Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think i have infected. Stdrt.exe seems problematic


  • Please log in to reply
11 replies to this topic

#1 Vasilis_S

Vasilis_S

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:09 PM

Posted Yesterday, 04:22 PM

Hello

I noticed some strange behavor on my system.

First windows start to report that i don't have an antivirus and that i should turn on firewall. I have Kaspersky Total Security and i think kaspersky uses it's own firewall

 

I intalled the newest version of kaspersky but still i think something is wrong. When i install kaspersky newest version i do it from admin account. After finalize setup i log off and connected to my usual standard account. After log on windows ask me to restart computer to finalize setup ... it does not look right ... why it didn't ask my in the admin account for a restart.

 

Something is wrong i think with stdrt.exe .... it communicates with "internet" and i don't think is normal.

 

Anyway i will appeciate if you help me and check my system

 

Thank you in advance in any case

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.10.2018
Ran by PC1_A (administrator) on PC1 (19-10-2018 00:08:22)
Running from D:\0_DOK\_Bleeping
Loaded Profiles: PC1_A & Vasilis (Available Profiles: PC1_A & Nikol & Vasilis & Rafaela)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
( ) C:\Windows\Temp\mrt3E66.tmp\stdrt.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\avp.exe
(Dulux Australia) C:\Program Files\Dulux Australia\Dulux Colour Atlas\Maintenance\Dulux.Maintenance.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(SafeNet, Inc.) C:\Program Files\SafeNet\Authentication\SAC\x64\SACSrv.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Personal Accelerator for Revit\RevitAccelerator.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(SafeNet, Inc.) C:\Program Files\SafeNet\Authentication\SAC\x64\SACMonitor.exe
(ITSamples.com) C:\_PRT_Startup\Network Activity Indicator 1.7\NetworkIndicator.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\avpui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [pac] => C:\Program Files\Autodesk\Personal Accelerator for Revit\RevitAccelerator.exe [339464 2017-01-17] (Autodesk, Inc.)
HKLM\...\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [SACMonitor] => C:\Program Files\SafeNet\Authentication\SAC\x64\SACMonitor.exe [676280 2014-01-14] (SafeNet, Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [3268176 2018-09-10] (Dominik Reichl)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3784512 2018-10-18] (Dropbox, Inc.)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle Corporation)
Winlogon\Notify\ScCertProp: 
Winlogon\Notify\ScCertProp: 
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-2928681103-1180902673-3709917691-1000\...\Run: [NetworkIndicator] => C:\_PRT_Startup\Network Activity Indicator 1.6\NetworkIndicator.exe
HKU\S-1-5-21-2928681103-1180902673-3709917691-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2928681103-1180902673-3709917691-1000\...\Policies\Explorer: [] 
HKU\S-1-5-21-2928681103-1180902673-3709917691-1000\...\MountPoints2: {48c87eea-4599-11e8-8d02-6cf049ed859e} - I:\Setup.exe
HKU\S-1-5-21-2928681103-1180902673-3709917691-1002\...\Run: [GoogleDriveFS] => "C:\Program Files\Google\Drive File Stream\25.252.289.1553\GoogleDriveFS.exe"
HKU\S-1-5-21-2928681103-1180902673-3709917691-1002\...\Run: [NetworkIndicator] => C:\_PRT_Startup\Network Activity Indicator 1.7\NetworkIndicator.exe [367616 2014-12-12] (ITSamples.com)
HKU\S-1-5-21-2928681103-1180902673-3709917691-1002\...\Policies\Explorer: [] 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2018-05-30]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2012\QBW32.EXE (Intuit Inc.)
GroupPolicyUsers\S-1-5-21-2928681103-1180902673-3709917691-1003\User: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{85D27306-6DCF-4039-B5D1-6309C19697D8}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2928681103-1180902673-3709917691-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2928681103-1180902673-3709917691-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2928681103-1180902673-3709917691-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/el-gr/?ocid=iehp
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2017-06-13] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_181\bin\ssv.dll [2018-08-06] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office16\URLREDIR.DLL [2015-07-31] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-08-06] (Oracle Corporation)
BHO: Kaspersky Protection -> {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\x64\IEExt\ie_plugin.dll [2018-10-18] (AO Kaspersky Lab)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office16\URLREDIR.DLL [2015-07-31] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2017-02-22] (Microsoft Corporation)
BHO-x32: Kaspersky Protection -> {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\IEExt\ie_plugin.dll [2018-10-18] (AO Kaspersky Lab)
Toolbar: HKLM - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\x64\IEExt\ie_plugin.dll [2018-10-18] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\IEExt\ie_plugin.dll [2018-10-18] (AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-2928681103-1180902673-3709917691-1000 -> No Name - {4853DF44-7D6B-48E9-9258-D800EEE54AF6} -  No File
Toolbar: HKU\S-1-5-21-2928681103-1180902673-3709917691-1002 -> No Name - {4853DF44-7D6B-48E9-9258-D800EEE54AF6} -  No File
Handler-x32: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll [2018-05-30] (Intuit, Inc.)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2010-11-21] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\PC1_A\AppData\Roaming\Mozilla\Firefox\Profiles\j532ie0v.default [2018-10-18]
FF HKLM\...\Firefox\Extensions: [light_plugin_F88CEF8523DE460F9FA1D6E48BF8D340@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi [2018-10-18]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F88CEF8523DE460F9FA1D6E48BF8D340@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-08-06] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-08-06] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-06-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxps://app.asana.com/app/asana/-/login"
CHR Profile: C:\Users\PC1_A\AppData\Local\Google\Chrome\User Data\Default [2018-10-18]
CHR Extension: (Google Translate) - C:\Users\PC1_A\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2018-04-21]
CHR Extension: (Slides) - C:\Users\PC1_A\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-04-21]
CHR Extension: (BIODIGITAL HUMAN) - C:\Users\PC1_A\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2018-04-21]
CHR Extension: (Kaspersky Protection) - C:\Users\PC1_A\AppData\Local\Google\Chrome\User Data\Default\Extensions\amkpcclbbgegoafihnpgomddadjhcadd [2018-10-18]
CHR Extension: (Docs) - C:\Users\PC1_A\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-04-21]
CHR Extension: (Google Drive) - C:\Users\PC1_A\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-04-21]
CHR Extension: (MEGA) - C:\Users\PC1_A\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2018-10-18]
CHR Extension: (Official Quora Chrome Extension) - C:\Users\PC1_A\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgpiknoghkmnhcneegdaknfckbkphhd [2018-10-13]
CHR Extension: (YouTube) - C:\Users\PC1_A\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-04-21]
CHR Extension: (Adblock Plus) - C:\Users\PC1_A\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-10-13]
CHR Extension: (Viber) - C:\Users\PC1_A\AppData\Local\Google\Chrome\User Data\Default\Extensions\dafalpmmoljglecaoelijmbkhpdoobmm [2018-07-09]
CHR Extension: (VTchromizer) - C:\Users\PC1_A\AppData\Local\Google\Chrome\User Data\Default\Extensions\efbjojhplkelaegfbieplglfidafgoka [2018-04-21]
CHR Extension: (Sheets) - C:\Users\PC1_A\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-04-21]
CHR Extension: (CircuitLab) - C:\Users\PC1_A\AppData\Local\Google\Chrome\User Data\Default\Extensions\haghanbgfkfpmepoohpigmglbfejljoj [2018-04-21]
CHR Extension: (Gantter Project Management) - C:\Users\PC1_A\AppData\Local\Google\Chrome\User Data\Default\Extensions\himomacamcpodhkahelbnmaddladgjgo [2018-05-12]
CHR Extension: (WhatFont) - C:\Users\PC1_A\AppData\Local\Google\Chrome\User Data\Default\Extensions\jabopobgcpjmedljpbcaablpmlmfcogm [2018-08-11]
CHR Extension: (Disconnect) - C:\Users\PC1_A\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2018-04-21]
CHR Extension: (Chrono Download Manager) - C:\Users\PC1_A\AppData\Local\Google\Chrome\User Data\Default\Extensions\mciiogijehkdemklbdcbfkefimifhecn [2018-07-12]
CHR Extension: (HUMAN 3.0) - C:\Users\PC1_A\AppData\Local\Google\Chrome\User Data\Default\Extensions\meefjekipolcgabfgaclcpdkbghhmoah [2018-04-21]
CHR Extension: (Project Naptha) - C:\Users\PC1_A\AppData\Local\Google\Chrome\User Data\Default\Extensions\molncoemjfmpgdkbdlbjmhlcgniigdnf [2018-10-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\PC1_A\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-21]
CHR Extension: (chromeIPass) - C:\Users\PC1_A\AppData\Local\Google\Chrome\User Data\Default\Extensions\ompiailgknfdndiefoaoiligalphfdae [2018-04-21]
CHR Extension: (Send from Gmail (by Google)) - C:\Users\PC1_A\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2018-04-21]
CHR Extension: (Gmail) - C:\Users\PC1_A\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-04-21]
CHR Extension: (Chrome Media Router) - C:\Users\PC1_A\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-18]
CHR HKLM\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd
CHR HKLM-x32\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 Adobe Licensing Console; C:\Windows\SysWOW64\lnsecsl.exe [911314 2018-05-30] ( ) [File not signed] <==== ATTENTION
R2 AVP19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\avp.exe [619640 2018-02-28] (AO Kaspersky Lab)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-04-23] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-04-23] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51024 2018-10-18] (Dropbox, Inc.)
R2 Dulux Maintenance; C:\Program Files\Dulux Australia\Dulux Colour Atlas\Maintenance\Dulux.Maintenance.exe [14336 2016-10-04] (Dulux Australia) [File not signed]
S3 klvssbridge64_19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\x64\vssbridge64.exe [416560 2018-10-18] (AO Kaspersky Lab)
S3 KSDE2.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe [354672 2017-01-24] (AO Kaspersky Lab)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2015-02-27] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2012-01-10] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2012-01-10] (Intuit Inc.) [File not signed]
R2 RapiMgr; C:\Windows\WindowsMobile\rapimgr.dll [225672 2007-05-31] (Microsoft Corporation)
R2 SACSrv; C:\Program Files\SafeNet\Authentication\SAC\x64\SACSrv.exe [11192 2014-01-14] (SafeNet, Inc.)
R2 WcesComm; C:\Windows\WindowsMobile\wcescomm.dll [443784 2007-05-31] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 klvssbridge64_18.0.0; "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\vssbridge64.exe" [X]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AKSIFDH; C:\Windows\System32\DRIVERS\aksifdh.sys [62632 2008-07-30] (Aladdin Knowledge Systems, Ltd.)
S3 AKSUP; C:\Windows\System32\drivers\aksup.sys [44712 2008-07-30] (Aladdin Knowledge Systems, Ltd.)
S3 BlueStacksDrv; C:\Program Files\BlueStacks\BstkDrv.sys [303712 2018-09-04] (Bluestack System Inc. )
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [243400 2018-01-27] (AO Kaspersky Lab)
R3 iKeyEnum; C:\Windows\System32\DRIVERS\ikeyenum.sys [16160 2010-07-08] (SafeNet, Inc.)
R3 iKeyIFD; C:\Windows\System32\DRIVERS\ikeyifd.sys [22304 2010-07-08] (SafeNet, Inc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [528576 2018-02-20] (AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [73416 2018-10-18] (AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [123144 2018-10-18] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [89168 2018-10-18] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [219232 2018-10-18] (AO Kaspersky Lab)
R1 KLHK; C:\Windows\System32\DRIVERS\klhk.sys [1214752 2018-10-18] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1129056 2018-10-18] (AO Kaspersky Lab)
R1 klim6; C:\Windows\System32\DRIVERS\klim6.sys [56520 2018-02-12] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [58056 2018-01-15] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [83496 2017-12-11] (AO Kaspersky Lab)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [50648 2017-05-30] (AO Kaspersky Lab)
R3 kltap; C:\Windows\System32\DRIVERS\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [81632 2017-11-07] (AO Kaspersky Lab)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [161592 2018-07-20] (AO Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [203968 2018-02-24] (AO Kaspersky Lab)
U5 RnbToken; C:\Windows\System32\Drivers\RnbToken.sys [24352 2010-07-08] (SafeNet, Inc.)
R3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [213080 2018-07-16] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [222864 2018-07-16] (Oracle Corporation)
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64_prewin8.sys [31920 2018-02-26] (Western Digital Technologies)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-10-19 00:08 - 2018-10-19 00:08 - 000000105 _____ C:\Windows\SysWOW64\get.dat
2018-10-19 00:04 - 2018-10-19 00:08 - 000000000 ____D C:\FRST
2018-10-18 23:12 - 2018-10-18 23:12 - 000000178 _____ C:\Windows\SysWOW64\key.dat
2018-10-18 22:44 - 2018-10-18 22:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-10-18 22:19 - 2018-10-18 22:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security
2018-10-18 22:17 - 2018-10-18 22:23 - 001129056 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2018-10-18 22:17 - 2018-10-18 22:23 - 000219232 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2018-10-18 14:29 - 2018-10-18 14:29 - 000051024 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2018-10-18 14:29 - 2018-10-18 14:29 - 000047768 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2018-10-18 14:29 - 2018-10-18 14:29 - 000047768 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2018-10-18 14:29 - 2018-10-18 14:29 - 000047768 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2018-10-17 00:21 - 2015-07-09 20:58 - 001632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2018-10-17 00:21 - 2015-07-09 20:58 - 000082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2018-10-17 00:21 - 2015-07-09 20:42 - 001372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2018-10-17 00:21 - 2015-07-09 20:42 - 000067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2018-10-17 00:06 - 2011-03-11 09:41 - 000410496 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys
2018-10-17 00:06 - 2011-03-11 09:41 - 000189824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2018-10-17 00:06 - 2011-03-11 09:41 - 000166272 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys
2018-10-17 00:06 - 2011-03-11 09:41 - 000148352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys
2018-10-17 00:06 - 2011-03-11 09:41 - 000107904 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys
2018-10-17 00:06 - 2011-03-11 09:41 - 000027008 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys
2018-10-17 00:06 - 2011-03-11 09:33 - 002565632 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2018-10-17 00:06 - 2011-03-11 09:30 - 000096768 _____ (Microsoft Corporation) C:\Windows\system32\fsutil.exe
2018-10-17 00:06 - 2011-03-11 08:33 - 001699328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2018-10-17 00:06 - 2011-03-11 08:31 - 000074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fsutil.exe
2018-10-15 10:52 - 2018-10-15 10:52 - 000091664 _____ C:\Users\Vasilis\Downloads\note_017011184_9015_201806_v6.pdf
2018-10-15 10:52 - 2018-10-15 10:52 - 000089979 _____ C:\Users\Vasilis\Downloads\note_017011184_9015_201808_v3.pdf
2018-10-15 10:52 - 2018-10-15 10:52 - 000089979 _____ C:\Users\Vasilis\Downloads\note_017011184_9015_201807_v2.pdf
2018-10-15 10:52 - 2018-10-15 10:52 - 000080035 _____ C:\Users\Vasilis\Downloads\note_017011184_9015 - maios.pdf
2018-10-11 23:01 - 2018-10-11 23:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2018-10-11 23:01 - 2018-10-11 23:01 - 000000000 ____D C:\Program Files\qBittorrent
2018-10-10 19:14 - 2018-10-10 19:14 - 000002210 _____ C:\Users\Vasilis\Desktop\Office Lens.lnk
2018-10-10 12:27 - 2018-09-18 08:52 - 025735168 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-10-10 12:26 - 2018-09-19 11:08 - 000343552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2018-10-10 12:26 - 2018-09-18 22:08 - 000396888 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-10-10 12:26 - 2018-09-18 21:10 - 000348976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-10-10 12:26 - 2018-09-18 08:38 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-10-10 12:26 - 2018-09-18 08:38 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-10-10 12:26 - 2018-09-18 08:27 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-10-10 12:26 - 2018-09-18 08:26 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-10-10 12:26 - 2018-09-18 08:25 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-10-10 12:26 - 2018-09-18 08:25 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-10-10 12:26 - 2018-09-18 08:25 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-10-10 12:26 - 2018-09-18 08:25 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-10-10 12:26 - 2018-09-18 08:19 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-10-10 12:26 - 2018-09-18 08:18 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-10-10 12:26 - 2018-09-18 08:16 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-10-10 12:26 - 2018-09-18 08:15 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-10-10 12:26 - 2018-09-18 08:15 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-10-10 12:26 - 2018-09-18 08:14 - 005779456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-10-10 12:26 - 2018-09-18 08:14 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-10-10 12:26 - 2018-09-18 08:14 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-10-10 12:26 - 2018-09-18 08:09 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-10-10 12:26 - 2018-09-18 08:06 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-10-10 12:26 - 2018-09-18 08:01 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-10-10 12:26 - 2018-09-18 08:00 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-10-10 12:26 - 2018-09-18 08:00 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-10-10 12:26 - 2018-09-18 07:57 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-10-10 12:26 - 2018-09-18 07:57 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-10-10 12:26 - 2018-09-18 07:55 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-10-10 12:26 - 2018-09-18 07:53 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-10-10 12:26 - 2018-09-18 07:45 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-10-10 12:26 - 2018-09-18 07:43 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-10-10 12:26 - 2018-09-18 07:42 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-10-10 12:26 - 2018-09-18 07:41 - 002136064 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-10-10 12:26 - 2018-09-18 07:41 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-10-10 12:26 - 2018-09-18 07:39 - 015283712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-10-10 12:26 - 2018-09-18 07:35 - 004510720 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-10-10 12:26 - 2018-09-18 07:33 - 020278784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-10-10 12:26 - 2018-09-18 07:31 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-10-10 12:26 - 2018-09-18 07:23 - 001555968 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-10-10 12:26 - 2018-09-18 07:21 - 000497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-10-10 12:26 - 2018-09-18 07:21 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-10-10 12:26 - 2018-09-18 07:20 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-10-10 12:26 - 2018-09-18 07:20 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-10-10 12:26 - 2018-09-18 07:19 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-10-10 12:26 - 2018-09-18 07:18 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-10-10 12:26 - 2018-09-18 07:15 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-10-10 12:26 - 2018-09-18 07:15 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-10-10 12:26 - 2018-09-18 07:14 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-10-10 12:26 - 2018-09-18 07:13 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-10-10 12:26 - 2018-09-18 07:13 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-10-10 12:26 - 2018-09-18 07:12 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-10-10 12:26 - 2018-09-18 07:10 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-10-10 12:26 - 2018-09-18 07:06 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-10-10 12:26 - 2018-09-18 07:03 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-10-10 12:26 - 2018-09-18 07:02 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-10-10 12:26 - 2018-09-18 07:02 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-10-10 12:26 - 2018-09-18 07:00 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-10-10 12:26 - 2018-09-18 06:59 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-10-10 12:26 - 2018-09-18 06:58 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-10-10 12:26 - 2018-09-18 06:57 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-10-10 12:26 - 2018-09-18 06:57 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-10-10 12:26 - 2018-09-18 06:53 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-10-10 12:26 - 2018-09-18 06:52 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-10-10 12:26 - 2018-09-18 06:51 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-10-10 12:26 - 2018-09-18 06:50 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-10-10 12:26 - 2018-09-18 06:50 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-10-10 12:26 - 2018-09-18 06:37 - 004037632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-10-10 12:26 - 2018-09-18 06:34 - 001330176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-10-10 12:26 - 2018-09-18 06:31 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-10-10 12:26 - 2018-09-11 21:28 - 003227136 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-10-10 12:26 - 2018-09-11 21:23 - 000161280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-10-10 12:26 - 2018-09-11 21:22 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-10-10 12:26 - 2018-09-09 04:02 - 005552328 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-10-10 12:26 - 2018-09-09 04:02 - 001680072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2018-10-10 12:26 - 2018-09-09 04:02 - 000986824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2018-10-10 12:26 - 2018-09-09 04:02 - 000708296 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-10-10 12:26 - 2018-09-09 04:02 - 000631680 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-10-10 12:26 - 2018-09-09 04:02 - 000265416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2018-10-10 12:26 - 2018-09-09 04:02 - 000262344 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-10-10 12:26 - 2018-09-09 04:02 - 000154824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-10-10 12:26 - 2018-09-09 04:02 - 000095432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-10-10 12:26 - 2018-09-09 04:01 - 001664320 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-10-10 12:26 - 2018-09-09 03:59 - 002851840 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2018-10-10 12:26 - 2018-09-09 03:59 - 002009600 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-10-10 12:26 - 2018-09-09 03:59 - 001211904 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-10-10 12:26 - 2018-09-09 03:59 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-10-10 12:26 - 2018-09-09 03:59 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-10-10 12:26 - 2018-09-09 03:59 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-10-10 12:26 - 2018-09-09 03:59 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-10-10 12:26 - 2018-09-09 03:59 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-10-10 12:26 - 2018-09-09 03:59 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-10-10 12:26 - 2018-09-09 03:59 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-10-10 12:26 - 2018-09-09 03:59 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-10-10 12:26 - 2018-09-09 03:59 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-10-10 12:26 - 2018-09-09 03:59 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-10-10 12:26 - 2018-09-09 03:59 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-10-10 12:26 - 2018-09-09 03:59 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-10-10 12:26 - 2018-09-09 03:59 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-10-10 12:26 - 2018-09-09 03:59 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-10-10 12:26 - 2018-09-09 03:59 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-10-10 12:26 - 2018-09-09 03:59 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-10-10 12:26 - 2018-09-09 03:59 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-10-10 12:26 - 2018-09-09 03:59 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-10-10 12:26 - 2018-09-09 03:59 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-10-10 12:26 - 2018-09-09 03:59 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2018-10-10 12:26 - 2018-09-09 03:58 - 001461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-10-10 12:26 - 2018-09-09 03:58 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-10-10 12:26 - 2018-09-09 03:58 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-10-10 12:26 - 2018-09-09 03:58 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-10-10 12:26 - 2018-09-09 03:58 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2018-10-10 12:26 - 2018-09-09 03:58 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-10-10 12:26 - 2018-09-09 03:58 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-10-10 12:26 - 2018-09-09 03:58 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-10-10 12:26 - 2018-09-09 03:57 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-10-10 12:26 - 2018-09-09 03:57 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-10-10 12:26 - 2018-09-09 03:57 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-10-10 12:26 - 2018-09-09 03:57 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2018-10-10 12:26 - 2018-09-09 03:57 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-10-10 12:26 - 2018-09-09 03:57 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-10-10 12:26 - 2018-09-09 03:57 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-10-10 12:26 - 2018-09-09 03:57 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-10-10 12:26 - 2018-09-09 03:57 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-10-10 12:26 - 2018-09-09 03:57 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-10-10 12:26 - 2018-09-09 03:57 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-10-10 12:26 - 2018-09-09 03:57 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-10-10 12:26 - 2018-09-09 03:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-10-10 12:26 - 2018-09-09 03:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-10-10 12:26 - 2018-09-09 03:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-10-10 12:26 - 2018-09-09 03:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-10-10 12:26 - 2018-09-09 03:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-10-10 12:26 - 2018-09-09 03:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-10-10 12:26 - 2018-09-09 03:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-10-10 12:26 - 2018-09-09 03:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-10-10 12:26 - 2018-09-09 03:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-10-10 12:26 - 2018-09-09 03:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-10-10 12:26 - 2018-09-09 03:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-10-10 12:26 - 2018-09-09 03:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-10-10 12:26 - 2018-09-09 03:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-10-10 12:26 - 2018-09-09 03:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-10-10 12:26 - 2018-09-09 03:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-10-10 12:26 - 2018-09-09 03:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-10-10 12:26 - 2018-09-09 03:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-10-10 12:26 - 2018-09-09 03:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-10-10 12:26 - 2018-09-09 03:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-10-10 12:26 - 2018-09-09 03:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-10-10 12:26 - 2018-09-09 03:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-10-10 12:26 - 2018-09-09 03:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-10-10 12:26 - 2018-09-09 03:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-10-10 12:26 - 2018-09-09 03:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-10-10 12:26 - 2018-09-09 03:46 - 004054216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-10-10 12:26 - 2018-09-09 03:46 - 003959496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-10-10 12:26 - 2018-09-09 03:46 - 001314072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-10-10 12:26 - 2018-09-09 03:44 - 002755584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll
2018-10-10 12:26 - 2018-09-09 03:44 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-10-10 12:26 - 2018-09-09 03:44 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-10-10 12:26 - 2018-09-09 03:44 - 000313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2018-10-10 12:26 - 2018-09-09 03:44 - 000275968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-10-10 12:26 - 2018-09-09 03:44 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-10-10 12:26 - 2018-09-09 03:44 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-10-10 12:26 - 2018-09-09 03:44 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-10-10 12:26 - 2018-09-09 03:44 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-10-10 12:26 - 2018-09-09 03:44 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-10-10 12:26 - 2018-09-09 03:44 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-10-10 12:26 - 2018-09-09 03:43 - 001391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2018-10-10 12:26 - 2018-09-09 03:43 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-10-10 12:26 - 2018-09-09 03:43 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-10-10 12:26 - 2018-09-09 03:43 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-10-10 12:26 - 2018-09-09 03:43 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-10-10 12:26 - 2018-09-09 03:43 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-10-10 12:26 - 2018-09-09 03:43 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-10-10 12:26 - 2018-09-09 03:43 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-10-10 12:26 - 2018-09-09 03:43 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-10-10 12:26 - 2018-09-09 03:43 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-10-10 12:26 - 2018-09-09 03:43 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2018-10-10 12:26 - 2018-09-09 03:42 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-10-10 12:26 - 2018-09-09 03:42 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-10-10 12:26 - 2018-09-09 03:42 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-10-10 12:26 - 2018-09-09 03:42 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-10-10 12:26 - 2018-09-09 03:42 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-10-10 12:26 - 2018-09-09 03:42 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-10-10 12:26 - 2018-09-09 03:42 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-10-10 12:26 - 2018-09-09 03:42 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-10-10 12:26 - 2018-09-09 03:42 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-10-10 12:26 - 2018-09-09 03:42 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-10-10 12:26 - 2018-09-09 03:42 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-10-10 12:26 - 2018-09-09 03:42 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-10-10 12:26 - 2018-09-09 03:42 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-10-10 12:26 - 2018-09-09 03:42 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-10-10 12:26 - 2018-09-09 03:42 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-10-10 12:26 - 2018-09-09 03:42 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-10-10 12:26 - 2018-09-09 03:42 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-10-10 12:26 - 2018-09-09 03:42 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-10-10 12:26 - 2018-09-09 03:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-10-10 12:26 - 2018-09-09 03:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-10-10 12:26 - 2018-09-09 03:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-10-10 12:26 - 2018-09-09 03:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-10-10 12:26 - 2018-09-09 03:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-10-10 12:26 - 2018-09-09 03:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-10-10 12:26 - 2018-09-09 03:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-10-10 12:26 - 2018-09-09 03:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-10-10 12:26 - 2018-09-09 03:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-10-10 12:26 - 2018-09-09 03:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-10-10 12:26 - 2018-09-09 03:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-10-10 12:26 - 2018-09-09 03:25 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-10-10 12:26 - 2018-09-09 03:25 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-10-10 12:26 - 2018-09-09 03:25 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-10-10 12:26 - 2018-09-09 03:25 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-10-10 12:26 - 2018-09-09 03:21 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-10-10 12:26 - 2018-09-09 03:21 - 000129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-10-10 12:26 - 2018-09-09 03:20 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-10-10 12:26 - 2018-09-09 03:18 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-10-10 12:26 - 2018-09-09 03:16 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-10-10 12:26 - 2018-09-09 03:15 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-10-10 12:26 - 2018-09-09 03:15 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2018-10-10 12:26 - 2018-09-09 03:15 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2018-10-10 12:26 - 2018-09-09 03:15 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2018-10-10 12:26 - 2018-09-09 03:15 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2018-10-10 12:26 - 2018-09-09 03:15 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-10-10 12:26 - 2018-09-09 03:13 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-10-10 12:26 - 2018-09-09 03:13 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-10-10 12:26 - 2018-09-09 03:13 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-10-10 12:26 - 2018-09-09 03:13 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-10-10 12:26 - 2018-09-09 03:12 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-10-10 12:26 - 2018-09-09 03:12 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-10-10 12:26 - 2018-09-09 03:12 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-10-10 12:26 - 2018-09-09 03:12 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-10-10 12:26 - 2018-09-09 03:12 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-10-10 12:26 - 2018-08-28 09:24 - 014637568 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2018-10-10 12:26 - 2018-08-28 09:24 - 012574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2018-10-10 12:26 - 2018-08-28 09:24 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2018-10-10 12:26 - 2018-08-28 09:24 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2018-10-10 12:26 - 2018-08-28 09:24 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2018-10-10 12:26 - 2018-08-28 09:09 - 012574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2018-10-10 12:26 - 2018-08-28 09:09 - 011411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2018-10-10 12:26 - 2018-08-28 08:52 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2018-10-10 12:26 - 2018-08-28 08:52 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2018-10-10 12:26 - 2018-08-28 08:52 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2018-10-10 12:26 - 2018-08-16 05:18 - 000041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2018-10-10 12:26 - 2018-08-14 00:49 - 001391856 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2018-10-10 12:26 - 2018-08-13 18:54 - 000687616 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2018-10-10 12:26 - 2018-08-12 23:32 - 000140976 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-10-10 12:26 - 2018-08-12 23:27 - 000680960 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-10-10 12:26 - 2018-08-08 18:54 - 000194048 _____ (Microsoft Corporation) C:\Windows\system32\itircl.dll
2018-10-10 12:26 - 2018-08-08 18:54 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
2018-10-10 12:26 - 2018-08-08 18:40 - 000158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itircl.dll
2018-10-10 12:26 - 2018-08-08 18:40 - 000142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
2018-10-09 11:42 - 2018-10-09 11:42 - 000066126 _____ C:\Users\Vasilis\Desktop\ΟΑΕΔ eServices IIS - Γ - 439049089.pdf
2018-10-09 11:41 - 2018-10-09 11:41 - 000070000 _____ C:\Users\Vasilis\Desktop\ΟΑΕΔ eServices IIS - Γ - 503246931.pdf
2018-10-09 11:41 - 2018-10-09 11:41 - 000068618 _____ C:\Users\Vasilis\Desktop\ΟΑΕΔ eServices IIS - Γ - 677123364.pdf
2018-10-09 11:41 - 2018-10-09 11:41 - 000064569 _____ C:\Users\Vasilis\Desktop\ΟΑΕΔ eServices IIS - Γ - 677479076.pdf
2018-10-09 11:39 - 2018-10-09 11:39 - 000068808 _____ C:\Users\Vasilis\Desktop\ΟΑΕΔ eServices IIS - Γ - 28624641.pdf
2018-10-09 11:39 - 2018-10-09 11:39 - 000066327 _____ C:\Users\Vasilis\Desktop\ΟΑΕΔ eServices IIS - Γ - 677072311.pdf
2018-10-04 10:17 - 2018-10-04 10:17 - 000584913 _____ C:\Users\Vasilis\Desktop\ΣΜΥΡΟΓΛΟΥ ΒΑΣΙΛΕΙΟΣ-04102018101005.pdf
2018-10-01 11:56 - 2018-10-04 20:20 - 000000000 ____D C:\Users\PC1_A\AppData\LocalLow\Adobe
2018-10-01 08:59 - 2018-10-04 15:12 - 000000000 ____D C:\Users\Vasilis\Documents\_KP
2018-10-01 08:53 - 2018-10-01 08:53 - 000000568 _____ C:\Users\PC1_A\Documents\Ω_ΕΝΕΡΓΕΙΑΚΕΣ ΕΠΙΘΕΩΡΗΣΕΙΣ.lnk
2018-10-01 08:53 - 2018-10-01 08:53 - 000000483 _____ C:\Users\PC1_A\Documents\Ω_ΕΓΓΡΑΦΑ.lnk
2018-09-24 21:01 - 2018-09-24 21:01 - 000003500 _____ C:\Windows\System32\Tasks\BlueStacksHelper
2018-09-24 20:55 - 2018-09-24 20:55 - 000001849 _____ C:\Users\PC1_A\AppData\Roaming\Microsoft\Windows\Start Menu\BlueStacks.lnk
2018-09-24 20:54 - 2018-09-24 20:55 - 000000000 ____D C:\ProgramData\BlueStacks
2018-09-24 20:54 - 2018-09-24 20:54 - 000000000 ____D C:\Users\PC1_A\AppData\Local\NVIDIA
2018-09-24 20:54 - 2018-09-24 20:54 - 000000000 ____D C:\Users\PC1_A\AppData\Local\Bluestacks
2018-09-24 20:54 - 2018-09-24 20:54 - 000000000 ____D C:\Program Files\BlueStacks
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-10-19 00:07 - 2018-04-23 18:30 - 000000906 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2018-10-19 00:02 - 2018-04-23 18:28 - 000000000 ____D C:\Users\Vasilis\AppData\Roaming\KeePass
2018-10-18 23:52 - 2009-07-14 08:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2018-10-18 23:52 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\inf
2018-10-18 23:43 - 2018-04-24 10:29 - 000007607 _____ C:\Users\PC1_A\AppData\Local\Resmon.ResmonCfg
2018-10-18 23:41 - 2018-04-21 21:16 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2018-10-18 22:50 - 2009-07-14 07:45 - 000021920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-10-18 22:50 - 2009-07-14 07:45 - 000021920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-10-18 22:45 - 2018-05-21 19:38 - 000000000 ____D C:\ProgramData\NVIDIA
2018-10-18 22:45 - 2018-04-23 18:30 - 000000902 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2018-10-18 22:44 - 2018-04-23 18:30 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-10-18 22:41 - 2009-07-14 08:08 - 000000368 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-10-18 22:41 - 2009-07-14 08:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-10-18 22:23 - 2018-07-20 12:13 - 000089168 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\kldisk.sys
2018-10-18 22:23 - 2018-02-02 03:45 - 000123144 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klbackupflt.sys
2018-10-18 22:23 - 2017-12-27 10:10 - 000073416 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klbackupdisk.sys
2018-10-18 22:21 - 2018-04-21 21:16 - 000003032 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2018-10-18 22:21 - 2018-04-21 21:16 - 000000000 ____D C:\Program Files\Common Files\AV
2018-10-18 22:20 - 2018-04-21 21:00 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2018-10-18 22:19 - 2018-04-21 21:16 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2018-10-18 21:39 - 2018-04-21 23:38 - 000000000 ____D C:\ProgramData\RevitInterProcess
2018-10-18 12:28 - 2018-04-21 21:15 - 000152960 _____ (AO Kaspersky Lab) C:\Windows\system32\klhkum.dll
2018-10-18 12:28 - 2017-12-25 00:12 - 001214752 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2018-10-18 10:47 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\rescache
2018-10-17 20:28 - 2018-04-26 09:35 - 000000000 ____D C:\Users\Vasilis\AppData\LocalLow\Mozilla
2018-10-17 19:45 - 2018-09-01 20:18 - 000000000 ____D C:\Users\Vasilis\Desktop\Beard
2018-10-17 00:21 - 2011-04-12 11:28 - 000000000 ____D C:\Windows\ShellNew
2018-10-16 23:52 - 2018-04-21 22:02 - 000765656 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-10-16 00:48 - 2010-11-21 06:27 - 000559880 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2018-10-13 20:42 - 2018-05-30 11:56 - 000000000 ____D C:\Users\Vasilis\AppData\Local\CrashDumps
2018-10-13 20:31 - 2018-08-01 09:08 - 000000000 ____D C:\Windows\Minidump
2018-10-13 20:26 - 2018-05-21 20:14 - 000000000 ____D C:\Windows\System32\Tasks\Event Viewer Tasks
2018-10-13 16:15 - 2018-05-30 10:27 - 000000000 ____D C:\Users\Vasilis\AppData\Roaming\qBittorrent
2018-10-12 11:48 - 2018-04-23 00:29 - 000000000 ____D C:\.pagefile
2018-10-10 21:22 - 2018-09-05 12:42 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-10-10 18:45 - 2018-04-21 17:48 - 000000000 ____D C:\Users\PC1_A
2018-10-10 15:26 - 2009-07-14 07:45 - 000461336 _____ C:\Windows\system32\FNTCACHE.DAT
2018-10-10 15:24 - 2018-04-21 18:52 - 000000000 ____D C:\Windows\system32\MRT
2018-10-10 15:22 - 2018-04-21 18:52 - 136745976 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-10-08 08:33 - 2018-05-04 15:09 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-10-08 08:33 - 2018-04-23 15:01 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-10-05 14:20 - 2018-09-05 12:45 - 000000000 ____D C:\Users\Vasilis\AppData\LocalLow\Adobe
2018-10-04 20:59 - 2018-04-25 00:38 - 000000000 ____D C:\ProgramData\art-cad
2018-10-01 11:56 - 2018-09-05 12:41 - 000000000 ____D C:\Users\PC1_A\AppData\Local\Adobe
2018-10-01 11:56 - 2018-04-21 18:14 - 000000000 ____D C:\Users\PC1_A\AppData\Roaming\Adobe
2018-10-01 10:29 - 2018-04-24 11:41 - 000000000 ____D C:\Users\Vasilis\Documents\_Οικογενειακά
2018-09-25 10:41 - 2018-05-05 22:10 - 000000000 ____D C:\Users\Vasilis\.VirtualBox
2018-09-21 08:59 - 2018-09-05 12:43 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-09-20 09:02 - 2018-04-23 18:30 - 000003902 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2018-09-20 09:02 - 2018-04-23 18:30 - 000003650 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2018-09-20 08:54 - 2018-07-12 13:53 - 000000000 ____D C:\Users\PC1_A\AppData\Local\CrashDumps
 
