-18 21:24 - 2021-10-01 05:29 - 000000000 ____D C:\FRST
2021-09-18 21:23 - 2021-09-18 21:24 - 002304000 _____ (Farbar) C:\Users\Sinikka\Downloads\FRST64.exe
2021-09-18 19:01 - 2021-09-18 19:01 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-09-18 19:01 - 2021-09-18 19:01 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-09-18 19:00 - 2021-09-18 19:00 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-09-18 19:00 - 2021-09-18 19:00 - 001313608 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-09-18 19:00 - 2021-09-18 19:00 - 000672768 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2021-09-18 19:00 - 2021-09-18 19:00 - 000570368 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-09-18 19:00 - 2021-09-18 19:00 - 000122880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
2021-09-18 19:00 - 2021-09-18 19:00 - 000011355 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-09-18 18:59 - 2021-09-18 18:59 - 002111488 _____ (Digimarc) C:\WINDOWS\SysWOW64\DMRCDecoder.dll
2021-09-18 18:59 - 2021-09-18 18:59 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-09-18 18:59 - 2021-09-18 18:59 - 001164288 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-09-18 18:59 - 2021-09-18 18:59 - 000426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-09-18 18:59 - 2021-09-18 18:59 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-09-18 18:58 - 2021-09-18 18:58 - 001823304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-09-18 18:58 - 2021-09-18 18:58 - 001393480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-09-18 18:58 - 2021-09-18 18:58 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2021-09-18 18:57 - 2021-09-18 18:57 - 002295296 _____ (Digimarc) C:\WINDOWS\system32\DMRCDecoder.dll
2021-09-18 18:57 - 2021-09-18 18:57 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-09-18 18:57 - 2021-09-18 18:57 - 000098816 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-09-18 18:56 - 2021-09-18 18:56 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-09-18 18:56 - 2021-09-18 18:56 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2021-09-18 18:56 - 2021-09-18 18:56 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-09-18 18:56 - 2021-09-18 18:56 - 000162816 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-09-18 18:07 - 2021-09-18 18:07 - 000000000 ___HD C:\$WinREAgent
2021-09-18 08:46 - 2021-09-18 08:46 - 000000000 ____D C:\Users\Sinikka\AppData\Local\ElevatedDiagnostics
2021-09-17 10:18 - 2021-09-17 10:27 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2021-09-17 10:15 - 2021-09-17 10:18 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2021-09-17 10:15 - 2021-09-17 10:15 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2021-09-17 10:05 - 2021-09-17 10:05 - 000000000 ____D C:\ProgramData\ssh
2021-09-17 09:53 - 2021-09-17 09:53 - 001687040 _____ C:\WINDOWS\system32\libcrypto.dll
2021-09-17 09:53 - 2021-09-17 09:53 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsraLegacy.tlb
2021-09-17 09:53 - 2021-09-17 09:53 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsraLegacy.tlb
2021-09-17 09:53 - 2021-09-17 09:53 - 000006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rendezvousSession.tlb
2021-09-17 09:53 - 2021-09-17 09:53 - 000006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\rendezvousSession.tlb
2021-09-17 09:51 - 2021-09-17 09:51 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-09-17 09:51 - 2021-09-17 09:51 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-09-17 09:51 - 2021-09-17 09:51 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-09-17 09:51 - 2021-09-17 09:51 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpg2splt.ax
2021-09-17 09:51 - 2021-09-17 09:51 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-09-17 09:51 - 2021-09-17 09:51 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-09-17 09:51 - 2021-09-17 09:51 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-09-17 09:50 - 2021-09-17 09:50 - 002371072 _____ C:\WINDOWS\system32\rdpnano.dll
2021-09-17 09:50 - 2021-09-17 09:50 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-09-17 09:50 - 2021-09-17 09:50 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-09-17 09:50 - 2021-09-17 09:50 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-09-17 09:50 - 2021-09-17 09:50 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpg2splt.ax
2021-09-17 09:50 - 2021-09-17 09:50 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-09-17 09:50 - 2021-09-17 09:50 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-09-17 09:50 - 2021-09-17 09:50 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-09-17 09:50 - 2021-09-17 09:50 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-09-17 09:50 - 2021-09-17 09:50 - 000045880 _____ C:\WINDOWS\system32\HvSocket.dll
2021-09-17 09:49 - 2021-09-17 09:49 - 003860832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpltfm.dll
2021-09-17 09:49 - 2021-09-17 09:49 - 000980320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpal.dll
2021-09-17 09:49 - 2021-09-17 09:49 - 000915296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmcodecs.dll
2021-09-17 09:49 - 2021-09-17 09:49 - 000732000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ortcengine.dll
2021-09-17 09:49 - 2021-09-17 09:49 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-09-17 09:49 - 2021-09-17 09:49 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-09-17 09:49 - 2021-09-17 09:49 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-09-17 09:49 - 2021-09-17 09:49 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncpa.cpl
2021-09-17 09:49 - 2021-09-17 09:49 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-09-17 09:49 - 2021-09-17 09:49 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-09-17 09:49 - 2021-09-17 09:49 - 000055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmmvrortc.dll
2021-09-17 09:48 - 2021-09-17 09:48 - 001864192 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll
2021-09-17 09:48 - 2021-09-17 09:48 - 000611952 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-09-17 09:48 - 2021-09-17 09:48 - 000468440 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-09-17 09:48 - 2021-09-17 09:48 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-09-17 09:48 - 2021-09-17 09:48 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-09-17 09:48 - 2021-09-17 09:48 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bthprops.cpl
2021-09-17 09:48 - 2021-09-17 09:48 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\activeds.tlb
2021-09-17 09:48 - 2021-09-17 09:48 - 000047472 _____ C:\WINDOWS\SysWOW64\umpdc.dll
2021-09-17 09:48 - 2021-09-17 09:48 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2021-09-17 09:47 - 2021-09-17 09:47 - 004898144 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpltfm.dll
2021-09-17 09:47 - 2021-09-17 09:47 - 001354080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpal.dll
2021-09-17 09:47 - 2021-09-17 09:47 - 001091936 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmcodecs.dll
2021-09-17 09:47 - 2021-09-17 09:47 - 001032544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ortcengine.dll
2021-09-17 09:47 - 2021-09-17 09:47 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-09-17 09:47 - 2021-09-17 09:47 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-09-17 09:47 - 2021-09-17 09:47 - 000240640 _____ C:\WINDOWS\SysWOW64\CoreMas.dll
2021-09-17 09:47 - 2021-09-17 09:47 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-09-17 09:47 - 2021-09-17 09:47 - 000056672 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmmvrortc.dll
2021-09-17 09:47 - 2021-09-17 09:47 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msacm32.drv
2021-09-17 09:47 - 2021-09-17 09:47 - 000010752 _____ C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe
2021-09-17 09:46 - 2021-09-17 09:46 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-09-17 09:46 - 2021-09-17 09:46 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncpa.cpl
2021-09-17 09:46 - 2021-09-17 09:46 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2021-09-17 09:45 - 2021-09-17 09:45 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2021-09-17 09:45 - 2021-09-17 09:45 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-09-17 09:45 - 2021-09-17 09:45 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthprops.cpl
2021-09-17 09:45 - 2021-09-17 09:45 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-09-17 09:45 - 2021-09-17 09:45 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2021-09-17 09:45 - 2021-09-17 09:45 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\activeds.tlb
2021-09-17 09:45 - 2021-09-17 09:45 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-09-17 09:45 - 2021-09-17 09:45 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt
2021-09-17 09:44 - 2021-09-17 09:44 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2021-09-17 09:44 - 2021-09-17 09:44 - 000707016 _____ C:\WINDOWS\system32\TextShaping.dll
2021-09-17 09:44 - 2021-09-17 09:44 - 000657464 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-09-17 09:44 - 2021-09-17 09:44 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2021-09-17 09:44 - 2021-09-17 09:44 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-09-17 09:44 - 2021-09-17 09:44 - 000029696 _____ (The ICU Project) C:\WINDOWS\system32\icuuc.dll
2021-09-17 09:44 - 2021-09-17 09:44 - 000025088 _____ (The ICU Project) C:\WINDOWS\system32\icuin.dll
2021-09-17 09:43 - 2021-09-17 09:43 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-09-17 09:42 - 2021-09-17 09:42 - 004227116 _____ C:\WINDOWS\system32\DefaultHrtfs.bin
