Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19.04.2018 Ran by Nicolas Mazzon (22-04-2018 11:18:38) Running from F:\ Windows 10 Pro Version 1709 16299.371 (X64) (2018-02-26 22:36:14) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1361136488-2336437257-4009925153-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1361136488-2336437257-4009925153-503 - Limited - Disabled) Guest (S-1-5-21-1361136488-2336437257-4009925153-501 - Limited - Disabled) Nicolas Mazzon (S-1-5-21-1361136488-2336437257-4009925153-1001 - Administrator - Enabled) => C:\Users\Nicolas Mazzon WDAGUtilityAccount (S-1-5-21-1361136488-2336437257-4009925153-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 18.01 (x64) (HKLM\...\7-Zip) (Version: 18.01 - Igor Pavlov) Adobe After Effects CC 2017 (HKLM-x32\...\AEFT_14_2_2) (Version: 14.2.2 - Adobe Systems Incorporated) Adobe Bridge CC 2018 (HKLM-x32\...\KBRG_8_0_1) (Version: 8.0.1 - Adobe Systems Incorporated) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.4.1.298 - Adobe Systems Incorporated) Adobe Media Encoder CC 2018 (HKLM-x32\...\AME_12_0_1) (Version: 12.0.1 - Adobe Systems Incorporated) Adobe Photoshop CC 2018 (HKLM-x32\...\PHSP_19_1_1) (Version: 19.1.1 - Adobe Systems Incorporated) Adobe Premiere Pro CC 2018 (HKLM-x32\...\PPRO_12_0_1) (Version: 12.0.1 - Adobe Systems Incorporated) AMD Ryzen Master (HKLM\...\{5A1CE077-7111-4C7D-A5C5-E210D4B68AD8}) (Version: 1.2.0.0540 - Advanced Micro Devices, Inc.) AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.) Application Verifier x64 External Package (HKLM\...\{77F3D72C-465F-BD51-890E-CC3914B1365F}) (Version: 8.100.26936 - Microsoft) Hidden Application Verifier x64 External Package (HKLM\...\{AB5E83C8-0175-0A1F-338A-EB8925AFC341}) (Version: 10.1.14393.795 - Microsoft) Hidden Application Verifier x64 External Package (HKLM\...\{D9908CED-5ABB-FEE9-FC84-743F4D38637C}) (Version: 10.1.16299.15 - Microsoft) Hidden Application Verifier x64 External Package (HKLM\...\{F02CC6FE-37FC-3D47-F961-721D85BAF224}) (Version: 10.1.15063.674 - Microsoft) Hidden Atom (HKU\S-1-5-21-1361136488-2336437257-4009925153-1001\...\atom) (Version: 1.24.1 - GitHub Inc.) Atom (HKU\S-1-5-21-1361136488-2336437257-4009925153-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222018111552082\...\atom) (Version: 1.24.1 - GitHub Inc.) Atom (HKU\S-1-5-21-1361136488-2336437257-4009925153-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222018111729352\...\atom) (Version: 1.24.1 - GitHub Inc.) Audacity 2.2.2 (HKLM-x32\...\Audacity_is1) (Version: 2.2.2 - Audacity Team) AURA (HKLM-x32\...\{5899CD4F-8764-4303-A0D9-C60A62CFC24F}) (Version: 1.05.28 - ASUSTeK Computer Inc.) AutoHotkey 1.1.26.01 (HKLM\...\AutoHotkey) (Version: 1.1.26.01 - Lexikos) Balanced (HKLM-x32\...\{EFD0705E-598B-46D4-8D5B-4539431764B8}) (Version: 2.02.0000 - Advanced Micro Devices, Inc.) Hidden Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) CCleaner (HKLM\...\CCleaner) (Version: 5.39 - Piriform) ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{D1844DC3-B378-47CC-AB40-7FC16C79A2CD}) (Version: 4.7.02558 - Microsoft Corporation) Hidden CpuCoreParking (HKLM-x32\...\{93F2C625-D50A-47BE-9C68-3B1A55DD091C}) (Version: 2.0.1.0 - CpuCoreParking) DiagnosticsHub_CollectionService (HKLM\...\{5FC8BCBB-3408-48B0-BAF0-839490F7AE65}) (Version: 15.6.27309 - Microsoft Corporation) Hidden Discord (HKU\S-1-5-21-1361136488-2336437257-4009925153-1001\...\Discord) (Version: 0.0.300 - Discord Inc.) Discord (HKU\S-1-5-21-1361136488-2336437257-4009925153-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222018111552082\...\Discord) (Version: 0.0.300 - Discord Inc.) Discord (HKU\S-1-5-21-1361136488-2336437257-4009925153-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222018111729352\...\Discord) (Version: 0.0.300 - Discord Inc.) DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 391.35 - NVIDIA Corporation) Hidden Entity Framework 6.1.3 Tools for Visual Studio 15 (HKLM-x32\...\{F8C0447E-D45C-4E52-94E8-C6340AAC9DB8}) (Version: 6.1.60104.0 - Microsoft Corporation) Hidden Epic Games Launcher (HKLM-x32\...\{F190B233-EFDB-4E5B-93B4-71048DF906DC}) (Version: 1.1.91.0 - Epic Games, Inc.) Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden ExodusEden (HKU\S-1-5-21-1361136488-2336437257-4009925153-1001\...\exodus-eden) (Version: 1.49.0 - Exodus Movement Inc) ExodusEden (HKU\S-1-5-21-1361136488-2336437257-4009925153-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222018111552082\...\exodus-eden) (Version: 1.49.0 - Exodus Movement Inc) ExodusEden (HKU\S-1-5-21-1361136488-2336437257-4009925153-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222018111729352\...\exodus-eden) (Version: 1.49.0 - Exodus Movement Inc) FileZilla Client 3.31.0 (HKLM-x32\...\FileZilla Client) (Version: 3.31.0 - Tim Kosse) GitHub Desktop (HKU\S-1-5-21-1361136488-2336437257-4009925153-1001\...\GitHubDesktop) (Version: 1.1.0 - GitHub, Inc.) GitHub Desktop (HKU\S-1-5-21-1361136488-2336437257-4009925153-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222018111552082\...\GitHubDesktop) (Version: 1.1.0 - GitHub, Inc.) GitHub Desktop (HKU\S-1-5-21-1361136488-2336437257-4009925153-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222018111729352\...\GitHubDesktop) (Version: 1.1.0 - GitHub, Inc.) Google Chrome (HKLM\...\{E2B4C74E-210E-39AD-872C-DA95D0CCED99}) (Version: 65.0.3325.181 - Google, Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden icecap_collection_neutral (HKLM-x32\...\{12C1EC05-F936-4A80-821E-7AAC64C4E6FF}) (Version: 15.6.27413 - Microsoft Corporation) Hidden icecap_collection_x64 (HKLM\...\{C8E22DF4-5498-4B61-93CF-3081BE95A1BA}) (Version: 15.6.27413 - Microsoft Corporation) Hidden icecap_collectionresources (HKLM-x32\...\{079302B9-1EF0-46D0-83FA-382C01ADF6E6}) (Version: 15.6.27406 - Microsoft Corporation) Hidden icecap_collectionresourcesx64 (HKLM-x32\...\{500E3263-4930-456B-AD78-E6D0ACC7ABB1}) (Version: 15.6.27406 - Microsoft Corporation) Hidden ImDisk Toolkit (HKLM\...\ImDiskApp) (Version: 20170706 - ) Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation) Intel(R) Network Connections 22.4.16.0 (HKLM\...\PROSetDX) (Version: 22.4.16.0 - Intel) Intellisense Lang Pack Mobile Extension SDK 10.0.15063.0 (HKLM-x32\...\{87A8879A-3189-4E81-8D1A-0467301C5049}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden IntelliTraceProfilerProxy (HKLM-x32\...\{ACBAA378-519A-441D-9349-C0AAD8DEAD04}) (Version: 15.0.17289.01 - Microsoft Corporation) Hidden Java 8 Update 161 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180161F0}) (Version: 8.0.1610.12 - Oracle Corporation) Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation) Java SE Development Kit 8 Update 161 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180161}) (Version: 8.0.1610.12 - Oracle Corporation) KeyTweak - Keyboard Remapper (remove only) (HKLM-x32\...\KeyTweak) (Version: - ) Kits Configuration Installer (HKLM-x32\...\{84645792-B4DC-8386-13D6-94810C42EF8A}) (Version: 10.1.14393.795 - Microsoft) Hidden Kits Configuration Installer (HKLM-x32\...\{B74E65FD-CC47-41C5-4B89-791A3F61942D}) (Version: 8.100.25984 - Microsoft) Hidden Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Logitech Gaming Software 8.96 (HKLM\...\Logitech Gaming Software) (Version: 8.96.88 - Logitech Inc.) Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes) Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2017 (HKLM\...\{EE99006A-F227-41BA-884C-C3AF9642D95A}) (Version: 14.0.3006.16 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2017 (HKLM-x32\...\{FBD0D997-4E36-4B10-8471-BD7CF42ECE7F}) (Version: 14.0.3006.16 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation) Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.15.3248.309 - Microsoft Corporation) MSI Afterburner 4.3.0 (HKLM-x32\...\Afterburner) (Version: 4.3.0 - MSI Co., LTD) MSI Development Tools (HKLM-x32\...\{577FB968-1AAC-A315-93D6-419725A69F36}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden MSI Development Tools (HKLM-x32\...\{973CACA2-E018-065B-0580-F2784802E299}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden MSI Development Tools (HKLM-x32\...\{CF3A1CA6-5E5E-B4BD-6CF1-363056816CA2}) (Version: 8.100.26898 - Microsoft Corporation) Hidden Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.4 - Notepad++ Team) NVIDIA GeForce Experience 3.13.1.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.13.1.30 - NVIDIA Corporation) NVIDIA Graphics Driver 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 391.35 - NVIDIA Corporation) NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation) OBS Studio (HKLM-x32\...\OBS Studio) (Version: 18.0.1 - OBS Project) Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment) PuTTY release 0.70 (64-bit) (HKLM\...\{45B3032F-22CC-40CD-9E97-4DA7095FA5A2}) (Version: 0.70.0.0 - Simon Tatham) Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.21.00.830 - Razer Inc.) SDK ARM Additions (HKLM-x32\...\{7922BB77-0B59-840A-AC80-D560A34D75C5}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden SDK ARM Redistributables (HKLM-x32\...\{C87DF65C-A672-7E08-A083-E7D48FE8DB70}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden SDK Debuggers (HKLM-x32\...\{9274C832-3D8A-A294-FDE8-8B9272357098}) (Version: 8.100.26936 - Microsoft Corporation) Hidden Spotify (HKU\S-1-5-21-1361136488-2336437257-4009925153-1001\...\Spotify) (Version: 1.0.77.338.g758ebd78 - Spotify AB) Spotify (HKU\S-1-5-21-1361136488-2336437257-4009925153-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222018111552082\...\Spotify) (Version: 1.0.77.338.g758ebd78 - Spotify AB) Spotify (HKU\S-1-5-21-1361136488-2336437257-4009925153-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222018111729352\...\Spotify) (Version: 1.0.77.338.g758ebd78 - Spotify AB) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.1.3629 - TeamViewer) Universal CRT Extension SDK (HKLM-x32\...\{1FBCBC17-4527-2340-0832-B1D49C41FF67}) (Version: 10.0.26624 - Microsoft Corporation) Hidden Universal CRT Extension SDK (HKLM-x32\...\{4E8F20FD-6BC7-B65C-D4F2-5D7CEDE3352E}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden Universal CRT Extension SDK (HKLM-x32\...\{A5FA2886-1925-133F-0D41-B9A8ECEA0A2D}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden Universal CRT Extension SDK (HKLM-x32\...\{BE2D1829-B45D-4D78-BF02-4076B86AC57C}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden Universal CRT Headers Libraries and Sources (HKLM-x32\...\{233B73D9-650E-9CEC-1002-767C916C1B61}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden Universal CRT Headers Libraries and Sources (HKLM-x32\...\{8BFBEC30-33CC-13B4-849F-3B036F27466A}) (Version: 10.0.26624 - Microsoft Corporation) Hidden Universal CRT Headers Libraries and Sources (HKLM-x32\...\{A46D1F7A-BA32-2375-EF97-4975E594A7E7}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden Universal CRT Headers Libraries and Sources (HKLM-x32\...\{B739B4C5-EEEC-8E70-0276-38C4779AF398}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden Universal CRT Redistributable (HKLM-x32\...\{A9D6F52C-694E-3E41-7AB8-5BEB644742A5}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden Universal CRT Tools x64 (HKLM\...\{E053089E-7953-3219-814F-F485FC151C54}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden Universal CRT Tools x86 (HKLM-x32\...\{B9424F08-0617-C4F6-A798-5A9250C1A738}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden Universal General MIDI DLS Extension SDK (HKLM-x32\...\{D261CEA1-AB8D-9CFA-4407-BCEFC78661AC}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden Universal General MIDI DLS Extension SDK (HKLM-x32\...\{E2EA2702-534B-D6C1-5AC4-724E3CE7B2D9}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden Universal General MIDI DLS Extension SDK (HKLM-x32\...\{F2EB74A7-148A-8DC9-82A5-B5A88093EEC4}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation) VBCABLE, The Virtual Audio Cable (HKLM\...\VB:VBCABLE {87459874-1236-4469}) (Version: - VB-Audio Software) vcpp_crt.redist.clickonce (HKLM-x32\...\{B5789DA1-92FB-4760-BD23-44DDCAA94584}) (Version: 14.13.26020 - Microsoft Corporation) Hidden Visual Studio Community 2017 (HKLM-x32\...\17773c5d) (Version: 15.6.27428.2015 - Microsoft Corporation) vJoy Device Driver 2.1.8.38 (HKLM\...\{8E31F76F-74C3-47F1-9550-E041EEDC5FBB}_is1) (Version: 2.1.8.38 - Shaul Eizikovich) VLC media player (HKLM\...\VLC media player) (Version: 3.0.0 - VideoLAN) VMProtect Demo v 3.1 (HKLM\...\VMProtect Demo_is1) (Version: 3.1 - VMProtect Software) Voicemeeter, The Virtual Mixing Console (HKLM-x32\...\VB:Voicemeeter {17359A74-1236-5467}) (Version: - VB-Audio Software) VS Immersive Activate Helper (HKLM-x32\...\{8A2BDA07-3417-46C1-9058-CB32BC63E30E}) (Version: 16.0.76.0 - Microsoft Corporation) Hidden VS JIT Debugger (HKLM\...\{F8F52853-A1A7-42C7-A082-5A6D5853BB0B}) (Version: 16.0.76.0 - Microsoft Corporation) Hidden VS Script Debugging Common (HKLM\...\{0EE5749D-2DC0-460F-AB1C-06B3EDB42426}) (Version: 16.0.76.0 - Microsoft Corporation) Hidden vs_BlendMsi (HKLM-x32\...\{C5D83E0F-12E7-4BA3-98E6-DAE0E73B5BF9}) (Version: 15.0.27205 - Microsoft Corporation) Hidden vs_clickoncebootstrappermsi (HKLM-x32\...\{A68D7884-F036-4A0D-AE1A-410E0311E135}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_clickoncebootstrappermsires (HKLM-x32\...