==================== Files in the root of some directories =======
 
2018-04-24 10:29 - 2018-10-18 23:43 - 000007607 _____ () C:\Users\PC1_A\AppData\Local\Resmon.ResmonCfg
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-10-15 11:12
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10.10.2018
Ran by PC1_A (19-10-2018 00:08:39)
Running from D:\0_DOK\_Bleeping
Windows 7 Professional Service Pack 1 (X64) (2018-04-21 14:48:02)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2928681103-1180902673-3709917691-500 - Administrator - Disabled)
Guest (S-1-5-21-2928681103-1180902673-3709917691-501 - Limited - Disabled)
Nikol (S-1-5-21-2928681103-1180902673-3709917691-1001 - Limited - Enabled) => C:\Users\Nikol
PC1_A (S-1-5-21-2928681103-1180902673-3709917691-1000 - Administrator - Enabled) => C:\Users\PC1_A
Rafaela (S-1-5-21-2928681103-1180902673-3709917691-1003 - Limited - Enabled) => C:\Users\Rafaela
Vasilis (S-1-5-21-2928681103-1180902673-3709917691-1002 - Limited - Enabled) => C:\Users\Vasilis
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Total Security (Enabled - Up to date) {0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8}
AS: Kaspersky Total Security (Enabled - Up to date) {B1D2E896-6D96-7460-F17A-838B9D00DD65}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Enabled) {32888857-01C3-7AB6-E095-11CC1854D0A3}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
@netCD (HKLM-x32\...\{031A37F8-687E-4FAE-8908-C25362345B76}) (Version: 3.02.000 - Domiki)
@netCD (HKLM-x32\...\{B6D8948C-4E92-40E1-AE37-F09AFB425FDF}) (Version: 3.02.000 - Domiki) Hidden
ACA & MEP 2017 Object Enabler (HKLM\...\{28B89EEF-0004-0000-5102-CF3F3A09B77D}) (Version: 7.9.48.0 - Autodesk) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.008.20074 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Align (HKLM-x32\...\{9BF21D06-D1E2-4CBA-BA71-C9179B28D692}) (Version: 1.4.0 - BIM 42)
AutoCAD 2017 (HKLM\...\{28B89EEF-0001-0000-0102-CF3F3A09B77D}) (Version: 21.0.52.7 - Autodesk) Hidden
AutoCAD 2017 Language Pack - English (HKLM\...\{28B89EEF-0001-0409-1102-CF3F3A09B77D}) (Version: 21.0.52.0 - Autodesk) Hidden
AutoCAD 2017 VBA Enabler (HKLM\...\{9104FC85-09D6-424D-01A8-C6A3C2DF8C2F}) (Version: 21.0.52.0 - Autodesk) Hidden
AutoCAD Architecture 2017 Language Shared - English (HKLM\...\{28B89EEF-0004-0409-4102-CF3F3A09B77D}) (Version: 7.9.48.0 - Autodesk) Hidden
AutoCAD Architecture 2017 Shared (HKLM\...\{28B89EEF-0004-0000-4102-CF3F3A09B77D}) (Version: 7.9.48.0 - Autodesk) Hidden
AutoCAD Civil 3D Matterhorn Private Pack (HKLM\...\{28B89EEF-0000-0000-3102-CF3F3A09B77D}) (Version: 11.0.659.0 - Autodesk) Hidden
AutoCAD Raster Design 2017 (HKLM\...\{28B89EEF-0031-0409-0102-CF3F3A09B77D}) (Version: 21.0.52.0 - Autodesk) Hidden
Autodesk A360 Collaboration for Revit 2017 (HKLM\...\{AA384BE4-1707-0010-0000-97E7D7D00B17}) (Version: 17.0.1150.0 - Autodesk) Hidden
Autodesk A360 Collaboration for Revit 2017 (HKLM\...\Autodesk A360 Collaboration for Revit 2017) (Version: 17.0.1150.0 - Autodesk)
Autodesk Advanced Material Library Image Library 2017 (HKLM-x32\...\{8ED2ED41-4455-449D-993C-751C039089B9}) (Version: 15.11.3.0 - Autodesk)
Autodesk AutoCAD 2017 Hotfix 2 (HKLM\...\AutoCAD 2017 Hotfix 2) (Version: 21.0.52.7 - Autodesk)
Autodesk AutoCAD 2017 Hotfix 3 (HKLM\...\AutoCAD 2017 Hotfix 3) (Version: 21.0.52.9 - Autodesk)
Autodesk AutoCAD 2017 VBA Enabler (HKLM\...\AutoCAD 2017 VBA Enabler) (Version: 21.0.52.0 - Autodesk)
Autodesk AutoCAD Civil 3D 2017 - English (HKLM\...\{28B89EEF-0000-0409-2102-CF3F3A09B77D}) (Version: 11.0.659.0 - Autodesk) Hidden
Autodesk AutoCAD Civil 3D 2017 - English (HKLM\...\Autodesk AutoCAD Civil 3D 2017 - English) (Version: 11.0.659.0 - Autodesk)
Autodesk AutoCAD Civil 3D 2017 (HKLM\...\{28B89EEF-0000-0000-0102-CF3F3A09B77D}) (Version: 11.0.771.0 - Autodesk) Hidden
Autodesk AutoCAD Civil 3D 2017 64 Bit Object Enabler on Revit 2017 - Language Neutral (HKLM\...\{8905E594-6C60-455F-AD61-5CEBC24D9C95}) (Version: 659.0 - Autodesk, Inc.)
Autodesk AutoCAD Civil 3D 2017 Language Pack - English (HKLM\...\{28B89EEF-0000-0409-1102-CF3F3A09B77D}) (Version: 11.0.659.0 - Autodesk) Hidden
Autodesk AutoCAD Civil 3D 2017 SP1 (HKLM\...\Autodesk AutoCAD Civil 3D 2017 SP1) (Version: 11.0.763.0 - Autodesk) Hidden
Autodesk AutoCAD Civil 3D 2017 SP1.1 (HKLM\...\Autodesk AutoCAD Civil 3D 2017 SP1.1) (Version: 11.0.771.0 - Autodesk)
Autodesk AutoCAD Map 3D 2017 (HKLM\...\{28B89EEF-0002-0000-0102-CF3F3A09B77D}) (Version: 20.0.009.5 - Autodesk) Hidden
Autodesk AutoCAD Map 3D 2017 Language Pack - English (HKLM\...\{28B89EEF-0002-0409-1102-CF3F3A09B77D}) (Version: 20.0.009.5 - Autodesk) Hidden
Autodesk AutoCAD Raster Design 2017 (HKLM\...\AutoCAD Raster Design 2017) (Version: 21.0.52.0 - Autodesk)
Autodesk BIM 360 Glue AutoCAD 2017 Add-in 64 bit (HKLM\...\{276A67E0-71EB-4827-B5F7-2ACF02BC1A5B}) (Version: 4.37.6853 - Autodesk)
Autodesk BIM 360 Revit 2017 Add-in 64 bit (HKLM\...\{A26EBAD5-9591-407F-9D6C-C7A4F3DFE506}) (Version: 4.37.6853 - Autodesk)
Autodesk License Service (x64) - 3.1 (HKLM\...\{EB6FE58F-8576-4272-BB9C-6B47D9EDFA4D}) (Version: 3.1.26.0 - Autodesk)
Autodesk Material Library 2017 (HKLM-x32\...\{8FB9F735-D64C-4991-8D91-4CDDAB1ABDEE}) (Version: 15.11.3.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2017 (HKLM-x32\...\{3FBFBC43-9882-43FA-B979-2D53896747B3}) (Version: 15.11.3.0 - Autodesk)
Autodesk Material Library Low Resolution Image Library 2017 (HKLM-x32\...\{360AC116-6CD4-4E7D-8174-28D47B05E898}) (Version: 15.11.3.0 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2017 (HKLM-x32\...\{CB6E007E-701D-42CD-AF0E-4BE9C36C7F7C}) (Version: 15.11.3.0 - Autodesk)
Autodesk Revit 2017 (HKLM\...\Autodesk Revit 2017) (Version: 17.0.1150.0 - Autodesk)
Autodesk Revit 2017 (HKLM\...\Revit 2017) (Version:  - )
Autodesk Revit 2017.2.3 (HKLM\...\Autodesk Revit 2017 SP8) (Version: 17.0.1150.0 - Autodesk)
Autodesk Revit 2017.2.3 Update (HKLM-x32\...\{09423ccd-2db5-42b4-a92f-2a99c8009418}) (Version: 17.0.1150.0 - Autodesk) Hidden
Autodesk Revit Content Libraries 2017 (HKLM\...\Autodesk Revit Content Libraries 2017) (Version: 17.0.416.0 - Autodesk)
Autodesk Revit Content Libraries 2017 (HKLM\...\Revit Content Libraries 2017) (Version:  - )
Autodesk Revit MEP Metric Content v2.0 (HKLM\...\{DEF775C7-84BF-4730-976A-FE3747F1757C}) (Version: 2.0 - Autodesk)
Autodesk Revit Site Designer Extension 2017 (HKLM\...\{48F4AD4C-1702-0010-0000-0A7B3B0A5D16}) (Version: 17.0.1057.0 - Autodesk) Hidden
Autodesk Revit Site Designer Extension 2017 (HKLM\...\Autodesk Revit Site Designer Extension 2017) (Version: 17.0.1057.0 - Autodesk)
Autodesk Subassembly Composer on Autodesk AutoCAD Civil 3D 2017 - English - English (United States) (HKLM\...\{A599D6A6-0C55-4007-A023-C6B964A42965}) (Version: 659.0 - Autodesk, Inc.)
Autodesk Vehicle Tracking 2017 (64 bit) Core (HKLM\...\{B2577305-1C65-4F0E-AC2C-428D2FEAAB0D}) (Version: 7.5.1705.0 - Autodesk, Inc.) Hidden
Autodesk Workflows 2017 (HKLM\...\{23A13F78-5B67-441A-ABF9-48BE8B5455DB}) (Version: 15.11.13.0 - Autodesk, Inc.)
AutoKENAK 2017 (HKLM\...\{4F9D0CC9-DF1B-4955-ABD8-FD01B6B2B242}) (Version: 21.00.0010 - ART Ltd) Hidden
AutoKENAK 2017 (HKU\S-1-5-21-2928681103-1180902673-3709917691-1000\...\InstallShield_{4F9D0CC9-DF1B-4955-ABD8-FD01B6B2B242}) (Version: 21.00.0010 - ART Ltd)
BlueStacks App Player (HKLM\...\BlueStacks) (Version: 4.30.50.1690 - BlueStack Systems, Inc.)
Bullzip PDF Printer 11.6.0.2714 (HKLM\...\Bullzip PDF Printer_is1) (Version: 11.6.0.2714 - Bullzip)
COINS Auto-Section Box for Revit 2016-2019 (HKLM-x32\...\{7C1170F5-5E1E-4C71-AB69-D1F1106DE234}) (Version: 6.0.0.0 - COINS)
COORD_GR (C:\Program Files (x86)\COORD_GR\) (HKLM-x32\...\ST6UNST #2) (Version:  - )
COORD_GR (HKLM-x32\...\ST6UNST #1) (Version:  - )
DelSurvey Professional  (HKLM-x32\...\DelSurvey Professional Έκδοση v.5.1 - 14.11.2016) (Version:  - )
DelSurveyCad για Autocad 2017 (HKLM-x32\...\DelSurveyCad για Autocad 2017Έκδοση v 5.1 - 14.11.2016) (Version:  - )
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 398.11 - NVIDIA Corporation) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 60.3.101 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.143.1 - Dropbox, Inc.) Hidden
Dulux Colour Atlas (HKLM\...\{B6600D48-DA68-4B6E-92B7-DA4CFDDB68AC}) (Version: 2.4.0.0 - Dulux Australia)
Dynamo 0.9.1 (HKLM\...\{85626FB3-CAF9-49C1-AA28-E3C75164BD6F}) (Version: 0.9.1.4062 - Autodesk)
Dynamo Core 1.2.1 (HKLM\...\{2FA28FE4-7658-4A1D-B6D1-3507557D3AD6}) (Version: 1.2.1.3083 - Dynamo)
Dynamo Core 2.0.0 (HKLM\...\{EC46291D-E522-464C-96BF-DDBFD281B2B7}) (Version: 2.0.0.4654 - Dynamo)
Dynamo Revit 1.2.1 (HKLM\...\{CC94D6D2-E658-4D7F-A3D2-D2C3C2D8F0FC}) (Version: 1.2.1.3083 - Dynamo)
Dynamo Revit 2.0.0 (HKLM\...\{DDD14875-8A4A-46D2-BA9D-73480950B6F0}) (Version: 2.0.0.4655 - Dynamo)
EIZO ScreenSlicer (HKLM-x32\...\{292A177D-723F-4537-9985-BC8BFCD8B63D}) (Version: 1.1.5.0 - EIZO Corporation)
FARO LS 1.1.501.0 (64bit) (HKLM-x32\...\{8A470330-70B2-49AD-86AF-79885EF9898A}) (Version: 5.1.0.30630 - FARO Scanner Production)
FormIt 360 Converter For Revit 2017 (HKLM\...\{637211B6-D2E9-474A-BF06-4F61F1254104}) (Version: 1.9.0.0 - Autodesk)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 69.0.3497.100 - Google Inc.)
Google Earth Pro (HKLM\...\{F914BC59-918A-498F-B2E3-B274C9CB48A8}) (Version: 7.3.2.5491 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
HashTab 6.0.0.34 (HKLM\...\HashTab) (Version: 6.0.0.34 - Implbits Software)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
IrfanView 4.51 (64-bit) (HKLM\...\IrfanView64) (Version: 4.51 - Irfan Skiljan)
IronPython 2.7.3 (HKLM-x32\...\{1EBADAEA-1A0F-40E3-848C-0DD8C5E5A10D}) (Version: 2.7.31000.0 - IronPython Team)
Java 8 Update 181 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180181F0}) (Version: 8.0.1810.13 - Oracle Corporation)
Kaspersky Secure Connection (HKLM-x32\...\{F33C0717-8E04-4EB5-90C8-47221287DB4F}) (Version: 18.0.0.405 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{F33C0717-8E04-4EB5-90C8-47221287DB4F}) (Version: 18.0.0.405 - Kaspersky Lab)
Kaspersky Total Security (HKLM-x32\...\{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab) Hidden
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab)
KeePass Password Safe 2.40 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.40 - Dominik Reichl)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliType Pro 8.2 (HKLM\...\Microsoft IntelliType Pro 8.2) (Version: 8.20.469.0 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft Visual Basic PowerPacks 10.0 (HKLM-x32\...\{2D9F8079-7D50-3EFD-B3BD-ED642E4EE756}) (Version: 10.0.20911 - Microsoft)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 62.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 62.0.3 (x64 en-US)) (Version: 62.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 61.0.1 - Mozilla)