2021-09-17 09:42 - 2021-09-17 09:42 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2021-09-17 09:42 - 2021-09-17 09:42 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2021-09-17 09:42 - 2021-09-17 09:42 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-09-17 09:42 - 2021-09-17 09:42 - 000197632 _____ C:\WINDOWS\system32\IHDS.dll
2021-09-17 09:42 - 2021-09-17 09:42 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2021-09-17 09:42 - 2021-09-17 09:42 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-09-17 09:42 - 2021-09-17 09:42 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2021-09-17 09:42 - 2021-09-17 09:42 - 000064552 _____ C:\WINDOWS\system32\umpdc.dll
2021-09-17 09:42 - 2021-09-17 09:42 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.drv
2021-09-17 09:42 - 2021-09-17 09:42 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2021-09-17 09:19 - 2021-09-17 09:19 - 000076060 _____ C:\WINDOWS\SysWOW64\xpsrchvw.xml
2021-09-17 09:19 - 2021-09-17 09:19 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml
2021-09-17 09:04 - 2021-09-17 09:04 - 000000000 ____D C:\Program Files\Reference Assemblies
2021-09-17 09:04 - 2021-09-17 09:04 - 000000000 ____D C:\Program Files\MSBuild
2021-09-17 09:04 - 2021-09-17 09:04 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2021-09-17 09:04 - 2021-09-17 09:04 - 000000000 ____D C:\Program Files (x86)\MSBuild
2021-09-17 09:04 - 2021-09-17 09:04 - 000000000 ____D C:\inetpub
2021-09-17 07:37 - 2021-09-17 07:37 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime
2021-09-17 07:25 - 2021-09-17 07:25 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2021-09-17 07:17 - 2021-09-17 07:17 - 000000020 ___SH C:\Users\Sinikka\ntuser.ini
2021-09-17 07:10 - 2021-09-30 16:57 - 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-09-17 07:10 - 2021-09-30 16:57 - 000003296 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-09-17 07:10 - 2021-09-26 17:27 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-09-17 07:10 - 2021-09-26 12:22 - 000003362 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2038757326-2490540420-1122988387-1002
2021-09-17 07:10 - 2021-09-17 07:13 - 000003070 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{F5DDAC53-FF7B-46F0-B525-1D60B5C3EAEE}
2021-09-17 07:10 - 2021-09-17 07:13 - 000002812 _____ C:\WINDOWS\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2038757326-2490540420-1122988387-1002
2021-09-17 07:10 - 2021-09-17 07:12 - 000003408 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-09-17 07:10 - 2021-09-17 07:12 - 000002258 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC - Sinikka
2021-09-17 07:10 - 2021-09-17 07:12 - 000002220 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC
2021-09-17 07:10 - 2021-09-17 07:11 - 000003482 _____ C:\WINDOWS\system32\Tasks\EPSON WF-3620 Series Update {730E568F-07C2-4CCF-A22F-5BCEE96E5785}
2021-09-17 07:10 - 2021-09-17 07:11 - 000003304 _____ C:\WINDOWS\system32\Tasks\EPSON WF-3620 Series Invitation {730E568F-07C2-4CCF-A22F-5BCEE96E5785}
2021-09-17 07:10 - 2021-09-17 07:11 - 000002850 _____ C:\WINDOWS\system32\Tasks\HPPSDrTelemetryWatch
2021-09-17 07:10 - 2021-09-17 07:11 - 000002340 _____ C:\WINDOWS\system32\Tasks\MirageAgent
2021-09-17 07:10 - 2021-09-17 07:11 - 000002040 _____ C:\WINDOWS\system32\Tasks\Synaptics TouchPad Enhancements
2021-09-17 07:10 - 2021-09-17 07:10 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-09-17 07:10 - 2021-09-17 07:10 - 000003184 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-09-17 07:10 - 2021-09-17 07:10 - 000003092 _____ C:\WINDOWS\system32\Tasks\HPGenoobeReminder
2021-09-17 07:10 - 2021-09-17 07:10 - 000002988 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-09-17 07:10 - 2021-09-17 07:10 - 000000000 ____D C:\WINDOWS\system32\Tasks\WPD
2021-09-17 07:10 - 2021-09-17 07:10 - 000000000 ____D C:\WINDOWS\system32\Tasks\S-1-5-21-2038757326-2490540420-1122988387-1002
2021-09-17 07:10 - 2021-09-17 07:10 - 000000000 ____D C:\WINDOWS\system32\Tasks\Hewlett-Packard
2021-09-17 07:07 - 2021-09-17 07:10 - 000007623 _____ C:\WINDOWS\diagwrn.xml
2021-09-17 07:07 - 2021-09-17 07:10 - 000007623 _____ C:\WINDOWS\diagerr.xml
2021-09-17 06:51 - 2021-09-26 11:52 - 000934898 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-09-17 06:36 - 2021-09-26 12:22 - 000002389 _____ C:\Users\Sinikka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-09-17 06:36 - 2021-09-23 05:04 - 000000000 ____D C:\Users\Sinikka
2021-09-17 06:28 - 2021-10-01 05:13 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-09-17 06:28 - 2021-09-18 20:51 - 000443496 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-09-05 16:22 - 2021-09-05 16:22 - 001867201 _____ C:\Users\Sinikka\Documents\August 21.pdf
2021-09-03 05:15 - 2021-09-03 05:15 - 003572090 _____ C:\Users\Sinikka\Documents\vero2020.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-10-01 05:13 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-10-01 05:02 - 2017-08-07 20:59 - 000000000 ____D C:\Program Files (x86)\Google
2021-10-01 03:57 - 2017-10-11 10:53 - 000000000 ____D C:\Program Files\CCleaner
2021-10-01 01:59 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-10-01 01:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-09-29 14:35 - 2017-08-01 20:38 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-09-29 10:19 - 2021-08-10 05:39 - 000000000 ___DC C:\WINDOWS\Panther
2021-09-26 17:42 - 2019-02-02 19:03 - 000000000 ____D C:\Users\Sinikka\AppData\Local\PlaceholderTileLogoFolder
2021-09-26 17:32 - 2017-12-11 08:32 - 000000000 ____D C:\Users\Sinikka\AppData\Local\Packages
2021-09-26 17:27 - 2020-07-30 06:44 - 000008192 ___SH C:\DumpStack.log.tmp
2021-09-26 17:27 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-09-26 17:26 - 2019-12-07 05:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-09-26 17:26 - 2017-08-03 17:20 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2021-09-26 17:00 - 2021-05-04 19:48 - 000000000 ____D C:\Program Files\HPPrintScanDoctor
2021-09-26 16:56 - 2017-08-07 21:00 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-09-26 16:56 - 2017-08-07 21:00 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-09-26 12:20 - 2020-04-10 11:33 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-09-26 12:20 - 2020-04-10 11:33 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-09-26 11:52 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF
2021-09-23 03:33 - 2017-08-07 21:42 - 000000000 ____D C:\Program Files\WinRAR
2021-09-19 19:08 - 2017-08-09 00:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2021-09-19 19:08 - 2017-08-09 00:39 - 000000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2021-09-19 19:06 - 2017-08-01 20:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2021-09-19 19:06 - 2017-08-01 20:34 - 000000000 ____D C:\Program Files (x86)\Java
2021-09-19 19:04 - 2017-08-01 20:34 - 000164696 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2021-09-19 19:02 - 2017-08-07 21:42 - 000000000 ____D C:\Users\Sinikka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-09-19 19:02 - 2017-08-07 21:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-09-19 18:13 - 2019-12-07 05:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-09-19 03:34 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\appcompat
2021-09-18 21:20 - 2017-12-28 07:00 - 000000000 ____D C:\Users\Sinikka\Desktop\Maintenance
2021-09-18 20:46 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-09-18 20:46 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-09-18 20:46 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-09-18 20:46 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-09-18 20:46 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-09-18 20:46 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-09-18 20:46 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-09-18 20:46 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-09-18 20:46 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-09-18 20:46 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-09-18 20:46 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-09-18 20:46 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2021-09-18 20:46 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2021-09-18 20:46 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-09-18 20:46 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-09-18 20:46 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-09-18 20:46 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\servicing
2021-09-18 19:14 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-09-18 18:05 - 2021-01-27 20:37 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-09-18 17:57 - 2017-08-01 01:13 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-09-18 17:56 - 2017-08-01 01:13 - 135637312 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-09-18 09:03 - 2017-08-07 21:29 - 000000000 ____D C:\Users\Sinikka\AppData\Local\ClassicShell
2021-09-18 08:45 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-09-17 10:27 - 2019-12-07 05:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2021-09-17 10:27 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2021-09-17 10:27 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2021-09-17 10:27 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\spool
2021-09-17 10:27 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\InputMethod
2021-09-17 10:27 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\Registration
2021-09-17 10:27 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-09-17 10:27 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\InputMethod
2021-09-17 10:27 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-09-17 10:27 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-09-17 10:27 - 2019-06-22 11:59 - 000000000 ____D C:\Program Files\UNP
2021-09-17 10:27 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2021-09-17 10:27 - 2018-02-03 10:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bloodshed Dev-C++