\{91DDDFB5-1782-48C2-BA2A-8F4D9DE39D27}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_clickoncesigntoolmsi (HKLM-x32\...\{6A1ECF65-2CBF-4B33-9D4A-D1C0A0E5FE45}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_communitymsi (HKLM-x32\...\{C2749223-157E-48F0-9410-A510361D6803}) (Version: 15.6.27406 - Microsoft Corporation) Hidden vs_communitymsires (HKLM-x32\...\{40040E64-50EB-4FCF-B209-DA0B20821759}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_devenvmsi (HKLM-x32\...\{BFFA2FFB-1095-4ADD-A352-368806D2412B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_filehandler_amd64 (HKLM-x32\...\{02DD895F-089F-4A63-81A9-78D00142AF20}) (Version: 15.6.27406 - Microsoft Corporation) Hidden vs_filehandler_x86 (HKLM-x32\...\{E6A92308-33DF-494B-A91A-3B80FBC97F2B}) (Version: 15.6.27406 - Microsoft Corporation) Hidden vs_FileTracker_Singleton (HKLM-x32\...\{8EB2C670-04C2-482D-BACD-B4095E27FD39}) (Version: 15.6.27309 - Microsoft Corporation) Hidden vs_Graphics_Singletonx64 (HKLM\...\{B11D79C6-332C-47B6-B58C-2F88A4911C7C}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_Graphics_Singletonx86 (HKLM-x32\...\{2497054A-0269-4F45-98AE-F469F89CC45F}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_minshellinteropmsi (HKLM-x32\...\{6B45EEA3-85F8-4B26-B952-6830A45F2688}) (Version: 15.6.27323 - Microsoft Corporation) Hidden vs_minshellmsi (HKLM-x32\...\{13E08AD0-D6AC-44C4-9F5B-0AE2EB56B105}) (Version: 15.6.27421 - Microsoft Corporation) Hidden vs_minshellmsires (HKLM-x32\...\{6DFE6F8D-B61D-4348-AB70-4ABF1210DFD5}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{5779B6DD-604A-41CE-BC3D-9D4BDDA22AD2}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_tipsmsi (HKLM-x32\...\{1AC6CC3D-7724-4D84-9270-798A2191AB1C}) (Version: 15.0.27005 - Microsoft Corporation) Hidden Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden WinAppDeploy (HKLM-x32\...\{03343DEA-224B-E9B6-1FBB-E637E6BC6BAA}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden WinAppDeploy (HKLM-x32\...\{9690D51C-4435-1C20-7819-66CCAB0F03F9}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden WinAppDeploy (HKLM-x32\...\{C9966D24-DB2F-8514-EAA3-BEED85F3E166}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden Windows SDK AddOn (HKLM-x32\...\{350F0ECD-0783-4529-8797-98F0AD33EAC0}) (Version: 10.1.0.0 - Microsoft Corporation) Windows Software Development Kit - Windows 10.0.14393.795 (HKLM-x32\...\{5eb6fbea-73ee-4a8e-9042-110704768d7f}) (Version: 10.1.14393.795 - Microsoft Corporation) Windows Software Development Kit - Windows 10.0.15063.674 (HKLM-x32\...\{6824cee4-b358-4633-b82c-5f20894af8e2}) (Version: 10.1.15063.674 - Microsoft Corporation) Windows Software Development Kit - Windows 10.0.16299.15 (HKLM-x32\...\{6195c203-b53c-4bb7-983a-6070a902e704}) (Version: 10.1.16299.15 - Microsoft Corporation) Windows Software Development Kit for Windows 8.1 (HKLM-x32\...\{ed3a6e6d-9661-4357-abe4-fcc03dc57a07}) (Version: 8.100.26936 - Microsoft Corporation) WinRT Intellisense Desktop - en-us (HKLM-x32\...\{385A1387-A488-9E90-3635-086129610034}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden WinRT Intellisense Desktop - en-us (HKLM-x32\...\{A249F631-CEBC-EDCB-4C49-700E551E66CA}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden WinRT Intellisense Desktop - en-us (HKLM-x32\...\{D8AA52A2-81E2-BB84-AAF9-C487C586CC15}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{5715A2A6-E637-81E3-464D-3F0F999E506A}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{D7DD3171-DA58-52A1-95B2-4769640855AF}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{E71CB7F1-3E88-4450-1764-B3CC1E205C4A}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden WinRT Intellisense IoT - en-us (HKLM-x32\...\{2B8614A6-D0C1-CFE0-9311-7AF9227DC9BA}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden WinRT Intellisense IoT - en-us (HKLM-x32\...\{7336279F-8F8F-5530-A543-3BE963846C0A}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden WinRT Intellisense IoT - en-us (HKLM-x32\...\{C49E6FDA-8196-0CAF-2CDD-CF1B0F4EA5AD}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{33D11371-82A5-852B-CDE2-5528CE406151}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{409D68FF-37DD-F8F4-A60F-30BEAA4AA4CE}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{E414A474-0A87-4F66-C409-A4D9857CFD34}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden WinRT Intellisense Mobile - en-us (HKLM-x32\...\{CE760B86-975B-F514-5673-0ED4332B801B}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden WinRT Intellisense PPI - en-us (HKLM-x32\...\{3617F573-CF51-0F5A-063F-B272F98D0522}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden WinRT Intellisense PPI - en-us (HKLM-x32\...\{5E67F8BE-D8D2-257F-CE19-419A2D5125C7}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden WinRT Intellisense PPI - en-us (HKLM-x32\...\{FB431EE2-C835-6DE9-8DC3-C8FCDE028FE0}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{A2AA063E-AF50-A1F5-8925-A06EB1556644}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{FB82399D-9C48-9AF5-DCA1-CFE61BCA70A6}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{FDE59EF8-D43D-F9DA-5B0C-CC9C90DB0335}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden WinRT Intellisense UAP - en-us (HKLM-x32\...\{23909757-D6F0-7F7C-BD34-7E72BA9BD59C}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden WinRT Intellisense UAP - en-us (HKLM-x32\...\{7D4C7F4A-02A9-E434-6451-C8787DF28C1F}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden WinRT Intellisense UAP - en-us (HKLM-x32\...\{87CC4887-0873-F87B-D804-6A78B07DC1F5}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{BC467065-9374-5345-DA3F-FCF073304A25}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{D3A337CD-EA32-F4BA-03FA-825903190C92}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{D62E0DD5-9853-C09C-AE15-D02988503C60}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden WPT Redistributables (HKLM-x32\...\{64F3FB9A-9250-B2D6-00B4-50BE0358AEE8}) (Version: 8.100.26936 - Microsoft) Hidden WPTx64 (HKLM-x32\...