Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TR/BitCoinMilner.grbmu virus in msiexec64.


  • This topic is locked This topic is locked
2 replies to this topic

#1 Felix_I.

Felix_I.

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Toronto
  • Local time:03:51 PM

Posted 14 June 2018 - 08:00 PM

I get this pop up from Avira finding this virus, it deletes it but still coming back. See screenshots attached.

This are the logs:

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.06.2018 01
Ran by Felix (administrator) on OWNER (14-06-2018 20:42:52)
Running from C:\Users\Felix\Downloads
Loaded Profiles: Felix (Available Profiles: Felix)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [316392 2018-05-11] (Adobe Systems, Incorporated)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [98024 2018-03-28] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3643712 2018-06-04] (Dropbox, Inc.)
HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [64096 2018-06-05] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1497577798-250006343-43434190-1008\...\Run: [GoogleChromeAutoLaunch_9E0E8FB6AB9E32E413BF1FD50A17F104] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1589592 2018-03-20] (Google Inc.)
HKU\S-1-5-21-1497577798-250006343-43434190-1008\...\Policies\Explorer: []
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [2007576 2017-02-03] (Autodesk, Inc.)
Startup: C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2018-04-24]
ShortcutTarget: MEGAsync.lnk -> C:\ProgramData\MEGAsync\MEGAsync.exe (Mega Limited)
Startup: C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2018-04-24]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.0 keystone.mwbsys.com
Tcpip\Parameters: [DhcpNameServer] 74.116.184.28 96.127.255.28 192.168.1.1
Tcpip\..\Interfaces\{53408D0E-1B6B-45BA-BA97-86BD5D72FA8B}: [DhcpNameServer] 74.116.184.28 96.127.255.28 192.168.1.1
Tcpip\..\Interfaces\{DD4006A9-257C-4D9C-A61F-9189A11AC269}: [DhcpNameServer] 74.116.184.28 96.127.255.28 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.com/#/?show_is=1&source=art
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.com/#/?show_is=1&source=art
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.com/#/?show_is=1&source=art
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.com/#/?show_is=1&source=art
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.com/#/?show_is=1&source=art
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.com/#/?show_is=1&source=art
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.com/#/?show_is=1&source=art
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.com/#/?show_is=1&source=art
HKU\S-1-5-21-1497577798-250006343-43434190-1008\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.com/#/?show_is=1&source=art
HKU\S-1-5-21-1497577798-250006343-43434190-1008\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.com/#/?show_is=1&source=art
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-04-28] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2017-09-26] (Google Inc.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-11-01] (Adobe Systems Incorporated)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2017-08-13] (IvoSoft)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-11-01] (Adobe Systems Incorporated)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-13] (IvoSoft)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2017-09-26] (Google Inc.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-11-01] (Adobe Systems Incorporated)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2017-08-13] (IvoSoft)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-11-01] (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2017-09-26] (Google Inc.)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-11-01] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2017-09-26] (Google Inc.)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-13] (IvoSoft)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-11-01] (Adobe Systems Incorporated)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-28] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF DefaultProfile: 6w63u4d8.default
FF ProfilePath: C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\6w63u4d8.default [2018-06-14]
FF user.js: detected! => C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\6w63u4d8.default\user.js [2017-06-30]
FF Extension: (uBlock Origin) - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\6w63u4d8.default\Extensions\uBlock0@raymondhill.net.xpi [2018-06-13]
FF Extension: (TLS 1.3 gradual roll-out fallback-limit) - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\6w63u4d8.default\features\{440e7825-2628-40ce-8755-9cc0644b8811}\tls13-version-fallback-rollout-bug1462099@mozilla.org.xpi [2018-06-09] [Legacy]
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2017-11-01]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-02] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2017-11-01] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-10] (Adobe Systems Inc.)
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR res: Infected resources.pak (Adware script). Reinstall Chrome. <==== ATTENTION
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR NewTab: Default ->  Not-active:"chrome-extension://pbdpajcdgknpendpmecafmopknefafha/index.html"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default [2018-06-14]
CHR Extension: (Slides) - C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-31]
CHR Extension: (Docs) - C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-31]
CHR Extension: (Google Drive) - C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-10-31]
CHR Extension: (YouTube) - C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-31]
CHR Extension: (uBlock Origin) - C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-06-08]
CHR Extension: (Dropbox for Gmail) - C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2018-04-25]
CHR Extension: (Adobe Acrobat) - C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-10-31]
CHR Extension: (Sheets) - C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-31]
CHR Extension: (Google Docs Offline) - C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-11-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-10]
CHR Extension: (Quick Searcher) - C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha [2018-04-23]
CHR Extension: (Gmail) - C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-10-31]
CHR Extension: (Chrome Media Router) - C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-29]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2017-11-01]
StartMenuInternet: Google Chrome - Chrome.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1374072 2018-03-10] (Autodesk Inc.)
S2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2321384 2018-05-11] (Adobe Systems, Incorporated)
S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2128872 2018-05-11] (Adobe Systems, Incorporated)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [879128 2018-06-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [224472 2018-06-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [224472 2018-06-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1165320 2018-06-05] (Avira Operations GmbH & Co. KG)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-03-29] (Apple Inc.)
S4 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2017-09-26] ()
S4 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [31160 2015-02-05] (Autodesk, Inc.)
S2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [449240 2018-03-28] (Avira Operations GmbH & Co. KG)
S2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [2980336 2018-05-04] (Avira Operations GmbH & Co. KG)
S2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [0 2018-05-17] () <==== ATTENTION (zero byte File/Folder)
S2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [103328 2018-06-07] (Avira Operations GmbH & Co. KG)
S4 AvrcpService; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [35328 2013-05-07] (Realtek Semiconductor Corporation) [File not signed]
S4 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
S4 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [59392 2013-09-26] () [File not signed]
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [0 2018-05-24] () <==== ATTENTION (zero byte File/Folder)
S2 CrypKey License; C:\Windows\system32\crypserv.exe [126976 2013-04-11] (CrypKey (Canada) Ltd.) [File not signed]
S4 D-Link DWA-192_PBC_WPS; C:\Program Files (x86)\D-Link\DWA-192\ALPBCSVC.exe [65536 2013-01-15] () [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-10-01] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-10-01] (Dropbox, Inc.)
S2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51024 2018-06-04] (Dropbox, Inc.)
S2 DSAService; C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [22816 2017-09-18] (Intel)
S2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1194512 2018-06-06] (Garmin Ltd. or its subsidiaries)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6440736 2018-03-03] (Malwarebytes)
S4 RunSwUSB; C:\Windows\runSW.exe [44760 2014-12-12] ()
S2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver and Support Assistant\SUR\SurSvc.exe [157456 2017-03-07] ()
S2 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 anodlwf; C:\Windows\system32\DRIVERS\anodlwfx.sys [15872 2017-09-26] ()
S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2017-09-26] ()
S1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [60920 2017-10-07] (Avira Operations GmbH & Co. KG)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [179376 2018-05-08] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [169864 2018-05-08] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [44488 2017-02-15] (Avira Operations GmbH & Co. KG)
S2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [88488 2017-02-15] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [38048 2018-04-24] (Avira Operations GmbH & Co. KG)
R1 butldsk; C:\Windows\System32\drivers\butldsk.sys [192408 2018-04-18] ()
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 D_RtlWlanu; C:\Windows\system32\DRIVERS\D_rtwlanu.sys [5632520 2016-12-12] (Realtek Semiconductor Corporation )
S1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [76200 2018-01-18] ()
S2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193248 2018-04-24] (Malwarebytes)
S3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [109800 2018-04-24] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-06-14] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [101600 2018-04-24] (Malwarebytes)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
S1 NetworkX; C:\Windows\System32\ckldrv.sys [31416 2013-04-11] ()
S3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [54896 2017-11-09] (NVIDIA Corporation)
S3 phantomtap; C:\Windows\system32\DRIVERS\phantomtap.sys [35664 2017-10-25] (The OpenVPN Project)
S3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [548056 2017-09-26] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3759320 2014-12-01] (Realtek Semiconductor Corporation )
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S3 MBAMProtection; \SystemRoot\system32\DRIVERS\mbam.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-14 20:42 - 2018-06-14 20:43 - 000021897 _____ C:\Users\Felix\Downloads\FRST.txt
2018-06-14 20:42 - 2018-06-14 20:42 - 002413056 _____ (Farbar) C:\Users\Felix\Downloads\FRST64.exe
2018-06-14 20:42 - 2018-06-14 20:42 - 000000000 ____D C:\FRST
2018-06-14 20:19 - 2018-06-14 20:19 - 000002426 _____ C:\Windows\system32\default_error_stack-000000-000000.txt
2018-06-14 20:18 - 2018-06-14 20:19 - 000412648 _____ C:\Windows\Minidump\061418-80234-01.dmp
2018-06-14 20:17 - 2018-06-14 20:17 - 000003600 ____N C:\bootsqm.dat
2018-06-14 20:17 - 2018-06-14 20:17 - 000000000 __SHD C:\found.002
2018-06-14 19:59 - 2018-06-14 19:59 - 000000000 _____ C:\Users\Felix\Desktop\tool.txt
2018-06-13 18:52 - 2018-06-14 20:21 - 000328192 _____ C:\Windows\SysWOW64\SelfFolder.idc
2018-06-13 18:18 - 2018-06-13 18:18 - 000001906 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2018-06-13 18:18 - 2018-06-13 18:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2018-06-12 21:53 - 2018-06-12 21:53 - 000412504 _____ C:\Windows\Minidump\061218-26031-01.dmp
2018-06-11 19:12 - 2018-06-14 20:23 - 000000000 ___HD C:\Users\Felix\AppData\Local\Microsoft Websites
2018-06-10 15:11 - 2018-06-10 15:11 - 000029091 _____ C:\Users\Felix\Desktop\PLANNER 2 - May 6.xlsx
2018-06-10 09:14 - 2018-06-10 09:14 - 000001045 _____ C:\Users\Public\Desktop\EaseUS Data Recovery Wizard.lnk
2018-06-10 09:14 - 2018-06-10 09:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Data Recovery Wizard
2018-06-10 09:14 - 2018-06-10 09:14 - 000000000 ____D C:\Program Files\EaseUS
2018-06-09 09:03 - 2018-06-14 19:54 - 000000000 ____D C:\Users\Felix\Desktop\errors
2018-06-08 19:12 - 2018-06-10 23:02 - 000000000 ___HD C:\Users\Felix\AppData\Local\DiskManagement
2018-06-08 19:08 - 2018-06-08 19:08 - 000412560 _____ C:\Windows\Minidump\060818-28406-01.dmp
2018-06-07 17:02 - 2018-06-11 21:16 - 000000000 ____D C:\Users\Felix\Desktop\ROM + GREECE
2018-06-06 20:45 - 2018-06-13 22:49 - 001755987 _____ C:\Users\Felix\Desktop\Nexus Application.pdf
2018-06-06 20:06 - 2018-06-06 20:06 - 000001898 _____ C:\Users\Felix\Desktop\IrfanView Thumbnails.lnk
2018-06-06 20:06 - 2018-06-06 20:06 - 000001006 _____ C:\Users\Felix\Desktop\IrfanView.lnk
2018-06-06 20:06 - 2018-06-06 20:06 - 000000000 ____D C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2018-06-06 20:05 - 2018-06-06 20:06 - 000000000 ____D C:\Users\Felix\AppData\Roaming\IrfanView
2018-06-06 20:05 - 2018-06-06 20:05 - 000000000 ____D C:\Program Files (x86)\IrfanView
2018-06-06 16:10 - 2018-06-06 16:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-06-05 17:24 - 2018-06-05 17:24 - 003531400 _____ (Irfan Skiljan) C:\Users\Felix\Downloads\iview451_x64_setup (2).exe
2018-06-05 17:24 - 2018-06-05 17:24 - 002466952 _____ (Irfan Skiljan) C:\Users\Felix\Downloads\iview451_setup.exe
2018-06-05 17:23 - 2018-06-05 17:23 - 003531400 _____ (Irfan Skiljan) C:\Users\Felix\Downloads\iview451_x64_setup (1).exe
2018-06-05 17:22 - 2018-06-05 17:22 - 003531400 _____ (Irfan Skiljan) C:\Users\Felix\Downloads\iview451_x64_setup.exe
2018-06-05 15:20 - 2018-06-14 20:21 - 000000000 ____D C:\Users\Public\Speedup Sessions
2018-06-05 15:15 - 2018-06-05 15:15 - 000412584 _____ C:\Windows\Minidump\060518-18062-01.dmp
2018-06-04 06:18 - 2018-06-04 06:18 - 000051024 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2018-06-04 06:18 - 2018-06-04 06:18 - 000050232 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2018-06-04 06:18 - 2018-06-04 06:18 - 000045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2018-06-04 06:18 - 2018-06-04 06:18 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2018-05-17 03:41 - 2018-05-17 03:43 - 000000000 ____D C:\Windows\system32\config\Backup
2018-05-17 00:37 - 2018-05-17 01:22 - 025559040 _____ C:\Users\Felix\Desktop\Win8.1_English_x64.iso
2018-05-16 23:47 - 2018-05-16 23:47 - 000317832 _____ C:\Windows\Minidump\051618-73281-01.dmp
2018-05-16 22:46 - 2018-06-14 20:29 - 000688450 _____ C:\Windows\ntbtlog.txt
2018-05-16 19:02 - 2018-05-16 19:02 - 000000000 __SHD C:\found.001

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-14 20:37 - 2017-09-27 02:37 - 000000000 ____D C:\Users\Felix\AppData\LocalLow\Mozilla
2018-06-14 20:33 - 2014-09-24 03:15 - 000872716 _____ C:\Windows\system32\PerfStringBackup.INI
2018-06-14 20:33 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\Inf
2018-06-14 20:29 - 2018-04-24 19:16 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-06-14 20:28 - 2013-08-22 10:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-06-14 20:27 - 2013-08-22 11:20 - 000000000 ____D C:\Windows\CbsTemp
2018-06-14 20:23 - 2017-10-01 15:28 - 000000918 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2018-06-14 20:22 - 2017-09-26 23:59 - 000000000 ____D C:\Users\Felix\AppData\Local\ClassicShell
2018-06-14 20:20 - 2013-08-22 09:25 - 000020867 _____ C:\Windows\win.ini
2018-06-14 20:19 - 2017-10-01 15:28 - 000000914 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2018-06-14 20:18 - 2017-12-07 19:18 - 000000000 ____D C:\Windows\Minidump
2018-06-14 20:18 - 2017-09-26 14:43 - 000000000 ____D C:\ProgramData\NVIDIA
2018-06-14 20:17 - 2018-05-04 22:10 - 1246352180 _____ C:\Windows\MEMORY.DMP
2018-06-14 19:50 - 2017-10-01 15:31 - 000000000 ___RD C:\Users\Felix\Dropbox
2018-06-14 19:41 - 2017-09-30 04:07 - 001267712 ___SH C:\Users\Felix\Desktop\Thumbs.db
2018-06-14 19:34 - 2017-09-27 00:02 - 000003770 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{580546D7-7945-4E5C-BD1E-58B193BFBA8C}
2018-06-13 19:33 - 2017-09-27 00:03 - 000003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1497577798-250006343-43434190-1008
2018-06-13 18:19 - 2018-01-24 01:16 - 000000000 ____D C:\Program Files (x86)\Garmin
2018-06-13 18:19 - 2017-09-26 15:34 - 000000000 ____D C:\ProgramData\Package Cache
2018-06-13 18:18 - 2018-01-24 01:16 - 000003554 _____ C:\Windows\System32\Tasks\GarminUpdaterTask
2018-06-13 18:18 - 2018-01-24 01:16 - 000000000 ____D C:\ProgramData\Garmin
2018-06-12 22:16 - 2013-08-22 09:25 - 000524288 ___SH C:\Windows\system32\config\BBI
2018-06-12 21:56 - 2017-11-19 20:42 - 000000000 ____D C:\Program Files (x86)\Intel Driver and Support Assistant
2018-06-12 21:53 - 2017-09-27 02:36 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-06-11 23:14 - 2017-09-26 23:58 - 000000000 ____D C:\Users\Felix
2018-06-09 17:20 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\AppReadiness
2018-06-08 19:30 - 2017-10-06 23:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2018-06-08 19:13 - 2017-09-27 02:36 - 000000980 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-06-08 19:13 - 2017-09-27 02:36 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-06-06 16:10 - 2017-10-01 15:28 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-06-05 15:20 - 2018-04-24 20:35 - 000003664 _____ C:\Windows\System32\Tasks\AviraSystemSpeedupUpdate
2018-06-05 15:20 - 2017-09-27 03:05 - 000000000 ____D C:\Program Files (x86)\Avira
2018-06-05 15:19 - 2018-04-24 21:58 - 000000000 ____D C:\ProgramData\MEGAsync
2018-06-05 15:18 - 2017-10-01 15:28 - 000003890 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2018-06-05 15:18 - 2017-10-01 15:28 - 000003654 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2018-06-05 15:15 - 2017-09-27 02:00 - 000000000 ____D C:\Windows\System32\Tasks\NCH Software
2018-05-16 23:57 - 2017-09-27 01:48 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-05-16 23:57 - 2017-09-26 16:18 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-05-16 23:56 - 2017-09-26 16:18 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-05-16 18:37 - 2017-09-27 02:02 - 000207779 ____H C:\Users\Felix\AppData\Local\IconCache.db.backup

==================== Files in the root of some directories =======

1601-01-03 21:33 - 1601-01-03 21:33 - 000059904 ____N (Microsoft Corporation) C:\Program Files (x86)\YdRUEUXIq.exe
1601-01-03 21:33 - 1601-01-03 21:33 - 000059904 ____N (Microsoft Corporation) C:\Program Files (x86)\Common Files\xFnUUPuYWbiq.exe
2017-12-04 21:47 - 2018-03-15 20:15 - 000000034 _____ () C:\Users\Felix\AppData\Roaming\AdobeWLCMCache.dat
2017-10-17 20:20 - 2017-10-18 23:45 - 000037877 _____ () C:\Users\Felix\AppData\Roaming\Comma Separated Values.ADR
2017-09-27 02:00 - 2018-03-28 21:02 - 000001167 _____ () C:\Users\Felix\AppData\Roaming\trace_FilterInstaller.1.txt
2017-09-27 02:00 - 2017-09-28 03:16 - 000000905 _____ () C:\Users\Felix\AppData\Roaming\trace_FilterInstaller.2.txt
2017-09-27 02:00 - 2017-09-27 02:00 - 000001167 _____ () C:\Users\Felix\AppData\Roaming\trace_FilterInstaller.3.txt
2017-09-27 02:00 - 2018-04-13 20:23 - 000000905 _____ () C:\Users\Felix\AppData\Roaming\trace_FilterInstaller.txt
2017-09-27 02:00 - 2018-04-13 20:23 - 000000000 _____ () C:\Users\Felix\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2017-09-26 23:58 - 2018-04-24 00:01 - 000265685 _____ () C:\Users\Felix\AppData\Local\BTServer.log
2018-04-23 23:43 - 2018-04-23 23:43 - 000140800 _____ () C:\Users\Felix\AppData\Local\installer.dat
2018-04-23 23:43 - 2018-04-24 00:14 - 000929792 _____ () C:\Users\Felix\AppData\Local\sham.db
2018-04-23 23:42 - 2018-04-23 23:42 - 000000003 _____ () C:\Users\Felix\AppData\Local\wbem.ini

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-12 04:49

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01
Ran by Felix (14-06-2018 20:43:41)
Running from C:\Users\Felix\Downloads
Windows 8.1 (Update) (X64) (2017-09-26 18:36:49)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1497577798-250006343-43434190-500 - Administrator - Disabled)
Felix (S-1-5-21-1497577798-250006343-43434190-1008 - Administrator - Enabled) => C:\Users\Felix
Guest (S-1-5-21-1497577798-250006343-43434190-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . (HKLM\...\{8FD6FE5A-E1E1-47F3-BBE6-FE2B1364DCB8}) (Version: 7.1 - Intel) Hidden
. . . (HKLM-x32\...\{2394186A-5445-4293-B739-352009350342}) (Version: 3.0.0.9 - Intel) Hidden
µTorrent (HKU\S-1-5-21-1497577798-250006343-43434190-1008\...\uTorrent) (Version: 3.5.0.44090 - BitTorrent Inc.)
A360 Desktop (HKLM\...\{B65CD59E-A771-4354-AA4B-C3E01B496BCD}) (Version: 8.2.3.1800 - Autodesk)
ACA & MEP 2017 Object Enabler (HKLM\...\{28B89EEF-0004-0000-5102-CF3F3A09B77D}) (Version: 7.9.48.0 - Autodesk) Hidden
ACA & MEP 2018 Object Enabler (HKLM\...\{28B89EEF-1004-0000-5102-CF3F3A09B77D}) (Version: 8.0.40.0 - Autodesk) Hidden
ACAD Private (HKLM\...\{28B89EEF-1001-0000-3102-CF3F3A09B77D}) (Version: 22.0.49.0 - Autodesk) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.23 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Illustrator CC 2015 (HKLM-x32\...\{5680D629-B263-49CC-821E-3CEBD4507B51}) (Version: 19.0 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Advanced Renamer (HKLM-x32\...\Advanced Renamer_is1) (Version: 3.73 - Hulubulu Software)
ANT Drivers Installer x64 (HKLM\...\{20AB389B-8602-403C-B19B-F0A1D6C510A5}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Any PDF to DWG Converter 2017 (HKLM-x32\...\Any PDF to DWG Converter_is1) (Version:  - AnyDWG Software, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{543F829B-4591-4B2F-AF63-6E6E6AE59EB2}) (Version: 6.4 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0ECA3BB5-4410-414B-B226-241FF1C12CD0}) (Version: 6.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{9E005AAA-81A3-478E-8944-532D350952EE}) (Version: 11.3.1.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
ASUS Command - Update (HKLM-x32\...\{675BBE8A-0ED3-4048-8723-BA51EAB8E1A8}) (Version: 2.05.05 - ASUSTeK Computer Inc.)
ASUS Command (HKLM-x32\...\{F5E5AD85-4A90-4604-A887-464D3818D8FD}) (Version: 2.08.03 - ASUSTeK Computer Inc.)
aTube Catcher version 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
AutoCAD 2017 (HKLM\...\{28B89EEF-0001-0000-0102-CF3F3A09B77D}) (Version: 21.0.104.0 - Autodesk) Hidden
AutoCAD 2017 Language Pack - English (HKLM\...\{28B89EEF-0001-0409-1102-CF3F3A09B77D}) (Version: 21.0.52.0 - Autodesk) Hidden
AutoCAD 2018 - English (HKLM\...\{28B89EEF-1001-0409-2102-CF3F3A09B77D}) (Version: 22.0.49.0 - Autodesk) Hidden
AutoCAD 2018 (HKLM\...\{28B89EEF-1001-0000-0102-CF3F3A09B77D}) (Version: 22.0.49.0 - Autodesk) Hidden
AutoCAD 2018 Language Pack - English (HKLM\...\{28B89EEF-1001-0409-1102-CF3F3A09B77D}) (Version: 22.0.49.0 - Autodesk) Hidden
AutoCAD Architecture 2017 - English (HKLM\...\{28B89EEF-0004-0409-2102-CF3F3A09B77D}) (Version: 7.9.48.0 - Autodesk) Hidden
AutoCAD Architecture 2017 (HKLM\...\{28B89EEF-0004-0000-3102-CF3F3A09B77D}) (Version: 7.9.48.0 - Autodesk) Hidden
AutoCAD Architecture 2017 Core (HKLM\...\{28B89EEF-0004-0000-0102-CF3F3A09B77D}) (Version: 7.9.48.0 - Autodesk) Hidden
AutoCAD Architecture 2017 Language Core - English (HKLM\...\{28B89EEF-0004-0409-1102-CF3F3A09B77D}) (Version: 7.9.48.0 - Autodesk) Hidden
AutoCAD Architecture 2017 Language Shared - English (HKLM\...\{28B89EEF-0004-0409-4102-CF3F3A09B77D}) (Version: 7.9.48.0 - Autodesk) Hidden
AutoCAD Architecture 2017 Shared (HKLM\...\{28B89EEF-0004-0000-4102-CF3F3A09B77D}) (Version: 7.9.48.0 - Autodesk) Hidden
Autodesk Advanced Material Library Image Library 2017 (HKLM-x32\...\{8ED2ED41-4455-449D-993C-751C039089B9}) (Version: 15.11.3.0 - Autodesk)
Autodesk Advanced Material Library Image Library 2018 (HKLM-x32\...\{177AD7F6-9C77-4E50-BA53-B7259C5F282D}) (Version: 16.11.1.0 - Autodesk)
Autodesk App Manager 2016-2018 (HKLM-x32\...\{20EC0CA2-346E-4660-9903-51B278DF15F6}) (Version: 2.4.0 - Autodesk)
Autodesk AutoCAD 2017 SP 1 (HKLM\...\AutoCAD 2017 SP1) (Version: 21.0.104.0 - Autodesk)
Autodesk AutoCAD 2018 - English (HKLM\...\AutoCAD 2018 - English) (Version: 22.0.49.0 - Autodesk)
Autodesk AutoCAD Architecture 2017 - English (HKLM\...\AutoCAD Architecture 2017 - English) (Version: 7.9.48.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool 1.2.8 (HKLM-x32\...\{214D3370-746E-4886-8EAA-5769EB87D044}) (Version: 1.2.8.0 - Autodesk)
Autodesk BIM 360 Glue AutoCAD 2017 Add-in 64 bit (HKLM\...\{276A67E0-71EB-4827-B5F7-2ACF02BC1A5B}) (Version: 4.37.6853 - Autodesk)
Autodesk Content Service (HKLM\...\{A37CDB58-AAE8-0000-8C13-E0F7BACB0D5F}) (Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Content Service (HKLM\...\Autodesk Content Service) (Version: 3.2.0.0 - Autodesk)
Autodesk Content Service Language Pack (HKLM\...\{A37CDB58-AAE8-0001-8C13-E0F7BACB0D5F}) (Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Desktop App (HKLM-x32\...\Autodesk Desktop App) (Version: 7.0.9.191 - Autodesk)
Autodesk Featured Apps 2016-2018 (HKLM-x32\...\{384C4B74-B749-4AB6-9367-4D51A6AA9CB8}) (Version: 2.4.0 - Autodesk)
Autodesk License Service (x64) - 3.1 (HKLM\...\{EB6FE58F-8576-4272-BB9C-6B47D9EDFA4D}) (Version: 3.1.26.0 - Autodesk)
Autodesk License Service (x64) - 5.1.4 (HKLM\...\{3609A8D9-FC0C-4C9B-9F58-0B1D1A4FE556}) (Version: 5.1.4.0 - Autodesk)
Autodesk Material Library 2017 (HKLM-x32\...\{8FB9F735-D64C-4991-8D91-4CDDAB1ABDEE}) (Version: 15.11.3.0 - Autodesk)
Autodesk Material Library 2018 (HKLM-x32\...\{7847611E-92E9-4917-B395-71C91D523104}) (Version: 16.11.1.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2017 (HKLM-x32\...\{3FBFBC43-9882-43FA-B979-2D53896747B3}) (Version: 15.11.3.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2018 (HKLM-x32\...\{FCDED119-A969-4E48-8A32-D21AD6B03253}) (Version: 16.11.1.0 - Autodesk)
Autodesk ReCap (HKLM\...\{6ED27C84-0000-1033-0102-D4DAEFFC23C2}) (Version: 4.0.0.28 - Autodesk) Hidden
Autodesk ReCap (HKLM\...\Autodesk ReCap 360) (Version: 4.0.0.28 - Autodesk)
Avira (HKLM-x32\...\{40F72BC9-0C14-4122-8930-4B037EAEAD45}) (Version: 1.2.109.23832 - Avira Operations GmbH & Co. KG) Hidden
Avira (HKLM-x32\...\{4b629f54-1d82-40c9-9979-4485bb58d155}) (Version: 1.2.109.23832 - Avira Operations GmbH & Co. KG)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.36.180 - Avira Operations GmbH & Co. KG)
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.14.1.26975 - Avira Operations GmbH & Co. KG)
Avira Software Updater (HKLM-x32\...\{AA126937-1BC9-49DC-A4FC-60D38DD11AB1}) (Version: 2.0.5.42575 - Avira Operations GmbH & Co. KG)
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 4.11.1.7632 - Avira Operations GmbH & Co. KG)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
boostPc version 1.0 (HKLM-x32\...\boostPc_is1) (Version: 1.0 - )
Brother MFL-Pro Suite MFC-J825DW (HKLM-x32\...\{A1B36B88-AF90-43A3-8906-6DBEE89B4FBD}) (Version: 1.1.6.0 - Brother Industries, Ltd.)
Classic Shell (HKLM\...\{CABCE573-0A86-42FA-A52A-C7EA61D5BE08}) (Version: 4.3.1 - IvoSoft)
D-Link DWA-192 (HKLM-x32\...\{A9C1D994-E5B8-4705-826F-C1ADE33DA2F7}) (Version:  - D-Link Corporation)
Dropbox (HKLM-x32\...\Dropbox) (Version: 51.4.66 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.65.1 - Dropbox, Inc.) Hidden
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version:  - EaseUS)
Elevated Installer (HKLM-x32\...\{6E257EB0-5EFF-416D-82D4-592924566BB4}) (Version: 6.5.1.0 - Garmin Ltd or its subsidiaries) Hidden
FARO LS 1.1.505.0 (64bit) (HKLM-x32\...\{8834451B-6209-4E02-9EF4-4EF9E3C1F70F}) (Version: 5.5.0.44203 - FARO Scanner Production)
FARO LS 1.1.600.6 (64bit) (HKLM-x32\...\{510A08AF-1649-4844-94E5-EAC43A023685}) (Version: 6.0.6.5 - FARO Scanner Production)
FastStone Photo Resizer 3.3 (HKLM-x32\...\FastStone Photo Resizer) (Version: 3.3 - FastStone Soft.)
Forte (HKLM-x32\...\{26DBF0BB-767A-45BE-9D31-CF3EE7B1943C}) (Version: 5.3.0 - Weyerhaeuser)
Garmin Express (HKLM-x32\...\{3e534d41-dcc4-4f51-9858-70dd42beb3d5}) (Version: 6.5.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{E1C18A5C-63D7-4DC5-977F-5B4BAB4169D9}) (Version: 6.5.1.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
HP Officejet 7500 E910 Basic Device Software (HKLM\...\{7CF50183-026B-418D-A26C-A254290BD824}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 7500 E910 Help (HKLM-x32\...\{24DC9885-E759-4BD2-8A20-D4AC509A7FDE}) (Version: 140.0.93.93 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel® Chipset Device Software (HKLM-x32\...\{f3e3c5dd-edd0-406b-8aa2-ce5acb93660e}) (Version: 10.0.14 - Intel® Corporation) Hidden
Intel® Driver & Support Assistant (HKLM-x32\...\{01f3f6b8-1a81-4b10-b51f-f69af12e1d69}) (Version: 3.0.0.9 - Intel)
IrfanView 4.51 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.51 - Irfan Skiljan)
iTunes (HKLM\...\{3D8C6B05-FE24-4B9C-A57C-B8E1FA39E83D}) (Version: 12.7.4.80 - Apple Inc.)
LandscapePro Studio 1.5 (HKLM\...\com.anthropics.landscapeprostudio1_is1) (Version: 1.5 - Anthropics Technology Ltd)
Malwarebytes version 3.4.4.2398 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.4.2398 - Malwarebytes)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.9226.2126 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1497577798-250006343-43434190-1008\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
Microsoft Report Viewer 2015 Runtime (HKLM-x32\...\{3ECE8FC7-7020-4756-A71C-C345D4725B77}) (Version: 12.0.2402.15 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
Modus License Manager (HKLM-x32\...\{B7571EB0-6061-4AD3-84EF-3B34B31878EE}) (Version: 2.0.1.5 - Weyerhaeuser)
Mozilla Firefox 60.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 60.0.2 (x64 en-US)) (Version: 60.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.3 - Mozilla)
MyHarmony (HKLM-x32\...\{2AD8F8A1-ECE5-4890-BCC2-B4396370A0D4}) (Version: 1.0.308 - Logitech)
NVIDIA 3D Vision Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.13 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.13 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9226.2126 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9226.2126 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9226.2126 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.9226.2126 - Microsoft Corporation) Hidden
RadioSure (HKU\S-1-5-21-1497577798-250006343-43434190-1008\...\RadioSure) (Version:  - )
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.769.769.092613 - REALTEK Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0247 - REALTEK Semiconductor Corp.)
SketchUp Import 2016-2017 (HKLM-x32\...\{063925DB-9D8C-48E2-8F04-1B7038B6C783}) (Version: 2.2.0 - Autodesk)
Soft Organizer version 7.10 (HKLM-x32\...\Soft Organizer_is1) (Version: 7.10 - ChemTable Software)
SPDS Extension for AutoCAD® 2017 (HKLM\...\{A969D4A7-B6C7-4E60-9677-79CDC34D861F}) (Version: 5.0.0 - Autodesk, Inc.)
Total Audio Converter (HKLM-x32\...\Total Audio Converter) (Version:  - Softplicity Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.1 - VideoLAN)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version:  - NCH Software)
Weyerhaeuser Design Engine 7.0.0 (HKLM-x32\...\{B0B6E1B1-96F4-4A99-8E41-BA15E9BA9A95}) (Version: 7.0.0.5 - Weyerhaeuser)
Winamp (HKLM-x32\...\Winamp) (Version: 5.64  - Nullsoft, Inc)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E5}) (Version: 19.0.11293 - WinZip Computing, S.L. )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1497577798-250006343-43434190-1008_Classes\CLSID\{02C1B014-A1A3-49B0-9DE2-61108AE10A1A}\InprocServer32 -> C:\Program Files\Autodesk\ApplicationPlugins\SPDSExtension2017.bundle\Contents\SPDSExtCOMProps.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1497577798-250006343-43434190-1008_Classes\CLSID\{0984760C-7937-4BAC-BFA5-6B66ED0C3EE3}\InprocServer32 -> C:\Program Files\Autodesk\ApplicationPlugins\SPDSExtension2017.bundle\Contents\SPDSExtCOMProps.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1497577798-250006343-43434190-1008_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe /Automation => No File
CustomCLSID: HKU\S-1-5-21-1497577798-250006343-43434190-1008_Classes\CLSID\{0D327DA6-B4DF-4842-B833-2CFF84F0948F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2017\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1497577798-250006343-43434190-1008_Classes\CLSID\{0E51E86F-A10A-4C28-840C-693043D86B94}\InprocServer32 -> C:\Program Files\Autodesk\ApplicationPlugins\SPDSExtension2017.bundle\Contents\SPDSExtCOMProps.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1497577798-250006343-43434190-1008_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe => No File
CustomCLSID: HKU\S-1-5-21-1497577798-250006343-43434190-1008_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Felix\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
CustomCLSID: HKU\S-1-5-21-1497577798-250006343-43434190-1008_Classes\CLSID\{26AA2A3B-8564-467D-9F56-70B82D9DF9EF}\InprocServer32 -> C:\Program Files\Autodesk\ApplicationPlugins\SPDSExtension2017.bundle\Contents\SPDSExtCOMProps.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1497577798-250006343-43434190-1008_Classes\CLSID\{2ADDEA0E-5490-44BD-95AB-8CF726546699}\InprocServer32 -> C:\Program Files\Autodesk\ApplicationPlugins\SPDSExtension2017.bundle\Contents\SPDSExtCOMProps.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1497577798-250006343-43434190-1008_Classes\CLSID\{2C783B32-B389-4636-AEEF-0B8906809ABD}\InprocServer32 -> C:\Program Files\Autodesk\ApplicationPlugins\SPDSExtension2017.bundle\Contents\SPDSExtCOMProps.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1497577798-250006343-43434190-1008_Classes\CLSID\{3EDE361E-8AAC-4E9D-8D67-47826E07F395}\InprocServer32 -> C:\Program Files\Autodesk\ApplicationPlugins\SPDSExtension2017.bundle\Contents\SPDSExtCOMProps.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1497577798-250006343-43434190-1008_Classes\CLSID\{428E99BF-4547-4BAE-B11B-3A3B2B429E19}\InprocServer32 -> C:\Program Files\Autodesk\ApplicationPlugins\SPDSExtension2017.bundle\Contents\SPDSExtCOMProps.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1497577798-250006343-43434190-1008_Classes\CLSID\{4AC6DFE1-607B-45B2-B289-D7FBCD44169C}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2019\acad.exe /Automation => No File
CustomCLSID: HKU\S-1-5-21-1497577798-250006343-43434190-1008_Classes\CLSID\{4EDAD274-3142-4B55-BA32-E46571CAB32A}\InprocServer32 -> C:\Program Files\Autodesk\ApplicationPlugins\SPDSExtension2017.bundle\Contents\SPDSExtCOMProps.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1497577798-250006343-43434190-1008_Classes\CLSID\{5370C727-1451-4700-A960-77630950AF6D}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe /Automation => No File
CustomCLSID: HKU\S-1-5-21-1497577798-250006343-43434190-1008_Classes\CLSID\{6C05A3B6-A500-4D72-B5C9-4F4FF96681DA}\InprocServer32 -> C:\Program Files\Autodesk\ApplicationPlugins\SPDSExtension2017.bundle\Contents\SPDSExtCOMProps.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1497577798-250006343-43434190-1008_Classes\CLSID\{720DB9AF-D62C-4ED0-A377-429C22312852}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2017\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1497577798-250006343-43434190-1008_Classes\CLSID\{72F49406-DE1A-4931-B0BF-FE8B678A39E1}\InprocServer32 -> C:\Program Files\Autodesk\ApplicationPlugins\SPDSExtension2017.bundle\Contents\SPDSExtCOMProps.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1497577798-250006343-43434190-1008_Classes\CLSID\{7445B73A-20A3-47A0-83DD-FB564CD09A55}\InprocServer32 -> C:\Program Files\Autodesk\ApplicationPlugins\SPDSExtension2017.bundle\Contents\SPDSExtCOMProps.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1497577798-250006343-43434190-1008_Classes\CLSID\{74D0CE91-F931-4FAC-BEA9-EE32E43EAD37}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2019\acad.exe => No File
CustomCLSID: HKU\S-1-5-21-1497577798-250006343-43434190-1008_Classes\CLSID\{7861A892-FF42-4FC0-BCF8-B6059C701DDF}\InprocServer32 -> C:\Program Files\Autodesk\ApplicationPlugins\SPDSExtension2017.bundle\Contents\SPDSExtCOMProps.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1497577798-250006343-43434190-1008_Classes\CLSID\{85F3ABA7-F721-4101-BA9D-2A39B4643C32}\InprocServer32 -> C:\Program Files\Autodesk\ApplicationPlugins\SPDSExtension2017.bundle\Contents\SPDSExtCOMProps.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1497577798-250006343-43434190-1008_Classes\CLSID\{8AF3BC0F-0FC9-4CD4-9B3A-993F16D42FB1}\InprocServer32 -> C:\Program Files\Autodesk\ApplicationPlugins\SPDSExtension2017.bundle\Contents\SPDSExtCOMProps.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1497577798-250006343-43434190-1008_Classes\CLSID\{8B6D9821-E115-438C-B55F-7AB17D02F55F}\InprocServer32 -> C:\Program Files\Autodesk\ApplicationPlugins\SPDSExtension2017.bundle\Contents\SPDSExtCOMProps.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1497577798-250006343-43434190-1008_Classes\CLSID\{9AAF0EB6-42D8-46C1-A2EF-679511B37A0D}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2018\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1497577798-250006343-43434190-1008_Classes\CLSID\{9D537013-3178-46D3-B47B-0A8B7F1D4895}\InprocServer32 -> C:\Program Files\Autodesk\ApplicationPlugins\SPDSExtension2017.bundle\Contents\SPDSExtCOMProps.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1497577798-250006343-43434190-1008_Classes\CLSID\{9DAF993A-5A95-4F5D-82BD-0CC553A59E95}\InprocServer32 -> C:\Program Files\Autodesk\ApplicationPlugins\SPDSExtension2017.bundle\Contents\SPDSExtCOMProps.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1497577798-250006343-43434190-1008_Classes\CLSID\{A2DD9FCF-2FDD-4CFE-B653-F2AC0038AB7D}\InprocServer32 -> C:\Program Files\Autodesk\ApplicationPlugins\SPDSExtension2017.bundle\Contents\SPDSExtCOMProps.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1497577798-250006343-43434190-1008_Classes\CLSID\{A7568AF5-52DE-4632-BBD0-875859C5B494}\InprocServer32 -> C:\Program Files\Autodesk\ApplicationPlugins\SPDSExtension2017.bundle\Contents\SPDSExtCOMProps.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1497577798-250006343-43434190-1008_Classes\CLSID\{AC7E9F26-99F0-41FF-A5B3-9EF0B8E40C73}\InprocServer32 -> C:\Program Files\Autodesk\ApplicationPlugins\SPDSExtension2017.bundle\Contents\SPDSExtCOMProps.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1497577798-250006343-43434190-1008_Classes\CLSID\{B1CC4543-B20B-4876-955E-B2859DAFDAF1}\InprocServer32 -> C:\Program Files\Autodesk\ApplicationPlugins\SPDSExtension2017.bundle\Contents\SPDSExtCOMProps.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1497577798-250006343-43434190-1008_Classes\CLSID\{B6EB585B-B467-4E46-A9C7-48D7D6FD26CB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2018\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1497577798-250006343-43434190-1008_Classes\CLSID\{B773AC0D-3AE0-46ED-B5DE-20BA136334FD}\InprocServer32 -> C:\Program Files\Autodesk\ApplicationPlugins\SPDSExtension2017.bundle\Contents\SPDSExtCOMProps.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1497577798-250006343-43434190-1008_Classes\CLSID\{B9B4F5B7-0631-4919-A153-A781CD2B58CB}\InprocServer32 -> C:\Program Files\Autodesk\ApplicationPlugins\SPDSExtension2017.bundle\Contents\SPDSExtCOMProps.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1497577798-250006343-43434190-1008_Classes\CLSID\{BB3E6C4E-8006-4956-95FF-1F2D986F2B2F}\InprocServer32 -> C:\Program Files\Autodesk\ApplicationPlugins\SPDSExtension2017.bundle\Contents\SPDSExtCOMProps.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1497577798-250006343-43434190-1008_Classes\CLSID\{BE560804-9721-40D9-AFA8-9B0E6A6794A6}\InprocServer32 -> C:\Program Files\Autodesk\ApplicationPlugins\SPDSExtension2017.bundle\Contents\SPDSExtCOMProps.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1497577798-250006343-43434190-1008_Classes\CLSID\{C047D445-D523-4CCC-B31D-44BAA64AB9D5}\InprocServer32 -> C:\Program Files\Autodesk\ApplicationPlugins\SPDSExtension2017.bundle\Contents\SPDSExtCOMProps.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1497577798-250006343-43434190-1008_Classes\CLSID\{C2E2EFAB-16C2-493E-8F53-9F0B939FBF14}\InprocServer32 -> C:\Program Files\Autodesk\ApplicationPlugins\SPDSExtension2017.bundle\Contents\SPDSExtCOMProps.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1497577798-250006343-43434190-1008_Classes\CLSID\{C4F0D014-5AE8-42E7-AEFA-5EAF3C37B9D4}\InprocServer32 -> C:\Program Files\Autodesk\ApplicationPlugins\SPDSExtension2017.bundle\Contents\SPDSExtCOMProps.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1497577798-250006343-43434190-1008_Classes\CLSID\{D236CF1D-EA27-4B81-A45E-67B9B12E9B92}\InprocServer32 -> C:\Program Files\Autodesk\ApplicationPlugins\SPDSExtension2017.bundle\Contents\SPDSExtCOMProps.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1497577798-250006343-43434190-1008_Classes\CLSID\{DBFE3D36-37CA-402C-9B8D-1144ED39F4B1}\InprocServer32 -> C:\Program Files\Autodesk\ApplicationPlugins\SPDSExtension2017.bundle\Contents\SPDSExtCOMProps.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1497577798-250006343-43434190-1008_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2018\en-US\acadficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1497577798-250006343-43434190-1008_Classes\CLSID\{EA19079A-7EBD-4D5A-88D8-06A69640B89C}\InprocServer32 -> C:\Program Files\Autodesk\ApplicationPlugins\SPDSExtension2017.bundle\Contents\SPDSExtCOMProps.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1497577798-250006343-43434190-1008_Classes\CLSID\{F20C96A6-BC9A-4B2C-A500-463C1BB897A1}\InprocServer32 -> C:\Program Files\Autodesk\ApplicationPlugins\SPDSExtension2017.bundle\Contents\SPDSExtCOMProps.dll (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2018-01-30] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2018-01-30] (Autodesk)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.)
ContextMenuHandlers1: [BtSendToMenuEx] -> {CF24E6B8-F148-4BCB-9108-ADF313966E80} => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\DevMenuExt.dll [2013-09-12] (Realtek Semiconductor Corporation)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2018-05-08] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {ef263503-8f0e-3e6a-ae2e-fe0b4b441d52} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ContextMenuHandlers1: [TotalConverter] -> {280CFDE1-1354-4431-92F3-03073BA593FB} => C:\Program Files (x86)\TotalAudioConverter\axTotalConverter64.dll [2014-03-14] (Softplicity)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2014-10-21] (WinZip Computing, S.L.)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {3d52b24d-33bb-3895-99ea-a0156f24a3f9} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2014-10-21] (WinZip Computing, S.L.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation)
ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {cefaf456-bc17-3f4b-b7d9-75070925911b} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2018-05-08] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\Windows\system32\StartMenuHelper64.dll [2017-08-13] (IvoSoft)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2014-10-21] (WinZip Computing, S.L.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0FB4055D-B6C5-438F-AC36-1058753DF355} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-05-11] (Microsoft Corporation)
Task: {12004191-5A5E-4444-8AB2-D4BAB02D0C38} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-05-11] (Microsoft Corporation)
Task: {12F5E01B-BD78-4F7B-91AE-D94C2FEB9574} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {1A278612-8802-4F11-A2FC-C301ECA94107} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2018-06-06] ()
Task: {24EB328C-3770-4849-B497-FFB38E57BFF2} - System32\Tasks\{80E6F2D5-03C0-E93D-CFB0-DA68C5DF3733} => C:\Program Files (x86)\Common Files\xFnUUPuYWbiq.exe [1601-01-03] (Microsoft Corporation)
Task: {250982DD-DFA3-4614-8FCC-1957BBAE5FF1} - System32\Tasks\{C8263472-0D06-4FD8-5712-025D5FC3F275} => C:\Program Files (x86)\YdRUEUXIq.exe [1601-01-03] (Microsoft Corporation) <==== ATTENTION
Task: {2CAB0AC5-9FDE-43B8-9ABF-48DB7DEB10A3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {2D9F099B-1CB3-4698-A207-A47439C5E483} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\task.vbs"
Task: {2FD15900-2580-4715-936B-953B3EC69280} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-1497577798-250006343-43434190-1008 => C:\ProgramData\MEGAsync\MEGAupdater.exe [2018-01-15] (Mega Limited)
Task: {3D2FF3F3-242C-4989-9764-4EA53B99D018} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-05-11] (Microsoft Corporation)
Task: {3DAD7068-773B-4CF2-B8F8-28BF63999AB7} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-10-01] (Dropbox, Inc.)
Task: {44A46160-0071-4502-AA06-96AAAF5F11EF} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe [2018-06-05] (Avira Operations GmbH & Co. KG )
Task: {629D194C-6020-4EFF-9385-DCF1449E2393} - System32\Tasks\ASUS\ASUS Updater => C:\Program Files (x86)\ASUS\ASUS Manager\Application Update\ASUSFourceUpdater.exe [2016-07-15] ()
Task: {687DCF95-1EB6-4AE4-B836-3E70594A00C1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {89DF7E63-6161-450E-8568-3EC407D27F3F} - System32\Tasks\Avira\System Speedup\TestScheduler => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [2018-06-05] (Avira Operations GmbH & Co. KG)
Task: {92CE9759-76C0-44CA-9FEE-AA3728C9F8B1} - System32\Tasks\ASUS\ASUS Manager BackgroundWindow => C:\Program Files (x86)\ASUS\ASUS Manager\BackgroundWindow.exe [2013-08-23] ()
Task: {956463B3-1A4C-4F34-96F8-1C2144B29FA0} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-05-24] (Microsoft Corporation)
Task: {97DB65FE-1603-4F14-8E60-E371D2CE64AE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-05-24] (Microsoft Corporation)
Task: {A823846E-39A9-4866-9B84-DE132493EC3A} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUS Manager\Application Update\ASUSUpdateChecker.exe [2016-07-15] ()
Task: {B62CCE0E-7215-48CD-B12B-BCA5C86E4ACC} - System32\Tasks\AdobeGCInvoker-1.0-Owner-Felix => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-05-11] (Adobe Systems, Incorporated)
Task: {B8E50A83-0319-41E2-97EE-E2442F6F5BDD} - System32\Tasks\ASUS\ASUS Manager HotKey Service => C:\Program Files (x86)\ASUS\ASUS Manager\AsHKService.exe [2014-03-19] (ASUSTeK Computer Inc.)
Task: {DE735B18-4DCB-48C0-BD41-7FFE3EF75877} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-10-01] (Dropbox, Inc.)
Task: {E2284569-8637-404A-9B44-2089287572B2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {E59DD538-757A-40EF-AA7B-FAF106FBF391} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2018-06-05] (Avira Operations GmbH & Co. KG)
Task: {FF29853F-B0DD-4385-862E-197E5A8DB429} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-04-24 19:16 - 2018-02-05 14:44 - 002299168 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-10-18 17:51 - 2017-10-18 17:51 - 000598528 _____ () C:\ProgramData\MEGAsync\ShellExtX64.dll
2017-09-26 03:52 - 2017-09-26 03:52 - 000491600 _____ () C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-1497577798-250006343-43434190-1008\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1"

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-12-11 20:40 - 2017-12-11 20:40 - 000001066 ____R C:\Windows\system32\Drivers\etc\hosts

0.0.0.0 keystone.mwbsys.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1497577798-250006343-43434190-1008\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 74.116.184.28 - 96.127.255.28
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: asComSvc => 2
MSCONFIG\Services: Autodesk Content Service => 2
MSCONFIG\Services: Avira.ServiceHost => 2
MSCONFIG\Services: AvrcpService => 2
MSCONFIG\Services: BrYNSvc => 3
MSCONFIG\Services: BTDevManager => 2
MSCONFIG\Services: D-Link DWA-192_PBC_WPS => 2
MSCONFIG\Services: dbupdate => 2
MSCONFIG\Services: dbupdatem => 3
MSCONFIG\Services: DbxSvc => 2
MSCONFIG\Services: FlexNet Licensing Service 64 => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NVDisplay.ContainerLocalSystem => 2
MSCONFIG\Services: proXPN VPN => 2
MSCONFIG\Services: RunSwUSB => 2
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "BtServer"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "ADSKAppManager"
HKU\S-1-5-21-1497577798-250006343-43434190-1008\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-1497577798-250006343-43434190-1008\...\StartupApproved\Run: => "HP Officejet 7500 E910 (NET)"
HKU\S-1-5-21-1497577798-250006343-43434190-1008\...\StartupApproved\Run: => "Autodesk Sync"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2442790D-AEA7-4103-BEF5-10C602E04F53}] => (Allow) C:\Program Files (x86)\Brother\Brmfl11a\FAXRX.exe
FirewallRules: [{028EEDA9-20DC-407C-B9EA-43C703E63A7F}] => (Allow) C:\Program Files (x86)\Brother\Brmfl11a\FAXRX.exe
FirewallRules: [{9D71AF31-2C0C-4227-AB36-21BAF392FE55}] => (Allow) LPort=54925
FirewallRules: [{6D471E51-A6FF-4419-AE4A-70CD5B17637F}] => (Allow) C:\Program Files\HP\HP Officejet 7500 E910\bin\FaxApplications.exe
FirewallRules: [{CA8A01F3-F5CE-4B79-9E46-46648A2B943F}] => (Allow) C:\Program Files\HP\HP Officejet 7500 E910\bin\DigitalWizards.exe
FirewallRules: [{E3BFBB83-BBED-4686-B0CA-E0B85B14224D}] => (Allow) C:\Program Files\HP\HP Officejet 7500 E910\bin\SendAFax.exe
FirewallRules: [{D54D6C55-CCCD-4DE8-B453-DE7E6033CB61}] => (Allow) C:\Program Files\HP\HP Officejet 7500 E910\Bin\DeviceSetup.exe
FirewallRules: [{E01C2E53-1A8E-4A1C-BDA1-CA96648B0C5D}] => (Allow) C:\Program Files\HP\HP Officejet 7500 E910\Bin\HPNetworkCommunicator.exe
FirewallRules: [{0C23D060-1597-43BE-9509-B5A3C9B9FBA3}] => (Allow) C:\Program Files\HP\HP Officejet 7500 E910\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{1A103A9F-F872-4849-9D48-EDB50618E67E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{6BDF36D5-0394-4D94-ACAD-8BDD57361D61}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{FA574383-C3B4-4E4F-8FD6-9DB311F287D4}] => (Allow) C:\Users\Felix\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1A3B569F-389A-476A-B9CD-5EF1C5445014}] => (Allow) C:\Users\Felix\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B0B4E259-F5DE-445D-A098-C4A3F9BC3C92}] => (Allow) LPort=50248
FirewallRules: [{922A0C84-8349-43F0-A31F-A9B06557801B}] => (Allow) LPort=50248
FirewallRules: [{ED49C258-AB26-4673-80BC-C9E4A9422796}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{4D1A8A2C-AC59-4FA4-9B35-4B22D887CDA7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CA0F9E8B-FC95-4B69-B168-125533BE6923}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{37939829-2B37-4263-AD46-E88A0033F97B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{947F3ADE-F74F-4283-8F5B-D8D6BF0BF9D5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3E3DEAE6-4375-4699-8777-F1A27F61225E}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{5B668F00-2061-49AC-BD89-8466FADCF118}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{0E74C58A-AEC5-42EB-99C1-506585BC6C9A}C:\users\felix\appdata\local\temp\rar$exa0.839\easy_search(4.2.0.0).exe] => (Allow) C:\users\felix\appdata\local\temp\rar$exa0.839\easy_search(4.2.0.0).exe
FirewallRules: [UDP Query User{D565CE38-8486-4DE6-9C85-E1E2BA607D7F}C:\users\felix\appdata\local\temp\rar$exa0.839\easy_search(4.2.0.0).exe] => (Allow) C:\users\felix\appdata\local\temp\rar$exa0.839\easy_search(4.2.0.0).exe
FirewallRules: [TCP Query User{9B2F4BDE-65CA-4F2C-9886-DABF37F009DB}C:\users\felix\desktop\easy_search(4.2.0.0).exe] => (Allow) C:\users\felix\desktop\easy_search(4.2.0.0).exe
FirewallRules: [UDP Query User{4520DF66-E60E-4766-913B-2D976005EBE2}C:\users\felix\desktop\easy_search(4.2.0.0).exe] => (Allow) C:\users\felix\desktop\easy_search(4.2.0.0).exe
FirewallRules: [TCP Query User{FE5E49A9-345C-4B8A-8B06-F983B8C0058A}I:\setup\easy_search(3.8.0.0).exe] => (Allow) I:\setup\easy_search(3.8.0.0).exe
FirewallRules: [UDP Query User{D986EACB-0D10-4D3C-B197-E5E33BB4F99F}I:\setup\easy_search(3.8.0.0).exe] => (Allow) I:\setup\easy_search(3.8.0.0).exe
FirewallRules: [{4D49EC4D-A6ED-4644-8D5F-404C5AD0956F}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{AD262CB4-CC22-41C2-820D-6DD265156DA8}] => (Allow) c:\users\felix\appdata\roaming\655160.exe
FirewallRules: [{21C1CC9D-6DA2-4BF1-A43C-A7FE013C10D6}] => (Allow) c:\users\felix\appdata\roaming\63489186\dwm.exe
FirewallRules: [{6AFFEE92-C621-4705-9C1B-281FE5549225}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe
FirewallRules: [{737C7B5A-541D-4ADF-9091-B54A257CA2CB}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe
FirewallRules: [TCP Query User{312CEF30-72AB-4DA5-BCD6-634CAC4F74F8}C:\program files (x86)\avira\softwareupdater\avirasoftwareupdatertoastnotificationsbridge.exe] => (Allow) C:\program files (x86)\avira\softwareupdater\avirasoftwareupdatertoastnotificationsbridge.exe
FirewallRules: [UDP Query User{9BF16011-03E0-44AA-A920-4BD1F29F44B8}C:\program files (x86)\avira\softwareupdater\avirasoftwareupdatertoastnotificationsbridge.exe] => (Allow) C:\program files (x86)\avira\softwareupdater\avirasoftwareupdatertoastnotificationsbridge.exe
FirewallRules: [{825AB81C-F073-4AD8-AFAF-2F3EA15B14A2}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{C4DEBA33-B243-4FE4-92BB-29962E472CC0}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{6B9AF49F-FF08-4989-B695-ED18A91FBE4D}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{083EE021-88CF-443C-9383-19E89DB34560}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{D8898DDF-1AA3-4A41-815B-C1C378E29D46}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{25B65208-2E79-433E-8FB0-A9B1DB204C63}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{42D567E4-846C-436E-94A2-9D79C6D9DDF3}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{92DCC393-A99A-4BEC-A99A-42493042DF60}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{AC62EAAE-A535-43C7-9B56-67E765CFAD87}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{C4080B4C-05CC-467B-A278-A8467215E916}] => (Allow) C:\Users\Felix\AppData\Local\CamStudio 2.7\msiexec64.exe
FirewallRules: [{DE7F6831-8AB7-48E9-AC26-43BC8264CF54}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{BD70989D-902D-4BD3-BB09-C03CE18998FB}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{E2D68C3D-ED54-4625-A9ED-E1CDB90923EB}] => (Allow) C:\Users\Felix\AppData\Local\CamStudio 2.7\msiexec64.exe
FirewallRules: [{DD38FCB3-1D5D-4200-A1F8-4ED768267A71}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{F9014A1A-1819-4EFB-9B42-283DD130C275}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{63F94FE7-58F3-4133-86E5-1448255064DE}] => (Allow) C:\Users\Felix\AppData\Local\CamStudio 2.7\msiexec64.exe
FirewallRules: [{187570E6-6CCA-4A11-A8F5-4DED5F258107}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{11299BE9-77FB-442C-BB26-FD9D170F8AA6}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{D5C0FDDE-0C37-4988-8797-8CB799E50F54}] => (Allow) C:\Users\Felix\AppData\Local\CamStudio 2.7\msiexec64.exe
FirewallRules: [{16D21976-EE83-4D05-9AAF-2C942D1C69C6}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{2F2F496A-1C06-4F03-BE39-AF2EDC1D8C80}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{798DE1EE-1D30-4823-A7A5-0D31206145CF}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{387FFAF0-2DDB-4677-B0FD-9C047198374C}] => (Allow) C:\Users\Felix\AppData\Local\CamStudio 2.7\msiexec64.exe
FirewallRules: [{94AAA67B-9C6D-4F28-8D93-BC0D03B15EEE}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{ED06EA66-5433-4991-A47D-355954B7103F}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{B63DDDAB-9525-4894-AD6E-EEFA6C5B6A21}] => (Allow) C:\Users\Felix\AppData\Local\CamStudio 2.7\msiexec64.exe
FirewallRules: [{9B75AC0D-62E5-494A-B386-651339725EEE}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{A5C67FC3-F0F3-4332-9DD4-BBDEE212479F}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{685A1998-D03F-4EE7-8986-383FB0B53CD1}] => (Allow) C:\Users\Felix\AppData\Local\CamStudio 2.7\msiexec64.exe
FirewallRules: [{D1DE53D7-9F69-415E-BCEB-5D784B13BD3D}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{F54CA126-A4EA-4365-8874-F6D3EDA7AD82}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{3A8D2D94-53D8-468E-8DEF-1A1998482BC8}] => (Allow) C:\Users\Felix\AppData\Local\CamStudio 2.7\msiexec64.exe
FirewallRules: [{9AE54621-216F-48A5-9ECE-F13D5C28430B}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{49FCD156-B1D0-43A8-AF3B-6295670CF9E1}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{5E5FC885-600B-43E9-9F24-55E9D41C8FB4}] => (Allow) C:\Users\Felix\AppData\Local\CamStudio 2.7\msiexec64.exe
FirewallRules: [{66E62815-303C-4B86-8AC8-0BB1418E6BE7}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{E1841D2E-258C-4A32-8AF0-7D791887831D}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{BBE13FA1-7766-4892-B0AE-0042ECB8E862}] => (Allow) C:\Users\Felix\AppData\Local\CamStudio 2.7\msiexec64.exe
FirewallRules: [{6DD0B613-C64A-45A5-BBF7-73FC4D276B07}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{73D645F1-3FC3-410A-BA9A-EEDA9C5185D0}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{7596401D-B785-4D63-A413-3EA899122CA5}] => (Allow) C:\Users\Felix\AppData\Local\CamStudio 2.7\msiexec64.exe
FirewallRules: [{E74762A1-2877-44F0-B633-56B80EE123FA}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{3A071ECC-FF9C-4EEA-AACA-2ECD250B8142}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{D6B286E3-0576-4798-8C98-2D02E2A26D85}] => (Allow) C:\Users\Felix\AppData\Local\CamStudio 2.7\msiexec64.exe
FirewallRules: [{49AB3D65-4918-4F57-A491-3E0FDED0C461}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{C62E6631-EB14-4B8D-8D45-399D6773CABE}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{90765256-D1BF-4A9B-9218-80BA7E424AE5}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{4215AD61-D9CA-49A9-95E3-0ECF40681F04}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{C79CC51E-7BED-4CD1-8EC5-71C0318EDD3B}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{F77A840F-DFDF-4305-82A7-9EF38DE9BD06}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{6F4C19AA-0F11-499C-9876-EF8F730D37CA}] => (Allow) C:\Users\Felix\AppData\Local\DiskManagement\msiexec64.exe
FirewallRules: [{B2EE7BEB-4525-4C35-B955-11D02B90C609}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{CBB87BA2-8F52-430A-B87E-274631BAFD50}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{46A5D09E-9D2F-4031-8C84-B49E0C5230BC}] => (Allow) C:\Users\Felix\AppData\Local\DiskManagement\msiexec64.exe
FirewallRules: [{C0041A1C-FA76-4D09-A6EE-568E0ACCF779}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{AD1269FC-3465-4EC1-A727-61E1A36ED5F2}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{51A2B900-4E7E-47B4-89CC-DFEE3EBB5363}] => (Allow) C:\Users\Felix\AppData\Local\DiskManagement\msiexec64.exe
FirewallRules: [{9400B6AC-0FCB-4692-B29F-934AEC71BEF1}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{E996BDF4-C659-41C5-82A0-32CD6C9DEB65}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{73C6E741-C08B-4D77-B34D-F6F7967B8C3E}] => (Allow) C:\Users\Felix\AppData\Local\DiskManagement\msiexec64.exe
FirewallRules: [{D9D820CB-6044-4EE0-89B3-BD04DBBFF61F}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{1772E8C0-B088-47D6-9BD7-FDA82C46297D}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{DAD290C8-DDCA-416C-B109-A8A8FC58F6C0}] => (Allow) C:\Users\Felix\AppData\Local\DiskManagement\msiexec64.exe
FirewallRules: [{4E78B5DA-51CE-43E8-A9C5-D93343401337}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{F0D2E72E-5DB7-4590-A5EF-F585236136CE}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{1ED4D5F1-2E7F-4706-91F4-245DBBCA6B7A}] => (Allow) C:\Users\Felix\AppData\Local\DiskManagement\msiexec64.exe
FirewallRules: [{E2D9A3DD-C3F6-454B-B9CB-30FD17889736}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{CF60C095-82D3-42F5-AA73-5AB4C00AFD5E}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{B6D277E1-88FC-4821-B279-B18B8FDFB847}] => (Allow) C:\Users\Felix\AppData\Local\DiskManagement\msiexec64.exe
FirewallRules: [{81D15BCF-389C-4D09-B610-7D21181E07C3}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{1EA5FECD-9B5F-458D-A159-CFDBC23C3AE0}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{83E73809-35A9-4BFD-A936-8581321F9A79}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{351C9EEC-EF5F-47F3-A6F9-21EB2CE4D9B9}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{4D910281-5AFF-47AF-9019-73ACC023D98B}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{82ECFB92-0081-45D8-855E-C532031C0518}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{39EEDB19-E28D-44FE-9ACC-989EBCB44379}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{F845B130-6E8D-4709-B987-01D9DA19527D}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{9054F194-F2DC-413C-8E9F-7FFCDA8C0BFE}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{BD7D0253-52B7-4FA8-BE3D-9AD15776A830}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{3F6DD74B-FF2B-4BAF-AAB2-56EB1F317BEC}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{4A8DDDEB-0654-464D-BA9F-DEF5CED0012E}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{2639CE7A-EF67-4122-80B0-25AFA3C75D01}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{43BFBA65-8858-4318-83A6-C07537293D40}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{BD4781EC-B8B8-4741-94A4-DA8F2D7FB58C}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{3D85A0A1-E804-431A-8A06-BD34D57E6C04}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{4A22D0B8-CCC9-4FDC-A3C7-E71B03BEE11B}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{9D373543-A70E-4B91-926F-269592E125EE}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{4AA47699-A738-4D36-9C50-F77DFBB3521E}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{EEF69078-44F8-4B31-A918-E58DE5105645}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{66092A96-E3E6-480C-8885-E521E5380258}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{22F445C4-8275-418E-BA01-466FDBA22CAF}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{60FE2694-CD48-478B-A60C-A39ED7D45A4E}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{2876F17D-602F-4A30-B77A-F314E183EE70}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{38D3B061-1C31-454B-BD4C-FE0C65E0F7BC}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{AA554061-4D19-4777-9AEB-2C064633818A}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{B06D91B3-0043-4AFE-B45F-4C53DB08F31D}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{259BCCA3-0BBD-4362-BC58-7ECD17D63275}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{547F35AC-8057-40FE-8903-702AD3FC1319}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{30D164AA-19EE-4FB1-A0C6-D224B13AA5FD}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{E964A824-0B2F-4C64-8CF2-17EB7B7F0C0B}] => (Allow) C:\Windows\SysWOW64\svchost.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/14/2018 08:21:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamtray.exe, version: 3.0.0.1395, time stamp: 0x5a8f398e
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18895, time stamp: 0x5a4b127e
Exception code: 0xc0000142
Fault offset: 0x0009d4e2
Faulting process id: 0x111c
Faulting application start time: 0x01d4043eba5c9d30
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Faulting module path: KERNELBASE.dll
Report Id: fb2c833c-7031-11e8-829f-40e230b427de
Faulting package full name:
Faulting package-relative application ID:

Error: (06/14/2018 08:05:11 PM) (Source: AviraOptimizerHost) (EventID: 0) (User: )
Description: Event-ID 0

Error: (06/14/2018 08:32:33 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (06/13/2018 10:15:47 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Failed in handling the PowerEvent. The error that occurred was: System.NullReferenceException: Object reference not set to an instance of an object.
   at Avira.OE.ServiceHost.ServiceHost.OnPowerEvent(Object sender, PowerBroadcastStatusEventArgs e)
   at Avira.OE.WinCore.EventHandlerExtensions.SafeInvoke[T](EventHandler`1 eventHandler, Object sender, T eventArgs)
   at Avira.OE.ServiceHost.WindowsService.OnPowerEvent(PowerBroadcastStatus powerStatus)
   at System.ServiceProcess.ServiceBase.DeferredPowerEvent(Int32 eventType, IntPtr eventData).

Error: (06/13/2018 06:26:19 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (06/13/2018 06:18:34 PM) (Source: MsiInstaller) (EventID: 11704) (User: NT AUTHORITY)
Description: Product: Garmin Express -- Error 1704. An installation for IC__iPackage is currently suspended.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?

Error: (06/12/2018 10:18:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamtray.exe, version: 3.0.0.1395, time stamp: 0x5a8f398e
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18895, time stamp: 0x5a4b127e
Exception code: 0xc0000142
Fault offset: 0x0009d4e2
Faulting process id: 0x10b8
Faulting application start time: 0x01d402bcda0536e1
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Faulting module path: KERNELBASE.dll
Report Id: 1c316898-6eb0-11e8-829d-40e230b427de
Faulting package full name:
Faulting package-relative application ID:

Error: (06/12/2018 10:04:10 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0


System errors:
=============
Error: (06/14/2018 08:40:00 PM) (Source: DCOM) (EventID: 10005) (User: Owner)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (06/14/2018 08:38:12 PM) (Source: DCOM) (EventID: 10005) (User: Owner)
Description: DCOM got error "1084" attempting to start the service dps with arguments "Unavailable" in order to run the server:
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}

Error: (06/14/2018 08:38:12 PM) (Source: DCOM) (EventID: 10005) (User: Owner)
Description: DCOM got error "1084" attempting to start the service dps with arguments "Unavailable" in order to run the server:
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}

Error: (06/14/2018 08:38:12 PM) (Source: DCOM) (EventID: 10005) (User: Owner)
Description: DCOM got error "1084" attempting to start the service dps with arguments "Unavailable" in order to run the server:
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}

Error: (06/14/2018 08:38:12 PM) (Source: DCOM) (EventID: 10005) (User: Owner)
Description: DCOM got error "1084" attempting to start the service dps with arguments "Unavailable" in order to run the server:
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}

Error: (06/14/2018 08:38:12 PM) (Source: DCOM) (EventID: 10005) (User: Owner)
Description: DCOM got error "1084" attempting to start the service dps with arguments "Unavailable" in order to run the server:
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}

Error: (06/14/2018 08:38:12 PM) (Source: DCOM) (EventID: 10005) (User: Owner)
Description: DCOM got error "1084" attempting to start the service dps with arguments "Unavailable" in order to run the server:
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}

Error: (06/14/2018 08:38:11 PM) (Source: DCOM) (EventID: 10005) (User: Owner)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}


Windows Defender:
===================================
Date: 2017-09-26 15:50:00.399
Description:
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x80070002
Error description: The system cannot find the file specified.
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

CodeIntegrity:
===================================

Date: 2018-02-15 15:03:21.928
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume6\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

Date: 2018-02-15 15:03:21.781
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume6\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

Date: 2018-02-14 19:38:41.046
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume6\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

Date: 2018-02-14 19:38:40.806
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume6\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

Date: 2018-02-13 19:46:37.726
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume6\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

Date: 2018-02-13 19:46:37.514
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume6\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

Date: 2018-02-13 14:46:22.656
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume6\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

Date: 2018-02-13 14:46:22.526
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume6\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: Intel® Core™ i7-4790 CPU @ 3.60GHz
Percentage of memory in use: 12%
Total physical RAM: 16327.22 MB
Available physical RAM: 14306.57 MB
Total Virtual: 32711.22 MB
Available Virtual: 30829.03 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:983.59 GB) (Free:849.97 GB) NTFS
Drive e: (STORAGE) (Fixed) (Total:3725.9 GB) (Free:3288.53 GB) NTFS

\\?\Volume{6475d86c-e0ac-4f87-9a5a-10c18bbb2f59}\ (DATA) (Fixed) (Total:878.91 GB) (Free:877.57 GB) NTFS
\\?\Volume{4773420a-2995-4c54-bef7-6ca1f2f3ea26}\ () (Fixed) (Total:0 GB) (Free:0 GB)
\\?\Volume{cf542912-163b-498d-a983-6c310cd9b797}\ () (Fixed) (Total:0.29 GB) (Free:0.28 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Protective MBR) (Size: 3726 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: 6AEB8100)

Partition: GPT.

==================== End of Addition.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,751 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:51 PM

Posted 14 June 2018 - 10:12 PM

Hi

Welcome :)

I'll be helping you with your computer.

Please read this post completely before beginning. If there's anything that you do not understand, please don't hesitate to ask before proceeding.

Please take note of the guidelines for this fix:

  • Please note that I am a volunteer. I do have a family, a career, and other endeavors that may prevent immediate responses that meet your schedule. Do note that the differences in time zones could present a problem as well. Your patience and understanding will be greatly appreciated.
  • First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer.
  • Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me.
  • Please read ALL instructions carefully and perform the steps fully and in the order they are written.
  • If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean.
  • Continue to read and follow my instructions until I tell you that your machine is clean.
  • If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you, and please wait for my reply before you proceed.
  • Scanning with programs and reading the logs do take a fair amount of time. Again, your patience will be necessary. :)

Let's begin... :)
 

  • Highlight the entire content of the quote box below.

Start::  

C:\Program Files (x86)\YdRUEUXIq.exe
FirewallRules: [{9D71AF31-2C0C-4227-AB36-21BAF392FE55}] => (Allow) LPort=54925
FirewallRules: [{B0B4E259-F5DE-445D-A098-C4A3F9BC3C92}] => (Allow) LPort=50248
FirewallRules: [{922A0C84-8349-43F0-A31F-A9B06557801B}] => (Allow) LPort=50248
CHR res: Infected resources.pak (Adware script). Reinstall Chrome. <==== ATTENTION
S2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [0 2018-05-17] () <==== ATTENTION (zero byte File/Folder)
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [0 2018-05-24] () <==== ATTENTION (zero byte File/Folder)
Task: {250982DD-DFA3-4614-8FCC-1957BBAE5FF1} - System32\Tasks\{C8263472-0D06-4FD8-5712-025D5FC3F275} => C:\Program Files (x86)\YdRUEUXIq.exe [1601-01-03] (Microsoft Corporation) <==== ATTENTION
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [No File]
CustomCLSID: HKU\S-1-5-21-1497577798-250006343-43434190-1008_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe /Automation => No File
CustomCLSID: HKU\S-1-5-21-1497577798-250006343-43434190-1008_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe => No File
CustomCLSID: HKU\S-1-5-21-1497577798-250006343-43434190-1008_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Felix\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
CustomCLSID: HKU\S-1-5-21-1497577798-250006343-43434190-1008_Classes\CLSID\{4AC6DFE1-607B-45B2-B289-D7FBCD44169C}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2019\acad.exe /Automation => No File
CustomCLSID: HKU\S-1-5-21-1497577798-250006343-43434190-1008_Classes\CLSID\{5370C727-1451-4700-A960-77630950AF6D}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe /Automation => No File
CustomCLSID: HKU\S-1-5-21-1497577798-250006343-43434190-1008_Classes\CLSID\{74D0CE91-F931-4FAC-BEA9-EE32E43EAD37}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2019\acad.exe => No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
CustomCLSID: HKU\S-1-5-21-1497577798-250006343-43434190-1008_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Felix\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
FirewallRules: [{C4080B4C-05CC-467B-A278-A8467215E916}] => (Allow) C:\Users\Felix\AppData\Local\CamStudio 2.7\msiexec64.exe
FirewallRules: [{E2D68C3D-ED54-4625-A9ED-E1CDB90923EB}] => (Allow) C:\Users\Felix\AppData\Local\CamStudio 2.7\msiexec64.exe
FirewallRules: [{63F94FE7-58F3-4133-86E5-1448255064DE}] => (Allow) C:\Users\Felix\AppData\Local\CamStudio 2.7\msiexec64.exe
FirewallRules: [{D5C0FDDE-0C37-4988-8797-8CB799E50F54}] => (Allow) C:\Users\Felix\AppData\Local\CamStudio 2.7\msiexec64.exe
FirewallRules: [{387FFAF0-2DDB-4677-B0FD-9C047198374C}] => (Allow) C:\Users\Felix\AppData\Local\CamStudio 2.7\msiexec64.exe
FirewallRules: [{B63DDDAB-9525-4894-AD6E-EEFA6C5B6A21}] => (Allow) C:\Users\Felix\AppData\Local\CamStudio 2.7\msiexec64.exe
FirewallRules: [{685A1998-D03F-4EE7-8986-383FB0B53CD1}] => (Allow) C:\Users\Felix\AppData\Local\CamStudio 2.7\msiexec64.exe
FirewallRules: [{3A8D2D94-53D8-468E-8DEF-1A1998482BC8}] => (Allow) C:\Users\Felix\AppData\Local\CamStudio 2.7\msiexec64.exe
FirewallRules: [{5E5FC885-600B-43E9-9F24-55E9D41C8FB4}] => (Allow) C:\Users\Felix\AppData\Local\CamStudio 2.7\msiexec64.exe
FirewallRules: [{BBE13FA1-7766-4892-B0AE-0042ECB8E862}] => (Allow) C:\Users\Felix\AppData\Local\CamStudio 2.7\msiexec64.exe
FirewallRules: [{7596401D-B785-4D63-A413-3EA899122CA5}] => (Allow) C:\Users\Felix\AppData\Local\CamStudio 2.7\msiexec64.exe
FirewallRules: [{D6B286E3-0576-4798-8C98-2D02E2A26D85}] => (Allow) C:\Users\Felix\AppData\Local\CamStudio 2.7\msiexec64.exe
FirewallRules: [{6F4C19AA-0F11-499C-9876-EF8F730D37CA}] => (Allow) C:\Users\Felix\AppData\Local\DiskManagement\msiexec64.exe
FirewallRules: [{46A5D09E-9D2F-4031-8C84-B49E0C5230BC}] => (Allow) C:\Users\Felix\AppData\Local\DiskManagement\msiexec64.exe
FirewallRules: [{51A2B900-4E7E-47B4-89CC-DFEE3EBB5363}] => (Allow) C:\Users\Felix\AppData\Local\DiskManagement\msiexec64.exe
FirewallRules: [{73C6E741-C08B-4D77-B34D-F6F7967B8C3E}] => (Allow) C:\Users\Felix\AppData\Local\DiskManagement\msiexec64.exe
FirewallRules: [{DAD290C8-DDCA-416C-B109-A8A8FC58F6C0}] => (Allow) C:\Users\Felix\AppData\Local\DiskManagement\msiexec64.exe
FirewallRules: [{1ED4D5F1-2E7F-4706-91F4-245DBBCA6B7A}] => (Allow) C:\Users\Felix\AppData\Local\DiskManagement\msiexec64.exe
FirewallRules: [{B6D277E1-88FC-4821-B279-B18B8FDFB847}] => (Allow) C:\Users\Felix\AppData\Local\DiskManagement\msiexec64.exe
C:\Users\Felix\AppData\Local\CamStudio 2.7
C:\Users\Felix\AppData\Local\DiskManagement
EMPTYTEMP:
Reboot:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
 

  • Download AdwCleaner and move it to your Desktop
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
    5ace519a6ff4a_Dashboard-firstrun.png.567
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,751 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:51 PM

Posted 14 June 2018 - 10:14 PM

Closing duplicate.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users