2021-09-17 10:27 - 2017-10-13 16:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2021-09-17 10:27 - 2017-10-11 10:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2021-09-17 10:27 - 2017-10-10 15:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2021-09-17 10:27 - 2017-08-23 06:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken 2017
2021-09-17 10:27 - 2017-08-08 22:53 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2021-09-17 10:27 - 2017-08-08 22:47 - 000000000 ____D C:\WINDOWS\SHELLNEW
2021-09-17 10:27 - 2017-08-03 17:06 - 000000000 ____D C:\Program Files\AMD
2021-09-17 10:27 - 2017-07-31 21:23 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2021-09-17 10:27 - 2017-07-31 21:19 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2021-09-17 10:27 - 2017-07-31 21:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2021-09-17 10:27 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2021-09-17 10:27 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2021-09-17 10:26 - 2019-12-07 05:18 - 000000000 ____D C:\WINDOWS\Setup
2021-09-17 10:26 - 2019-12-07 05:14 - 000000000 __RHD C:\Users\Public\Libraries
2021-09-17 10:26 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\USOPrivate
2021-09-17 10:19 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2021-09-17 10:19 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2021-09-17 10:19 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2021-09-17 10:19 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2021-09-17 10:19 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-09-17 10:19 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-09-17 10:19 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\IME
2021-09-17 10:19 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-09-17 10:18 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\Resources
2021-09-17 10:18 - 2017-10-13 16:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2021-09-17 10:18 - 2017-08-03 17:07 - 000000000 ____D C:\Program Files\Synaptics
2021-09-17 10:18 - 2017-08-03 17:06 - 000000000 ____D C:\Program Files\Common Files\ATI Technologies
2021-09-17 10:18 - 2017-07-31 21:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2021-09-17 10:06 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-09-17 10:06 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-09-17 10:06 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-09-17 10:06 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-09-17 10:06 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2021-09-17 10:06 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
2021-09-17 10:06 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2021-09-17 10:06 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2021-09-17 10:06 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-09-17 10:06 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-09-17 10:06 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-09-17 10:06 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2021-09-17 10:05 - 2019-12-07 05:52 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-09-17 10:05 - 2019-12-07 05:52 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-09-17 10:05 - 2019-12-07 05:50 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2021-09-17 10:05 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-09-17 10:05 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-09-17 10:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2021-09-17 10:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-09-17 10:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-09-17 10:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Keywords
2021-09-17 10:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2021-09-17 10:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-09-17 10:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Com
2021-09-17 10:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-09-17 10:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-09-17 10:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-09-17 10:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\IME
2021-09-17 10:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-09-17 10:05 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2021-09-17 10:02 - 2019-12-07 05:52 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2021-09-17 10:02 - 2019-12-07 05:52 - 000020908 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2021-09-17 07:37 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-09-17 07:18 - 2017-12-11 08:54 - 000000000 ___RD C:\Users\Sinikka\3D Objects
2021-09-17 07:18 - 2017-07-31 21:55 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-09-17 07:12 - 2019-12-07 05:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-09-17 07:10 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-09-17 06:50 - 2019-12-07 05:14 - 000000000 __RSD C:\WINDOWS\Media
2021-09-17 06:34 - 2017-08-03 17:07 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2021-09-17 03:48 - 2018-02-19 01:39 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-09-05 16:54 - 2020-04-20 10:20 - 000000000 ____D C:\Users\Sinikka\Desktop\Valencia milage
2021-09-01 18:30 - 2017-08-01 02:13 - 000803176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-09-2021 02
Ran by Sinikka (01-10-2021 05:43:30)
Running from C:\Users\Sinikka\Downloads
Windows 10 Home Version 21H1 19043.1237 (X64) (2021-09-17 11:14:20)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2038757326-2490540420-1122988387-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2038757326-2490540420-1122988387-503 - Limited - Disabled)
Guest (S-1-5-21-2038757326-2490540420-1122988387-501 - Limited - Disabled)
Sinikka (S-1-5-21-2038757326-2490540420-1122988387-1002 - Administrator - Enabled) => C:\Users\Sinikka
WDAGUtilityAccount (S-1-5-21-2038757326-2490540420-1122988387-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.007.20095 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{8FE9C1D4-F5E4-B855-1D79-FF5D11F54A19}) (Version: 8.0.891.0 - Advanced Micro Devices, Inc.)
AMD VISION Engine Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.85 - Piriform)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.2.2114 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.2.3317 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.2.2126 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.7.4528 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.5.5811 - CyberLink Corp.)
Dev-C++ (HKLM-x32\...\Dev-C++) (Version: 5.11 - Bloodshed Software)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.4.0 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{006C8256-3855-43BF-8BA5-4B4C40F41F71}) (Version: 3.10.0065 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 2.20.00 - Seiko Epson Corporation)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - Seiko Epson Corporation)
Epson ReadyInk Agent (A) (HKLM-x32\...\{A9B4584F-A29E-4880-97E6-1744B4AF2AF8}) (Version: 1.0.1.0 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{60A3CB9F-4429-4C7A-AA97-77CC4FE10671}) (Version: 4.4.9 - Seiko Epson Corporation)
EPSON Universal Print Driver Printer Uninstall (HKLM\...\EPSON Universal Print Driver) (Version: - SEIKO EPSON Corporation)
EPSON WF-3620 Series Printer Uninstall (HKLM\...\EPSON WF-3620 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM\...\{96ED1D58-440C-4345-8FEE-C4781366C67F}) (Version: 3.1.4.0 - SEIKO EPSON Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 94.0.4606.61 - Google LLC)
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.8 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
Java 8 Update 301 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180301F0}) (Version: 8.0.3010.9 - Oracle Corporation)
K-Lite Mega Codec Pack 16.4.6 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 16.4.6 - KLCP)
Malwarebytes version 4.4.6.132 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.6.132 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 94.0.992.31 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2038757326-2490540420-1122988387-1002\...\OneDriveSetup.exe) (Version: 21.170.0822.0002 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-2038757326-2490540420-1122988387-1002\...\Teams) (Version: 1.3.00.4461 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B981965-2FBC-433C-B4B3-E183EE97CD29}) (Version: 2.83.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Quicken 2017 (HKLM-x32\...\{E5AE4F66-CDA1-432A-A69E-C685D454ABDA}) (Version: 26.1.20.6 - Quicken)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29031 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
RogueKiller version 15.1.0.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 15.1.0.0 - Adlice Software)
SafeConnect PolicyKey (HKLM-x32\...\SafeConnect) (Version: - Impulse Point, LLC)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.31 - Synaptics Incorporated)
UCheck version 4.1.0.0 (HKLM\...\C4E7EE54-826F-41C4-BE3C-375CC70DC1D8_is1) (Version: 4.1.0.0 - Adlice Software)
Update for Skype for Business 2016 (KB4493155) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{5376168B-3DBF-4B19-9F74-2ECBDC1BFB46}) (Version: - Microsoft)
Update for Skype for Business 2016 (KB4493155) 64-Bit Edition (HKLM\...\{90160000-00C1-0000-1000-0000000FF1CE}_Office16.PROPLUS_{5376168B-3DBF-4B19-9F74-2ECBDC1BFB46}) (Version: - Microsoft)
Update for Skype for Business 2016 (KB4493155) 64-Bit Edition (HKLM\...\{90160000-012B-0409-1000-0000000FF1CE}_Office16.PROPLUS_{5376168B-3DBF-4B19-9F74-2ECBDC1BFB46}) (Version: - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C99F4AFA-B32C-4063-865C-D7B5CC0A78FB}) (Version: 2.54.0.0 - Microsoft Corporation)
WinRAR 6.02 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.02.0 - win.rar GmbH)

Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-07] (Autodesk Inc.)
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_7.8.33.0_x86__kgqvnymyfvs32 [2021-09-18] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.203.500.0_x86__kgqvnymyfvs32 [2021-10-01] (king.com)
March of Empires: War of Lords -> C:\Program Files\WindowsApps\A278AB0D.MarchofEmpires_5.9.13.0_x86__h6adky7gbf63m [2021-10-01] (Gameloft SE)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-13] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-13] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.7290.0_x64__8wekyb3d8bbwe [2021-09-18] (Microsoft Studios) [MS Ad]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.17.3202.0_x64__8wekyb3d8bbwe [2021-10-01] (Microsoft Studios)
MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2021-09-26] (Microsoft Corporation) [MS Ad]
MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2017-08-02] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2017-08-02] (Microsoft Corporation) [MS Ad]
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-23] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-11-10] (Microsoft Corporation)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-17] (Twitter Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2038757326-2490540420-1122988387-1002_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Sinikka\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20031.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2038757326-2490540420-1122988387-1002_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Sinikka\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20031.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2038757326-2490540420-1122988387-1002_Classes\CLSID\{D9AC5E73-BB10-467b-B884-AA1E475C51F5}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-09-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-09-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.LAGS] => C:\WINDOWS\system32\lagarith.dll [148992 2011-12-07] () [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\WINDOWS\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\WINDOWS\system32\xvidvfw.dll [310784 2019-12-28] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\WINDOWS\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] () [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [284160 2019-12-28] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-24] () [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2012-10-18 10:28 - 2012-10-18 10:28 - 000073728 _____ () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2017-07-31 21:05 - 2012-02-07 18:59 - 000166912 _____ (Realtek Semiconductor Corp.) [File not signed] C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RsCRLib.dll
2016-09-14 14:31 - 2016-09-14 14:31 - 000500736 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enppmon.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2021-04-15] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2018-07-20] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2021-04-14] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_301\bin\ssv.dll [2021-09-19] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2018-07-22] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_301\bin\jp2ssv.dll [2021-09-19] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll => No File
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2021-08-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2021-08-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2021-08-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2021-08-18] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2038757326-2490540420-1122988387-1002\...\sharepoint.com -> hxxps://mailvalenciacc-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2017-10-11 13:55 - 000000862 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 app.drivereasy.com

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2038757326-2490540420-1122988387-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "HP Quick Launch"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "EEventManager"
HKLM\...\StartupApproved\Run32: => "FUFAXRCV"
HKLM\...\StartupApproved\Run32: => "FUFAXSTM"
HKU\S-1-5-21-2038757326-2490540420-1122988387-1002\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2038757326-2490540420-1122988387-1002\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2038757326-2490540420-1122988387-1002\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
HKU\S-1-5-21-2038757326-2490540420-1122988387-1002\...\StartupApproved\Run: => "QuickenScheduledUpdates"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{F3FDE4B0-977F-43C0-823F-4B7C5384F0AA}C:\program files (x86)\hp\diagnostics\telemetrywatch\psdrtelemetrywatch.exe] => (Allow) C:\program files (x86)\hp\diagnostics\telemetrywatch\psdrtelemetrywatch.exe (HP Inc. -> )
FirewallRules: [TCP Query User{45FB7B25-F945-4F9A-B440-821FFF381E00}C:\program files (x86)\hp\diagnostics\telemetrywatch\psdrtelemetrywatch.exe] => (Allow) C:\program files (x86)\hp\diagnostics\telemetrywatch\psdrtelemetrywatch.exe (HP Inc. -> )
FirewallRules: [{3491117B-1770-4F55-8E3E-A62F22ECE43E}] => (Allow) C:\Users\Sinikka\AppData\Local\Temp\7zS2441\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{710543CE-4793-41AE-B310-265B06A41659}] => (Allow) C:\Users\Sinikka\AppData\Local\Temp\7zS2441\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{CECE17D4-0780-43A8-9EA1-95AB71BAADA2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0A4946EC-580A-4249-A9E2-654FEB74C0D2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{23450FC5-F563-4097-BC69-6E96B1E903F4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F3411DCB-43A0-4F77-93DB-8F9792633879}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{00AD20A8-0A06-4B4C-B30A-60E0D1A481AB}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE (CyberLink -> CyberLink Corp.)
FirewallRules: [{A31299BC-30F4-4925-BE3C-6F3DB3FD2CF5}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE (CyberLink -> CyberLink Corp.)
FirewallRules: [{12A88403-9B2C-4585-B749-C33E8830CD28}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe => No File
FirewallRules: [{E9805EC8-068D-4496-94D5-57C797BEAA99}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe => No File
FirewallRules: [{BB754820-545C-48D4-86D3-B081D1528497}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe => No File
FirewallRules: [{F0F3EF6C-40FA-4B74-8BA2-A9AC85BC18F6}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe => No File
FirewallRules: [{159ED1AC-E63F-443C-925D-FAB290EC0826}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F95AF484-F7FE-4BA8-85A4-F9FA9BA05EDF}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B86FA8E3-7683-47F2-80FD-D6EFCBB98B23}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0BB68EFD-BF0E-4F82-BEA9-47EF170F95B9}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1A226B5E-3505-4128-8301-23F1C39323AD}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{1FC7779A-94EE-4862-BBB9-41DCBEB60C94}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{C4B61AA0-4C7E-43F0-9A8E-57BD7C76E936}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{F136A758-DA06-445C-888F-7BFA382CECB6}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{DB621404-C4E5-4BAE-BA6A-4BD2B60B9323}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [{CDEEA2E8-A5BE-441B-91FD-190F85AA0302}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [{7818D18F-1993-4478-959B-1BA7FF8A8B56}] => (Allow) C:\Users\Sinikka\AppData\Local\Temp\7zS2EAD\HP.EasyStart.exe => No File
FirewallRules: [{83B9C27D-517F-425B-8CE3-52100E4BF0A1}] => (Allow) C:\Users\Sinikka\AppData\Local\Temp\7zS3327\HP.EasyStart.exe => No File
FirewallRules: [{325B0FCE-4603-457E-9D6C-408CE6F4EEA4}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BD111D1E-94BB-4DBA-AA0D-2CDD55D04830}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4DD13BD8-B7AF-4AD9-A987-7039F1666E08}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1C3A6417-E6ED-4F0A-BE31-B9A36453FF8C}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AA5B7434-D3EC-4164-89B6-A878076C3C2B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FAEEB751-810A-4CD4-8E66-89ED63D02DE1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8A86173C-86CD-411B-9F15-EC3F7E32153C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{42C0DE6C-F800-46B8-BE8F-F4ED13BCB36E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F4563D3D-1D59-472F-8920-91C9F3367CCA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{6409C690-1EC9-404E-8A2C-39E13A2FA994}] => (Allow) C:\Users\Sinikka\AppData\Local\Temp\7zS0352\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{ECC475BB-1FEA-49A4-AFE8-7ACAA69565CF}] => (Allow) C:\Users\Sinikka\AppData\Local\Temp\7zS0352\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)

==================== Restore Points =========================

29-09-2021 17:32:46 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (10/01/2021 05:23:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SecHealthUI.exe, version: 10.0.19041.844, time stamp: 0x7014f562
Faulting module name: KERNELBASE.dll, version: 10.0.19041.1202, time stamp: 0xc9db1934
Exception code: 0xc000027b
Fault offset: 0x000000000010be3e
Faulting process id: 0x1454
Faulting application start time: 0x01d7b6a5719ab4a3
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 438cf780-e6c4-40a0-b090-3d6cf867e829
Faulting package full name: Microsoft.Windows.SecHealthUI_10.0.19041.1023_neutral__cw5n1h2txyewy
Faulting package-relative application ID: SecHealthUI

Error: (10/01/2021 01:50:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MBAMService.exe, version: 3.2.0.996, time stamp: 0x6140d6aa
Faulting module name: ntdll.dll, version: 10.0.19041.1202, time stamp: 0x4f115fac
Exception code: 0xc0000374
Fault offset: 0x00000000000ff199
Faulting process id: 0x252c
Faulting application start time: 0x01d7b5d5ff208d63
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 8640127e-c1d1-4908-83d6-805d97e9f27d
Faulting package full name:
Faulting package-relative application ID:

Error: (09/30/2021 04:35:09 AM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.

Error: (09/29/2021 09:49:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_OneSyncSvc, version: 10.0.19041.546, time stamp: 0x058e175a
Faulting module name: SYNCUTIL.dll, version: 10.0.19041.746, time stamp: 0x9dfd6167
Exception code: 0xe0464645
Fault offset: 0x000000000001dc43
Faulting process id: 0x1820
Faulting application start time: 0x01d7b539311a5ffd
Faulting application path: C:\WINDOWS\system32\svchost.exe
Faulting module path: c:\windows\system32\SYNCUTIL.dll
Report Id: 93052e63-2cf8-4c57-a97f-fe41c9a8b3d5
Faulting package full name:
Faulting package-relative application ID:

Error: (09/29/2021 05:33:15 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (09/29/2021 05:32:38 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on RECOVERY (D because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (09/29/2021 05:32:37 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on (C because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (09/29/2021 03:27:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.19041.1202, time stamp: 0xdba1e981
Faulting module name: lockcontroller.dll, version: 10.0.19041.964, time stamp: 0x0791d21c
Exception code: 0xc0000005
Fault offset: 0x0000000000022aaa
Faulting process id: 0x1c34
Faulting application start time: 0x01d7b5393c4ec3ef
Faulting application path: C:\WINDOWS\Explorer.EXE
Faulting module path: C:\WINDOWS\system32\lockcontroller.dll
Report Id: dec7bfc1-c260-4223-9824-b7a57a2b5d7e
Faulting package full name:
Faulting package-relative application ID:

System errors:
=============
Error: (10/01/2021 01:51:46 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Malwarebytes Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (09/26/2021 05:27:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.2.0 service failed to start due to the following error:
The system cannot find the file specified.

Error: (09/26/2021 05:26:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Microsoft Defender Antivirus Service service terminated with the following error:
%%2147942402 = The system cannot find the file specified.

Error: (09/26/2021 05:25:57 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.

Error: (09/26/2021 05:05:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.2.0 service failed to start due to the following error:
The system cannot find the file specified.

Error: (09/26/2021 05:02:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Microsoft Defender Antivirus Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (09/26/2021 05:02:47 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Malwarebytes Service service did not shut down properly after receiving a preshutdown control.

Error: (09/23/2021 03:43:08 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Security Center service hung on starting.

Windows Defender:
================
Date: 2021-09-18 21:43:47
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li.../PiriformBundler&threatid=277517&enterprise=1
Name: PUA:Win32/PiriformBundler
Severity: Severe
Category: Potentially Unwanted Software
Path: containerfile:_C:\Users\Sinikka\Downloads\ccsetup561.exe; file:_C:\Users\Sinikka\Downloads\ccsetup561.exe; file:_C:\Users\Sinikka\Downloads\ccsetup561.exe->(nsis-instdata)
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.349.1002.0, AS: 1.349.1002.0, NIS: 1.349.1002.0
Engine Version: AM: 1.1.18500.10, NIS: 1.1.18500.10

Date: 2021-09-18 21:43:36
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li.../PiriformBundler&threatid=277517&enterprise=1
Name: PUA:Win32/PiriformBundler
Severity: Severe
Category: Potentially Unwanted Software
Path: containerfile:_C:\Users\Sinikka\Downloads\ccsetup561.exe; file:_C:\Users\Sinikka\Downloads\ccsetup561.exe; file:_C:\Users\Sinikka\Downloads\ccsetup561.exe->(nsis-instdata)
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Users\Sinikka\Downloads\FRST64.exe
Security intelligence Version: AV: 1.349.1002.0, AS: 1.349.1002.0, NIS: 1.349.1002.0
Engine Version: AM: 1.1.18500.10, NIS: 1.1.18500.10

==================== Memory info ===========================

BIOS: Insyde F.1C 09/09/2013
Motherboard: Hewlett-Packard 193B
Processor: AMD A6-4455M APU with Radeon(tm) HD Graphics
Percentage of memory in use: 74%
Total physical RAM: 3554.26 MB
Available physical RAM: 919.46 MB
Total Virtual: 6036.98 MB
Available Virtual: 994.57 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:434.31 GB) (Free:325.89 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:29 GB) (Free:3.36 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: () (Fixed) (Total:0.91 GB) (Free:0.27 GB) NTFS

\\?\Volume{8bbd2a27-1bc7-489d-bf1b-a3c6af4c2eae}\ (WINRE) (Fixed) (Total:0.39 GB) (Free:0.14 GB) NTFS
\\?\Volume{ae7c97a0-8309-4658-9308-4d5f633188df}\ () (Fixed) (Total:0.77 GB) (Free:0.75 GB) NTFS
\\?\Volume{ff905bca-7094-4f23-b857-ec711ed7b8f7}\ () (Fixed) (Total:0.25 GB) (Free:0.16 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 16A83E64)

Partition: GPT.

==================== End of Addition.txt =======================

Please advise of next steps and thanks.

broni · Oct 1, 2021

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

dashelter · Oct 1, 2021

Here's the log:

Fix result of Farbar Recovery Scan Tool (x64) Version: 22-09-2021 02
Ran by Sinikka (01-10-2021 17:06:06) Run:1
Running from C:\Users\Sinikka\Desktop\New folder
Loaded Profiles: Sinikka
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
Task: {BD0B898F-7D4C-4EF2-B503-6AD6C1981603} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll => No File
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
FirewallRules: [{3491117B-1770-4F55-8E3E-A62F22ECE43E}] => (Allow) C:\Users\Sinikka\AppData\Local\Temp\7zS2441\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{710543CE-4793-41AE-B310-265B06A41659}] => (Allow) C:\Users\Sinikka\AppData\Local\Temp\7zS2441\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{12A88403-9B2C-4585-B749-C33E8830CD28}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe => No File
FirewallRules: [{E9805EC8-068D-4496-94D5-57C797BEAA99}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe => No File
FirewallRules: [{BB754820-545C-48D4-86D3-B081D1528497}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe => No File
FirewallRules: [{F0F3EF6C-40FA-4B74-8BA2-A9AC85BC18F6}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe => No File
FirewallRules: [{7818D18F-1993-4478-959B-1BA7FF8A8B56}] => (Allow) C:\Users\Sinikka\AppData\Local\Temp\7zS2EAD\HP.EasyStart.exe => No File
FirewallRules: [{83B9C27D-517F-425B-8CE3-52100E4BF0A1}] => (Allow) C:\Users\Sinikka\AppData\Local\Temp\7zS3327\HP.EasyStart.exe => No File

*****************

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BD0B898F-7D4C-4EF2-B503-6AD6C1981603}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD0B898F-7D4C-4EF2-B503-6AD6C1981603}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\EOSNotify" => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} => removed successfully
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File) => Error: No automatic fix found for this entry.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3491117B-1770-4F55-8E3E-A62F22ECE43E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{710543CE-4793-41AE-B310-265B06A41659}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{12A88403-9B2C-4585-B749-C33E8830CD28}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E9805EC8-068D-4496-94D5-57C797BEAA99}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BB754820-545C-48D4-86D3-B081D1528497}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F0F3EF6C-40FA-4B74-8BA2-A9AC85BC18F6}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7818D18F-1993-4478-959B-1BA7FF8A8B56}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{83B9C27D-517F-425B-8CE3-52100E4BF0A1}" => removed successfully

==== End of Fixlog 17:06:08 ====

Please advise of next steps and many thanks.

broni · Oct 2, 2021

Last scans...

Download Security Check from here or here and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

Internet Services

Windows Firewall

System Restore

Security Center

Windows Update

Windows Defender

Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

Double click the icon and select Run

Click Next

Select I accept the terms in this license agreement, then click Next twice

Click Install

Click Finish to launch the program

Once the virus database has been updated click Start Scanning

If any threats are found click Details, then View log file... (bottom left hand corner)

Copy and paste the results in your reply

Close the Notepad document, close the Threat Details screen, then click Start cleanup

Click Exit to close the program

dashelter · Oct 3, 2021

Here are the scans requested:

Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 301
Java version 32-bit out of Date!
Google Chrome (94.0.4606.61)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

Farbar Service Scanner Version: 23-12-2020
Ran by Sinikka (administrator) on 02-10-2021 at 15:24:25
Running from "C:\Users\Sinikka\Downloads"
Microsoft Windows 10 Home (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Policy:
========================

Windows Security:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\Drivers\afd.sys => File is digitally signed
C:\Windows\System32\Drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\SecurityHealthService.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

Please advise and thanks.

broni · Oct 3, 2021

I still need Sophos log.

dashelter · Oct 5, 2021

it says no virus found.

broni · Oct 5, 2021

Your computer is clean [img=[URL]https://www.bleepstatic.com/fhost/uploads/6/snag-0004.jpg][/URL]

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

Activate UAC (optional; some users prefer to keep it off)

Remove disinfection tools

Create registry backup

Purge System Restore

Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC) and AdwCleaner weekly (you need to redownload these tools since they were removed by DelFix).

7. (optional) If you want to keep all your programs up to date, download and install FileHippo App Manager.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

8. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

9. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

10. Please, let me know, how your computer is doing.

Log in or Sign up

Laptop running Extremely slow- Infected

dashelter Established Techie7 Member

broni Malware Annihilator Techie7 Moderator Head Security

dashelter Established Techie7 Member

broni Malware Annihilator Techie7 Moderator Head Security

broni Malware Annihilator Techie7 Moderator Head Security

dashelter Established Techie7 Member

broni Malware Annihilator Techie7 Moderator Head Security

Attached Files:

fixlist.txt

dashelter Established Techie7 Member

broni Malware Annihilator Techie7 Moderator Head Security

dashelter Established Techie7 Member

broni Malware Annihilator Techie7 Moderator Head Security

dashelter Established Techie7 Member

broni Malware Annihilator Techie7 Moderator Head Security

Log in or Sign up

Laptop running Extremely slow- Infected

dashelter Established Techie7 Member

broni Malware Annihilator Techie7 Moderator Head Security

dashelter Established Techie7 Member

broni Malware Annihilator Techie7 Moderator Head Security

broni Malware Annihilator Techie7 Moderator Head Security

dashelter Established Techie7 Member

broni Malware Annihilator Techie7 Moderator Head Security

Attached Files:

fixlist.txt

dashelter Established Techie7 Member

broni Malware Annihilator Techie7 Moderator Head Security

dashelter Established Techie7 Member

broni Malware Annihilator Techie7 Moderator Head Security

dashelter Established Techie7 Member

broni Malware Annihilator Techie7 Moderator Head Security

Useful Searches