\{BFF81CB5-E8C7-4184-FBB4-74ADFBC6CCCB}) (Version: 8.100.26936 - Microsoft) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1361136488-2336437257-4009925153-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222018111552082_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-FBC06A5FDE60}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File CustomCLSID: HKU\S-1-5-21-1361136488-2336437257-4009925153-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222018111552082_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Nicolas Mazzon\AppData\Local\Microsoft\OneDrive\18.025.0204.0009\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-1361136488-2336437257-4009925153-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222018111552082_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Nicolas Mazzon\AppData\Local\Microsoft\OneDrive\18.025.0204.0009\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-1361136488-2336437257-4009925153-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222018111552082_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Nicolas Mazzon\AppData\Local\Microsoft\OneDrive\18.025.0204.0009\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-1361136488-2336437257-4009925153-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222018111552082_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems) CustomCLSID: HKU\S-1-5-21-1361136488-2336437257-4009925153-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222018111729352_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-FBC06A5FDE60}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File CustomCLSID: HKU\S-1-5-21-1361136488-2336437257-4009925153-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222018111729352_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Nicolas Mazzon\AppData\Local\Microsoft\OneDrive\18.025.0204.0009\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-1361136488-2336437257-4009925153-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222018111729352_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Nicolas Mazzon\AppData\Local\Microsoft\OneDrive\18.025.0204.0009\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-1361136488-2336437257-4009925153-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222018111729352_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Nicolas Mazzon\AppData\Local\Microsoft\OneDrive\18.025.0204.0009\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-1361136488-2336437257-4009925153-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222018111729352_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems) CustomCLSID: HKU\S-1-5-21-1361136488-2336437257-4009925153-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-FBC06A5FDE60}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File CustomCLSID: HKU\S-1-5-21-1361136488-2336437257-4009925153-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Nicolas Mazzon\AppData\Local\Microsoft\OneDrive\18.025.0204.0009\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-1361136488-2336437257-4009925153-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Nicolas Mazzon\AppData\Local\Microsoft\OneDrive\18.025.0204.0009\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-1361136488-2336437257-4009925153-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Nicolas Mazzon\AppData\Local\Microsoft\OneDrive\18.025.0204.0009\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-1361136488-2336437257-4009925153-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-01-04] () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-01-04] () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-01-04] () ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov) ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-01-04] () ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-12-31] () ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov) ContextMenuHandlers4: [Convert] -> {9f95ca1a-e80e-4c0f-acd1-4c9b7900b982} => C:\Program Files (x86)\Microsoft DirectX SDK (June 2010)\Utilities\bin\x64\TxView.dll [2010-06-02] (Microsoft Corporation) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-03-23] (NVIDIA Corporation) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov) ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-01-04] () ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {02970542-7240-4AA1-9019-B16374970296} - System32\Tasks\AMDAutoUpdate => C:\Program Files\AMD\AutoUpdate\AMDAutoUpdate.exe [2017-07-17] () Task: {02FD6CD6-B7F6-404D-9AFF-37819D03053E} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-03-23] (NVIDIA Corporation) Task: {101A1F10-7BAC-4C01-B295-561C4613E7A9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17613.18039-0\MpCmdRun.exe [2018-04-22] (Microsoft Corporation) Task: {1A073D54-D497-4383-82BB-C2DC4B7D8E19} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2018-02-14] (Adobe Systems Incorporated) Task: {1D11D67A-9A78-4CE0-940C-C9AE20BD31A1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17613.18039-0\MpCmdRun.exe [2018-04-22] (Microsoft Corporation) Task: {1D789654-09CE-49E8-9AA2-12941687150E} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-03-23] (NVIDIA Corporation) Task: {22E2FC48-F9D9-4ECB-9559-4E25C888F9E7} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-03-23] (NVIDIA Corporation) Task: {474CFA97-2536-4FD6-8567-23AF99698CFC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-01-09] (Piriform Ltd) Task: {66E26090-CE0B-47EB-965F-DEC668F75CF4} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-03-23] (NVIDIA Corporation) Task: {75A4AB20-76CE-45CA-960E-B4EE49899A90} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\RadeonInstaller.exe [2018-03-07] (Advanced Micro Devices, Inc.) Task: {9D851F10-4509-400E-9294-7434FE09E2FF} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-03-23] (NVIDIA Corporation) Task: {A536F2DC-41C4-4BBD-AEFF-6F5590274880} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-26] (Google Inc.) Task: {A5FCD946-8A37-4318-821D-F73DF552185C} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-03-23] (NVIDIA Corporation) Task: {ABE7528F-0946-4AAE-B920-842E5C613999} - System32\Tasks\AdobeGCInvoker-1.0-DESKTOP-S7GCF3Q-Nicolas Mazzon => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-01-05] (Adobe Systems, Incorporated) Task: {AE18F916-BC69-40E6-B25E-DAACABFB11A2} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-03-23] (NVIDIA Corporation) Task: {B7071FDD-4C85-4CB6-AC15-5EB071482D83} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-26] (Google Inc.) Task: {C1DCFE9E-64AA-4404-8AD5-651EF154D371} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17613.18039-0\MpCmdRun.exe [2018-04-22] (Microsoft Corporation) Task: {CB6B4336-37BE-4EDD-8C7B-25D9DCEC575E} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-03-23] (NVIDIA Corporation) Task: {CD4ABCCA-E1AB-4356-9908-D20FA620F8FB} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-01-09] (Piriform Ltd) Task: {D723796E-B536-47D4-8B48-01FFF84A0A8D} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-S7GCF3Q-Nicolas Mazzon => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated) Task: {D7A80713-4EBE-41C2-89B8-AC0F21FE6A10} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17613.18039-0\MpCmdRun.exe [2018-04-22] (Microsoft Corporation) Task: {DE1FA89D-D57B-4E45-8C15-1E2389F8AF3C} - System32\Tasks\ASUS\AsRogAuraGpuDllServer => C:\Program Files (x86)\LightingService\1.00.35\AsRogAuraGpuDllServer.exe [2017-11-24] () (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2017-09-29 09:41 - 2017-09-29 09:41 - 000184432 _____ () C:\Windows\SYSTEM32\inputhost.dll 2018-02-26 19:01 - 2018-03-23 21:19 - 000544192 _____ () C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\DisplayDriverAnalyzer\_DisplayDriverCrashAnalyzer64.dll 2018-02-26 19:01 - 2018-03-23 21:19 - 001267648 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll 2017-04-24 15:19 - 2017-04-24 15:19 - 000428608 ____R () C:\Program Files\Intel\Wired Networking\NCS2\Agent\AdapterAgnt.DLL 2018-02-26 19:18 - 2017-11-24 04:29 - 000280536 _____ () C:\Program Files (x86)\LightingService\1.00.35\AsRogAuraGpuDllServer.exe 2018-01-04 10:04 - 2018-01-04 10:04 - 000649672 _____ () C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll 2017-12-31 21:07 - 2017-12-31 21:07 - 000230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll 2018-04-22 09:32 - 2018-02-21 20:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2018-04-22 09:32 - 2018-02-21 20:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2015-03-06 20:07 - 2015-03-06 20:07 - 000908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll 2017-10-19 23:29 - 2017-10-19 23:29 - 001096824 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll 2015-03-06 20:07 - 2015-03-06 20:07 - 000060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll 2017-10-19 23:29 - 2017-10-19 23:29 - 000241784 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll 2018-02-25 19:24 - 2018-04-01 17:17 - 001370600 _____ () C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe 2018-03-20 18:29 - 2018-03-20 02:00 - 004435288 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libglesv2.dll 2018-03-20 18:29 - 2018-03-20 02:00 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libegl.dll 2018-04-22 11:14 - 2018-03-12 15:09 - 002300192 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2018-04-22 11:14 - 2018-03-27 13:47 - 002492704 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2018-02-26 19:18 - 2017-11-23 05:50 - 000081728 _____ () C:\Program Files (x86)\ASUS\AXSP\2.00.06\ATKEX.dll 2018-02-26 19:18 - 2018-04-22 10:52 - 000035112 _____ () C:\Program Files (x86)\ASUS\AXSP\2.00.06\PEbiosinterface32.dll 2018-02-26 19:18 - 2017-11-23 05:51 - 001777664 _____ () C:\Program Files (x86)\LightingService\1.00.35\Vender.dll 2018-02-26 19:18 - 2017-11-23 05:50 - 000073728 _____ () C:\Program Files (x86)\LightingService\1.00.35\ClaymoreProtocol.dll 2018-02-26 19:18 - 2017-11-23 05:51 - 000073728 _____ () C:\Program Files (x86)\LightingService\1.00.35\RogNewmouseProtocol.dll 2018-02-26 19:18 - 2017-11-23 05:51 - 001951232 _____ () C:\Program Files (x86)\LightingService\1.00.35\R2Clib.dll 2018-02-26 19:18 - 2017-11-23 05:50 - 000053248 _____ () C:\Program Files (x86)\LightingService\1.00.35\cpuutil.dll 2018-02-26 19:01 - 2018-03-23 21:19 - 001041344 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll 2018-04-10 16:07 - 2018-04-22 10:53 - 000619464 _____ () C:\Users\Nicolas Mazzon\AppData\Local\Temp\0Kraken0502DevProps.dll 2018-02-26 18:52 - 2018-01-10 22:05 - 000784672 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2018-02-26 18:52 - 2018-04-02 19:34 - 002631968 _____ () C:\Program Files (x86)\Steam\video.dll 2018-02-26 18:52 - 2016-08-31 21:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll 2018-02-26 18:52 - 2017-12-19 21:43 - 000695584 _____ () C:\Program Files (x86)\Steam\libavformat-57.dll 2018-02-26 18:52 - 2017-12-19 21:43 - 000351520 _____ () C:\Program Files (x86)\Steam\libavresample-3.dll 2018-02-26 18:52 - 2017-12-19 21:43 - 000847136 _____ () C:\Program Files (x86)\Steam\libavutil-55.dll 2018-02-26 18:52 - 2017-12-19 21:43 - 000783648 _____ () C:\Program Files (x86)\Steam\libswscale-4.dll 2018-02-26 18:52 - 2016-08-31 21:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll 2018-02-26 18:52 - 2016-08-31 21:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll 2018-02-26 18:52 - 2017-12-19 21:43 - 005137696 _____ () C:\Program Files (x86)\Steam\libavcodec-57.dll 2018-02-26 18:52 - 2018-04-02 19:34 - 000977184 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2018-02-26 18:52 - 2016-07-04 18:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll 2018-02-26 18:44 - 2018-03-29 18:44 - 081770384 _____ () C:\Users\Nicolas Mazzon\AppData\Roaming\Spotify\libcef.dll 2018-02-26 18:44 - 2018-03-29 18:44 - 003740560 _____ () C:\Users\Nicolas Mazzon\AppData\Roaming\Spotify\libglesv2.dll 2018-02-26 18:44 - 2018-03-29 18:44 - 000088464 _____ () C:\Users\Nicolas Mazzon\AppData\Roaming\Spotify\libegl.dll 2018-03-30 10:32 - 2018-01-08 18:52 - 001891832 _____ () C:\Users\Nicolas Mazzon\AppData\Local\Discord\app-0.0.300\ffmpeg.dll 2018-03-30 10:32 - 2018-03-30 10:32 - 001780216 _____ () \\?\C:\Users\Nicolas Mazzon\AppData\Roaming\discord\0.0.300\modules\discord_overlay2\discord_overlay2.node 2018-02-26 18:53 - 2017-09-06 22:04 - 000678400 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll 2018-02-26 18:53 - 2017-12-13 17:16 - 071471392 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll 2018-02-26 18:52 - 2015-09-24 19:52 - 000119208 _____ () C:\Program Files (x86)\Steam\winh264.dll 2018-03-30 10:32 - 2018-01-08 18:52 - 001937912 _____ () C:\Users\Nicolas Mazzon\AppData\Local\Discord\app-0.0.300\libglesv2.dll 2018-03-30 10:32 - 2018-01-08 18:52 - 000095736 _____ () C:\Users\Nicolas Mazzon\AppData\Local\Discord\app-0.0.300\libegl.dll 2018-03-30 10:32 - 2018-03-30 10:32 - 002662904 _____ () \\?\C:\Users\Nicolas Mazzon\AppData\Roaming\discord\0.0.300\modules\discord_rpc\discord_rpc.node 2018-03-30 10:32 - 2018-03-30 10:32 - 001910264 _____ () \\?\C:\Users\Nicolas Mazzon\AppData\Roaming\discord\0.0.300\modules\discord_spellcheck\node_modules\cld\build\Release\cld.node 2018-03-30 10:32 - 2018-03-30 10:32 - 000422392 _____ () \\?\C:\Users\Nicolas Mazzon\AppData\Roaming\discord\0.0.300\modules\discord_spellcheck\node_modules\spellchecker\build\Release\spellchecker.node 2018-03-30 10:32 - 2018-03-30 10:32 - 000145400 _____ () \\?\C:\Users\Nicolas Mazzon\AppData\Roaming\discord\0.0.300\modules\discord_spellcheck\node_modules\keyboard-layout\build\Release\keyboard-layout-manager.node 2018-03-30 10:32 - 2018-03-30 10:32 - 009623896 _____ () \\?\C:\Users\Nicolas Mazzon\AppData\Roaming\discord\0.0.300\modules\discord_voice\discord_voice.node 2018-03-30 10:32 - 2018-03-30 10:32 - 001508344 _____ () \\?\C:\Users\Nicolas Mazzon\AppData\Roaming\discord\0.0.300\modules\discord_utils\discord_utils.node 2018-03-30 10:32 - 2018-03-30 10:32 - 000513016 _____ () \\?\C:\Users\Nicolas Mazzon\AppData\Roaming\discord\0.0.300\modules\discord_erlpack\discord_erlpack.node 2018-03-30 10:32 - 2018-03-30 10:32 - 001517560 _____ () \\?\C:\Users\Nicolas Mazzon\AppData\Roaming\discord\0.0.300\modules\discord_game_utils\discord_game_utils.node 2018-03-30 10:35 - 2018-03-30 10:35 - 002749944 _____ () \\?\C:\Users\Nicolas Mazzon\AppData\Roaming\discord\0.0.300\modules\discord_contact_import\discord_contact_import.node 2018-02-26 19:01 - 2018-03-23 21:19 - 081563584 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll 2018-03-20 16:42 - 2018-03-23 21:19 - 002478016 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\swiftshader\libglesv2.dll 2018-03-20 16:42 - 2018-03-23 21:19 - 000125376 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\swiftshader\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2017-09-29 09:46 - 2018-04-14 12:37 - 000003373 _____ C:\Windows\system32\Drivers\etc\hosts 172.0.0.1 motdgd.com 172.0.0.1 motd.pinion.gg 172.0.0.1 pinion.gg 172.0.0.1 pinionprizes.gg 172.0.0.1 vppgamingnetwork.com 0.0.0.0 adclick.g.doublecklick.net 0.0.0.0 adeventtracker.spotify.com 0.0.0.0 ads-fa.spotify.com 0.0.0.0 analytics.spotify.com 0.0.0.0 audio2.spotify.com 0.0.0.0 b.scorecardresearch.com 0.0.0.0 bounceexchange.com 0.0.0.0 bs.serving-sys.com 0.0.0.0 content.bitsontherun.com 0.0.0.0 core.insightexpressai.com 0.0.0.0 crashdump.spotify.com 0.0.0.0 d2gi7ultltnc2u.cloudfront.net 0.0.0.0 d3rt1990lpmkn.cloudfront.net 0.0.0.0 desktop.spotify.com 0.0.0.0 doubleclick.net 0.0.0.0 ds.serving-sys.com 0.0.0.0 open.spotify.com 0.0.0.0 googleadservices.com 0.0.0.0 googleads.g.doubleclick.net 0.0.0.0 gtssl2-ocsp.geotrust.com 0.0.0.0 js.moatads.com 0.0.0.0 log.spotify.com 0.0.0.0 media-match.com 0.0.0.0 omaze.com 0.0.0.0 pagead46.l.doubleclick.net ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1361136488-2336437257-4009925153-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg HKU\S-1-5-21-1361136488-2336437257-4009925153-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222018111552082\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg DNS Servers: 8.8.8.8 - 8.8.4.4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\Run: => "SecurityHealth" HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run32: => "Razer Synapse" HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud" HKU\S-1-5-21-1361136488-2336437257-4009925153-1001\...\StartupApproved\Run: => "CCleaner Monitoring" HKU\S-1-5-21-1361136488-2336437257-4009925153-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222018111552082\...\StartupApproved\Run: => "CCleaner Monitoring" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{19EF00EA-B08E-457F-95DB-C291D9A17DEB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{E29C9329-8574-40B9-A286-217E38D50873}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{60E6D465-398E-4850-BE86-7EF7620A2377}] => (Block) C:\windows\system32\svchost.exe FirewallRules: [{2765E0F4-2918-4A46-B9C9-43CDD8FCBA2B}] => (Block) C:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe FirewallRules: [{53E615E2-3FFB-4E1A-81EE-D8539249080F}] => (Block) C:\Windows\explorer.exe FirewallRules: [TCP Query User{FD300424-2A78-4A49-8236-8BDB3BE79C6A}C:\users\nicolas mazzon\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nicolas mazzon\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{6A2628BD-D1CC-4DD4-8AC4-3E5C603C4092}C:\users\nicolas mazzon\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nicolas mazzon\appdata\roaming\spotify\spotify.exe FirewallRules: [{421AB739-8D4B-41E1-A1C0-8B1DE6C55128}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{483E395B-2485-498B-8E3A-C8C5631F4408}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{568CA296-2AB1-4C2F-8DBF-AB82B79BAEC9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{9132702F-4897-49FE-B71F-F424A687D51D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{9BEF275E-65A5-4C3E-9DCE-0463205A8EE5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{A87E3F24-DC2B-4BD2-8D57-0B9B223D675D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{36EADE7E-60E9-48BB-B478-1D56A12CDD8B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe FirewallRules: [{F51C7602-2535-4745-B962-208FEA884FBD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe FirewallRules: [{A96A24B1-66D1-45ED-99B7-F25D60AA7254}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{F8427827-2033-4848-BD64-7662699082C0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [TCP Query User{AAF87A90-438F-44FA-B55C-92791B35A37B}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe FirewallRules: [UDP Query User{AACD63B8-D107-478D-BD7C-1444ED101161}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe FirewallRules: [{CD71B76A-3AC9-4B60-AC8D-272EAA4C708A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{C039FBE7-4327-4469-8FE8-95628D2EA7DB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{1249C980-4040-48F9-AAD6-7281B8772E22}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{EA77E0CC-FF68-4406-95C4-99897D68D310}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{3EDF82A8-AE9F-438B-B718-F2FEBBE9BDF7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe FirewallRules: [{63A427F2-4E16-4F0F-9B47-D94644782507}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe FirewallRules: [{72706C38-75E8-4490-B4D6-173590FF3AD9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{622EA1F2-51DA-44FD-8F7F-208055F0330B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{4277B103-5F06-4E30-86FA-F37AD40B81EE}] => (Allow) D:\Games\SteamLibrary\steamapps\Common\Besiege\Besiege.exe FirewallRules: [{8E02BB35-5DD7-4998-9548-76ECB1680AF5}] => (Allow) D:\Games\SteamLibrary\steamapps\Common\Besiege\Besiege.exe FirewallRules: [{0B5DAD85-D057-4DA9-8A8A-7C0C68CFBA13}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{21EB7392-5359-41E6-A386-7461F4AF55B5}] => (Allow) D:\Games\SteamLibrary\steamapps\Common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe FirewallRules: [{0A32913B-A060-43BD-AAB9-FC13693A949F}] => (Allow) D:\Games\SteamLibrary\steamapps\Common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe FirewallRules: [{CE443C81-2816-4BDF-B56A-1ED2BB181AE2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Duper Flying Genocide 2017\Super Duper Flying Genocide 2017.exe FirewallRules: [{D263194D-7049-48D1-8D66-E00A2A08E21F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Duper Flying Genocide 2017\Super Duper Flying Genocide 2017.exe FirewallRules: [{8CE67FC6-23F4-4191-AD34-F22DEB81F695}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\launcher.exe FirewallRules: [{8FB97B28-AC05-4B35-996C-6A2391660328}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\launcher.exe FirewallRules: [TCP Query User{057BD669-F5E3-4454-8691-A9B7C7766B6D}D:\games\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\games\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe FirewallRules: [UDP Query User{BC1C823E-43B3-4C49-9E0F-0AE574694686}D:\games\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\games\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe FirewallRules: [{F44F4CF3-D5A9-4D64-9CCC-B82FF3AE38F4}] => (Allow) C:\Program Files\Easeware\DriverEasy\DriverEasy.exe FirewallRules: [{58A2C682-1D02-48E2-B527-411E80940FC1}] => (Allow) D:\Games\SteamLibrary\steamapps\Common\Subnautica\Subnautica.exe FirewallRules: [{E5255ACE-A549-4BEA-AC01-9EA0085AC98E}] => (Allow) D:\Games\SteamLibrary\steamapps\Common\Subnautica\Subnautica.exe FirewallRules: [{11DCB905-B815-4FFE-9F38-4616A6A13736}] => (Allow) D:\Games\SteamLibrary\steamapps\Common\VRChat\VRChat.exe FirewallRules: [{E593A432-79AF-450E-A283-3D440A5394F1}] => (Allow) D:\Games\SteamLibrary\steamapps\Common\VRChat\VRChat.exe FirewallRules: [TCP Query User{3B58FF2E-A80E-4360-8F78-6DF66AADA5B7}C:\users\nicolas mazzon\desktop\monero-gui-0.10.3.1-beta2\monero-wallet-gui.exe] => (Allow) C:\users\nicolas mazzon\desktop\monero-gui-0.10.3.1-beta2\monero-wallet-gui.exe FirewallRules: [UDP Query User{2419D221-3545-49D6-A595-02114CAA4BA5}C:\users\nicolas mazzon\desktop\monero-gui-0.10.3.1-beta2\monero-wallet-gui.exe] => (Allow) C:\users\nicolas mazzon\desktop\monero-gui-0.10.3.1-beta2\monero-wallet-gui.exe FirewallRules: [TCP Query User{84FFFA66-B66B-4AAA-90D0-904F05C1EF6D}C:\users\nicolas mazzon\desktop\monero-gui-0.10.3.1-beta2\monerod.exe] => (Allow) C:\users\nicolas mazzon\desktop\monero-gui-0.10.3.1-beta2\monerod.exe FirewallRules: [UDP Query User{48018A2F-9DEF-46BE-8191-52A9222305CB}C:\users\nicolas mazzon\desktop\monero-gui-0.10.3.1-beta2\monerod.exe] => (Allow) C:\users\nicolas mazzon\desktop\monero-gui-0.10.3.1-beta2\monerod.exe FirewallRules: [TCP Query User{B2298887-715B-4FDD-BA9D-F418D165F192}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe FirewallRules: [UDP Query User{BF6D22A0-FCC1-4539-8F7A-021FC93DFC53}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe FirewallRules: [TCP Query User{3B279689-5E24-4962-8E9F-810141839F1F}C:\users\nicolas mazzon\documents\monero-gui-v0.12.0.0\monero-wallet-gui.exe] => (Allow) C:\users\nicolas mazzon\documents\monero-gui-v0.12.0.0\monero-wallet-gui.exe FirewallRules: [UDP Query User{DEAF7A96-0D3B-401A-A51A-1CF90D02F395}C:\users\nicolas mazzon\documents\monero-gui-v0.12.0.0\monero-wallet-gui.exe] => (Allow) C:\users\nicolas mazzon\documents\monero-gui-v0.12.0.0\monero-wallet-gui.exe FirewallRules: [TCP Query User{ECA5C636-F946-4C97-94F6-4772A7A85B7A}C:\users\nicolas mazzon\documents\monero-gui-v0.12.0.0\monerod.exe] => (Allow) C:\users\nicolas mazzon\documents\monero-gui-v0.12.0.0\monerod.exe FirewallRules: [UDP Query User{FA7BDDC7-D1E3-4A2B-BD0B-A012B98FB196}C:\users\nicolas mazzon\documents\monero-gui-v0.12.0.0\monerod.exe] => (Allow) C:\users\nicolas mazzon\documents\monero-gui-v0.12.0.0\monerod.exe FirewallRules: [{9B2C6FA1-0B45-4956-A9B1-7D1E79C2FB00}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Quake Live\quakelive_steam.exe FirewallRules: [{0FDAE4FC-DB69-4C47-87CD-D77CF525DAA6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Quake Live\quakelive_steam.exe ==================== Restore Points ========================= 22-04-2018 09:27:14 Windows Update ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/22/2018 09:05:28 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: I96LJEciI3Iw3R.exe, version: 0.0.0.0, time stamp: 0x5ad13754 Faulting module name: I96LJEciI3Iw3R.exe, version: 0.0.0.0, time stamp: 0x5ad13754 Exception code: 0xc0000005 Fault offset: 0x000000000011b48e Faulting process id: 0x3944 Faulting application start time: 0x01d3da3a9453c229 Faulting application path: F:\I96LJEciI3Iw3R.exe Faulting module path: F:\I96LJEciI3Iw3R.exe Report Id: 26b95af3-a2f5-486f-99ba-4132ffcc0eed Faulting package full name: Faulting package-relative application ID: Error: (04/21/2018 06:53:29 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: I96LtJGv7M6Of5.exe, version: 0.0.0.0, time stamp: 0x5ad13754 Faulting module name: I96LtJGv7M6Of5.exe, version: 0.0.0.0, time stamp: 0x5ad13754 Exception code: 0xc0000005 Fault offset: 0x000000000011b48e Faulting process id: 0x40bc Faulting application start time: 0x01d3d9c38f74f5a5 Faulting application path: R:\I96LtJGv7M6Of5.exe Faulting module path: R:\I96LtJGv7M6Of5.exe Report Id: 44bc705e-80f2-4366-bb26-dfcd2362c5e2 Faulting package full name: Faulting package-relative application ID: Error: (04/21/2018 06:52:24 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: I96Lv3t3UNieoP.exe, version: 0.0.0.0, time stamp: 0x5ad13754 Faulting module name: I96Lv3t3UNieoP.exe, version: 0.0.0.0, time stamp: 0x5ad13754 Exception code: 0xc0000005 Fault offset: 0x000000000011b48e Faulting process id: 0x3b28 Faulting application start time: 0x01d3d9c368255c0f Faulting application path: C:\Users\Nicolas Mazzon\Desktop\I96Lv3t3UNieoP.exe Faulting module path: C:\Users\Nicolas Mazzon\Desktop\I96Lv3t3UNieoP.exe Report Id: e1d7e976-2757-4f79-94ab-fe4fa28db62c Faulting package full name: Faulting package-relative application ID: Error: (04/21/2018 05:37:59 PM) (Source: VSS) (EventID: 12305) (User: ) Description: Volume Shadow Copy Service error: Volume/disk not connected or not found. Error context: CreateFileW(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy174,0xc0000000,0x00000003,...). Operation: Processing PostFinalCommitSnapshots Context: Execution Context: System Provider Error: (04/21/2018 05:13:26 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: I96LtJGv7M6Of5.exe, version: 0.0.0.0, time stamp: 0x5ad13754 Faulting module name: I96LtJGv7M6Of5.exe, version: 0.0.0.0, time stamp: 0x5ad13754 Exception code: 0xc0000005 Fault offset: 0x000000000011b48e Faulting process id: 0xadc Faulting application start time: 0x01d3d9b5956f62ec Faulting application path: R:\I96LtJGv7M6Of5.exe Faulting module path: R:\I96LtJGv7M6Of5.exe Report Id: d46e1779-34f8-453e-b97c-906b48d210a6 Faulting package full name: Faulting package-relative application ID: Error: (04/21/2018 05:11:19 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: I96LrvRwZIE21c.exe, version: 0.0.0.0, time stamp: 0x5ad13754 Faulting module name: I96LrvRwZIE21c.exe, version: 0.0.0.0, time stamp: 0x5ad13754 Exception code: 0xc0000005 Fault offset: 0x000000000011b48e Faulting process id: 0x1100 Faulting application start time: 0x01d3d9b548c1174f Faulting application path: C:\Users\Nicolas Mazzon\Desktop\I96LrvRwZIE21c.exe Faulting module path: C:\Users\Nicolas Mazzon\Desktop\I96LrvRwZIE21c.exe Report Id: d9f97968-0056-46c1-82e6-5113642e4364 Faulting package full name: Faulting package-relative application ID: Error: (04/21/2018 05:10:47 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: I96LrvRwZIE21c.exe, version: 0.0.0.0, time stamp: 0x5ad13754 Faulting module name: I96LrvRwZIE21c.exe, version: 0.0.0.0, time stamp: 0x5ad13754 Exception code: 0xc0000005 Fault offset: 0x000000000011b48e Faulting process id: 0x67c Faulting application start time: 0x01d3d9b5361a99de Faulting application path: C:\Users\Nicolas Mazzon\Desktop\I96LrvRwZIE21c.exe Faulting module path: C:\Users\Nicolas Mazzon\Desktop\I96LrvRwZIE21c.exe Report Id: 3854a3b6-39e7-4d77-bf0a-e0bf3fc83fd3 Faulting package full name: Faulting package-relative application ID: Error: (04/21/2018 05:09:26 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: I96L9AQiLmJne8.exe, version: 0.0.0.0, time stamp: 0x5ad13754 Faulting module name: I96L9AQiLmJne8.exe, version: 0.0.0.0, time stamp: 0x5ad13754 Exception code: 0xc0000005 Fault offset: 0x000000000011b48e Faulting process id: 0x33a4 Faulting application start time: 0x01d3d9b5065fce03 Faulting application path: R:\I96L9AQiLmJne8.exe Faulting module path: R:\I96L9AQiLmJne8.exe Report Id: cdbf8e49-24d9-440e-b24d-ec2dc021924a Faulting package full name: Faulting package-relative application ID: System errors: ============= Error: (04/22/2018 11:00:04 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender Antivirus - KB2267602 (Definition 1.267.154.0). Error: (04/22/2018 10:53:28 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-S7GCF3Q) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user DESKTOP-S7GCF3Q\Nicolas Mazzon SID (S-1-5-21-1361136488-2336437257-4009925153-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (04/22/2018 10:53:23 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-S7GCF3Q) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user DESKTOP-S7GCF3Q\Nicolas Mazzon SID (S-1-5-21-1361136488-2336437257-4009925153-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (04/22/2018 10:52:53 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (04/22/2018 10:52:53 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (04/22/2018 10:52:53 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (04/22/2018 10:52:53 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (04/22/2018 10:52:53 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Windows Defender: =================================== Date: 2018-04-22 11:18:59.983 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Detrahere.B!dr&threatid=2147725568&enterprise=0 Name: Trojan:Win32/Detrahere.B!dr ID: 2147725568 Severity: Severe Category: Trojan Path: file:_C:\Users\Nicolas Mazzon\AppData\Local\Temp\A924.tmp->[lowcase_mzpe];file:_C:\Users\Nicolas Mazzon\AppData\Local\Temp\DECA.tmp->[lowcase_mzpe] Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Signature Version: AV: 1.267.154.0, AS: 1.267.154.0, NIS: 1.267.154.0 Engine Version: AM: 1.1.14800.3, NIS: 1.1.14800.3 Date: 2018-04-22 11:18:59.981 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Detrahere.B!dr&threatid=2147725568&enterprise=0 Name: Trojan:Win32/Detrahere.B!dr ID: 2147725568 Severity: Severe Category: Trojan Path: file:_C:\Users\Nicolas Mazzon\AppData\Local\Temp\A924.tmp->[lowcase_mzpe] Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Signature Version: AV: 1.267.154.0, AS: 1.267.154.0, NIS: 1.267.154.0 Engine Version: AM: 1.1.14800.3, NIS: 1.1.14800.3 Date: 2018-04-22 11:18:52.329 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Spursint.F!cl&threatid=2147717281&enterprise=0 Name: Trojan:Win32/Spursint.F!cl ID: 2147717281 Severity: Severe Category: Trojan Path: file:_C:\Users\Nicolas Mazzon\Documents\Dynago 4.1.exe Detection Origin: Local machine Detection Type: FastPath Detection Source: Real-Time Protection Process Name: F:\FRST64.exe Signature Version: AV: 1.267.154.0, AS: 1.267.154.0, NIS: 1.267.154.0 Engine Version: AM: 1.1.14800.3, NIS: 1.1.14800.3 Date: 2018-04-22 11:18:36.781 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Spursint.F!cl&threatid=2147717281&enterprise=0 Name: Trojan:Win32/Spursint.F!cl ID: 2147717281 Severity: Severe Category: Trojan Path: file:_C:\Users\Nicolas Mazzon\Documents\Dynago 4.1.exe Detection Origin: Local machine Detection Type: FastPath Detection Source: Real-Time Protection Process Name: F:\FRST64.exe Signature Version: AV: 1.267.154.0, AS: 1.267.154.0, NIS: 1.267.154.0 Engine Version: AM: 1.1.14800.3, NIS: 1.1.14800.3 Date: 2018-04-22 11:18:29.127 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Occamy.C&threatid=2147726780&enterprise=0 Name: Trojan:Win32/Occamy.C ID: 2147726780 Severity: Severe Category: Trojan Path: file:_C:\Users\Nicolas Mazzon\Downloads\PenguR15.dll Detection Origin: Local machine Detection Type: FastPath Detection Source: Real-Time Protection Process Name: F:\FRST64.exe Signature Version: AV: 1.267.154.0, AS: 1.267.154.0, NIS: 1.267.154.0 Engine Version: AM: 1.1.14800.3, NIS: 1.1.14800.3 Date: 2018-04-22 09:35:12.362 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.267.150.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.14800.3 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. CodeIntegrity: =================================== Date: 2018-04-22 11:15:01.331 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements. Date: 2018-04-18 18:09:16.263 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== Processor: AMD Ryzen 5 1600 Six-Core Processor Percentage of memory in use: 28% Total physical RAM: 16319.22 MB Available physical RAM: 11649.86 MB Total Virtual: 18751.22 MB Available Virtual: 13277.59 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:222.97 GB) (Free:37.44 GB) NTFS Drive d: (500Gb HDD) (Fixed) (Total:465.76 GB) (Free:114.95 GB) NTFS Drive f: (B1G) (Removable) (Total:29.8 GB) (Free:29.76 GB) FAT32 \\?\Volume{ca8541eb-2a66-4f47-acc3-325694a5e4dc}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.13 GB) NTFS \\?\Volume{391cfbe7-7dd0-4454-b2c5-ec6c28252926}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 223.6 GB) (Disk ID: 6B2FCC51) Partition: GPT. ======================================================== Disk: 1 (Size: 465.8 GB) (Disk ID: 7FA3E06E) Partition: GPT. ======================================================== Disk: 2 (MBR Code: Windows 7/8/10) (Size: 29.8 GB) (Disk ID: FF333E17) Partition 1: (Not Active) - (Size=29.8 GB) - (Type=0C) ==================== End of Addition.txt ============================