MPC-HC 1.7.13 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.13 - MPC-HC Team)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.5.8 - Notepad++ Team)
NVIDIA Graphics Driver 398.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 398.11 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Oracle VM VirtualBox 5.2.16 (HKLM\...\{9BDE6621-5201-47E9-8394-FF44CBD66A1E}) (Version: 5.2.16 - Oracle Corporation)
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.322.8 - Tracker Software Products Ltd)
Personal Accelerator for Revit (HKLM\...\{7C317DB0-F399-4024-A289-92CF4B6FB256}) (Version: 16.0.1205.0 - Autodesk) Hidden
Personal Accelerator for Revit (HKLM\...\Personal Accelerator for Revit) (Version: 16.0.1205.0 - Autodesk)
qBittorrent 4.1.3 (HKLM-x32\...\qBittorrent) (Version: 4.1.3 - The qBittorrent project)
QGIS 3.0.3 'Girona' (HKLM\...\QGIS 3.0) (Version: 3.0.3 - QGIS Development Team)
QuickBooks (HKLM-x32\...\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}) (Version: 22.0.4016.2206 - Intuit Inc.) Hidden
QuickBooks Premier: Accountant Edition 2012 (HKLM-x32\...\{2181214D-1954-4C60-91FD-EEA7EBB32022}) (Version: 22.0.4016.2206 - Intuit Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.30.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.30.0 - Renesas Electronics Corporation)
Revit 2017 (HKLM\...\{7346B4A0-1700-0510-0000-705C0D862004}) (Version: 17.0.1150.0 - Autodesk) Hidden
Revit Content Libraries 2017 (HKLM\...\{941030D0-1700-0410-0000-818BB38A95FC}) (Version: 17.0.416.0 - Autodesk) Hidden
SafeNet Authentication Client 8.3 (HKLM\...\{648B71AE-68FC-45D4-B1A3-21BC86229A73}) (Version: 8.3.52.0 - SafeNet, Inc.)
SketchUp Import 2016-2017 (HKLM-x32\...\{063925DB-9D8C-48E2-8F04-1B7038B6C783}) (Version: 2.2.0 - Autodesk)
StairDesigner 6.04 (HKLM-x32\...\StairDesigner 6) (Version: 6.4.0.1 - Boole & Partners)
TEE_KENAK_1.31.1.9 (HKLM-x32\...\{1D6898AA-8186-41AB-B66A-7EBA3EB63CEA}) (Version: 1.31.1.9 - Επωνυμία Επιχείρησης)
TEE_KENAK_1_29 (HKLM-x32\...\{AD32E753-C518-4678-9E40-164DA14F107D}) (Version: 1.29.1.19 - Επωνυμία Επιχείρησης)
TEE_KENAK_1_29 (HKLM-x32\...\{B4AE8FA2-8CD3-4394-8C4B-1E88E45155A3}) (Version: 1.29.1.19 - Επωνυμία Επιχείρησης)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.12 - Ghisler Software GmbH)
TRANSDAT (HKLM-x32\...\TRANSDAT_is1) (Version: floating - Killet Software Ing.-GbR (KilletSoft))
Update for Skype for Business 2016 (KB3213548) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{1C894A72-A611-4A19-B106-0218E3CAC377}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB3213548) 64-Bit Edition (HKLM\...\{90160000-012B-0408-1000-0000000FF1CE}_Office16.PROPLUS_{1C894A72-A611-4A19-B106-0218E3CAC377}) (Version:  - Microsoft)
Viber (HKLM-x32\...\{DD15B198-A4E2-4FE2-9039-C4931D248A6D}) (Version: 9.1.0.6 - Viber Media Inc.) Hidden
Viber (HKU\S-1-5-21-2928681103-1180902673-3709917691-1002\...\{d2bd1d7b-abd7-4d75-800a-485607f728d9}) (Version: 9.1.0.6 - Viber Media Inc.)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.5.0.0 - Elaborate Bytes)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{6DA2B636-698A-3294-BF4A-B5E11B238CDD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{14866AAD-1F23-39AC-A62B-7091ED1ADE64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
ΕΓΣΑ2Kml version 2.1 (HKLM-x32\...\{AEDD40CF-5BBA-4468-82D1-6BD0D8A7D1BA}_is1) (Version: 2.1 - dcad.gr)
Εργαλεία γλωσσικού ελέγχου του Microsoft Office 2016 - Ελληνικά (HKLM\...\{90160000-001F-0408-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2928681103-1180902673-3709917691-1000_Classes\CLSID\{0D327DA6-B4DF-4842-B833-2CFF84F0948F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2017\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2928681103-1180902673-3709917691-1000_Classes\CLSID\{49E0BE0A-39E0-4932-B7BE-F249D56ACD31}\InprocServer32 -> csp16.dll => No File
CustomCLSID: HKU\S-1-5-21-2928681103-1180902673-3709917691-1000_Classes\CLSID\{720DB9AF-D62C-4ED0-A377-429C22312852}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2017\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2928681103-1180902673-3709917691-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2017\en-US\acadficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2928681103-1180902673-3709917691-1002_Classes\CLSID\{0D327DA6-B4DF-4842-B833-2CFF84F0948F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2017\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2928681103-1180902673-3709917691-1002_Classes\CLSID\{49E0BE0A-39E0-4932-B7BE-F249D56ACD31}\InprocServer32 -> csp16.dll => No File
CustomCLSID: HKU\S-1-5-21-2928681103-1180902673-3709917691-1002_Classes\CLSID\{720DB9AF-D62C-4ED0-A377-429C22312852}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2017\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2928681103-1180902673-3709917691-1002_Classes\CLSID\{7CB4D2F7-77AE-4A08-9BDF-21370FF8D6BD}\InprocServer32 -> C:\Program Files\Google\Drive File Stream\25.252.289.1553\drivefsext.dll => No File
CustomCLSID: HKU\S-1-5-21-2928681103-1180902673-3709917691-1002_Classes\CLSID\{96836CC1-31EA-4F1C-A7F4-D67863D5D4FD}\InprocServer32 -> C:\Program Files\Google\Drive File Stream\25.252.289.1553\drivefsext.dll => No File
CustomCLSID: HKU\S-1-5-21-2928681103-1180902673-3709917691-1002_Classes\CLSID\{9EE0C242-8973-456D-B382-0752476703FD}\InprocServer32 -> C:\Program Files\Google\Drive File Stream\25.252.289.1553\drivefsext.dll => No File
CustomCLSID: HKU\S-1-5-21-2928681103-1180902673-3709917691-1002_Classes\CLSID\{B53FB4A1-B6BB-4F9B-AAA8-8704FBC1BE25}\InprocServer32 -> C:\Program Files\Google\Drive File Stream\25.252.289.1553\drivefsext.dll => No File
CustomCLSID: HKU\S-1-5-21-2928681103-1180902673-3709917691-1002_Classes\CLSID\{C9F7D7A1-D13F-4C72-9AB0-06FDC65AA931}\InprocServer32 -> C:\Program Files\Google\Drive File Stream\25.252.289.1553\drivefsext.dll => No File
CustomCLSID: HKU\S-1-5-21-2928681103-1180902673-3709917691-1002_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2017\en-US\acadficn.dll (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2016-02-07] (Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-18] (Dropbox, Inc.)
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2016-02-07] (Autodesk)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2018-07-23] ()
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-18] (Dropbox, Inc.)
ContextMenuHandlers1: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\x64\ShellEx.dll [2018-10-18] (AO Kaspersky Lab)
ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers2: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\x64\ShellEx.dll [2018-10-18] (AO Kaspersky Lab)
ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-18] (Dropbox, Inc.)
ContextMenuHandlers4: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\x64\ShellEx.dll [2018-10-18] (AO Kaspersky Lab)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-18] (Dropbox, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-06-01] (NVIDIA Corporation)
ContextMenuHandlers6: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\x64\ShellEx.dll [2018-10-18] (AO Kaspersky Lab)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-2928681103-1180902673-3709917691-1002: [DriveFS] -> {B53FB4A1-B6BB-4F9B-AAA8-8704FBC1BE25} =>  -> No File
ContextMenuHandlers4_S-1-5-21-2928681103-1180902673-3709917691-1002: [DriveFS] -> {B53FB4A1-B6BB-4F9B-AAA8-8704FBC1BE25} =>  -> No File
ContextMenuHandlers5_S-1-5-21-2928681103-1180902673-3709917691-1002: [DriveFS] -> {B53FB4A1-B6BB-4F9B-AAA8-8704FBC1BE25} =>  -> No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1C9CF391-1C39-4EA1-B2B0-821B5D02A407} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2928681103-1180902673-3709917691-1002
Task: {30AFC825-1853-4198-84D3-E6498FAE90BF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-04-21] (Google Inc.)
Task: {46DA22A8-AB1D-4E4E-AEBA-A48D80240D0D} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-08-10] (Microsoft Corporation)
Task: {4E54B8CE-96D1-4B11-BD65-2D422B54235C} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2018-04-23] (Dropbox, Inc.)
Task: {537B17E6-4449-4938-8736-5146B6ADCA97} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {56288DBB-5FAB-40BE-BB78-6C4E0178500A} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2018-04-23] (Dropbox, Inc.)
Task: {633BBADF-2E36-4B90-9C09-FD400E54A78C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {81111885-86B0-40A8-82A8-CFED5EDF8EA2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-04-21] (Google Inc.)
Task: {9B08039C-E938-4A55-BA16-38E30D0BE0CF} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
Task: {ADC80A73-3EB3-4322-9427-EAB5678B8409} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2018-10-18] (AO Kaspersky Lab)
Task: {AF24A59A-B899-412C-BD33-A3B54032677E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {F8DAE9BF-6616-45FE-A65A-19416AA25C62} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {FA3EC691-236B-4D62-9DEF-94268D94444C} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe [2018-06-26] (BlueStack Systems, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-04-21 12:44 - 2015-04-21 12:44 - 000059784 _____ () C:\Program Files\Autodesk\Personal Accelerator for Revit\qoauth_Ad_1.dll
2015-04-21 12:44 - 2015-04-21 12:44 - 000922504 _____ () C:\Program Files\Autodesk\Personal Accelerator for Revit\qca_Ad_2.dll
2015-04-21 12:44 - 2015-04-21 12:44 - 000232328 _____ () C:\Program Files\Autodesk\Personal Accelerator for Revit\qjson_Ad_0.dll
2015-04-21 12:44 - 2015-04-21 12:44 - 000048520 _____ () C:\Program Files\Autodesk\Personal Accelerator for Revit\QtSolutions_MFCMigrationFramework_Ad_2.dll
2018-09-18 08:34 - 2018-09-15 11:26 - 005110616 _____ () C:\Program Files (x86)\Google\Chrome\Application\69.0.3497.100\libglesv2.dll
2018-09-18 08:34 - 2018-09-15 11:26 - 000116056 _____ () C:\Program Files (x86)\Google\Chrome\Application\69.0.3497.100\libegl.dll
2018-07-23 03:14 - 2018-07-23 03:14 - 000230064 _____ () C:\Program Files\Notepad++\NppShell_06.dll
2018-10-18 22:41 - 2018-10-18 22:41 - 000307200 _____ () C:\Windows\TEMP\mrt3E66.tmp\MMFS2.dll
2018-10-18 22:41 - 2018-10-18 22:41 - 000012800 _____ () C:\Windows\TEMP\mrt3E66.tmp\Get.mfx
2018-10-18 22:41 - 2018-10-18 22:41 - 000059392 _____ () C:\Windows\TEMP\mrt3E66.tmp\Yaso.mfx
2018-10-18 22:18 - 2018-10-18 22:18 - 000864112 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\kpcengine.2.3.dll
2018-10-18 22:43 - 2018-10-18 14:29 - 001140552 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2018-10-18 22:43 - 2018-10-18 14:29 - 002247496 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2018-04-23 18:40 - 2018-10-18 14:33 - 000023376 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.cp35-win32.pyd
2018-10-18 22:43 - 2018-10-18 14:32 - 000025456 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.cp35-win32.pyd
