Task: {2D9E8099-B96F-4847-9B99-53D5962D412B} - System32\Tasks\Microsoft\Windows\WDI\SrvHost => rundll32.exe winscomrssrv.dll,SrvMainHost <==== ATTENTION
Task: {4B40F8B4-B149-40DA-B61F-8C130469ED26} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => rundll32.exe StartupCheckLibrary.dll,DllMainRunLibrary <==== ATTENTION
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [81280 2019-11-19] (Mixbyte Inc -> Freemake)
CustomCLSID: HKU\S-1-5-21-1374689461-2237827185-1603796741-1001_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9}\InprocServer32 -> C:\Users\Specu\AppData\Local\Google\Update\1.3.34.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1374689461-2237827185-1603796741-1001_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> D:\Program Files\AutoCAD\AutoCAD 2014\acad.exe => No File
CustomCLSID: HKU\S-1-5-21-1374689461-2237827185-1603796741-1001_Classes\CLSID\{6D7AE628-FF41-4CD3-91DD-34825BB1A251}\localserver32 -> D:\Program Files\Autodesk\AutoCAD 2012 - English\acad.exe /Automation => No File
CustomCLSID: HKU\S-1-5-21-1374689461-2237827185-1603796741-1001_Classes\CLSID\{7DE1BE5C-CEBA-4F1D-ACBC-9CE11EE9A2A1}\localserver32 -> D:\Program Files\AutoCAD\AutoCAD 2014\acad.exe /Automation => No File
CustomCLSID: HKU\S-1-5-21-1374689461-2237827185-1603796741-1001_Classes\CLSID\{86508D42-E5D7-4D10-9C6F-D427AEEB85B5}\InprocServer32 -> C:\Users\Specu\AppData\Local\Google\Update\1.3.34.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1374689461-2237827185-1603796741-1001_Classes\CLSID\{B77E471C-FBF3-4CB5-880F-D7528AD4B349}\localserver32 -> D:\Program Files\Autodesk\AutoCAD 2012 - English\acad.exe /Automation => No File
CustomCLSID: HKU\S-1-5-21-1374689461-2237827185-1603796741-1001_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> D:\Program Files\AutoCAD\AutoCAD 2014\acad.exe /Automation => No File
CustomCLSID: HKU\S-1-5-21-1374689461-2237827185-1603796741-1001_Classes\CLSID\{C92FB640-AD4D-498A-9979-A51A2540C977}\localserver32 -> D:\Program Files\Autodesk\AutoCAD 2012 - English\acad.exe /Automation => No File
CustomCLSID: HKU\S-1-5-21-1374689461-2237827185-1603796741-1001_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}\localserver32 -> D:\Program Files\Autodesk\AutoCAD 2012 - English\acad.exe => No File
CustomCLSID: HKU\S-1-5-21-1374689461-2237827185-1603796741-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> D:\Program Files\Autodesk\AutoCAD 2012 - English\acadficn.dll => No File
CustomCLSID: HKU\S-1-5-21-1374689461-2237827185-1603796741-1001_Classes\CLSID\{EF076C91-DC9E-43E3-84ED-3D219E065A4F}\InprocServer32 -> C:\Users\Specu\AppData\Local\Google\Update\1.3.35.302\psuser_64.dll => No File
AlternateDataStreams: C:\ProgramData\TEMP:6DAA43DB [408]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [237]
AlternateDataStreams: C:\Users\Specu\AppData\Local\Temp:$DATA​ [34]
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <==== ATTENTION
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <==== ATTENTION
HKU\S-1-5-21-1374689461-2237827185-1603796741-1001\Software\Classes\exefile: "%1" %* <==== ATTENTION
HKU\S-1-5-21-1374689461-2237827185-1603796741-1001\Software\Classes\.exe: exefile => "%1" %* <==== ATTENTION
CMD: mkdir C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer
CMD: mkdir C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot: