Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus? Programs connecting to bad IP


  • This topic is locked This topic is locked
4 replies to this topic

#1 XplodingZ

XplodingZ

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:55 PM

Posted 21 November 2017 - 10:38 AM

Hello all.

 

I am on W10 and I have a problem that is a little beyond me.

 

Long story short, I fell asleep binge watching Spongebob and so my PC was left on all night. When I woke, things were terribly wrong.

 

My connection to the internets on chrome slowed down rapidly then it ceased altogether. My Kaspersky  wouldn't go past 20% in its update. Fortunately I can connect through firefox.

 

However, here is the nasty stuff: svchost.exe, chrome.exe, avp.exe and rarely some other programs that pop up all point to "95.ry.cz" as an address in my resource monitor's network activity screen.

 

I instantly downloaded malwarebytes and did a scan and it found some stuff but nothing major. A Kaspersky scan said I am fine too. My brain thought my internet is hacked. however doing a trace through CMD to google.com works just fine. My DNS is okay.

I flushed my dns and restarted

 

Malwarebytes didnt work. Perhaps Kaspersky is broken. I uninstalled it. I tried to reinstall and guess what.. its trying to download from "95.ry.cz"

 

CCleaner does the same thing. so nothing updates to actually work.

Its as if.. any data my PC asks for is being requested from this "95.ry.cz" except firefox and League of Legends. (Have not tried connecting to anything else, oh The Powder Toy connects fine. )

 

As a note.. this "95.ry.cz" IP address is 185.82.212.95.

 

I proceeded to blocked this IP address using wf.msc. Now chrome doesn't know what an internet connection is. I can connect to kaspersky website on chrome, but no other website. if I google some random search term i get redirected to a fake google site? address is www.google.com.br

 

I hope you guys can help!

 

 

 

 

_______________________________________________________________

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-11-2017
Ran by Z (administrator) on Z-PC (21-11-2017 18:21:29)
Running from C:\Users\Z\Downloads
Loaded Profiles: Z (Available Profiles: Z & Administrator)
Platform: Windows 10 Enterprise Version 1607 14393.1715 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(National Instruments Corporation) C:\Windows\SysWOW64\lkads.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() D:\Installed Programs\Autodesk 2015\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe
(National Instruments Corporation) D:\Installed Programs\Circuits\Shared\NI WebServer\SystemWebServer.exe
(National Instruments Corporation) C:\Windows\SysWOW64\lktsrv.exe
(National Instruments, Inc.) C:\Windows\SysWOW64\lkcitdl.exe
(National Instruments Corporation) D:\Installed Programs\Circuits\Shared\Security\nidmsrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(National Instruments Corporation) D:\Installed Programs\Circuits\Shared\NI WebServer\ApplicationWebServer.exe
(National Instruments Corporation) D:\Installed Programs\Circuits\Shared\mDNS Responder\nimdnsResponder.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(f.lux Software LLC) C:\Users\Z\AppData\Local\FluxSoftware\Flux\flux.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksdeui.exe
(Microsoft® Windows® Operating System) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\perfmon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\LeagueClient.exe
() D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\LeagueClientUx.exe
() D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\LeagueClientUxRender.exe
() D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\LeagueClientUxRender.exe
(Microsoft Corporation) C:\Windows\System32\GameBarPresenceWriter.exe
(Kaspersky Lab) D:\Torrents\kfa18.0.0.405aben_13362.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE
() D:\My Games\Powder Toy\Powder.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13423688 2013-02-26] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-05] (Autodesk, Inc.)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [456704 2012-02-20] ()
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-28] (Microsoft Corporation)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [529480 2016-02-24] (Autodesk Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567928 2017-11-13] (Dropbox, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2406496 2017-06-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039240 2013-05-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKU\S-1-5-21-2946065609-2928214098-1305662417-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27250144 2016-12-20] (Skype Technologies S.A.)
HKU\S-1-5-21-2946065609-2928214098-1305662417-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3074336 2017-09-27] (Valve Corporation)
HKU\S-1-5-21-2946065609-2928214098-1305662417-1001\...\Run: [f.lux] => C:\Users\Z\AppData\Local\FluxSoftware\Flux\flux.exe [1678840 2017-10-10] (f.lux Software LLC)
HKU\S-1-5-21-2946065609-2928214098-1305662417-1001\...\Policies\Explorer: []
HKU\S-1-5-21-2946065609-2928214098-1305662417-1001\...\MountPoints2: F - "F:\setup.exe"
HKU\S-1-5-21-2946065609-2928214098-1305662417-1001\...\MountPoints2: G - "G:\SETUP.EXE"
HKU\S-1-5-21-2946065609-2928214098-1305662417-1001\...\MountPoints2: H - "H:\SETUP.EXE"
HKU\S-1-5-21-2946065609-2928214098-1305662417-1001\...\MountPoints2: {2a75e463-0141-11e7-9cc3-94de80b00044} - "H:\LaunchU3.exe" -a
IFEO\MusNotification.exe: [Debugger] rundll32.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NI Error Reporting.lnk [2016-04-15]
ShortcutTarget: NI Error Reporting.lnk -> D:\Installed Programs\Circuits\Shared\NI Error Reporting\nierserver.exe (National Instruments Corporation)
GroupPolicy: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 D:\Installed Programs\Circuits\Shared\mDNS Responder\nimdnsNSP.dll [24320 2012-05-31] (National Instruments Corporation)
Winsock: Catalog5-x64 07 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26368 2012-05-31] (National Instruments Corporation)
Tcpip\Parameters: [DhcpNameServer] 169.1.1.1 169.1.1.2
Tcpip\..\Interfaces\{0fc0e5b8-de75-4145-b82a-ab437f6d9fd0}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{0fc0e5b8-de75-4145-b82a-ab437f6d9fd0}: [DhcpNameServer] 169.1.1.1 169.1.1.2
Tcpip\..\Interfaces\{8dd7b485-71ad-4de2-ae95-f50c0584e4b1}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2013-07-10] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-10-27] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2013-07-13] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-27] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2946065609-2928214098-1305662417-1001 -> No Name - {093F479D-712E-46CD-9E06-62E734A05F68} -  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Z\AppData\Roaming\Mozilla\Firefox\Profiles\flwpvo47.default-1453809657307 [2017-11-21]
FF Homepage: Mozilla\Firefox\Profiles\flwpvo47.default-1453809657307 -> hxxps://www.fnb.co.za/
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-06-04] (Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2013-07-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-09-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-09-16] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-19] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> D:\Installed Programs\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-06-04] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2946065609-2928214098-1305662417-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Z\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2016-01-11] (Zoom Video Communications, Inc.)

Chrome:
=======
CHR Profile: C:\Users\Z\AppData\Local\Google\Chrome\User Data\Default [2017-11-21]
CHR Extension: (Slides) - C:\Users\Z\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\Z\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Z\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-26]
CHR Extension: (YouTube) - C:\Users\Z\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-26]
CHR Extension: (uBlock Origin) - C:\Users\Z\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-11-19]
CHR Extension: (Google Search) - C:\Users\Z\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-26]
CHR Extension: (Adobe Acrobat) - C:\Users\Z\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-03]
CHR Extension: (Sheets) - C:\Users\Z\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\Z\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Z\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Gmail) - C:\Users\Z\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-26]
CHR Extension: (Chrome Media Router) - C:\Users\Z\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-19]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [1145928 2016-02-24] (Autodesk Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [814688 2017-06-04] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-03] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-03] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51016 2017-11-13] (Dropbox, Inc.)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [395536 2017-01-09] (EasyAntiCheat Ltd)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-12-09] (Hi-Rez Studios) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-11-01] (Intel Corporation)
R2 KSDE2.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe [354672 2017-01-24] (AO Kaspersky Lab)
R2 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2011-05-06] (National Instruments, Inc.)
R2 lkClassAds; C:\Windows\SysWOW64\lkads.exe [50328 2012-06-05] (National Instruments Corporation)
R2 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [60568 2012-06-05] (National Instruments Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 mi-raysat_3dsmax2013_64; D:\Installed Programs\Autodesk 2015\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe [86016 2011-09-15] () [File not signed]
R2 NIApplicationWebServer; D:\Installed Programs\Circuits\Shared\NI WebServer\ApplicationWebServer.exe [53960 2012-05-22] (National Instruments Corporation)
S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [76488 2012-05-22] (National Instruments Corporation)
R2 NIDomainService; D:\Installed Programs\Circuits\Shared\Security\nidmsrv.exe [370328 2012-06-05] (National Instruments Corporation)
S3 NILM License Manager; D:\Installed Programs\Circuits\Shared\License Manager\Bin\lmgrd.exe [1427688 2010-08-02] (Macrovision Corporation)
R2 nimDNSResponder; D:\Installed Programs\Circuits\Shared\mDNS Responder\nimdnsResponder.exe [258776 2012-05-31] (National Instruments Corporation)
R2 niSvcLoc; D:\Installed Programs\Circuits\Shared\NI WebServer\SystemWebServer.exe [53952 2012-05-22] (National Instruments Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-08-18] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-08-18] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-09-16] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-15] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-08-18] (NVIDIA Corporation)
R2 PSI_SVC_2_x64; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2013-09-13] (arvato digital services llc)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2009-10-20] (CACE Technologies, Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2017-08-08] (Microsoft Corporation)
S3 wampapache64; D:\==3SM==\Webserver\wamp64\bin\apache\apache2.4.23\bin\httpd.exe [29696 2016-07-01] (Apache Software Foundation) [File not signed]
S3 wampmysqld64; D:\==3SM==\Webserver\wamp64\bin\mysql\mysql5.7.14\bin\mysqld.exe [39885824 2016-07-12] () [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-28] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2017-08-08] (Microsoft Corporation)
S3 NvStreamNetworkSvc; "C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe" [X]
S2 NvStreamSvc; "C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 dtproscsibus; C:\WINDOWS\System32\drivers\dtproscsibus.sys [30264 2017-01-06] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77432 2017-11-01] ()
R3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193464 2017-11-21] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2017-11-21] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [46008 2017-11-21] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2017-11-21] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2017-11-21] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [47632 2009-10-20] (CACE Technologies, Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_63f40b686fe9309f\nvlddmkm.sys [15619320 2017-09-18] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-08-18] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48064 2017-08-18] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57976 2017-09-16] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S1 UsbCharger; C:\WINDOWS\System32\DRIVERS\UsbCharger.sys [21072 2013-03-27] ()
S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [23040 2016-07-16] (Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2016-06-02] (Intel Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-21 18:21 - 2017-11-21 18:21 - 000023456 _____ C:\Users\Z\Downloads\FRST.txt
2017-11-21 18:21 - 2017-11-21 18:21 - 000000000 ____D C:\FRST
2017-11-21 18:20 - 2017-11-21 18:21 - 002391552 _____ (Farbar) C:\Users\Z\Downloads\FRST64.exe
2017-11-21 17:13 - 2017-11-21 17:15 - 036141704 _____ (Adlice Software ) C:\Users\Z\Downloads\RogueKiller_setup_ref3.exe
2017-11-21 16:49 - 2017-11-21 16:49 - 000015360 _____ C:\WINDOWS\system32\SppExtComObjHook.dll
2017-11-21 16:14 - 2017-11-21 16:16 - 000000000 ____D C:\AdwCleaner
2017-11-21 16:14 - 2017-11-21 16:14 - 005200384 _____ (AVAST Software) C:\Users\Z\Downloads\aswmbr.exe
2017-11-21 16:13 - 2017-11-21 16:14 - 008261584 _____ (Malwarebytes) C:\Users\Z\Downloads\AdwCleaner.exe
2017-11-21 15:53 - 2017-11-21 15:53 - 000000842 _____ C:\Users\Z\Desktop\Install Kaspersky Free version 18.0.0.405.lnk
2017-11-21 15:35 - 2017-11-21 15:35 - 006968952 _____ (ESET spol. s r.o.) C:\Users\Z\Downloads\esetonlinescanner_enu.exe
2017-11-21 15:35 - 2017-11-21 15:35 - 000000000 ____D C:\Users\Z\AppData\Local\ESET
2017-11-21 15:34 - 2017-11-21 15:55 - 000000000 ____D C:\Program Files\CCleaner
2017-11-21 15:32 - 2017-11-21 15:33 - 010848760 _____ (Piriform Ltd) C:\Users\Z\Downloads\ccsetup537pro.exe
2017-11-21 12:51 - 2017-11-21 17:01 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-11-21 12:51 - 2017-11-21 16:48 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-11-21 12:51 - 2017-11-21 16:48 - 000046008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-11-21 12:51 - 2017-11-21 12:51 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-11-21 12:51 - 2017-11-21 12:51 - 000193464 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2017-11-21 12:51 - 2017-11-21 12:51 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-11-21 12:51 - 2017-11-21 12:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-11-21 12:51 - 2017-11-21 12:51 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-11-21 12:51 - 2017-11-21 12:51 - 000000000 ____D C:\Program Files\Malwarebytes
2017-11-21 12:51 - 2017-11-01 08:54 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-11-21 12:47 - 2017-11-21 12:50 - 078346672 _____ (Malwarebytes ) C:\Users\Z\Downloads\mb3-setup-consumer-3.3.1.2183.exe
2017-11-20 09:14 - 2017-11-20 09:15 - 015010674 _____ C:\Users\Z\Downloads\grav-skeleton-big-picture-1.3.0.zip
2017-11-19 02:43 - 2017-11-19 02:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-11-17 09:16 - 2017-11-17 09:16 - 000000000 ____D C:\WINDOWS\Panther
2017-11-15 10:35 - 2017-06-14 11:48 - 009554584 _____ C:\Users\Z\Desktop\R-3634.stl
2017-11-15 10:34 - 2017-11-15 10:29 - 007796378 ____N C:\Users\Z\Desktop\3dexport_export_rings_1497502847.rar
2017-11-14 20:39 - 2017-11-14 20:39 - 000000000 ____D C:\Users\Z\AppData\Local\Ascaron Entertainment
2017-11-14 20:37 - 2017-11-14 20:37 - 000000000 __RHD C:\Users\Z\AppData\Roaming\SecuROM
2017-11-14 20:34 - 2017-11-14 21:10 - 000001852 _____ C:\Users\Public\Desktop\Sacred 2 - Fallen Angel.lnk
2017-11-14 20:34 - 2017-11-14 20:34 - 000419840 _____ (Creative Labs) C:\WINDOWS\system32\wrap_oal.dll
2017-11-14 20:34 - 2017-11-14 20:34 - 000413696 _____ (Creative Labs) C:\WINDOWS\SysWOW64\wrap_oal.dll
2017-11-14 20:34 - 2017-11-14 20:34 - 000133632 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\system32\OpenAL32.dll
2017-11-14 20:34 - 2017-11-14 20:34 - 000110592 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\SysWOW64\OpenAL32.dll
2017-11-14 20:34 - 2017-11-14 20:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deep Silver
2017-11-14 20:34 - 2008-07-12 08:18 - 004992520 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_39.dll
2017-11-14 20:34 - 2008-07-12 08:18 - 001942552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_39.dll
2017-11-14 20:34 - 2008-07-12 08:18 - 000540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_39.dll
2017-11-14 19:17 - 2017-11-14 19:17 - 000000000 ____D C:\WINDOWS\SysWOW64\AGEIA
2017-11-14 19:17 - 2017-11-14 19:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AGEIA
2017-11-14 19:17 - 2017-11-14 19:17 - 000000000 ____D C:\Program Files (x86)\AGEIA Technologies
2017-11-14 00:25 - 2017-11-14 00:25 - 000000000 ____D C:\Program Files (x86)\Microsoft XNA
2017-11-14 00:23 - 2017-11-14 00:23 - 000001004 _____ C:\Users\Public\Desktop\Kung Fu Strike - The Warriors Rise.lnk
2017-11-14 00:23 - 2017-11-14 00:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digital Tribes
2017-11-13 12:26 - 2017-11-13 12:26 - 000051016 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-11-13 12:26 - 2017-11-13 12:26 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-11-13 12:26 - 2017-11-13 12:26 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-11-13 12:26 - 2017-11-13 12:26 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-11-13 08:47 - 2017-11-13 08:47 - 000000794 _____ C:\Users\Z\Desktop\Portal Knights.lnk
2017-11-08 20:06 - 2017-11-08 20:06 - 000001309 _____ C:\Users\Public\Desktop\Kaspersky Secure Connection.lnk
2017-11-08 20:06 - 2017-11-08 20:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection
2017-11-08 19:58 - 2017-11-21 15:03 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2017-11-02 17:59 - 2017-11-02 18:05 - 000000709 _____ C:\Users\Z\FileOptimizer.ini
2017-11-02 17:57 - 2017-11-02 17:57 - 000000971 _____ C:\Users\Z\Desktop\FileOptimizer.lnk
2017-11-02 17:57 - 2017-11-02 17:57 - 000000000 ____D C:\Users\Z\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileOptimizer
2017-11-02 17:57 - 2017-11-02 17:57 - 000000000 ____D C:\Program Files\FileOptimizer
2017-10-30 14:09 - 2017-10-30 14:09 - 000000169 _____ C:\Users\Z\Documents\MuseLog.txt
2017-10-30 14:08 - 2017-10-30 14:08 - 000001021 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Muse CC 2017.lnk
2017-10-30 14:08 - 2017-10-30 14:08 - 000000000 ____D C:\Users\Z\AppData\Roaming\com.adobe.AdobeMuseCC.2017.0
2017-10-30 14:05 - 2017-10-30 14:05 - 000001290 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2017-10-26 14:26 - 2017-10-26 14:26 - 000001338 _____ C:\Users\Z\AppData\Local\recently-used.xbel
2017-10-23 08:31 - 2017-10-23 08:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-21 17:17 - 2016-01-22 20:18 - 000000000 ____D C:\Users\Z\Documents\Outlook Files
2017-11-21 17:10 - 2017-01-22 21:21 - 000000000 ____D C:\Users\Z
2017-11-21 17:06 - 2016-07-16 13:47 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-11-21 16:54 - 2016-11-20 20:51 - 002325744 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-21 16:50 - 2016-09-29 16:13 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2017-11-21 16:49 - 2016-11-22 21:23 - 000000000 ____D C:\Users\Z\AppData\LocalLow\Mozilla
2017-11-21 16:49 - 2016-07-16 13:47 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-11-21 16:48 - 2017-01-22 21:20 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-11-21 16:48 - 2017-01-22 21:20 - 000000000 ____D C:\ProgramData\NVIDIA
2017-11-21 16:48 - 2017-01-09 19:09 - 000000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2017-11-21 16:48 - 2016-11-20 20:41 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-21 16:48 - 2016-07-16 08:04 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2017-11-21 16:48 - 2016-05-12 14:34 - 000000000 __SHD C:\Users\Z\IntelGraphicsProfiles
2017-11-21 14:58 - 2016-09-29 16:13 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2017-11-21 14:58 - 2016-09-28 01:27 - 000000000 ____D C:\Program Files\Common Files\AV
2017-11-21 14:58 - 2016-07-16 13:47 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2017-11-21 14:58 - 2016-07-16 13:45 - 000000000 ____D C:\WINDOWS\INF
2017-11-21 14:34 - 2016-11-20 20:41 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-11-21 12:58 - 2016-07-16 13:47 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-11-21 12:57 - 2016-01-19 20:34 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-11-21 12:56 - 2016-01-23 14:08 - 000000000 ____D C:\Users\Z\AppData\Roaming\Steam
2017-11-21 12:26 - 2016-01-19 12:53 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-11-21 10:18 - 2016-01-19 10:47 - 000000000 ____D C:\Users\Z\AppData\Local\Packages
2017-11-21 02:00 - 2016-01-19 12:57 - 000000000 ____D C:\Users\Z\AppData\Local\Adobe
2017-11-20 20:49 - 2017-01-22 21:28 - 000005166 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for Z-PC-Z Z-PC
2017-11-20 15:39 - 2016-01-19 14:02 - 000000000 ____D C:\Users\Z\AppData\Local\CrashDumps
2017-11-20 08:57 - 2016-07-16 13:47 - 000000000 ___HD C:\Program Files\WindowsApps
2017-11-19 23:12 - 2016-01-21 20:20 - 000000000 ____D C:\Users\Z\AppData\Roaming\BitTorrent
2017-11-19 15:06 - 2017-07-04 00:04 - 000000000 ____D C:\Users\Z\AppData\Roaming\vlc
2017-11-19 10:34 - 2016-09-01 01:31 - 000007591 _____ C:\Users\Z\AppData\Local\Resmon.ResmonCfg
2017-11-19 02:43 - 2016-05-03 19:56 - 000000000 ____D C:\Program Files (x86)\Dropbox
2017-11-19 02:34 - 2016-01-19 11:11 - 000002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-19 02:14 - 2017-01-22 21:28 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-19 02:14 - 2017-01-22 21:28 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-19 01:44 - 2017-01-22 21:28 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-11-19 01:44 - 2016-11-01 12:01 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-11-16 18:25 - 2016-01-30 12:38 - 000000000 ____D C:\Users\Z\Documents\My Games
2017-11-16 18:24 - 2016-01-26 11:18 - 000000000 ____D C:\Users\Z\Documents\Scan
2017-11-15 10:18 - 2016-11-20 20:40 - 010830696 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-11-14 13:40 - 2016-07-16 13:47 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-11-14 00:25 - 2016-03-05 12:44 - 000000000 ____D C:\Users\Z\AppData\Local\SKIDROW
2017-11-13 08:47 - 2016-06-11 17:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Portal Knights
2017-11-12 22:27 - 2016-06-23 00:15 - 000000000 ____D C:\Program Files (x86)\Steam
2017-11-12 09:12 - 2016-01-24 23:40 - 000000000 ____D C:\Users\Z\AppData\Roaming\FileZilla
2017-11-09 20:03 - 2017-06-21 11:16 - 000161792 ___SH C:\Users\Z\Downloads\Thumbs.db
2017-11-08 20:05 - 2015-10-30 08:28 - 000000000 ____D C:\Users\Default.migrated
2017-11-08 17:27 - 2016-11-02 12:06 - 000000361 _____ C:\Users\Z\client.properties
2017-11-02 14:58 - 2016-01-19 16:58 - 000000000 ____D C:\Users\Z\AppData\Roaming\Corel
2017-11-02 14:58 - 2016-01-19 16:54 - 000000000 ____D C:\ProgramData\CorelDRAW Graphics Suite X7 x64
2017-11-02 14:57 - 2016-01-19 16:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X7 (64-bit)
2017-11-02 14:54 - 2016-01-19 16:56 - 000000000 ____D C:\ProgramData\Corel
2017-11-01 09:21 - 2017-04-15 22:50 - 000002174 _____ C:\Users\Z\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\f.lux.lnk
2017-10-30 14:09 - 2016-01-19 10:47 - 000000000 ____D C:\Users\Z\AppData\Roaming\Adobe
2017-10-30 14:05 - 2016-10-31 17:26 - 000001302 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2017-10-27 08:45 - 2016-01-19 21:14 - 000000000 ____D C:\Program Files (x86)\Java
2017-10-27 08:45 - 2016-01-19 20:21 - 000000000 ____D C:\ProgramData\Oracle
2017-10-27 08:44 - 2016-01-19 21:14 - 000097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-10-27 08:44 - 2016-01-19 21:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-10-26 18:43 - 2016-01-26 11:18 - 000000000 ____D C:\ProgramData\boost_interprocess

==================== Files in the root of some directories =======

2017-02-28 11:25 - 2017-02-28 11:26 - 000000132 _____ () C:\Users\Z\AppData\Roaming\Adobe OpenEXR Format CC Prefs
2016-01-19 15:55 - 2017-09-02 11:57 - 000000132 _____ () C:\Users\Z\AppData\Roaming\Adobe PNG Format CC Prefs
2016-04-15 20:46 - 2016-07-12 22:33 - 000003927 _____ () C:\Users\Z\AppData\Roaming\LTspiceIV.ini
2016-01-24 11:24 - 2016-01-25 09:56 - 000000316 _____ () C:\Users\Z\AppData\Roaming\redirect2.dat
2016-01-23 12:57 - 2016-01-23 12:57 - 000000009 _____ () C:\Users\Z\AppData\Roaming\update.dat
2016-01-23 12:57 - 2016-01-26 10:32 - 000000004 _____ () C:\Users\Z\AppData\Roaming\Microsoft\notaut.txt
2016-01-25 10:04 - 2016-01-25 10:04 - 000000004 _____ () C:\Users\Z\AppData\Roaming\Microsoft\notautfbb.txt
2016-01-31 21:09 - 2017-09-13 07:58 - 000001456 _____ () C:\Users\Z\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-10-26 14:26 - 2017-10-26 14:26 - 000001338 _____ () C:\Users\Z\AppData\Local\recently-used.xbel
2016-09-01 01:31 - 2017-11-19 10:34 - 000007591 _____ () C:\Users\Z\AppData\Local\Resmon.ResmonCfg
2016-05-09 23:18 - 2016-05-09 23:18 - 000000000 _____ () C:\Users\Z\AppData\Local\{6CC76625-186D-4CD7-B746-4B25F8A757B0}

Some files in TEMP:
====================
2017-11-14 20:37 - 2017-11-16 13:19 - 000204800 _____ (Sony DADC Austria AG) C:\Users\Z\AppData\Local\Temp\drm_dyndata_7380011.dll
2017-11-20 08:45 - 2017-11-20 08:45 - 000217600 _____ () C:\Users\Z\AppData\Local\Temp\jacob-1.15-M4-x64.dll
2017-11-20 08:45 - 2017-11-20 08:45 - 000176128 _____ () C:\Users\Z\AppData\Local\Temp\jacob-1.15-M4-x86.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-11-13 00:11

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-11-2017
Ran by Z (21-11-2017 18:22:05)
Running from C:\Users\Z\Downloads
Windows 10 Enterprise Version 1607 14393.1715 (X64) (2017-01-22 19:30:27)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2946065609-2928214098-1305662417-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-2946065609-2928214098-1305662417-503 - Limited - Disabled)
Guest (S-1-5-21-2946065609-2928214098-1305662417-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2946065609-2928214098-1305662417-1007 - Limited - Enabled)
Z (S-1-5-21-2946065609-2928214098-1305662417-1001 - Administrator - Enabled) => C:\Users\Z

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 17.01 beta (x64) (HKLM\...\7-Zip) (Version: 17.01 beta - Igor Pavlov)
adobe (HKLM\...\{75F89FE9-0E2F-4CF0-BE83-E5FF5B1024D2}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20044 - Adobe Systems Incorporated)
Adobe After Effects CC 2014 (HKLM-x32\...\{2B22C750-5C3B-4738-B621-BA786AC7A494}) (Version: 13.0.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.1.1.202 - Adobe Systems Incorporated)
Adobe Illustrator CC (HKLM-x32\...\{F2321021-08A2-44D6-B1DF-BDB415F23EC3}) (Version: 17.0 - Adobe Systems Incorporated)
Adobe InDesign CC 2014 (HKLM-x32\...\{CCDCB9C4-72BA-1014-A3F8-D123F2F18BC2}) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Muse CC 2017 (HKLM-x32\...\MUSE_2017_0_3) (Version: 2017.0.3.20 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
AGEIA PhysX v7.11.13 (HKLM-x32\...\{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}) (Version: 7.11.13 - AGEIA Technologies, Inc.)
AMCap (HKLM-x32\...\AMCap) (Version: 9.22 - Noël Danjou)
Animate (HKLM\...\{4FF80639-6BE4-4365-8452-7EE166A86B58}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 385.69 - NVIDIA Corporation) Hidden
Archeage (HKLM-x32\...\Glyph Archeage) (Version:  - Trion Worlds, Inc.)
Atom (HKU\S-1-5-21-2946065609-2928214098-1305662417-1001\...\atom) (Version: 1.15.0 - GitHub Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
AutoCAD 2013 - English (HKLM\...\{5783F2D7-B001-0000-0102-0060B0CE6BBA}) (Version: 19.0.55.0 - Autodesk) Hidden
AutoCAD 2013 - English (HKLM\...\{5783F2D7-B001-0409-2102-0060B0CE6BBA}) (Version: 19.0.55.0 - Autodesk) Hidden
AutoCAD 2013 - English (HKLM\...\AutoCAD 2013 - English) (Version: 19.0.55.0 - Autodesk)
AutoCAD 2013 Language Pack - English (HKLM\...\{5783F2D7-B001-0409-1102-0060B0CE6BBA}) (Version: 19.0.55.0 - Autodesk) Hidden
Autodesk 123D Make 1.6.0 (HKLM-x32\...\{88FF8A21-F198-43DF-A5D9-80009EB620A8}) (Version: 1.60.0000 - Autodesk)
Autodesk 3ds Max Design 2013 64-bit (HKLM\...\{7D65612F-53B4-0409-85AA-21DF5A8E9455}) (Version: 15.0.0.347 - Autodesk) Hidden
Autodesk 3ds Max Design 2013 64-bit (HKLM\...\Autodesk 3ds Max Design 2013 64-bit) (Version: 15.0.0.347 - Autodesk)
Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 5.0.142.14 - Autodesk)
Autodesk Backburner 2013.0.0 (HKLM-x32\...\{3D347E6D-5A03-4342-B5BA-6A771885F379}) (Version: 2013.0.0 - Autodesk, Inc.)
Autodesk BIM 360 Revit 2016 Add-in 64 bit (HKLM\...\{C5A83116-8654-47A3-A3B1-B76905C8A198}) (Version: 4.35.3969 - Autodesk)
Autodesk Content Service (HKLM-x32\...\{62F029AB-85F2-0000-866A-9FC0DD99DDBC}) (Version: 3.0.84.0 - Autodesk) Hidden
Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.0.84.0 - Autodesk)
Autodesk Content Service Language Pack (HKLM-x32\...\{62F029AB-85F2-0001-866A-9FC0DD99DDBC}) (Version: 3.0.84.0 - Autodesk) Hidden
Autodesk Essential Skills Movies for 3ds Max Design 2013 64-bit (HKLM\...\{62CBE596-1BB8-4D7B-A056-103287BAD1C4}) (Version: 1.0.0.1 - Autodesk)
Autodesk FBX Plug-in 2013.1 - 3ds Max Design 2013 64-bit (HKLM\...\Autodesk FBX Plug-in 2013.1 - 3ds Max Design 2013 64-bit) (Version:  - Autodesk)
Autodesk Inventor Fusion 2013 (HKLM\...\{FFF5619F-2013-0064-A85E-9994F70A9E5D}) (Version: 2.0.0.206 - Autodesk, Inc.) Hidden
Autodesk Inventor Fusion 2013 (HKLM\...\Autodesk Inventor Fusion 2013) (Version: 2.0.0.206 - Autodesk, Inc.)
Autodesk Inventor Fusion plug-in for AutoCAD 2013 (HKLM\...\{82C1E6E4-6718-4EFD-9DCC-E276D690EF46}) (Version: 0.2.0.230 - Autodesk) Hidden
Autodesk Inventor Fusion plug-in for AutoCAD 2013 (HKLM\...\Autodesk Inventor Fusion plug-in for AutoCAD 2013) (Version: 0.2.0.230 - Autodesk)
Autodesk Inventor Fusion plug-in language pack for AutoCAD 2013 (HKLM\...\{FE2F4875-095C-427C-9A97-4F8DE05ACF22}) (Version: 0.2.0.230 - Autodesk) Hidden
Autodesk Material Library 2013 (HKLM-x32\...\{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}) (Version: 3.0.13 - Autodesk)
Autodesk Material Library 2016 (HKLM-x32\...\{29A7D6EC-63C2-42FD-8143-5812ABD2923F}) (Version: 6.3.0.18 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2013 (HKLM-x32\...\{606E12B9-641F-4644-A22A-FF38AE980AFD}) (Version: 3.0.13 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2016 (HKLM-x32\...\{6B4CFC6E-ECB0-47FE-95D3-65C680ED0687}) (Version: 6.3.0.18 - Autodesk)
Autodesk Material Library Low Resolution Image Library 2016 (HKLM-x32\...\{FA5DF4D1-CD59-4183-B3D4-779A56498786}) (Version: 6.3.0.18 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2013 (HKLM-x32\...\{58760EEC-8B6A-43F4-81AA-696E381DFADD}) (Version: 3.0.13 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2016 (HKLM-x32\...\{415A5A54-325E-4815-9940-62A889CA3877}) (Version: 6.3.0.18 - Autodesk)
Autodesk Revit 2016 (HKLM\...\Autodesk Revit 2016) (Version: 16.0.428.0 - Autodesk)
Autodesk Revit Content Libraries 2016 (HKLM\...\Autodesk Revit Content Libraries 2016) (Version: 16.0.428.0 - Autodesk)
Autodesk Sync (HKLM\...\{EE5F74BC-5CD5-4EF2-86BA-81E6CF46A18F}) (Version: 3.5.24.0 - Autodesk, Inc.)
AutoHotkey 1.1.26.01 (HKLM\...\AutoHotkey) (Version: 1.1.26.01 - Lexikos)
Aven Colony (HKLM-x32\...\Aven Colony_is1) (Version:  - )
BitTorrent (HKLM-x32\...\BitTorrent) (Version: 7.0.0 - )
Blender (HKLM\...\{70DFC1C6-C234-4B4D-87C1-E01793AAB130}) (Version: 2.78.0 - Blender Foundation)
Brackets (HKLM-x32\...\{0ED76FF2-9370-4437-8C51-39F27DD0361B}) (Version: 1.8 - brackets.io)
CGS17_Setup_x64 (HKLM\...\{83646B67-A878-4E95-BB4B-AF4A6E61F28C}) (Version: 17.0 - Corel Corporation) Hidden
Common Desktop Agent (HKLM\...\{031A0E14-0413-4C97-9772-2639B782F46F}) (Version: 1.62.0 - OEM) Hidden
Corel Graphics - Windows Shell Extension (HKLM\...\_{4AB916EE-ABA8-4079-9889-745798B6D809}) (Version: 17.0.0.491 - Corel Corporation)
Corel Graphics - Windows Shell Extension (HKLM\...\{4AB916EE-ABA8-4079-9889-745798B6D809}) (Version: 17.0.491 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit (HKLM\...\{FD4A43CE-ABAE-4161-83AC-314A3C804F42}) (Version: 17.0.491 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Capture (x64) (HKLM\...\{2C91CB9D-323D-43E5-A433-229B71CFB773}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Common (x64) (HKLM\...\{9178F0A8-B6F6-4DA7-AD63-317CC4875F4B}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Connect (x64) (HKLM\...\{BD036E95-A9CD-4DED-B744-95AB1DCAFF0C}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Custom Data (x64) (HKLM\...\{5162E418-BB43-4C8F-ACD6-069645EF98C3}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Draw (x64) (HKLM\...\{2C0DDC74-5234-43DD-BB5A-0645B8FE5289}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - EN (x64) (HKLM\...\{3BB8EB77-737B-4B32-BAB9-08C7110C46BD}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Filters (x64) (HKLM\...\{D10A5CFA-FE33-4F06-AE37-554604F00A52}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - FontNav (x64) (HKLM\...\{5406029B-67AD-4F8E-9F2D-F1959CD9CD86}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM Content (x64) (HKLM\...\{EF44BCCD-13F9-4974-862C-CCFAF43EE082}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM T (x64) (HKLM\...\{13179AB2-69FD-459B-800F-81865A501AD4}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - PHOTO-PAINT (x64) (HKLM\...\{C922F325-DD52-4E22-B204-431A06E63E51}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Photozoom Plugin (x64) (HKLM\...\{1A73168F-5983-46A6-AAAB-FD83BC231E02}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Redist (x64) (HKLM\...\{C57EDB5A-AC8E-4E03-9F1A-DC013A2BB9B2}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Setup Files (x64) (HKLM\...\{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VBA (x64) (HKLM\...\{5672E0DC-7489-4EAC-8CFD-E01B3868FCB5}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VideoBrowser (x64) (HKLM\...\{966996DC-D67C-40E3-8BD4-31FA0F093571}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Writing Tools (x64) (HKLM\...\{D63404AC-C2F1-4B3D-96EA-9727AC9D994C}) (Version: 17.0 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 (64-Bit) (HKLM\...\_{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}) (Version: 17.0.0.491 - Corel Corporation)
Cura 2.6 (HKLM-x32\...\Cura 2.6) (Version: 2.6.2 - Ultimaker)
Cura 3.0 (HKLM-x32\...\Cura 3.0) (Version: 3.0.3 - Ultimaker)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - Acro Software Inc.)
Dawn of Skirmish SS AI 3.0 (HKLM-x32\...\Dawn of Skirmish AI Project) (Version:  - )
Distance version Build 4491 (HKLM-x32\...\{63C169C4-3709-4C2B-A266-C066872DF6F2}_is1) (Version: Build 4491 - )
Dropbox (HKLM-x32\...\Dropbox) (Version: 39.4.49 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Epic Games Launcher (HKLM-x32\...\{4620A9CA-A0D7-4F15-BA89-4545B5372345}) (Version: 1.1.60.0 - Epic Games, Inc.)
f.lux (HKU\S-1-5-21-2946065609-2928214098-1305662417-1001\...\Flux) (Version:  - f.lux Software LLC)
Factorio version 0.13.13 (HKLM\...\Factorio_is1) (Version:  - )
FARO LS 1.1.406.58 (HKLM-x32\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production)
FARO LS 1.1.501.0 (64bit) (HKLM-x32\...\{8A470330-70B2-49AD-86AF-79885EF9898A}) (Version: 5.1.0.30630 - FARO Scanner Production)
FileOptimizer (HKLM-x32\...\FileOptimizer) (Version: 7.0.0.0 - Javier Gutiérrez Chamorro (Guti))
FileZilla Client 3.26.1 (HKLM-x32\...\FileZilla Client) (Version: 3.26.1 - Tim Kosse)
FlashBack Express 5 (HKLM-x32\...\FlashBack Express 5) (Version: 5.16.0.4077 - Blueberry)
FlvRecorder (HKLM-x32\...\Flv Recorder_is1) (Version:  - )
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation) Hidden
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Grim Dawn (HKLM-x32\...\1449651388_is1) (Version: 2.3.0.8 - GOG.com)
Hathi Download Helper version 1.1.2 (HKLM-x32\...\{1AA98952-B224-4FD5-8116-B052000EA286}_is1) (Version: 1.1.2 - hxxp://qt-apps.org/content/show.php/Hathi+Download+Helper?content=158702)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HI-TECH C Compiler for the PIC10/12/16 MCUs V9.82PL0 (HKLM-x32\...\PICC 9.82) (Version: 9.82 - HI-TECH Software)
HI-TECH C51-lite V9.60PL0 (HKLM-x32\...\HC51 9.60PL0) (Version: 9.60 - HI-TECH Software)
IcoFX 1.6.4 (HKLM-x32\...\IcoFX_is1) (Version:  - )
Impulse (HKLM-x32\...\{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}) (Version: 1.0 - Stardock Corporation) Hidden
Impulse (HKLM-x32\...\Impulse) (Version:  - Stardock)
INFERNO CLIMBER (HKLM-x32\...\INFERNO CLIMBER_is1) (Version:  - )
Inkscape 0.91 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.91 - inkscape.org)
Intel® C++ Redistributables for Windows* on Intel® 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Kaspersky Secure Connection (HKLM-x32\...\{F33C0717-8E04-4EB5-90C8-47221287DB4F}) (Version: 18.0.0.405 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{F33C0717-8E04-4EB5-90C8-47221287DB4F}) (Version: 18.0.0.405 - Kaspersky Lab)
Kung Fu Strike - The Warriors Rise (HKLM-x32\...\Kung Fu Strike - The Warriors Rise_is1) (Version:  - )
League of Legends (HKLM-x32\...\{2F5D7825-7460-43B1-B467-7F9737557108}) (Version: 4.2.1 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.2.1) (Version: 4.2.1 - Riot Games)
LTspice IV (HKLM-x32\...\LTspice IV) (Version:  - )
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Math Kernel Libraries (64-bit) (HKLM\...\{E3EB4126-0930-4926-B135-1F85452E7975}) (Version: 1.0.23.0 - National Instruments) Hidden
Math Kernel Libraries (HKLM-x32\...\{4C16E76C-7A4D-48E7-9E5E-B76B357C014E}) (Version: 1.0.23.0 - National Instruments) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Mozilla Firefox 56.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 56.0 (x86 en-US)) (Version: 56.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.2 - Mozilla)
National Instruments Software (HKLM-x32\...\NI Uninstaller) (Version:  - National Instruments)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
NI .NET Framework 4.6 (HKLM-x32\...\{C2AA69F2-AAA4-4997-A7DD-5B57C0B53328}) (Version: 4.61.49152 - National Instruments) Hidden
NI ActiveX Container (64-bit) (HKLM\...\{86F88524-6AF8-4D10-9F3C-AFB0DA2A3F39}) (Version: 12.0.14.0 - National Instruments) Hidden
NI ActiveX Container (HKLM-x32\...\{4C146083-2C71-4C64-A4AD-5E340E177E63}) (Version: 12.0.14.0 - National Instruments) Hidden
NI Authentication 12.0.0 (64-bit) (HKLM\...\{B618335B-11D2-4780-B5CE-AA2D111DB693}) (Version: 12.0.367.0 - National Instruments) Hidden
NI Authentication 12.0.0 (HKLM-x32\...\{E9592CCE-3058-4308-B52A-5AEA08E54F13}) (Version: 12.0.367.0 - National Instruments) Hidden
NI Circuit Design Suite 12.0.1 Core (HKLM-x32\...\{3A06B1D8-C3FE-4F94-BA6E-4BCCD57E7276}) (Version: 12.0.923 - National Instruments) Hidden
NI Circuit Design Suite 12.0.1 Pro (HKLM-x32\...\{85CA7665-5129-4BC7-A53E-2AE598D34E63}) (Version: 12.0.923 - National Instruments) Hidden
NI Circuit Design Suite 12.0.1 Pro Licenses (HKLM-x32\...\{FC0BE5F5-D9A2-412C-AEF2-D3597903497F}) (Version: 12.0.923 - National Instruments) Hidden
NI Curl 12.0.0 (64-bit) (HKLM\...\{AFE7987B-E282-42CE-AD5A-E333BE31E204}) (Version: 12.0.412.0 - National Instruments) Hidden
NI Curl 12.0.0 (HKLM-x32\...\{59DA8C21-C667-47D0-A259-AA942C9A9717}) (Version: 12.0.412.0 - National Instruments) Hidden
NI Error Reporting 2012 (HKLM-x32\...\{D31122C9-86AC-4ACD-859E-4B1D340E1D14}) (Version: 12.0.172.0 - National Instruments) Hidden
NI EulaDepot (HKLM-x32\...\{1B8AE714-65FA-4A36-8879-0C0CA66422A0}) (Version: 16.0.23 - National Instruments) Hidden
NI Example Finder 12.0 (HKLM-x32\...\{8FF8CB08-4E26-4425-9032-BE381589E25A}) (Version: 12.0.291.0 - National Instruments) Hidden
NI GMP Windows 32-bit Installer 12.0.0 (HKLM-x32\...\{EAC44648-E378-45C7-BEF3-3DD68980E465}) (Version: 12.0.46.0 - National Instruments) Hidden
NI GMP Windows 64-bit Installer 12.0.0 (HKLM\...\{00606A59-716C-484A-AE64-5F7E3F23B3BD}) (Version: 12.0.46.0 - National Instruments) Hidden
NI Help Assistant 2.0 (64bit) (HKLM\...\{DDAAADDD-C57E-4731-A29C-133191587488}) (Version: 2.0.3 - National Instruments) Hidden
NI Help Assistant 2.0 (HKLM-x32\...\{C9A0D47F-9A68-4917-868C-79E384E4DEE6}) (Version: 2.0.3 - National Instruments) Hidden
NI LabVIEW 2011 Real-Time NBFifo (HKLM-x32\...\{7C6869BF-6CBE-4CB0-8869-2743B419343C}) (Version: 11.0.250.0 - National Instruments) Hidden
NI LabVIEW 2012 Deployment Framework (HKLM-x32\...\{27B67D4C-407D-43FF-BCDE-B9E3208070E3}) (Version: 12.0.369.0 - National Instruments) Hidden
NI LabVIEW 2012 Real-Time NBFifo (HKLM-x32\...\{B4A772D4-ED42-4484-8C0E-663A52D07A2F}) (Version: 12.0.219.0 - National Instruments) Hidden
NI LabVIEW 2012 Run-Time Engine Web Server (HKLM-x32\...\{28D398A0-EA5E-462F-94D0-3176B11F83AD}) (Version: 12.0.406.0 - National Instruments) Hidden
NI LabVIEW Run-Time Engine 2011 SP1 (HKLM-x32\...\{1D78A81A-58D9-46F7-BFF6-ADF7247803F9}) (Version: 11.0.448.0 - National Instruments) Hidden
NI LabVIEW Run-Time Engine 2012 (HKLM-x32\...\{D50044F6-0436-4DCF-9A62-A05950C2CF9C}) (Version: 12.0.381.0 - National Instruments) Hidden
NI LabVIEW Run-Time Engine Interop 2011 (HKLM-x32\...\{6B9F789C-1D28-44D5-BCCE-7CCDBFB14B79}) (Version: 11.0.449.0 - National Instruments) Hidden
NI LabVIEW Run-Time Engine Interop 2012 (HKLM-x32\...\{73BD4467-2A1E-48F6-A732-1C8B2BD2BF94}) (Version: 12.0.150.0 - National Instruments) Hidden
NI LabVIEW Web Server for Run-Time Engine (HKLM-x32\...\{BCC373FE-227D-46D9-827F-05BA296E2602}) (Version: 11.0.375.0 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 Analysis Library (64-bit) (HKLM\...\{DABB1D70-482A-4B92-8B24-052AD650A2B0}) (Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 Analysis Library (HKLM-x32\...\{94AEBDCC-159F-4CBB-ABDE-B16483D2CF6C}) (Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 Low-Level Driver (Original) (HKLM-x32\...\{2B1D39F8-477A-4B40-B062-F5E0C4D42B9B}) (Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 Low-Level Driver (Updated) (HKLM-x32\...\{74DBB98D-B4A7-4DD9-9E13-C51FDB1105D0}) (Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 Network Variable Library (64-bit) (HKLM\...\{0C2486A3-EF0D-4C6C-9947-C63D6E8C6E4C}) (Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 Network Variable Library (HKLM-x32\...\{7FB07065-F547-448A-A1C3-1F2EF5EB834F}) (Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 Run-Time Engine (64-bit) (HKLM\...\{176468CE-41AB-4A9A-AC38-45A146D39688}) (Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 TDM Streaming Library (64-bit) (HKLM\...\{25DECAB0-6580-4B9C-8174-5AC6C9E2D823}) (Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 TDM Streaming Library (HKLM-x32\...\{A06A7065-FCA1-4D3C-BE65-2837ACCB135D}) (Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI Run-Time Engine 2010 SP1 (HKLM-x32\...\{41F6CA61-82CB-4615-9A97-252C5D58FA4B}) (Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI Run-Time Engine 2010 SP1 (Updated) (HKLM-x32\...\{075CA8A9-25A1-4EA7-885C-8A92AED7DB3A}) (Version: 10.0.1434 - National Instruments) Hidden
NI Launcher (HKLM-x32\...\{5D826D5A-4AC7-47BA-B8AB-2032E35F0CA1}) (Version: 16.0.169 - National Instruments) Hidden
NI License Manager (HKLM-x32\...\{0426182B-4CE3-4F93-93ED-22C1B99B794D}) (Version: 3.7.44 - National Instruments) Hidden
NI Logos 5.4 (64-bit) (HKLM\...\{8CF8CB9F-1FF7-4029-8B3D-9A40100B4A09}) (Version: 5.4.303.0 - National Instruments) Hidden
NI Logos 5.4 (HKLM-x32\...\{39E63436-773B-4294-9C19-E4E5941A6C69}) (Version: 5.4.303.0 - National Instruments) Hidden
NI Logos XT Support (HKLM-x32\...\{88A77AEA-B52C-4D59-858E-51DD450848DE}) (Version: 5.4.295.0 - National Instruments) Hidden
NI Logos64 XT Support (HKLM\...\{5A59ABAE-5F06-4241-B607-6376C29F9F31}) (Version: 5.4.295.0 - National Instruments) Hidden
NI Math Kernel Libraries (64-bit) (HKLM\...\{58A9B4F6-2E67-464A-9F71-95F6D7159702}) (Version: 1.0.10.0 - National Instruments) Hidden
NI Math Kernel Libraries (HKLM-x32\...\{231D0E11-0313-49FD-95CE-1D0264C7F1F5}) (Version: 1.0.10.0 - National Instruments) Hidden
NI Math Kernel Libraries (HKLM-x32\...\{DB2C5648-700D-4AEF-83E1-70C72F0C34FA}) (Version: 1.0.861.0 - National Instruments) Hidden
NI MAX Remote Configuration 64-bit Installer 5.0 (HKLM\...\{899576E7-3569-417F-8EFE-EB881BE22EDE}) (Version: 5.00.49153 - National Instruments) Hidden
NI MAX Remote Configuration Installer 5.0 (HKLM-x32\...\{268B0789-E2BF-4836-BF05-A6140B4983CA}) (Version: 5.00.49153 - National Instruments) Hidden
NI MDF Support (HKLM-x32\...\{7C65EA54-2C2D-43E6-9665-281A0FC8E8E5}) (Version: 16.0.169 - National Instruments) Hidden
NI mDNS Responder 2.1 for Windows 64-bit (HKLM\...\{4DD08E99-6FC1-4188-9A2E-0AF968279E41}) (Version: 2.10.49152 - National Instruments) Hidden
NI mDNS Responder 2.1.0 (HKLM-x32\...\{6F7B933C-55A2-4F8A-BFA5-BF98CBD61C24}) (Version: 2.10.49152 - National Instruments) Hidden
NI MetaSuite Installer (HKLM-x32\...\{111EDFCA-B5FD-49A8-A62A-93D3E03C1349}) (Version: 16.0.169 - National Instruments) Hidden
NI NI LabVIEW 2011 SP1 Run-Time Engine Non-English Support (HKLM-x32\...\{38300A40-AB90-444D-A823-17EB95A5C731}) (Version: 11.0.302.0 - National Instruments) Hidden
NI NI LabVIEW 2012 Run-Time Engine Non-English Support. (HKLM-x32\...\{36D68CEE-1AC5-47E1-A269-791683DE53D0}) (Version: 12.0.363.0 - National Instruments) Hidden
NI Security Update (KB 67L8LCQW) (64-bit) (HKLM\...\{4A78D9E6-D349-4CCA-9295-45B12BE5BC6C}) (Version: 1.0.29.0 - National Instruments) Hidden
NI Security Update (KB 67L8LCQW) (HKLM-x32\...\{20124E21-206B-485F-838F-14BB88161045}) (Version: 1.0.29.0 - National Instruments) Hidden
NI SSL LabVIEW RTE 2012 Support (HKLM-x32\...\{5DA2E9EF-3CAA-495F-AB2C-55F39FF9EA39}) (Version: 12.0.125.0 - National Instruments) Hidden
NI SSL Support (64-bit) (HKLM\...\{ACA45A9D-5C68-429F-AE87-0F2917136FCC}) (Version: 12.0.408.0 - National Instruments) Hidden
NI SSL Support (HKLM-x32\...\{526FED3E-499E-4989-B9F9-207E2FE425AA}) (Version: 12.0.408.0 - National Instruments) Hidden
NI System State Publisher (64-bit) (HKLM\...\{197B80EB-D791-4DA4-9398-B5F029738E22}) (Version: 12.0.218.0 - National Instruments) Hidden
NI System State Publisher (HKLM-x32\...\{AED17FC7-86C3-47BE-84F9-9F078F522770}) (Version: 12.0.358.0 - National Instruments) Hidden
NI System Web Server 12.0 (HKLM-x32\...\{570AFAC0-96B1-4491-B24B-6D251C52AFA4}) (Version: 12.0.414.0 - National Instruments) Hidden
NI System Web Server Base 12.0.0 (64-bit) (HKLM\...\{9C10623C-BF56-4D66-8F1F-B2D667E44986}) (Version: 12.0.407.0 - National Instruments) Hidden
NI System Web Server Base 12.0.0 (HKLM-x32\...\{C9690FF6-AD3E-43B0-A7FD-6D8A4C929D2C}) (Version: 12.0.407.0 - National Instruments) Hidden
NI TDM Streaming 2.4 (64-bit) (HKLM\...\{000A570E-F926-4808-956C-A57EE91B75F6}) (Version: 2.4.55.0 - National Instruments) Hidden
NI TDM Streaming 2.4 (HKLM-x32\...\{5A6C68D9-FDCB-4675-A95A-CD908D103614}) (Version: 2.4.55.0 - National Instruments) Hidden
NI Trace Engine (64-bit) (HKLM\...\{BD432073-6A5D-4F0F-8952-43B3C21A31C3}) (Version: 12.0.401.0 - National Instruments) Hidden
NI Trace Engine (HKLM-x32\...\{4C7AB285-CE33-459F-AB26-0E2DBCCDA2D7}) (Version: 12.0.401.0 - National Instruments) Hidden
NI Uninstaller (HKLM-x32\...\{A22F6777-3874-48E4-837D-F7650D92922F}) (Version: 16.0.169 - National Instruments) Hidden
NI Update Service 16.0 (64-bit) (HKLM\...\{A69F335B-6369-44A9-A39C-B747657D802D}) (Version: 16.00.49155 - National Instruments) Hidden
NI Update Service 16.0 (HKLM-x32\...\{D23B6980-DBD3-4BA4-8C95-B64F971DC3AF}) (Version: 16.00.49155 - National Instruments) Hidden
NI USI 2.0.0 (HKLM-x32\...\{3F0B4C33-6958-43B9-8493-C6E6D4A3565B}) (Version: 2.0.04901 - National Instruments) Hidden
NI USI 2.0.0 64-Bit (HKLM\...\{41B541B6-3518-4343-8A67-46FF9A4AA1A3}) (Version: 2.0.04901 - National Instruments) Hidden
NI VC2005MSMs x64 (HKLM\...\{E3E3E625-8F74-44CE-A6D2-C31CB43DA23D}) (Version: 8.05.0 - National Instruments) Hidden
NI VC2005MSMs x86 (HKLM-x32\...\{4B877FC6-F44C-4B39-B0B6-CE15ADC63997}) (Version: 8.05.0 - National Instruments) Hidden
NI VC2008MSMs x64 (HKLM\...\{07E00E94-7A78-40FA-9BEF-71C190E98041}) (Version: 9.0.401 - National Instruments) Hidden
NI VC2008MSMs x86 (HKLM-x32\...\{E84997A1-4D6F-4C0B-B60D-F85B360D2666}) (Version: 9.0.401 - National Instruments) Hidden
NI VC2010SP1MSMs x64 (HKLM\...\{AFC5A844-CA3A-4566-89E7-3E24E6AFF9A3}) (Version: 10.0.100 - National Instruments) Hidden
NI VC2010SP1MSMs x86 (HKLM-x32\...\{F2273FA7-117C-43D7-BD59-00B025535442}) (Version: 10.0.100 - National Instruments) Hidden
NI Web Application Server 12.0 (64-bit) (HKLM\...\{3F7CDE88-3B1B-42C1-ACDF-05720E0B04BB}) (Version: 12.0.422.0 - National Instruments) Hidden
NI Web Application Server 12.0 (HKLM-x32\...\{036C09F0-1423-4097-9720-D9E034CFF50A}) (Version: 12.0.422.0 - National Instruments) Hidden
NI Web Pipeline 2.0.1 (HKLM-x32\...\{0FD812C9-3BBE-4CC5-A43C-B7304E3EC581}) (Version: 2.0.128.0 - National Instruments) Hidden
NI Web Pipeline 2.0.1 64-bit support (HKLM\...\{CCC79B52-19CF-4A50-BE60-AEE3DE96B3EA}) (Version: 2.0.122.0 - National Instruments) Hidden
NI-Mesa (HKLM\...\{D754C95D-A80F-471C-819B-EEEDD07C9B0A}) (Version: 11.0.11.0 - National Instruments) Hidden
NI-Mesa (HKLM-x32\...\{7888F38C-E534-473D-B029-562173EEA2C8}) (Version: 11.0.11.0 - National Instruments) Hidden
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 385.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 385.69 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.9.0.61 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.9.0.61 - NVIDIA Corporation)
NVIDIA Graphics Driver 385.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 385.69 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.27 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (HKLM\...\{E237254B-36A1-3D27-815E-B37C13BE0796}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (HKLM-x32\...\{03077B58-6ACF-32CA-B42A-EAA458C295A1}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
PDF Settings CC (HKLM-x32\...\{1FBAE18D-4DE4-47AA-83EC-D1B046F262DC}) (Version: 12.0 - Adobe Systems Incorporated) Hidden
Planetary Annihilation: TITANS (HKLM-x32\...\Planetary Annihilation: TITANS_is1) (Version:  - )
Portal Knights (HKLM-x32\...\Portal Knights_is1) (Version:  - )
Portal Knights version 0.3.3 (HKLM-x32\...\{830B129D-B09D-4187-A6D0-58F916DBAEE8}_is1) (Version: 0.3.3 - Trackeroc.Ru)
Power Supply Designer II (HKLM-x32\...\Power Supply Designer II) (Version:  - )
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.7 - Power Software Ltd)
Python 3.6.1 (64-bit) (HKU\S-1-5-21-2946065609-2928214098-1305662417-1001\...\{5984d629-979e-4439-b893-accde1a00a68}) (Version: 3.6.1150.0 - Python Software Foundation)
Python 3.6.1 Add to Path (64-bit) (HKLM\...\{079FEF6F-9E83-4694-897D-69C30389B772}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Core Interpreter (64-bit debug) (HKLM\...\{5CF50751-7F73-43E6-BAF9-5D7F1A818355}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Core Interpreter (64-bit symbols) (HKLM\...\{6E40D90F-EAA5-4093-AF9E-52FACBE23F3D}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Core Interpreter (64-bit) (HKLM\...\{27133190-078A-4A46-81B0-FF476EAEBF2A}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Development Libraries (64-bit debug) (HKLM\...\{917E8108-BE03-4547-87FC-F098C92A7D5A}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Development Libraries (64-bit) (HKLM\...\{953B4007-8312-48CA-817E-29B43988EB35}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Documentation (64-bit) (HKLM\...\{41626EAD-257F-401F-8531-51C5A7D4CA6C}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Executables (64-bit debug) (HKLM\...\{B150A67C-98C1-4B39-A8A0-609F9A2C8009}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Executables (64-bit symbols) (HKLM\...\{18F2C316-948D-4A6F-8E31-88D818F9FE2E}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Executables (64-bit) (HKLM\...\{9139037B-B991-4022-946F-DAA9A9FDC7EE}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 pip Bootstrap (64-bit) (HKLM\...\{5F9A36CA-767E-4922-84AB-73E61264FE5C}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Standard Library (64-bit debug) (HKLM\...\{E14B16ED-21CF-4F16-9C32-E83C5ACAABB9}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Standard Library (64-bit symbols) (HKLM\...\{FF0FFF24-4B74-49F0-BA60-4DA3352434B4}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Standard Library (64-bit) (HKLM\...\{B7A716F0-78C1-4CB9-8756-0E51C5DD7622}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Tcl/Tk Support (64-bit debug) (HKLM\...\{24B26A98-CE61-4C29-BE0F-152C97CC0D15}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Tcl/Tk Support (64-bit symbols) (HKLM\...\{804EDEA0-086D-4595-B816-DB8175F04249}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Tcl/Tk Support (64-bit) (HKLM\...\{AC60D963-1CE4-429B-AB29-F973DC55A918}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Test Suite (64-bit debug) (HKLM\...\{CAE72839-BB48-431D-B621-0F5561C09BEA}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Test Suite (64-bit symbols) (HKLM\...\{48EF61AD-9D0C-4225-9ED8-F1FCE01AEC72}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Test Suite (64-bit) (HKLM\...\{A298B2DB-1F21-476D-9BD7-4ECC23101C90}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Utility Scripts (64-bit) (HKLM\...\{7CB8460F-55AD-4C70-8D04-72947C46C85E}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{323AC113-C6CE-4F99-842F-4936332D055A}) (Version: 3.6.5923.0 - Python Software Foundation)
QCAD 3.12.5 (HKLM-x32\...\QCAD) (Version: 3.12.5 - RibbonSoft GmbH)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.7.1025.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6849 - Realtek Semiconductor Corp.)
Revit 2016 (HKLM\...\{7346B4A0-1600-0510-0000-705C0D862004}) (Version: 16.0.428.0 - Autodesk) Hidden
Revit Content Libraries 2016 (HKLM\...\{941030D0-1600-0410-0000-818BB38A95FC}) (Version: 16.0.428.0 - Autodesk) Hidden
Sacred 2 (HKLM-x32\...\{1023383E-D9F6-478C-A965-23A4657B3C9A}) (Version: 2.11.2.0 - Deep Silver)
Samsung CLX-3300 Series (HKLM-x32\...\Samsung CLX-3300 Series) (Version: 1.04 (2012/07/07) - Samsung Electronics Co., Ltd.)
Samsung Easy Document Creator (HKLM-x32\...\Samsung Easy Document Creator) (Version: 1.03.13 (2012/06/29) - Samsung Electronics Co., Ltd.)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.02.57.00(2012/07/05) - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00.04 - Samsung Electronics Co., Ltd.)
Samsung Scan Process Machine (HKLM-x32\...\Samsung Scan Process Machine) (Version: 1.00.20.00 - Samsung Electronics Co., Ltd.) Hidden
Sins of a Solar Empire Rebellion © Stardock version 1 (HKLM-x32\...\Sins of a Solar Empire Rebellion © Stardock_is1) (Version: 1 - )
Skype™ 7.31 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.31.104 - Skype Technologies S.A.)
SlimDX Runtime .NET 4.0 x86 (January 2012) (HKLM-x32\...\{7EBD0E43-6AC0-4CA8-9990-00E50069AD29}) (Version: 2.0.13.43 - SlimDX Group)
SNS Upload for Easy Document Creator (HKLM-x32\...\{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}) (Version: 1.0.0 - Samsung Electronics Co.,Ltd)
SpaceEngine version 0.9.8.0 (HKLM-x32\...\{6E7A40FA-86CE-4844-A7DC-F8769F21A62F}_is1) (Version: 0.9.8.0 - SpaceEngine)
Starbound - Glad Giraffe (HKU\S-1-5-21-2946065609-2928214098-1305662417-1001\...\Starbound - Glad Giraffe) (Version:  - )
Starbound Spacefarer (HKLM-x32\...\Starbound Spacefarer_is1) (Version:  - )
Starcraft (HKLM-x32\...\Starcraft) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Streamripper (Remove only) (HKLM-x32\...\Streamripper) (Version:  - )
SVG Explorer Extension 0.1.1 (HKLM\...\{4CA20D9A-98AC-4DD6-9C16-7449F29AC08A}_is1) (Version: 0.1.1 - Dotz Softwares)
Trackmania Turbo (HKLM-x32\...\Trackmania Turbo_is1) (Version:  - )
TrinusVR version 2.1.2 (HKLM-x32\...\{A66AD08F-FC5B-4583-9A7D-4636F5637B2C}_is1) (Version: 2.1.2 - Odd Sheep SL)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{6DA2B636-698A-3294-BF4A-B5E11B238CDD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{14866AAD-1F23-39AC-A62B-7091ED1ADE64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - LunarG, Inc.) Hidden
Wampserver64 3.0.6 (HKLM\...\{wampserver64}_is1) (Version: 3.0.6 - Dominique Ottello aka Otomatic)
WildStar (HKLM-x32\...\WildStar) (Version:  - NCSOFT)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
WinHTTrack Website Copier 3.49-2 (x64) (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.49.2 - HTTrack)
WinPcap 4.1.1 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies)
WinRAR 5.11 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.1 - win.rar GmbH)
Worms2 (HKLM-x32\...\Worms2) (Version:  - )
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
Xpadder Power Pack 01.01.2015 (HKLM-x32\...\Xpadder Power Pack 01.01.2015) (Version:  - )
Zoom (HKU\S-1-5-21-2946065609-2928214098-1305662417-1001\...\ZoomUMX) (Version: 3.5 - Zoom Video Communications, Inc.)
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (HKLM\...\{25FB53C5-BE4C-3B6C-A0C9-D49A39227E1E}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (HKLM-x32\...\{68DC347D-C1C0-3DE2-A53E-CCC71DA53E57}) (Version: 11.0.51108 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Z\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{2B663ECE-5770-491c-A474-F98603C40681}\InprocServer32 -> c:\program files (x86)\adobe\acrobat dc\pdfmaker\autocad\2013\64\acrobatacadic.dbx => No File
CustomCLSID: HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{2B93DB32-8D98-4438-93B5-5C2CC3441999}\InprocServer32 -> c:\program files (x86)\adobe\acrobat dc\pdfmaker\autocad\2013\64\acrobatacadic.dbx => No File
CustomCLSID: HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{6813A122-4BBF-4408-8C87-07176246B992}\InprocServer32 -> c:\program files (x86)\adobe\acrobat dc\pdfmaker\autocad\2013\64\acrobatacadic.dbx => No File
CustomCLSID: HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{697DE5F4-0D13-4608-9728-7539F704E51C}\InprocServer32 -> c:\program files (x86)\adobe\acrobat dc\pdfmaker\autocad\2013\64\acrobatacadic.dbx => No File
CustomCLSID: HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> D:\Installed Programs\AutoCAD 2013\AutoCAD\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{70A294B3-FE6F-4af9-9395-CFC58FC07C30}\InprocServer32 -> c:\program files (x86)\adobe\acrobat dc\pdfmaker\autocad\2013\64\acrobatacadic.dbx => No File
CustomCLSID: HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{74562BED-63D6-4234-A386-937DB6FA38AE}\InprocServer32 -> c:\program files (x86)\adobe\acrobat dc\pdfmaker\autocad\2013\64\acrobatacadic.dbx => No File
CustomCLSID: HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Z\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{7C90F737-950A-49eb-B6C1-EE1744C75E97}\InprocServer32 -> c:\program files (x86)\adobe\acrobat dc\pdfmaker\autocad\2013\64\acrobatacadic.dbx => No File
CustomCLSID: HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Z\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{868D9612-74A1-405b-9758-369138103193}\InprocServer32 -> c:\program files (x86)\adobe\acrobat dc\pdfmaker\autocad\2013\64\acrobatacadic.dbx => No File
CustomCLSID: HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{BB9F1D04-94AB-40b7-ABAE-33D2637F6340}\InprocServer32 -> c:\program files (x86)\adobe\acrobat dc\pdfmaker\autocad\2013\64\acrobatacadic.dbx => No File
CustomCLSID: HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> D:\Installed Programs\AutoCAD 2013\AutoCAD\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{CC3BE603-926A-40ae-9570-4258474F0364}\InprocServer32 -> c:\program files (x86)\adobe\acrobat dc\pdfmaker\autocad\2013\64\acrobatacadic.dbx => No File
CustomCLSID: HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{DD0B2199-F2FD-41eb-B744-B06B100B9A43}\InprocServer32 -> c:\program files (x86)\adobe\acrobat dc\pdfmaker\autocad\2013\64\acrobatacadic.dbx => No File
CustomCLSID: HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{DFAB83E9-EBA6-4425-928B-B15A57F39469}\InprocServer32 -> c:\program files (x86)\adobe\acrobat dc\pdfmaker\autocad\2013\64\acrobatacadic.dbx => No File
CustomCLSID: HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{E27473C6-A63D-4b85-95FC-C7DE20306C0D}\InprocServer32 -> c:\program files (x86)\adobe\acrobat dc\pdfmaker\autocad\2013\64\acrobatacadic.dbx => No File
CustomCLSID: HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> D:\Installed Programs\AutoCAD 2013\AutoCAD\en-US\acadficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
CustomCLSID: HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{F5756047-E218-465a-AC4C-FD04238C4896}\InprocServer32 -> c:\program files (x86)\adobe\acrobat dc\pdfmaker\autocad\2013\64\acrobatacadic.dbx => No File
CustomCLSID: HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{F9748CB6-1CCB-4557-905E-8D42C83AAEB6}\InprocServer32 -> c:\program files (x86)\adobe\acrobat dc\pdfmaker\autocad\2013\64\acrobatacadic.dbx => No File
CustomCLSID: HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{FC072C1A-25CB-49e7-8F79-F2A8B8C3289D}\InprocServer32 -> c:\program files (x86)\adobe\acrobat dc\pdfmaker\autocad\2013\64\acrobatacadic.dbx => No File
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2017-05-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2017-05-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2017-05-26] ()
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2012-02-06] (Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\Installed Programs\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2017-05-26] ()
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files (x86)\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2012-01-31] (Autodesk)
ContextMenuHandlers1: [BB FlashBack 2] -> {A8065B9E-193F-4797-B62D-8F6321E7FCCB} =>  -> No File
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2016-10-02] (Power Software Ltd)
ContextMenuHandlers1: [QuickShare] -> {A8065B9E-193F-4797-B62D-8F6321E7FCCB} =>  -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-08-18] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-08-18] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\Installed Programs\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2016-10-02] (Power Software Ltd)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-01] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-09-16] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\Installed Programs\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2017-05-26] ()
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2016-10-02] (Power Software Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-08-18] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-08-18] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0F8FE7AD-7D89-43AD-8731-59FA9150E6F8} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-08-18] (NVIDIA Corporation)
Task: {18FDEB73-C0F2-48FE-B267-6C151C60894E} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-08-18] (NVIDIA Corporation)
Task: {1C1CDCB1-4BE7-47E3-A1E9-E95224859093} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-03] (Dropbox, Inc.)
Task: {25007086-75AB-42F9-81FD-2D9614D89C31} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-08-18] (NVIDIA Corporation)
Task: {39183861-C138-4780-B82C-88832EE7D685} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Z-PC-Z Z-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation)
Task: {5688D2B8-13D5-485A-8A22-D9FED6AE4C16} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {61CC5DC4-6050-4111-8646-D0B06B5EEB57} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-08-18] (NVIDIA Corporation)
Task: {644F0883-F8A2-43E0-A46A-A9FFDD710BC0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-08-08] (Microsoft Corporation)
Task: {7A3FA7FE-4277-4B81-A2B3-BA7BF4E32140} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-08-18] (NVIDIA Corporation)
Task: {7CE2C6DC-D57C-4276-9022-4EA874CE0290} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-03] (Dropbox, Inc.)
Task: {926C2575-858E-4858-B54F-DF94C5A640B7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-19] (Google Inc.)
Task: {A1C58A98-85E2-429E-A8FE-ADB3AC19D448} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {A27AC71C-460A-40FC-84B6-5F5EC2FF3228} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {A2F0157E-A7E5-4210-A0E9-30734FE6BC51} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-08-18] (NVIDIA Corporation)
Task: {B26F221F-B612-4FE9-9FEB-08C830568798} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-08-08] (Microsoft Corporation)
Task: {B7A4B3A8-6A6F-4F9D-AB9C-126CE24CDD96} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-08-18] (NVIDIA Corporation)
Task: {C28B6475-F427-4F65-86CC-73ED429DD234} - System32\Tasks\NIUpdateServiceStartupTask => D:\Installed Programs\Circuits\Shared\Update Service\NIUpdateService.exe [2016-06-07] (National Instruments)
Task: {C6C77CC5-C2B1-46E8-8A43-97B2F0D54905} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {C88CFB0D-E7E9-4ECC-94E0-C27371FFF183} - System32\Tasks\KMS8Server => C:\WINDOWS\KMS8\KMS8.exe [2015-10-02] ()
Task: {CC48F2D0-BCB8-4DFE-8A9B-F674641B88B4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-08-08] (Microsoft Corporation)
Task: {CD0B0CC3-76B6-4683-8108-D00BA5FA310F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-19] (Google Inc.)
Task: {DF091D76-710E-4C92-BF00-2B5B7A0FF5B6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-08-08] (Microsoft Corporation)
Task: {E3D88AA5-6A86-4975-9C1B-C93EFC544AE4} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-08-18] (NVIDIA Corporation)
Task: {EEC402CF-95A4-4EEC-BE36-B96EE2653015} - System32\Tasks\AdobeAAMUpdater-1.0-Z-PC-Z => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {FC52701D-EF07-411C-9295-3E77EADFD23C} - System32\Tasks\NIUpdateServiceCheckTask => D:\Installed Programs\Circuits\Shared\Update Service\NIUpdateService.exe [2016-06-07] (National Instruments)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Z\Favorites\FileOptimizer Home Page.lnk -> hxxp://nikkhokkho.sourceforge.net/static.php?page=FileOptimize

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 13:42 - 2016-07-16 13:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-09-14 09:48 - 2017-09-07 08:01 - 002681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-01-22 21:20 - 2017-09-16 19:34 - 000133752 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-06-15 08:20 - 2013-10-23 14:24 - 000087600 _____ () C:\WINDOWS\System32\cpwmon64.dll
2016-01-26 11:14 - 2012-01-09 13:47 - 000034304 _____ () C:\WINDOWS\System32\sst7clm.dll
2016-03-05 11:04 - 2016-03-05 11:04 - 000031256 _____ () C:\WINDOWS\System32\us008lm.dll
2017-11-21 12:51 - 2017-11-01 08:55 - 002299344 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-11-21 12:51 - 2017-11-01 08:54 - 002358736 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-10-02 00:57 - 2017-08-18 06:36 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2011-09-15 00:19 - 2011-09-15 00:19 - 000086016 _____ () D:\Installed Programs\Autodesk 2015\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe
2017-05-26 03:18 - 2017-05-26 03:18 - 000492112 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-11-20 20:11 - 2016-11-20 20:11 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-15 18:33 - 2017-03-04 08:31 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2012-02-20 22:23 - 2012-02-20 22:23 - 000456704 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2012-02-20 22:23 - 2012-02-20 22:23 - 000051200 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2017-11-19 02:34 - 2017-11-10 11:57 - 004135768 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libglesv2.dll
2017-11-19 02:34 - 2017-11-10 11:57 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libegl.dll
2017-11-12 15:42 - 2017-11-12 15:44 - 000087552 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-11-12 15:42 - 2017-11-12 15:44 - 000206336 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-11-12 15:42 - 2017-11-12 15:45 - 025461760 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-11-08 20:20 - 2017-11-08 20:23 - 002552832 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\skypert.dll
2017-11-21 08:21 - 2017-11-21 08:21 - 003442304 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\LeagueClient.exe
2017-11-21 08:21 - 2017-11-21 08:21 - 001711232 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\LeagueClientUx.exe
2017-11-21 08:21 - 2017-11-21 08:21 - 000892032 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\LeagueClientUxRender.exe
2012-10-01 20:36 - 2012-10-01 20:36 - 001408624 _____ () C:\Program Files\Microsoft Office\Office15\ADDINS\UmOutlookAddin.dll
2017-03-15 18:33 - 2017-03-04 08:12 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-15 18:33 - 2017-03-04 08:05 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-15 18:33 - 2017-03-04 08:05 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-09-14 09:48 - 2017-09-07 06:53 - 002424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-09-14 09:48 - 2017-09-07 06:59 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2011-01-11 22:55 - 2017-09-13 23:32 - 004234752 _____ () D:\My Games\Powder Toy\Powder.exe
2016-04-07 15:57 - 2016-02-24 06:48 - 000062024 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\QtSolutions_Service-head.dll
2016-04-07 15:57 - 2016-02-24 06:47 - 000110664 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\qjson0.dll
2017-11-21 08:34 - 2017-11-21 08:34 - 000108672 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\zlib.dll
2017-11-21 08:34 - 2017-11-21 08:34 - 000128640 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\yaml.dll
2017-11-21 08:21 - 2017-11-21 08:21 - 001353856 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-patcher\rcp-be-patcher.dll
2017-11-21 08:21 - 2017-11-21 08:21 - 000622208 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-rso-auth\rcp-be-rso-auth.dll
2017-11-21 08:21 - 2017-11-21 08:21 - 000993408 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-lol-login\rcp-be-lol-login.dll
2017-11-21 08:17 - 2017-11-10 20:10 - 000522368 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-lol-platform-config\rcp-be-lol-platform-config.dll
2017-11-21 08:21 - 2017-11-21 08:21 - 000520832 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-riot-messaging-service\rcp-be-riot-messaging-service.dll
2017-11-21 08:17 - 2017-11-10 20:10 - 000696960 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-lol-summoner\rcp-be-lol-summoner.dll
2017-11-21 08:17 - 2017-09-23 11:17 - 000571008 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-lol-ranked-stats\rcp-be-lol-ranked-stats.dll
2017-11-21 08:21 - 2017-11-21 08:21 - 000494720 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-lol-maps\rcp-be-lol-maps.dll
2017-11-21 08:21 - 2017-11-21 08:21 - 000602240 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-lol-game-queues\rcp-be-lol-game-queues.dll
2017-11-21 08:17 - 2017-09-23 11:17 - 000539264 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-lol-player-preferences\rcp-be-lol-player-preferences.dll
2017-11-21 08:17 - 2017-09-27 08:20 - 000619648 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-lol-game-settings\rcp-be-lol-game-settings.dll
2017-11-21 08:17 - 2017-09-23 11:17 - 000582272 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-lol-settings\rcp-be-lol-settings.dll
2017-11-21 08:21 - 2017-11-21 08:21 - 000757376 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-lol-gameflow\rcp-be-lol-gameflow.dll
2017-11-21 08:17 - 2017-11-10 20:10 - 000479360 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-lol-pre-end-of-game\rcp-be-lol-pre-end-of-game.dll
2017-11-21 08:17 - 2017-11-10 20:10 - 000572032 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-sanitizer\rcp-be-sanitizer.dll
2017-11-21 08:17 - 2017-09-23 11:17 - 000444544 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-lol-riot-messaging-service\rcp-be-lol-riot-messaging-service.dll
2017-11-21 08:17 - 2017-09-23 10:21 - 000537216 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-lol-acs\rcp-be-lol-acs.dll
2017-11-21 08:17 - 2017-09-23 11:17 - 000544896 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-player-notifications\rcp-be-player-notifications.dll
2017-11-21 08:17 - 2017-09-23 11:17 - 000496768 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-lol-loyalty\rcp-be-lol-loyalty.dll
2017-11-21 08:17 - 2017-09-23 10:21 - 000899712 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-lol-collections\rcp-be-lol-collections.dll
2017-11-21 08:21 - 2017-11-21 08:21 - 000644224 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-lol-champions\rcp-be-lol-champions.dll
2017-11-21 08:21 - 2017-11-21 08:21 - 000446592 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-lol-kr-shutdown-law\rcp-be-lol-kr-shutdown-law.dll
2017-11-21 08:17 - 2017-10-11 09:02 - 000720512 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-lol-store\rcp-be-lol-store.dll
2017-11-21 08:21 - 2017-11-21 08:21 - 000497280 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-lol-inventory\rcp-be-lol-inventory.dll
2017-11-21 08:21 - 2017-11-21 08:21 - 000560768 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-lol-loadouts\rcp-be-lol-loadouts.dll
2017-11-21 08:21 - 2017-11-21 08:21 - 000856192 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-lol-lobby-team-builder\rcp-be-lol-lobby-team-builder.dll
2017-11-21 08:21 - 2017-11-21 08:21 - 000568448 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-lol-queue-eligibility\rcp-be-lol-queue-eligibility.dll
2017-11-21 08:17 - 2017-11-10 20:10 - 000693888 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-lol-matchmaking\rcp-be-lol-matchmaking.dll
2017-11-21 08:17 - 2017-09-23 11:17 - 000518272 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-lol-spectator\rcp-be-lol-spectator.dll
2017-11-21 08:21 - 2017-11-21 08:21 - 001578624 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-lol-chat\rcp-be-lol-chat.dll
2017-11-21 08:21 - 2017-11-21 08:21 - 001486464 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-lol-lobby\rcp-be-lol-lobby.dll
2017-11-21 08:17 - 2017-11-10 20:10 - 000798848 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-lol-champ-select-legacy\rcp-be-lol-champ-select-legacy.dll
2017-11-21 08:17 - 2017-10-25 09:36 - 000605824 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-lol-champ-select\rcp-be-lol-champ-select.dll
2017-11-21 08:17 - 2017-09-23 11:17 - 000493696 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-lol-heartbeat\rcp-be-lol-heartbeat.dll
2017-11-21 08:17 - 2017-09-23 11:17 - 000518272 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-lol-shutdown\rcp-be-lol-shutdown.dll
2017-11-21 08:21 - 2017-11-21 08:21 - 000957056 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-lol-loot\rcp-be-lol-loot.dll
2017-11-21 08:17 - 2017-09-23 11:17 - 000472704 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-lol-kickout\rcp-be-lol-kickout.dll
2017-11-21 08:21 - 2017-11-21 08:21 - 000436352 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-lol-license-agreement\rcp-be-lol-license-agreement.dll
2017-11-21 08:17 - 2017-09-23 11:17 - 000479360 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-lol-kr-playtime-reminder\rcp-be-lol-kr-playtime-reminder.dll
2017-11-21 08:17 - 2017-09-23 10:21 - 000492160 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-lol-game-client-chat\rcp-be-lol-game-client-chat.dll
2017-11-21 08:17 - 2017-09-23 11:17 - 000536192 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-lol-team-boosts\rcp-be-lol-team-boosts.dll
2017-11-21 08:17 - 2017-11-10 20:10 - 000724608 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-lol-end-of-game\rcp-be-lol-end-of-game.dll
2017-11-21 08:17 - 2017-09-23 10:21 - 000522368 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-lol-active-boosts\rcp-be-lol-active-boosts.dll
2017-11-21 08:17 - 2017-09-23 11:17 - 000435328 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-lol-parties\rcp-be-lol-parties.dll
2017-11-21 08:17 - 2017-11-10 20:10 - 000853632 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-lol-leagues\rcp-be-lol-leagues.dll
2017-11-21 08:17 - 2017-11-10 20:10 - 000594560 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-lol-pft\rcp-be-lol-pft.dll
2017-11-21 08:17 - 2017-11-10 20:10 - 000615040 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-lol-player-behavior\rcp-be-lol-player-behavior.dll
2017-11-21 08:17 - 2017-09-27 08:20 - 000584320 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-lol-suggested-players\rcp-be-lol-suggested-players.dll
2017-11-21 08:17 - 2017-09-23 11:17 - 000530560 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-lol-service-status\rcp-be-lol-service-status.dll
2017-11-21 08:17 - 2017-09-23 11:17 - 000558720 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-lol-leaver-buster\rcp-be-lol-leaver-buster.dll
2017-11-21 08:17 - 2017-10-25 09:36 - 000642176 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-lol-match-history\rcp-be-lol-match-history.dll
2017-11-21 08:17 - 2017-09-23 11:17 - 000715392 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-recofriender\rcp-be-recofriender.dll
2017-11-21 08:17 - 2017-09-23 10:21 - 000785536 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-lol-clubs\rcp-be-lol-clubs.dll
2017-11-21 08:17 - 2017-09-23 10:21 - 000530560 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-lol-clubs-public\rcp-be-lol-clubs-public.dll
2017-11-21 08:17 - 2017-11-10 20:10 - 000574080 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-lol-esport-stream-notifications\rcp-be-lol-esport-stream-notifications.dll
2017-11-21 08:17 - 2017-11-10 20:10 - 000705664 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-lol-replays\rcp-be-lol-replays.dll
2017-11-21 08:17 - 2017-09-23 11:17 - 000504960 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-lol-player-level-up\rcp-be-lol-player-level-up.dll
2017-11-21 08:17 - 2017-09-23 11:17 - 000487040 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-lol-tencent-qt\rcp-be-lol-tencent-qt.dll
2017-11-21 08:17 - 2017-10-11 09:02 - 000545920 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-lol-beta-opt-in\rcp-be-lol-beta-opt-in.dll
2017-11-21 08:17 - 2017-09-23 11:17 - 000546432 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-lol-player-messaging\rcp-be-lol-player-messaging.dll
2017-11-21 08:21 - 2017-11-21 08:21 - 000534144 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-lol-purchase-widget\rcp-be-lol-purchase-widget.dll
2017-11-21 08:17 - 2017-09-23 11:17 - 000586368 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-lol-personalized-offers\rcp-be-lol-personalized-offers.dll
2017-11-21 08:17 - 2017-11-10 20:10 - 000469632 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-lol-user-experience\rcp-be-lol-user-experience.dll
2017-11-21 08:17 - 2017-11-10 20:10 - 000542848 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-lol-simple-dialog-messages\rcp-be-lol-simple-dialog-messages.dll
2017-11-21 08:17 - 2017-09-23 11:17 - 000610944 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-lol-highlights\rcp-be-lol-highlights.dll
2017-11-21 08:21 - 2017-11-21 08:21 - 000667776 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-lol-honor-v2\rcp-be-lol-honor-v2.dll
2017-11-21 08:17 - 2017-09-23 11:17 - 000489088 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-network-testing\rcp-be-network-testing.dll
2017-11-21 08:17 - 2017-09-23 10:21 - 000539264 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-entitlements\rcp-be-entitlements.dll
2017-11-21 08:21 - 2017-11-21 08:21 - 000630912 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-lol-missions\rcp-be-lol-missions.dll
2017-11-21 08:17 - 2017-09-23 11:17 - 000584832 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-lol-item-sets\rcp-be-lol-item-sets.dll
2017-11-21 08:21 - 2017-11-21 08:21 - 000499328 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-lol-email-verification\rcp-be-lol-email-verification.dll
2017-11-21 08:17 - 2017-09-23 11:17 - 000466560 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-lol-las-toxicity\rcp-be-lol-las-toxicity.dll
2017-11-21 08:17 - 2017-10-11 09:02 - 000512128 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-lol-geoinfo\rcp-be-lol-geoinfo.dll
2017-11-21 08:21 - 2017-11-21 08:21 - 001135232 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-lol-clash\rcp-be-lol-clash.dll
2017-11-21 08:21 - 2017-11-21 08:21 - 000457344 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-lol-banners\rcp-be-lol-banners.dll
2017-11-21 08:21 - 2017-11-21 08:21 - 000532096 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-lol-featured-modes\rcp-be-lol-featured-modes.dll
2017-11-21 08:21 - 2017-11-21 08:21 - 000451712 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-payments\rcp-be-payments.dll
2017-11-21 08:21 - 2017-11-21 08:21 - 000688768 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-lol-perks\rcp-be-lol-perks.dll
2017-11-21 08:21 - 2017-11-21 08:21 - 000517760 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\Plugins\rcp-be-lol-account-verification\rcp-be-lol-account-verification.dll
2017-11-21 08:21 - 2017-11-21 08:21 - 055775872 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\libcef.dll
2017-11-21 08:21 - 2017-11-21 08:21 - 001801344 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\libglesv2.dll
2017-11-21 08:21 - 2017-11-21 08:21 - 000022144 _____ () D:\My Games\LeagueOfLegends\RADS\projects\league_client\releases\0.0.0.108\deploy\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:A1EDB939 [138]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-2946065609-2928214098-1305662417-1001\Software\Classes\.scr: AutoCADScriptFile =>

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-06-15 08:17 - 2017-11-21 16:05 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2946065609-2928214098-1305662417-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Z\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "NI Error Reporting.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Autodesk Sync"
HKLM\...\StartupApproved\Run32: => "AdobeCEPServiceManager"
HKLM\...\StartupApproved\Run32: => "ADSKAppManager"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "NI Update Service"
HKLM\...\StartupApproved\Run32: => "Gila"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKU\S-1-5-21-2946065609-2928214098-1305662417-1001\...\StartupApproved\Run: => "ISUSPM Startup"
HKU\S-1-5-21-2946065609-2928214098-1305662417-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2946065609-2928214098-1305662417-1001\...\StartupApproved\Run: => "Steam"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{95084C16-6274-48C5-B910-45CCC8D26145}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{651C5540-9FB9-4EFC-927D-6A3DE6D5F945}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{BADBB081-3686-4E70-B79D-19DDB1189D79}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{B09D3E84-3AE2-40C2-BA82-141D639E2EE9}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{FFD0FB9E-8AB2-4324-9DA3-54E546C46086}] => (Allow) D:\My Games\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe
FirewallRules: [{873C7DEF-4024-4333-9CA0-634951E98977}] => (Allow) C:\Users\Z\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe
FirewallRules: [{3DB62DE3-E069-4C57-B3B3-F1AAD7C65DC8}] => (Allow) D:\My Games\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{8785AB45-885B-4C39-871C-657244ED59A9}] => (Allow) D:\My Games\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{BCC7949E-61AC-4FBD-8215-F4D84B257523}] => (Allow) D:\My Games\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{13A1654B-B9F2-469C-B35D-9A0AFB545D35}] => (Allow) D:\My Games\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{E2CB5335-293B-4721-9648-707DCA3CF127}] => (Allow) D:\My Games\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe
FirewallRules: [{0A00D478-B7CF-428E-9CF1-792A45407BDC}] => (Allow) C:\Users\Z\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe
FirewallRules: [{7B14D503-8155-40DC-8199-395FABF5B639}] => (Allow) D:\My Games\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{BD49C3A5-777E-4D70-A14F-527F3684E550}] => (Allow) D:\My Games\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{75009C41-B352-4EB9-9C8D-7534FD635787}] => (Allow) D:\My Games\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{32FD7750-75B9-4A8E-90A9-83DADD58B1B5}] => (Allow) D:\My Games\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [UDP Query User{BAA9C2C8-B302-4DC3-BCC6-A34F186481B3}D:\games\war for the overworld\wftogame.exe] => (Allow) D:\games\war for the overworld\wftogame.exe
FirewallRules: [TCP Query User{6B6E5E2F-1828-463E-AB68-746E67945485}D:\games\war for the overworld\wftogame.exe] => (Allow) D:\games\war for the overworld\wftogame.exe
FirewallRules: [{5E77D3DF-CA4A-43E4-A36A-81A0DC48BF9A}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{4A1F5602-EAB9-45DB-B73F-03BAC4EF373B}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{4D755F52-69EC-40AD-95F4-26F11F513A6D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{1E891AC9-C678-4C7C-AAC8-A20BE647FF55}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{5239F7FA-D184-4C66-94AA-C0A48C6A5CF7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E4A49079-8E4C-4630-BB77-59200155E3F1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{80FE04AA-90FF-41D5-BD9F-66C81546826C}] => (Allow) D:\Games\Stardock Games\Demigod\bin\Demigod.exe
FirewallRules: [{FD11AF1F-E0A6-4286-8E5A-22DEA23AC7EC}] => (Allow) D:\Games\Stardock Games\Demigod\bin\Demigod.exe
FirewallRules: [{87B23542-413B-49D8-BE26-D9EB10A75E27}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{7DB58475-6C88-4FC0-A7DE-2CE15BDA9BA6}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{22A75F3A-B8D0-4952-AA42-7572AEDA0C77}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{B3C6CD93-6AF2-4CE9-A932-03CB7E8FAE7B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{21844B98-8797-4928-AB76-70346F9CA91B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{F51F715B-953F-4FDB-88CC-A57EFA1731A6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{BBE28CEB-F02C-4719-8729-AFCD030DDAF0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{0BA06AC6-FF14-4490-9356-4B80D581FA3B}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{85F8F421-EE58-4C51-8AEC-4C6B7AC4EB86}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{DB56CE65-F869-416D-8101-69B94F0C37FD}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{EBACEC20-A7DB-46D3-B724-84B1B8A8BFB7}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{9512B040-1C48-40DC-B120-A6F0D5FFF5F8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DAD39818-5BB1-4E67-B024-8E37CAFD37CB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{819FD319-2BCE-40C2-860E-ABCA28E5F2A6}] => (Allow) LPort=50248
FirewallRules: [{930098FF-0993-4EBC-9E37-76B4BB0AF481}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{3005A4F7-B12F-4989-BBCC-C4179CCA15A8}] => (Allow) C:\Program Files (x86)\BitTorrent\BitTorrent.exe
FirewallRules: [{00647803-C1AB-4A60-A25A-221DEE8DF036}] => (Allow) C:\Program Files (x86)\BitTorrent\BitTorrent.exe
FirewallRules: [{D25AD8B6-5546-4BE5-8158-3FEC544D7611}] => (Allow) C:\Windows\twain_32\Samsung\CLX3300\SCNSearch\USDAgent.exe
FirewallRules: [{1863C02D-01A5-453B-AE93-3D52B84BC12C}] => (Allow) C:\Windows\twain_32\Samsung\CLX3300\SCNSearch\USDAgent.exe
FirewallRules: [{67960AA4-23F7-4950-8EF7-2A42337B02D8}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{61BE4C22-0478-4ED8-9AF8-56077D664923}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{1FBCC478-27C4-45A0-8EEC-5A83594C0ABF}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{93EB0D0A-E39C-46AB-9A1A-9DFB78F96517}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{15FB54AD-0595-4DB2-B5B3-0027B29A98DA}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{186ED45A-DF53-4065-97CD-F5A7C142709B}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{43B44FD9-F88B-4B4C-BE3D-85DCAEE0120E}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{5815B7B9-8205-4431-AFB6-25833ED9B362}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{51CEDE7B-ED37-4A8E-A194-9DA8B4C32AE1}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{63F8EC2E-8A69-46B6-AA25-2E7BA7902AF6}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{367E3476-A806-4D75-A4D0-51BDB1E04F77}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\USDAgent.exe
FirewallRules: [{6DA44BDA-F753-41A7-8C98-5CE5BF24FC2D}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\USDAgent.exe
FirewallRules: [{D6CF56A6-24CA-4BA5-BF9D-D9FBE6710F9A}] => (Allow) D:\My Games\War for the Overworld\WFTOGame.exe
FirewallRules: [{7D94FA47-61FA-4D28-9806-B0E78C99FC93}] => (Allow) D:\Installed Programs\Autodesk 2015\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe
FirewallRules: [{3AD27451-77D5-4953-BE08-3813ACB74C18}] => (Allow) D:\Installed Programs\Autodesk 2015\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe
FirewallRules: [{32A33003-A30D-411C-AF8D-54F56BF4CF71}] => (Allow) D:\Installed Programs\Autodesk 2015\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64.exe
FirewallRules: [{9501F412-2DED-47A1-BDE6-D15417469E29}] => (Allow) D:\Installed Programs\Autodesk 2015\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64.exe
FirewallRules: [{425B9ED7-8381-45AF-AD60-FE3C8F448697}] => (Allow) D:\Installed Programs\Autodesk 2015\3ds Max Design 2013\3dsmax.exe
FirewallRules: [{4290687F-68A3-425B-9BFA-9EEBB9F7375B}] => (Allow) D:\Installed Programs\Autodesk 2015\3ds Max Design 2013\3dsmax.exe
FirewallRules: [{687A8132-6012-4DD8-85F6-6C944F58745E}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\monitor.exe
FirewallRules: [{CC6964EE-2781-4AF2-9041-1D2D5A49D7B3}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\monitor.exe
FirewallRules: [{4FD73E68-C8E4-49EF-8219-5A885A08DAD7}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\manager.exe
FirewallRules: [{7EE7B47A-4634-4DBD-A6A2-EFB2A4CC7927}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\manager.exe
FirewallRules: [{446D9811-BC48-440B-9DCF-6D97C036CB82}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\server.exe
FirewallRules: [{8800B457-81D8-4987-A927-D1BBF5CA7EC9}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\server.exe
FirewallRules: [{BE295746-A211-4C57-97F7-BB7C291C0002}] => (Allow) LPort=11100
FirewallRules: [{258A1224-753C-4AE4-A049-D265F76AF1ED}] => (Allow) D:\My Games\Risk of Rain\Risk of Rain.exe
FirewallRules: [{3B848BF1-A2CB-49D8-BEDD-6E15C4BDB929}] => (Allow) D:\Installed Programs\Circuits\Shared\NI WebServer\ApplicationWebServer.exe
FirewallRules: [{22EC3136-CADE-4416-9D77-F40268D55AD2}] => (Allow) D:\Installed Programs\Circuits\Shared\NI WebServer\ApplicationWebServer.exe
FirewallRules: [{C229CA86-D1D2-4089-A45B-2E31E803BAF1}] => (Allow) C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
FirewallRules: [{4F08CF52-B016-4A68-944C-1304C9C0BE35}] => (Allow) C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
FirewallRules: [{CD4A55A3-AC69-4910-B11D-11764353D2A1}] => (Allow) D:\Installed Programs\Circuits\Shared\NI WebServer\SystemWebServer.exe
FirewallRules: [{E9F3CA92-CAD3-46F6-BDA4-C9D733553497}] => (Allow) D:\Installed Programs\Circuits\Shared\NI WebServer\SystemWebServer.exe
FirewallRules: [{6EB7A4B9-247D-44ED-883F-00BF178DFA6B}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Aura Kingdom\Launcher.exe
FirewallRules: [{803F55CC-3F2E-477E-94A5-8C6259EED9D5}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Aura Kingdom\Launcher.exe
FirewallRules: [{D426BE30-67A4-42A7-A832-5C65D671D10C}] => (Allow) D:\Installed Programs\VRMYPC\VRDServer.exe
FirewallRules: [{E37FC780-FD51-4F42-BCE2-C9B5A4A2588C}] => (Allow) D:\Installed Programs\VRMYPC\VRDServer.exe
FirewallRules: [{7104BAEE-5A3D-4E92-BAD2-61C8100F8EE6}] => (Allow) D:\Games\SteamLibrary\steamapps\common\MultiVR.se\main\main\MultiVR.se.exe
FirewallRules: [{65DFDAB5-EFA1-4811-8CAF-36953C5E8AF0}] => (Allow) D:\Games\SteamLibrary\steamapps\common\MultiVR.se\main\main\MultiVR.se.exe
FirewallRules: [TCP Query User{58A9595B-9A0C-4A3A-980A-2EFA37F7BEFA}D:\my games\worms 2\frontend.exe] => (Allow) D:\my games\worms 2\frontend.exe
FirewallRules: [UDP Query User{029BD612-802D-4AD6-9E53-43E2E00A5B9B}D:\my games\worms 2\frontend.exe] => (Allow) D:\my games\worms 2\frontend.exe
FirewallRules: [TCP Query User{916A8418-CC9A-4B83-B965-77575B11381B}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{65CDCFBB-9F16-4C25-BC7C-B652C0433C12}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [{518AAFAE-7620-45E1-9231-7F0BEE5F03B2}] => (Allow) D:\Installed Programs\Winamp\winamp.exe
FirewallRules: [{6D3E24FA-BD74-4F52-B26D-50F1B5C48C5C}] => (Allow) D:\Installed Programs\Winamp\winamp.exe
FirewallRules: [{B19DDAD2-80DD-452C-8BA5-62253AD384CF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{6DCDC6CA-22B7-4D73-842D-68CFC5D5B82D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{FFDD76AF-AEE1-4B0A-8FE6-ABB904EF78BF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{5B1DBD1E-2E42-4A64-B999-A1E480EEFFBB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{5F02BD76-AEEF-4A58-A7B9-63249325BF58}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{1025951D-21DC-48CE-940F-FCDE403F3E92}] => (Block) d:\Installed Programs\CorelDRAW Graphics Suite X7\Programs64\CorelDrw.exe
FirewallRules: [TCP Query User{40811539-B657-4696-826B-320114346367}D:\installed programs\brackets\node.exe] => (Allow) D:\installed programs\brackets\node.exe
FirewallRules: [UDP Query User{5C6CA822-EF67-4BB4-9BF5-37D3EA50EF28}D:\installed programs\brackets\node.exe] => (Allow) D:\installed programs\brackets\node.exe
FirewallRules: [TCP Query User{8331AE54-EFBE-42F2-8AAB-4AC0676ED0AA}D:\my games\portal knights\portal_knights_x64_game.exe] => (Allow) D:\my games\portal knights\portal_knights_x64_game.exe
FirewallRules: [UDP Query User{C43AE4B1-4C5E-4B40-B5F6-681B4C9455A6}D:\my games\portal knights\portal_knights_x64_game.exe] => (Allow) D:\my games\portal knights\portal_knights_x64_game.exe
FirewallRules: [TCP Query User{C8DC73AC-5094-43EC-9EDF-AEE5F5A5AB26}D:\my games\kingdoms of amalur reckoning\reckoning.exe] => (Block) D:\my games\kingdoms of amalur reckoning\reckoning.exe
FirewallRules: [UDP Query User{02E5CC03-A16F-4C04-BAE3-A34BB3E96D11}D:\my games\kingdoms of amalur reckoning\reckoning.exe] => (Block) D:\my games\kingdoms of amalur reckoning\reckoning.exe
FirewallRules: [{869E88E1-D4E8-45FC-85DC-B0F04D6A4CA1}] => (Allow) D:\My Games\Sacred 2\system\s2gs.exe
FirewallRules: [{38A16C76-0602-47A1-960F-8819ED57FAD8}] => (Allow) D:\My Games\Sacred 2\system\s2gs.exe
FirewallRules: [{2917387B-5ADB-41AF-8EBA-0AE90C2C91DE}] => (Allow) D:\My Games\Sacred 2\system\sacred2.exe
FirewallRules: [{B2A01F07-587F-4580-8C61-1070D14ACFC0}] => (Allow) D:\My Games\Sacred 2\system\sacred2.exe
FirewallRules: [TCP Query User{1547FFD0-2B00-42AC-B8D8-98860722B392}D:\my games\age of empires\age of empires ii\age2_x1\age2_x1.exe] => (Allow) D:\my games\age of empires\age of empires ii\age2_x1\age2_x1.exe
FirewallRules: [UDP Query User{80E052B0-AE02-4B2C-9305-3473C274691F}D:\my games\age of empires\age of empires ii\age2_x1\age2_x1.exe] => (Allow) D:\my games\age of empires\age of empires ii\age2_x1\age2_x1.exe
FirewallRules: [{E797ACB6-C382-46BC-B051-3D29B6CC5200}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{B6988469-619F-4656-ABCB-5BC3F82BFE59}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/21/2017 04:49:10 PM) (Source: Software Protection Platform Service) (EventID: 8228) (User: )
Description: The rules engine failed to evaluate the rules.
Reason:0x80070057
Stage:BUILD_FULL_MACHINE_STATE
Additional Data:
<none>

Error: (11/21/2017 04:49:09 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F014
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=TimerEvent

Error: (11/21/2017 04:18:07 PM) (Source: Software Protection Platform Service) (EventID: 8228) (User: )
Description: The rules engine failed to evaluate the rules.
Reason:0x80070057
Stage:BUILD_FULL_MACHINE_STATE
Additional Data:
<none>

Error: (11/21/2017 04:18:06 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F014
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=TimerEvent

Error: (11/21/2017 03:55:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program CCleaner64.exe version 5.37.92.6309 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2808

Start Time: 01d362ce1f33223d

Termination Time: 4294967295

Application Path: C:\Program Files\CCleaner\CCleaner64.exe

Report Id: a6b3addb-cec3-11e7-9d49-94de80b00044

Faulting package full name:

Faulting package-relative application ID:

Error: (11/21/2017 03:39:20 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "d:\installed programs\autodesk 2016\revit 2016\FaroImporter.exe".
Dependent Assembly FARO.LS,processorArchitecture="x86",publicKeyToken="1d23f5635ba800ab",type="win32",version="1.1.408.2" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/21/2017 03:39:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program CCleaner64.exe version 5.37.92.6309 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 9b8

Start Time: 01d362cd76d3fb68

Termination Time: 4294967295

Application Path: C:\Program Files\CCleaner\CCleaner64.exe

Report Id: 5affbf8b-cec1-11e7-9d49-94de80b00044

Faulting package full name:

Faulting package-relative application ID:

Error: (11/21/2017 03:35:32 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "d:\installed programs\autodesk 2016\revit 2016\FaroImporter.exe".
Dependent Assembly FARO.LS,processorArchitecture="x86",publicKeyToken="1d23f5635ba800ab",type="win32",version="1.1.408.2" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/21/2017 03:03:41 PM) (Source: Software Protection Platform Service) (EventID: 8228) (User: )
Description: The rules engine failed to evaluate the rules.
Reason:0x80070057
Stage:BUILD_FULL_MACHINE_STATE
Additional Data:
<none>

Error: (11/21/2017 03:03:40 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F014
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=TimerEvent


System errors:
=============
Error: (11/21/2017 04:53:35 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/21/2017 04:50:51 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error:
Unspecified error

Error: (11/21/2017 04:48:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NcaSvc service depends on the iphlpsvc service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (11/21/2017 04:48:08 PM) (Source: DCOM) (EventID: 10010) (User: Z-PC)
Description: The server {C3D84F57-9904-4F7D-8D79-1D72DAD51ADC} did not register with DCOM within the required timeout.

Error: (11/21/2017 04:48:08 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/21/2017 04:21:00 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/21/2017 04:19:48 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error:
Unspecified error

Error: (11/21/2017 04:17:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NcaSvc service depends on the iphlpsvc service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (11/21/2017 04:16:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/21/2017 04:16:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Autodesk Content Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.


CodeIntegrity:
===================================
  Date: 2017-10-31 09:21:03.445
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-10-16 08:59:16.478
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-10-13 10:54:15.892
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-10-12 09:20:20.748
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-10-11 13:14:15.240
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-10-10 10:58:32.187
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-10-09 13:36:12.257
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-10-06 10:59:21.861
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-10-03 08:49:11.408
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-10-02 09:26:46.644
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i5-4670 CPU @ 3.40GHz
Percentage of memory in use: 48%
Total physical RAM: 8102.99 MB
Available physical RAM: 4139.83 MB
Total Virtual: 10790.99 MB
Available Virtual: 4760 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:59.09 GB) (Free:13.78 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Storage) (Fixed) (Total:931.51 GB) (Free:131.87 GB) NTFS
Drive e: (Software) (Fixed) (Total:298.09 GB) (Free:84.66 GB) NTFS
Drive f: (S2DISC2) (CDROM) (Total:4.77 GB) (Free:0 GB) UDF
Drive m: (TOSHIBA EXT) (Fixed) (Total:465.76 GB) (Free:167.68 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 59.6 GB) (Disk ID: 959B4475)
Partition 1: (Active) - (Size=59.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 40811796)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 96AFA772)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: AB85B40B)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


Edited by XplodingZ, 21 November 2017 - 03:41 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,539 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:55 AM

Posted 21 November 2017 - 02:06 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

ATTENTION: System Restore is disabled
Turn System Restore On for Drives in Windows 10
http://www.tenforums.com/tutorials/4533-system-protection-turn-off-drives-windows-10-a.html
===


Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(Kaspersky Lab) D:\Torrents\kfa18.0.0.405aben_13362.exe
IFEO\MusNotification.exe: [Debugger] rundll32.exe
GroupPolicy: Restriction <==== ATTENTION
Toolbar: HKU\S-1-5-21-2946065609-2928214098-1305662417-1001 -> No Name - {093F479D-712E-46CD-9E06-62E734A05F68} -  No File
S3 NvStreamNetworkSvc; "C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe" [X]
S2 NvStreamSvc; "C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe" [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]

CustomCLSID: HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Z\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{2B663ECE-5770-491c-A474-F98603C40681}\InprocServer32 -> c:\program files (x86)\adobe\acrobat dc\pdfmaker\autocad\2013\64\acrobatacadic.dbx => No File
CustomCLSID: HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{2B93DB32-8D98-4438-93B5-5C2CC3441999}\InprocServer32 -> c:\program files (x86)\adobe\acrobat dc\pdfmaker\autocad\2013\64\acrobatacadic.dbx => No File
CustomCLSID: HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{6813A122-4BBF-4408-8C87-07176246B992}\InprocServer32 -> c:\program files (x86)\adobe\acrobat dc\pdfmaker\autocad\2013\64\acrobatacadic.dbx => No File
CustomCLSID: HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{697DE5F4-0D13-4608-9728-7539F704E51C}\InprocServer32 -> c:\program files (x86)\adobe\acrobat dc\pdfmaker\autocad\2013\64\acrobatacadic.dbx => No File
CustomCLSID: HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{70A294B3-FE6F-4af9-9395-CFC58FC07C30}\InprocServer32 -> c:\program files (x86)\adobe\acrobat dc\pdfmaker\autocad\2013\64\acrobatacadic.dbx => No File
CustomCLSID: HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{74562BED-63D6-4234-A386-937DB6FA38AE}\InprocServer32 -> c:\program files (x86)\adobe\acrobat dc\pdfmaker\autocad\2013\64\acrobatacadic.dbx => No File
CustomCLSID: HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Z\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{7C90F737-950A-49eb-B6C1-EE1744C75E97}\InprocServer32 -> c:\program files (x86)\adobe\acrobat dc\pdfmaker\autocad\2013\64\acrobatacadic.dbx => No File
CustomCLSID: HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Z\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{868D9612-74A1-405b-9758-369138103193}\InprocServer32 -> c:\program files (x86)\adobe\acrobat dc\pdfmaker\autocad\2013\64\acrobatacadic.dbx => No File
CustomCLSID: HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{BB9F1D04-94AB-40b7-ABAE-33D2637F6340}\InprocServer32 -> c:\program files (x86)\adobe\acrobat dc\pdfmaker\autocad\2013\64\acrobatacadic.dbx => No File
CustomCLSID: HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{CC3BE603-926A-40ae-9570-4258474F0364}\InprocServer32 -> c:\program files (x86)\adobe\acrobat dc\pdfmaker\autocad\2013\64\acrobatacadic.dbx => No File
CustomCLSID: HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{DD0B2199-F2FD-41eb-B744-B06B100B9A43}\InprocServer32 -> c:\program files (x86)\adobe\acrobat dc\pdfmaker\autocad\2013\64\acrobatacadic.dbx => No File
CustomCLSID: HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{DFAB83E9-EBA6-4425-928B-B15A57F39469}\InprocServer32 -> c:\program files (x86)\adobe\acrobat dc\pdfmaker\autocad\2013\64\acrobatacadic.dbx => No File
CustomCLSID: HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{E27473C6-A63D-4b85-95FC-C7DE20306C0D}\InprocServer32 -> c:\program files (x86)\adobe\acrobat dc\pdfmaker\autocad\2013\64\acrobatacadic.dbx => No File
CustomCLSID: HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{F5756047-E218-465a-AC4C-FD04238C4896}\InprocServer32 -> c:\program files (x86)\adobe\acrobat dc\pdfmaker\autocad\2013\64\acrobatacadic.dbx => No File
CustomCLSID: HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{F9748CB6-1CCB-4557-905E-8D42C83AAEB6}\InprocServer32 -> c:\program files (x86)\adobe\acrobat dc\pdfmaker\autocad\2013\64\acrobatacadic.dbx => No File
CustomCLSID: HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{FC072C1A-25CB-49e7-8F79-F2A8B8C3289D}\InprocServer32 -> c:\program files (x86)\adobe\acrobat dc\pdfmaker\autocad\2013\64\acrobatacadic.dbx => No File
ContextMenuHandlers1: [BB FlashBack 2] -> {A8065B9E-193F-4797-B62D-8F6321E7FCCB} =>  -> No File
ContextMenuHandlers1: [QuickShare] -> {A8065B9E-193F-4797-B62D-8F6321E7FCCB} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {C88CFB0D-E7E9-4ECC-94E0-C27371FFF183} - System32\Tasks\KMS8Server => C:\WINDOWS\KMS8\KMS8.exe [2015-10-02] ()
AlternateDataStreams: C:\ProgramData\TEMP:A1EDB939 [138]
C:\Windows\System32\Tasks\KMS8Server
C:\WINDOWS\KMS8

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png or the 3 vertical dots located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
===

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======

Please post the logs and let me know what problem persists.

#3 XplodingZ

XplodingZ
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:55 PM

Posted 21 November 2017 - 03:22 PM

Switched on  System Restore

Ran Fix of fixlist.txt

 

Reboot -

 

Chrome is reset.

Installed RogueKiller and followed instructions.

 

Google Chrome still does not work.

Kaspersky Install cannot connect.

 

I have not released the block on the IP address to see if my svchost or chrome tries to connect to it.

 

Logs:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 19-11-2017
Ran by Z (21-11-2017 21:44:03) Run:1
Running from C:\Users\Z\Downloads
Loaded Profiles: Z (Available Profiles: Z & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(Kaspersky Lab) D:\Torrents\kfa18.0.0.405aben_13362.exe
IFEO\MusNotification.exe: [Debugger] rundll32.exe
GroupPolicy: Restriction <==== ATTENTION
Toolbar: HKU\S-1-5-21-2946065609-2928214098-1305662417-1001 -> No Name - {093F479D-712E-46CD-9E06-62E734A05F68} -  No File
S3 NvStreamNetworkSvc; "C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe" [X]
S2 NvStreamSvc; "C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe" [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]

CustomCLSID: HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Z\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{2B663ECE-5770-491c-A474-F98603C40681}\InprocServer32 -> c:\program files (x86)\adobe\acrobat dc\pdfmaker\autocad\2013\64\acrobatacadic.dbx => No File
CustomCLSID: HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{2B93DB32-8D98-4438-93B5-5C2CC3441999}\InprocServer32 -> c:\program files (x86)\adobe\acrobat dc\pdfmaker\autocad\2013\64\acrobatacadic.dbx => No File
CustomCLSID: HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{6813A122-4BBF-4408-8C87-07176246B992}\InprocServer32 -> c:\program files (x86)\adobe\acrobat dc\pdfmaker\autocad\2013\64\acrobatacadic.dbx => No File
CustomCLSID: HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{697DE5F4-0D13-4608-9728-7539F704E51C}\InprocServer32 -> c:\program files (x86)\adobe\acrobat dc\pdfmaker\autocad\2013\64\acrobatacadic.dbx => No File
CustomCLSID: HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{70A294B3-FE6F-4af9-9395-CFC58FC07C30}\InprocServer32 -> c:\program files (x86)\adobe\acrobat dc\pdfmaker\autocad\2013\64\acrobatacadic.dbx => No File
CustomCLSID: HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{74562BED-63D6-4234-A386-937DB6FA38AE}\InprocServer32 -> c:\program files (x86)\adobe\acrobat dc\pdfmaker\autocad\2013\64\acrobatacadic.dbx => No File
CustomCLSID: HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Z\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{7C90F737-950A-49eb-B6C1-EE1744C75E97}\InprocServer32 -> c:\program files (x86)\adobe\acrobat dc\pdfmaker\autocad\2013\64\acrobatacadic.dbx => No File
CustomCLSID: HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Z\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{868D9612-74A1-405b-9758-369138103193}\InprocServer32 -> c:\program files (x86)\adobe\acrobat dc\pdfmaker\autocad\2013\64\acrobatacadic.dbx => No File
CustomCLSID: HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{BB9F1D04-94AB-40b7-ABAE-33D2637F6340}\InprocServer32 -> c:\program files (x86)\adobe\acrobat dc\pdfmaker\autocad\2013\64\acrobatacadic.dbx => No File
CustomCLSID: HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{CC3BE603-926A-40ae-9570-4258474F0364}\InprocServer32 -> c:\program files (x86)\adobe\acrobat dc\pdfmaker\autocad\2013\64\acrobatacadic.dbx => No File
CustomCLSID: HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{DD0B2199-F2FD-41eb-B744-B06B100B9A43}\InprocServer32 -> c:\program files (x86)\adobe\acrobat dc\pdfmaker\autocad\2013\64\acrobatacadic.dbx => No File
CustomCLSID: HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{DFAB83E9-EBA6-4425-928B-B15A57F39469}\InprocServer32 -> c:\program files (x86)\adobe\acrobat dc\pdfmaker\autocad\2013\64\acrobatacadic.dbx => No File
CustomCLSID: HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{E27473C6-A63D-4b85-95FC-C7DE20306C0D}\InprocServer32 -> c:\program files (x86)\adobe\acrobat dc\pdfmaker\autocad\2013\64\acrobatacadic.dbx => No File
CustomCLSID: HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{F5756047-E218-465a-AC4C-FD04238C4896}\InprocServer32 -> c:\program files (x86)\adobe\acrobat dc\pdfmaker\autocad\2013\64\acrobatacadic.dbx => No File
CustomCLSID: HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{F9748CB6-1CCB-4557-905E-8D42C83AAEB6}\InprocServer32 -> c:\program files (x86)\adobe\acrobat dc\pdfmaker\autocad\2013\64\acrobatacadic.dbx => No File
CustomCLSID: HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{FC072C1A-25CB-49e7-8F79-F2A8B8C3289D}\InprocServer32 -> c:\program files (x86)\adobe\acrobat dc\pdfmaker\autocad\2013\64\acrobatacadic.dbx => No File
ContextMenuHandlers1: [BB FlashBack 2] -> {A8065B9E-193F-4797-B62D-8F6321E7FCCB} =>  -> No File
ContextMenuHandlers1: [QuickShare] -> {A8065B9E-193F-4797-B62D-8F6321E7FCCB} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {C88CFB0D-E7E9-4ECC-94E0-C27371FFF183} - System32\Tasks\KMS8Server => C:\WINDOWS\KMS8\KMS8.exe [2015-10-02] ()
AlternateDataStreams: C:\ProgramData\TEMP:A1EDB939 [138]
C:\Windows\System32\Tasks\KMS8Server
C:\WINDOWS\KMS8

End
*****************

Restore point was successfully created.
Processes closed successfully.
D:\Torrents\kfa18.0.0.405aben_13362.exe => No running process found
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MusNotification.exe => key removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
HKU\S-1-5-21-2946065609-2928214098-1305662417-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{093F479D-712E-46CD-9E06-62E734A05F68} => value removed successfully
HKLM\Software\Classes\CLSID\{093F479D-712E-46CD-9E06-62E734A05F68} => key not found.
HKLM\System\CurrentControlSet\Services\NvStreamNetworkSvc => key removed successfully
NvStreamNetworkSvc => service removed successfully
HKLM\System\CurrentControlSet\Services\NvStreamSvc => key removed successfully
NvStreamSvc => service removed successfully
HKLM\System\CurrentControlSet\Services\dbx => key removed successfully
dbx => service removed successfully
HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => key removed successfully
HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{2B663ECE-5770-491c-A474-F98603C40681} => key removed successfully
HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{2B93DB32-8D98-4438-93B5-5C2CC3441999} => key removed successfully
HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{6813A122-4BBF-4408-8C87-07176246B992} => key removed successfully
HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{697DE5F4-0D13-4608-9728-7539F704E51C} => key removed successfully
HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{70A294B3-FE6F-4af9-9395-CFC58FC07C30} => key removed successfully
HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{74562BED-63D6-4234-A386-937DB6FA38AE} => key removed successfully
HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => key removed successfully
HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{7C90F737-950A-49eb-B6C1-EE1744C75E97} => key removed successfully
HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => key removed successfully
HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{868D9612-74A1-405b-9758-369138103193} => key removed successfully
HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{BB9F1D04-94AB-40b7-ABAE-33D2637F6340} => key removed successfully
HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{CC3BE603-926A-40ae-9570-4258474F0364} => key removed successfully
HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{DD0B2199-F2FD-41eb-B744-B06B100B9A43} => key removed successfully
HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{DFAB83E9-EBA6-4425-928B-B15A57F39469} => key removed successfully
HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{E27473C6-A63D-4b85-95FC-C7DE20306C0D} => key removed successfully
HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{F5756047-E218-465a-AC4C-FD04238C4896} => key removed successfully
HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{F9748CB6-1CCB-4557-905E-8D42C83AAEB6} => key removed successfully
HKU\S-1-5-21-2946065609-2928214098-1305662417-1001_Classes\CLSID\{FC072C1A-25CB-49e7-8F79-F2A8B8C3289D} => key removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BB FlashBack 2 => key removed successfully
HKLM\Software\Classes\CLSID\{A8065B9E-193F-4797-B62D-8F6321E7FCCB} => key not found.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\QuickShare => key removed successfully
HKLM\Software\Classes\CLSID\{A8065B9E-193F-4797-B62D-8F6321E7FCCB} => key not found.
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => key removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C88CFB0D-E7E9-4ECC-94E0-C27371FFF183} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C88CFB0D-E7E9-4ECC-94E0-C27371FFF183} => key removed successfully
C:\WINDOWS\System32\Tasks\KMS8Server => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\KMS8Server => key removed successfully
C:\ProgramData\TEMP => ":A1EDB939" ADS removed successfully.
"C:\Windows\System32\Tasks\KMS8Server" => not found.
C:\WINDOWS\KMS8 => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 192622932 B
Java, Flash, Steam htmlcache => 271122448 B
Windows/system/drivers => 11334031 B
Edge => 532918 B
Chrome => 36965930 B
Firefox => 366516485 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 110 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 328360 B
NetworkService => 889792 B
Z => 610163234 B
Administrator => 18381 B

RecycleBin => 2547717 B
EmptyTemp: => 1.4 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 21:46:21 ====

 

 

__________________________________________________________________________________________

 

 

RogueKiller V12.11.25.0 (x64) [Nov 20 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : Z [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 11/21/2017 21:51:08 (Duration : 00:22:07)
Switches : -refid

¤¤¤ Processes : 1 ¤¤¤
[PUP.HackTool|VT.Detected] AutoKMS.exe(1736) -- C:\Windows\AutoKMS\AutoKMS.exe[-] -> Found

¤¤¤ Registry : 2 ¤¤¤
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found

¤¤¤ Tasks : 1 ¤¤¤
[PUP.HackTool|VT.Detected] \AutoKMS -- C:\Windows\AutoKMS\AutoKMS.exe -> Found

¤¤¤ Files : 3 ¤¤¤
[PUP.HackTool][Folder] C:\Windows\AutoKMS -> Found
[PShell.Gen][File] C:\Users\Z\AppData\Roaming\Brackets\live-dev-profile\SwReporter\20.115.3\software_reporter_tool.exe -> Found
[PShell.Gen][File] C:\Users\Z\AppData\Roaming\Brackets\live-dev-profile\SwReporter\20.117.1\software_reporter_tool.exe -> Found

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][Firefox:Config] flwpvo47.default-1453809657307 : user_pref("browser.startup.homepage", "https://www.fnb.co.za/"); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: OCZ-VERTEX4 +++++
--- User ---
[MBR] 7695f3cf48d75c74f1c4d5da180b5e91
[BSP] 8e6fe1f4e6940de8ae69e50e612ecc91 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 60505 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 124121088 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: ST1000DM003-9YN162 +++++
--- User ---
[MBR] 45a02a532aa175b728949aa8dde166e1
[BSP] 50006dfea32be21f401d69d9b28ec5ab : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: ST3320418AS +++++
--- User ---
[MBR] d4e7e68a7c22e2da1662abe08dbacd66
[BSP] 91d371bb76421a2daa248178455923ce : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 305243 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive4: FCR-HS3       -0 USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive5: FCR-HS3       -1 USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive6: FCR-HS3       -2 USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive7: FCR-HS3       -3 USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

 


Edited by XplodingZ, 21 November 2017 - 03:23 PM.


#4 XplodingZ

XplodingZ
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:55 PM

Posted 21 November 2017 - 06:36 PM

Hi,

 

I fixed the issue.

 

After 8 hours of intensive googling, I ended up downloading Junkware removal tool and it found a file called "wininit.ini" in my windows dir. After its deletion and a reboot, everything returned to normal.

 

I will be testing this on the other PC on the network which also has the same problem and I will post if it worked.

 

Thanks!



#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,539 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:55 AM

Posted 22 November 2017 - 07:57 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users