2018-04-23 18:40 - 2018-10-18 14:28 - 000142312 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.cp35-win32.pyd
2018-10-18 22:43 - 2018-10-18 14:32 - 001953640 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.cp35-win32.pyd
2018-10-18 22:43 - 2018-10-18 14:32 - 000025960 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.cp35-win32.pyd
2018-10-18 22:43 - 2018-10-18 14:29 - 000117720 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes35.dll
2018-04-23 18:40 - 2018-10-18 14:28 - 000109024 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.cp35-win32.pyd
2018-10-18 22:43 - 2018-10-18 14:32 - 000083784 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.cp35-win32.pyd
2018-10-18 22:43 - 2018-10-18 14:29 - 000418264 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom35.dll
2018-04-23 18:40 - 2018-10-18 14:28 - 000027616 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.cp35-win32.pyd
2018-04-23 18:40 - 2018-10-18 14:28 - 000049128 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.cp35-win32.pyd
2018-10-18 22:43 - 2018-10-18 14:32 - 000074072 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.cp35-win32.pyd
2018-04-23 18:40 - 2018-10-18 14:28 - 000131552 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.cp35-win32.pyd
2018-04-23 18:40 - 2018-10-18 14:33 - 000034664 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.cp35-win32.pyd
2018-10-18 22:43 - 2018-10-18 14:32 - 000025944 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.cp35-win32.pyd
2018-04-23 18:40 - 2018-10-18 14:28 - 000026600 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.cp35-win32.pyd
2018-04-23 18:40 - 2018-10-18 14:28 - 000182752 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.cp35-win32.pyd
2018-04-23 18:40 - 2018-10-18 14:28 - 000027616 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.cp35-win32.pyd
2018-04-23 18:40 - 2018-10-18 14:28 - 000118760 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.cp35-win32.pyd
2018-04-23 18:40 - 2018-10-18 14:33 - 000401752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.cp35-win32.pyd
2018-04-23 18:40 - 2018-10-18 14:28 - 000028640 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.cp35-win32.pyd
2018-04-23 18:40 - 2018-10-18 14:33 - 000061280 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.cp35-win32.pyd
2018-10-18 22:43 - 2018-10-18 14:28 - 000023520 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.cp35-win32.pyd
2018-04-23 18:40 - 2018-10-18 14:28 - 000053736 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.cp35-win32.pyd
2018-04-23 18:40 - 2018-10-18 14:28 - 000064992 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.cp35-win32.pyd
2018-04-23 18:40 - 2018-10-18 14:33 - 000068968 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.cp35-win32.pyd
2018-04-23 18:40 - 2018-10-18 14:33 - 000028520 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.cp35-win32.pyd
2018-10-18 22:43 - 2018-10-18 14:32 - 000027488 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.cp35-win32.pyd
2018-04-23 18:40 - 2018-10-18 14:28 - 000032224 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.cp35-win32.pyd
2018-10-18 22:43 - 2018-10-18 14:32 - 000156504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.cp35-win32.pyd
2018-04-23 18:40 - 2018-10-18 14:33 - 000092488 _____ () C:\Program Files (x86)\Dropbox\Client\sip.cp35-win32.pyd
2018-10-18 22:43 - 2018-10-18 14:32 - 001778000 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.cp35-win32.pyd
2018-10-18 22:43 - 2018-10-18 14:32 - 000518992 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.cp35-win32.pyd
2018-10-18 22:43 - 2018-10-18 14:32 - 000052056 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.cp35-win32.pyd
2018-10-18 22:43 - 2018-10-18 14:32 - 001929552 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.cp35-win32.pyd
2018-10-18 22:43 - 2018-10-18 14:32 - 003821392 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.cp35-win32.pyd
2018-10-18 22:43 - 2018-10-18 14:32 - 000044888 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.cp35-win32.pyd
2018-10-18 22:43 - 2018-10-18 14:32 - 000132944 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.cp35-win32.pyd
2018-10-18 22:43 - 2018-10-18 14:32 - 000218456 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.cp35-win32.pyd
2018-10-18 22:43 - 2018-10-18 14:32 - 000205656 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.cp35-win32.pyd
2018-04-23 18:40 - 2018-10-18 14:28 - 000061408 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.cp35-win32.pyd
2018-04-23 18:40 - 2018-10-18 14:33 - 000051552 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.cp35-win32.pyd
2018-04-23 18:40 - 2018-10-18 14:28 - 000027624 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.cp35-win32.pyd
2018-07-10 23:54 - 2018-10-18 14:33 - 000033632 _____ () C:\Program Files (x86)\Dropbox\Client\winreindex.compiled._winreindex.cp35-win32.pyd
2018-04-23 18:40 - 2018-10-18 14:33 - 000028008 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.cp35-win32.pyd
2018-04-23 18:40 - 2018-10-18 14:33 - 000025960 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.cp35-win32.pyd
2018-04-23 18:40 - 2018-10-18 14:33 - 000025448 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.cp35-win32.pyd
2018-04-23 18:40 - 2018-10-18 14:33 - 000025960 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.cp35-win32.pyd
2018-10-18 22:43 - 2018-10-18 14:32 - 000031600 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.cp35-win32.pyd
2018-04-23 18:40 - 2018-10-18 14:28 - 000486880 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.cp35-win32.pyd
2018-04-23 18:40 - 2018-10-18 14:33 - 000029040 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.cp35-win32.pyd
2018-10-18 22:43 - 2018-10-18 14:32 - 000029024 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.cp35-win32.pyd
2018-10-18 22:43 - 2018-10-18 14:29 - 000036312 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2018-04-23 18:40 - 2018-10-18 14:33 - 000025960 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.advapi32.compiled._winffi_advapi32.cp35-win32.pyd
2018-10-18 22:43 - 2018-10-18 14:32 - 000433992 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2018-04-23 18:40 - 2018-10-18 14:33 - 000035680 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.cp35-win32.pyd
2018-10-18 22:43 - 2018-10-18 14:32 - 000025920 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
2018-10-18 22:43 - 2018-10-18 14:32 - 001592128 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2018-04-23 18:40 - 2018-10-18 14:33 - 000029544 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.cp35-win32.pyd
2018-10-18 22:43 - 2018-10-18 14:32 - 000102736 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.cp35-win32.pyd
2018-10-11 21:46 - 2018-10-18 14:33 - 000025448 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.gdi32.compiled._winffi_gdi32.cp35-win32.pyd
2018-08-29 20:57 - 2018-10-18 14:33 - 000028520 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.shell32.compiled._winffi_shell32.cp35-win32.pyd
2018-10-18 22:43 - 2018-10-18 14:32 - 000530768 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.cp35-win32.pyd
2018-10-18 22:43 - 2018-10-18 14:32 - 000348496 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.cp35-win32.pyd
2018-10-18 22:43 - 2018-10-18 14:32 - 000037200 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngine.cp35-win32.pyd
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\S-1-5-21-2928681103-1180902673-3709917691-1000\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1"
HKU\S-1-5-21-2928681103-1180902673-3709917691-1002\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1"
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 05:34 - 2009-06-11 00:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2928681103-1180902673-3709917691-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\PC1_A\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2928681103-1180902673-3709917691-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Vasilis\AppData\Roaming\IrfanView\IrfanView_Wallpaper.bmp
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
If an entry is included in the fixlist, it will be removed.
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^EIZO ScreenSlicer.lnk => C:\Windows\pss\EIZO ScreenSlicer.lnk.CommonStartup
MSCONFIG\startupreg: Intuit SyncManager => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{A32B955A-2005-4239-B876-C49578B763DC}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
FirewallRules: [{727D2CB6-3ABC-42FE-AE67-23298C381E64}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
FirewallRules: [{AF91527E-98F1-4662-9931-76B25EB5F1EA}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
FirewallRules: [{5DE2F4DC-2966-4D82-9EF0-5BEBBFD7ABC9}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{4DB80F4F-D965-4865-A46D-47750E3BB74B}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{1DA32D2A-3EB2-481D-B09A-4F3AEAFA5AD4}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{E18B05C0-9842-4C1D-836C-75B8FBF22E16}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{D328E7E8-3D9E-4C3E-A662-A6425899E8F9}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{4A9FB52F-9F68-4218-ADB3-6E38A0A2DC52}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{E656ED6A-E847-48BA-AEC6-26C82807C697}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{FD548410-79A2-47DA-A471-8819878968F5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{986EC329-B918-4F88-9657-1188170C419F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{01D9B9F7-7D3D-4F45-8274-47EB1C6B5C10}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{F0FD123A-4F7D-4D4F-B1E7-3C82E02B8480}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{4FFBA033-D5C9-4582-BE10-02E819600BE0}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{1B230989-613D-4F99-B5A3-2AF33F73ECF2}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{E27D2AD2-C58F-4457-AE27-EADCD938DD4D}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{35FCA050-A45E-4352-87DF-C98B70008541}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{6098859F-1AD4-47E9-B03F-1E1E0FCA1BF2}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{3EC9583F-CAE9-45E0-BFFE-2C8CA2F252E1}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{265E376A-668C-4916-9EE6-49AB21F0C6C0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{EED11F19-EA39-4C07-9A58-1406FFC6E64A}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe
FirewallRules: [{B289D2A8-B6F0-4412-9BDA-F1744A3A78C7}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [{9A5FD80E-D3DA-4B0B-A448-61562E231899}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [{09CE5639-403B-4705-A917-553623ACC626}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
 
==================== Restore Points =========================
 
11-10-2018 20:58:21 Scheduled Checkpoint
14-10-2018 11:33:51 Windows Update
16-10-2018 23:51:44 Windows Update
17-10-2018 00:06:32 Windows Update
17-10-2018 00:21:33 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/18/2018 10:43:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (10/18/2018 10:22:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (10/18/2018 09:42:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (10/18/2018 05:31:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (10/18/2018 05:22:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (10/18/2018 12:04:07 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Accountant 2012":
DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'.\.\src\ConnPool.cpp' at line 1038 from function:'DBMgr::DBConnPool::init'
 
Error: (10/18/2018 12:04:07 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Accountant 2012":
Connection String:CON=QBConnectionPool-Probe-QB_data_engine_22; ;DBF=Q:\grf - 2015.QBW;ENG=QB_data_engine_22;DBN=0588970a05c6429d94570dafd1769138
 
Error: (10/18/2018 12:04:07 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Accountant 2012":
Connection Error:Invalid user ID or password
 
 
System errors:
=============
Error: (10/18/2018 11:55:51 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT AUTHORITY)
Description: Encrypted volume check: Volume information on G: cannot be read.
 
Error: (10/18/2018 11:55:51 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk5\DR6, has a bad block.
 
Error: (10/18/2018 11:55:51 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk5\DR6.
 
Error: (10/18/2018 11:55:17 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT AUTHORITY)
Description: Encrypted volume check: Volume information on G: cannot be read.
 
Error: (10/18/2018 11:55:17 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk5\DR6, has a bad block.
 
Error: (10/18/2018 11:55:17 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk5\DR6.
 
Error: (10/18/2018 11:51:39 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT AUTHORITY)
Description: Encrypted volume check: Volume information on G: cannot be read.
 
Error: (10/18/2018 11:51:39 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk5\DR6, has a bad block.
 
 
Windows Defender:
===================================
Date: 2018-07-07 14:04:39.772
Description: 
Windows Defender scan has been stopped before completion.
Scan ID:{3A81D9BA-8F2B-46FC-8ADA-BB838BF1A932}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan
 
Date: 2018-07-04 09:09:52.412
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version:1.271.442.0
Previous Signature Version:1.269.1075.0
Update Source:User
Signature Type:AntiSpyware
Update Type:Delta
Current Engine Version:1.1.15000.2
Previous Engine Version:1.1.14901.4
Error code:0x80070666
Error description:Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. 
 
Date: 2018-07-04 09:09:52.412
Description: 
Windows Defender has encountered an error trying to update the engine.
New Engine Version:1.1.15000.2
Previous Engine Version:1.1.14901.4
Update Source:User
Error Code:0x80070666
Error description:Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. 
 
==================== Memory info =========================== 
 
Processor: Intel® Xeon® CPU W3680 @ 3.33GHz
Percentage of memory in use: 28%
Total physical RAM: 12286.4 MB
Available physical RAM: 8753.32 MB
Total Virtual: 24570.94 MB
Available Virtual: 20214.9 MB
 
==================== Drives ================================
 
Drive b: (DRAFT) (Fixed) (Total:232.88 GB) (Free:225.24 GB) NTFS
Drive c: (PC1_C) (Fixed) (Total:167.67 GB) (Free:74.16 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (PC1_D) (Fixed) (Total:931.51 GB) (Free:175.62 GB) NTFS
Drive e: (MEDIA) (Fixed) (Total:465.76 GB) (Free:31.66 GB) NTFS
Drive f: (HRDWR PRGS) (Fixed) (Total:465.76 GB) (Free:100.74 GB) NTFS
 
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 167.7 GB) (Disk ID: B951FBCA)
Partition 1: (Active) - (Size=167.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: F8CADFC6)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: FD47AFAE)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 3 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: D29E36C5)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 4 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: FBFFE8CD)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)
 
========================================================
Disk: 5 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 37152F5B)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=06)
 
==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:09 AM

Posted Yesterday, 05:19 PM

Hi

Welcome :)

I'll be helping you with your computer.

Please read this post completely before beginning. If there's anything that you do not understand, please don't hesitate to ask before proceeding.

Please take note of the guidelines for this fix:

  • Please note that I am a volunteer. I do have a family, a career, and other endeavors that may prevent immediate responses that meet your schedule. Do note that the differences in time zones could present a problem as well. Your patience and understanding will be greatly appreciated.
  • First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer.
  • Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me.
  • Please read ALL instructions carefully and perform the steps fully and in the order they are written.
  • If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean.
  • Continue to read and follow my instructions until I tell you that your machine is clean.
  • If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you, and please wait for my reply before you proceed.
  • Scanning with programs and reading the logs do take a fair amount of time. Again, your patience will be necessary. :)

Let's begin... :)

  • Highlight the entire content of the quote box below.

Start::
GroupPolicyUsers\S-1-5-21-2928681103-1180902673-3709917691-1003\User: Restriction <==== ATTENTION
S2 Adobe Licensing Console; C:\Windows\SysWOW64\lnsecsl.exe [911314 2018-05-30] ( ) [File not signed] <==== ATTENTION
Toolbar: HKU\S-1-5-21-2928681103-1180902673-3709917691-1000 -> No Name - {4853DF44-7D6B-48E9-9258-D800EEE54AF6} - No File
Toolbar: HKU\S-1-5-21-2928681103-1180902673-3709917691-1002 -> No Name - {4853DF44-7D6B-48E9-9258-D800EEE54AF6} - No File
CustomCLSID: HKU\S-1-5-21-2928681103-1180902673-3709917691-1000_Classes\CLSID\{49E0BE0A-39E0-4932-B7BE-F249D56ACD31}\InprocServer32 -> csp16.dll => No File
CustomCLSID: HKU\S-1-5-21-2928681103-1180902673-3709917691-1002_Classes\CLSID\{49E0BE0A-39E0-4932-B7BE-F249D56ACD31}\InprocServer32 -> csp16.dll => No File
CustomCLSID: HKU\S-1-5-21-2928681103-1180902673-3709917691-1002_Classes\CLSID\{7CB4D2F7-77AE-4A08-9BDF-21370FF8D6BD}\InprocServer32 -> C:\Program Files\Google\Drive File Stream\25.252.289.1553\drivefsext.dll => No File
CustomCLSID: HKU\S-1-5-21-2928681103-1180902673-3709917691-1002_Classes\CLSID\{96836CC1-31EA-4F1C-A7F4-D67863D5D4FD}\InprocServer32 -> C:\Program Files\Google\Drive File Stream\25.252.289.1553\drivefsext.dll => No File
CustomCLSID: HKU\S-1-5-21-2928681103-1180902673-3709917691-1002_Classes\CLSID\{9EE0C242-8973-456D-B382-0752476703FD}\InprocServer32 -> C:\Program Files\Google\Drive File Stream\25.252.289.1553\drivefsext.dll => No File
CustomCLSID: HKU\S-1-5-21-2928681103-1180902673-3709917691-1002_Classes\CLSID\{B53FB4A1-B6BB-4F9B-AAA8-8704FBC1BE25}\InprocServer32 -> C:\Program Files\Google\Drive File Stream\25.252.289.1553\drivefsext.dll => No File
CustomCLSID: HKU\S-1-5-21-2928681103-1180902673-3709917691-1002_Classes\CLSID\{C9F7D7A1-D13F-4C72-9AB0-06FDC65AA931}\InprocServer32 -> C:\Program Files\Google\Drive File Stream\25.252.289.1553\drivefsext.dll => No File
ContextMenuHandlers1_S-1-5-21-2928681103-1180902673-3709917691-1002: [DriveFS] -> {B53FB4A1-B6BB-4F9B-AAA8-8704FBC1BE25} => -> No File
ContextMenuHandlers4_S-1-5-21-2928681103-1180902673-3709917691-1002: [DriveFS] -> {B53FB4A1-B6BB-4F9B-AAA8-8704FBC1BE25} => -> No File
ContextMenuHandlers5_S-1-5-21-2928681103-1180902673-3709917691-1002: [DriveFS] -> {B53FB4A1-B6BB-4F9B-AAA8-8704FBC1BE25} => -> No File
C:\Windows\Temp\mrt3E66.tmp
EMPTYTEMP:
Reboot:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

  • Download AdwCleaner and move it to your Desktop
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 Vasilis_S

Vasilis_S
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:09 PM

Posted Yesterday, 05:45 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 10.10.2018
Ran by PC1_A (19-10-2018 01:33:24) Run:1
Running from D:\0_DOK\_Bleeping
Loaded Profiles: PC1_A & Vasilis (Available Profiles: PC1_A & Nikol & Vasilis & Rafaela)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
GroupPolicyUsers\S-1-5-21-2928681103-1180902673-3709917691-1003\User: Restriction <==== ATTENTION
S2 Adobe Licensing Console; C:\Windows\SysWOW64\lnsecsl.exe [911314 2018-05-30] ( ) [File not signed] <==== ATTENTION
Toolbar: HKU\S-1-5-21-2928681103-1180902673-3709917691-1000 -> No Name - {4853DF44-7D6B-48E9-9258-D800EEE54AF6} - No File
Toolbar: HKU\S-1-5-21-2928681103-1180902673-3709917691-1002 -> No Name - {4853DF44-7D6B-48E9-9258-D800EEE54AF6} - No File
CustomCLSID: HKU\S-1-5-21-2928681103-1180902673-3709917691-1000_Classes\CLSID\{49E0BE0A-39E0-4932-B7BE-F249D56ACD31}\InprocServer32 -> csp16.dll => No File
CustomCLSID: HKU\S-1-5-21-2928681103-1180902673-3709917691-1002_Classes\CLSID\{49E0BE0A-39E0-4932-B7BE-F249D56ACD31}\InprocServer32 -> csp16.dll => No File
CustomCLSID: HKU\S-1-5-21-2928681103-1180902673-3709917691-1002_Classes\CLSID\{7CB4D2F7-77AE-4A08-9BDF-21370FF8D6BD}\InprocServer32 -> C:\Program Files\Google\Drive File Stream\25.252.289.1553\drivefsext.dll => No File
CustomCLSID: HKU\S-1-5-21-2928681103-1180902673-3709917691-1002_Classes\CLSID\{96836CC1-31EA-4F1C-A7F4-D67863D5D4FD}\InprocServer32 -> C:\Program Files\Google\Drive File Stream\25.252.289.1553\drivefsext.dll => No File
CustomCLSID: HKU\S-1-5-21-2928681103-1180902673-3709917691-1002_Classes\CLSID\{9EE0C242-8973-456D-B382-0752476703FD}\InprocServer32 -> C:\Program Files\Google\Drive File Stream\25.252.289.1553\drivefsext.dll => No File
CustomCLSID: HKU\S-1-5-21-2928681103-1180902673-3709917691-1002_Classes\CLSID\{B53FB4A1-B6BB-4F9B-AAA8-8704FBC1BE25}\InprocServer32 -> C:\Program Files\Google\Drive File Stream\25.252.289.1553\drivefsext.dll => No File
CustomCLSID: HKU\S-1-5-21-2928681103-1180902673-3709917691-1002_Classes\CLSID\{C9F7D7A1-D13F-4C72-9AB0-06FDC65AA931}\InprocServer32 -> C:\Program Files\Google\Drive File Stream\25.252.289.1553\drivefsext.dll => No File
ContextMenuHandlers1_S-1-5-21-2928681103-1180902673-3709917691-1002: [DriveFS] -> {B53FB4A1-B6BB-4F9B-AAA8-8704FBC1BE25} => -> No File
ContextMenuHandlers4_S-1-5-21-2928681103-1180902673-3709917691-1002: [DriveFS] -> {B53FB4A1-B6BB-4F9B-AAA8-8704FBC1BE25} => -> No File
ContextMenuHandlers5_S-1-5-21-2928681103-1180902673-3709917691-1002: [DriveFS] -> {B53FB4A1-B6BB-4F9B-AAA8-8704FBC1BE25} => -> No File
C:\Windows\Temp\mrt3E66.tmp
EMPTYTEMP:
Reboot:
 
*****************
 
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-2928681103-1180902673-3709917691-1003\User => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\System\CurrentControlSet\Services\Adobe Licensing Console => removed successfully
Adobe Licensing Console => service removed successfully
"HKU\S-1-5-21-2928681103-1180902673-3709917691-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4853DF44-7D6B-48E9-9258-D800EEE54AF6}" => removed successfully
HKLM\Software\Classes\CLSID\{4853DF44-7D6B-48E9-9258-D800EEE54AF6} => not found
"HKU\S-1-5-21-2928681103-1180902673-3709917691-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4853DF44-7D6B-48E9-9258-D800EEE54AF6}" => removed successfully
HKLM\Software\Classes\CLSID\{4853DF44-7D6B-48E9-9258-D800EEE54AF6} => not found
HKU\S-1-5-21-2928681103-1180902673-3709917691-1000_Classes\CLSID\{49E0BE0A-39E0-4932-B7BE-F249D56ACD31} => removed successfully
HKU\S-1-5-21-2928681103-1180902673-3709917691-1002_Classes\CLSID\{49E0BE0A-39E0-4932-B7BE-F249D56ACD31} => removed successfully
HKU\S-1-5-21-2928681103-1180902673-3709917691-1002_Classes\CLSID\{7CB4D2F7-77AE-4A08-9BDF-21370FF8D6BD} => removed successfully
HKU\S-1-5-21-2928681103-1180902673-3709917691-1002_Classes\CLSID\{96836CC1-31EA-4F1C-A7F4-D67863D5D4FD} => removed successfully
HKU\S-1-5-21-2928681103-1180902673-3709917691-1002_Classes\CLSID\{9EE0C242-8973-456D-B382-0752476703FD} => removed successfully
HKU\S-1-5-21-2928681103-1180902673-3709917691-1002_Classes\CLSID\{B53FB4A1-B6BB-4F9B-AAA8-8704FBC1BE25} => removed successfully
HKU\S-1-5-21-2928681103-1180902673-3709917691-1002_Classes\CLSID\{C9F7D7A1-D13F-4C72-9AB0-06FDC65AA931} => removed successfully
HKU\S-1-5-21-2928681103-1180902673-3709917691-1002\Software\Classes\*\ShellEx\ContextMenuHandlers\DriveFS => removed successfully
HKU\S-1-5-21-2928681103-1180902673-3709917691-1002\SOFTWARE\Classes\CLSID\{B53FB4A1-B6BB-4F9B-AAA8-8704FBC1BE25} => not found
HKU\S-1-5-21-2928681103-1180902673-3709917691-1002\Software\Classes\Directory\ShellEx\ContextMenuHandlers\DriveFS => removed successfully
HKU\S-1-5-21-2928681103-1180902673-3709917691-1002\SOFTWARE\Classes\CLSID\{B53FB4A1-B6BB-4F9B-AAA8-8704FBC1BE25} => not found
HKU\S-1-5-21-2928681103-1180902673-3709917691-1002\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\DriveFS => removed successfully
HKU\S-1-5-21-2928681103-1180902673-3709917691-1002\SOFTWARE\Classes\CLSID\{B53FB4A1-B6BB-4F9B-AAA8-8704FBC1BE25} => not found
C:\Windows\Temp\mrt3E66.tmp => moved successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5549359 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 14278 B
Edge => 0 B
Chrome => 188534 B
Firefox => 11836225 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 58558406 B
systemprofile32 => 66228 B
LocalService => 0 B
NetworkService => 6238 B
PC1_A => 43593920 B
Nikol => 60993 B
Vasilis => 36053432 B
Rafaela => 1122943 B
 
RecycleBin => 0 B
EmptyTemp: => 157.8 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 01:33:40 ====
 
 
 
 
# -------------------------------
# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build:    09-25-2018
# Database: 2018-10-12.1 (Cloud)
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    10-19-2018
# Duration: 00:00:02
# OS:       Windows 7 Professional
# Cleaned:  4
# Failed:   0
 
 
***** [ Services ] *****
 
No malicious services cleaned.
 
***** [ Folders ] *****
 
No malicious folders cleaned.
 
***** [ Files ] *****
 
Deleted       C:\Windows\SysWOW64\lnsecsl.exe
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks cleaned.
 
***** [ Registry ] *****
 
No malicious registry entries cleaned.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries cleaned.
 
***** [ Chromium URLs ] *****
 
Deleted       banggood.com
Deleted       Ask
Deleted       AOL
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries cleaned.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs cleaned.
 
 
*************************
 
[+] Delete Tracing Keys
[+] Reset Winsock
 
*************************
 
AdwCleaner[S00].txt - [1380 octets] - [19/10/2018 01:38:30]
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 


#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:09 AM

Posted Yesterday, 05:48 PM

One more scan:


favicon-32x32.png Please download Malwarebytes to your desktop.

  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • Once the program has fully updated, Proceed with the Scan options and select "Threat Scan".
  • The Scan Pane is the introduction to scan-related options in the program. When you click Scan in the Menu Pane, you will see the screen shown below.

02-malwarebytes-premium-scan-methods.jpg

  • After a scan has been executed, scan results are displayed.
  • Put a checkmark on all detected and click on "Quarantine Selected"
  • Selected reports may be viewed on screen, or exported to a text file for later viewing. Please note that only manual (on demand) scans are available for users of the free version of Malwarebytes.

You may export to your clipboard or to a text (TXT) file. Export to a .txt file and post its contents


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 Vasilis_S

Vasilis_S
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:09 PM

Posted Yesterday, 05:49 PM

Sorry i forgot ti say hello

 

Thank you for your time ... 

 

Thank you very much



#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:09 AM

Posted Yesterday, 05:51 PM

You are welcome. :)


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 Vasilis_S

Vasilis_S
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:09 PM

Posted Yesterday, 05:54 PM

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 10/19/18
Scan Time: 1:52 AM
Log File: 73f98784-d328-11e8-8a4d-00ffc2cce460.json
 
-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.463
Update Package Version: 1.0.7421
License: Trial
 
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: PC1\Vasilis
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 370696
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 1 min, 30 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 
 
(end)


#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:09 AM

Posted Yesterday, 06:08 PM

Seems all clear. How is the computer doing?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 Vasilis_S

Vasilis_S
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:09 PM

Posted Yesterday, 06:36 PM

I will observe it tomorrow and I will come back to you. I had to leave my office.
Thank you again

#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:09 AM

Posted Yesterday, 08:59 PM

:thumbup2:


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 Vasilis_S

Vasilis_S
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:09 PM

Posted Today, 01:53 AM

Good morning (here at Greece)

 

My computer seems "quiet" and clean. I think that everything is OK!!

Can you please tell me what was the problem .... maybe i understand how it happen?

 

Thank you



#12 Vasilis_S

Vasilis_S
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:09 PM

Posted Today, 01:59 AM

And at last are you advising me to keep the "tools" and use it periodically or they are useless without your knowledge






3 user(s) are reading this topic

0 members, 3 guests, 0 anonymous users