here is the log file for Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-12-2017
Ran by LIM (28-12-2017 09:05:43)
Running from F:\
Windows 10 Home Single Language Version 1607 14393.693 (X64) (2016-12-27 12:46:30)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1694938941-4250371870-4056835700-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1694938941-4250371870-4056835700-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-1694938941-4250371870-4056835700-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-1694938941-4250371870-4056835700-501 - Limited - Disabled)
LIM (S-1-5-21-1694938941-4250371870-4056835700-1001 - Administrator - Enabled) => C:\Users\LIM
QBDataServiceUser26 (S-1-5-21-1694938941-4250371870-4056835700-1002 - Limited - Enabled) => C:\Users\QBDataServiceUser26
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-1694938941-4250371870-4056835700-1001\...\uTorrent) (Version: 3.5.0.44294 - BitTorrent Inc.)
ACA & MEP 2016 Object Enabler (HKLM\...\{5783F2D7-F004-0000-5102-0060B0CE6BBA}) (Version: 7.8.41.0 - Autodesk) Hidden
ACAD Private (HKLM\...\{5783F2D7-F001-0000-3102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.1.335 - Adobe Systems Incorporated)
Adobe Illustrator CC 2015 (HKLM-x32\...\{5680D629-B263-49CC-821E-3CEBD4507B51}) (Version: 19.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Premiere (HKLM\...\{C1CB876C-A08E-4692-B525-42848BD154D7}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CC 2017 (HKLM-x32\...\PPRO_11_0_1) (Version: 11.0.1 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-1694938941-4250371870-4056835700-1001\...\Akamai) (Version: - Akamai Technologies, Inc)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 378.49 - NVIDIA Corporation) Hidden
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.18 - ASUS)
AutoCAD 2016 - English (HKLM\...\{5783F2D7-F001-0409-2102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden
AutoCAD 2016 (HKLM\...\{5783F2D7-F001-0000-0102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden
AutoCAD 2016 Language Pack - English (HKLM\...\{5783F2D7-F001-0409-1102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden
Autodesk A360 Collaboration for Revit 2017 (HKLM\...\{AA384BE4-1700-0010-0000-97E7D7D00B17}) (Version: 17.0.416.0 - Autodesk) Hidden
Autodesk A360 Collaboration for Revit 2017 (HKLM\...\Autodesk A360 Collaboration for Revit 2017) (Version: 17.0.416.0 - Autodesk)
Autodesk Advanced Material Library Image Library 2016 (HKLM-x32\...\{94AD53E7-493B-4291-8714-7A3B761D2783}) (Version: 6.3.0.15 - Autodesk)
Autodesk App Manager 2016 (HKLM-x32\...\{4ECF9E00-2978-46AF-BD80-455EFEAB7A93}) (Version: 2.0.0 - Autodesk)
Autodesk AutoCAD 2016 - English (HKLM\...\AutoCAD 2016 - English) (Version: 20.1.49.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool 1.2.4 (HKLM-x32\...\{4E20873D-BC20-495C-AFD9-B18877B7F9BB}) (Version: 1.2.4.0 - Autodesk)
Autodesk BIM 360 Glue AutoCAD 2016 Add-in 64 bit (HKLM\...\{4BEE127E-95C4-434D-ABAC-65155192BB24}) (Version: 4.35.1742 - Autodesk)
Autodesk BIM 360 Revit 2017 Add-in 64 bit (HKLM\...\{A26EBAD5-9591-407F-9D6C-C7A4F3DFE506}) (Version: 4.37.6853 - Autodesk)
Autodesk Content Service (HKLM\...\{A37CDB58-AAE8-0000-8C13-E0F7BACB0D5F}) (Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Content Service (HKLM\...\Autodesk Content Service) (Version: 3.2.0.0 - Autodesk)
Autodesk Content Service Language Pack (HKLM\...\{A37CDB58-AAE8-0001-8C13-E0F7BACB0D5F}) (Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Desktop App (HKLM-x32\...\Autodesk Desktop App) (Version: 6.0.45.5 - Autodesk)
Autodesk Featured Apps 2016 (HKLM-x32\...\{D42F37CD-9AF9-4435-A474-B387C5BB6B47}) (Version: 2.0.0 - Autodesk)
Autodesk License Service (x64) - 3.1 (HKLM\...\{EB6FE58F-8576-4272-BB9C-6B47D9EDFA4D}) (Version: 3.1.26.0 - Autodesk)
Autodesk Material Library 2016 (HKLM-x32\...\{29A7D6EC-63C2-42FD-8143-5812ABD2923F}) (Version: 6.3.0.15 - Autodesk)
Autodesk Material Library 2017 (HKLM-x32\...\{8FB9F735-D64C-4991-8D91-4CDDAB1ABDEE}) (Version: 15.11.3.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2016 (HKLM-x32\...\{6B4CFC6E-ECB0-47FE-95D3-65C680ED0687}) (Version: 6.3.0.15 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2017 (HKLM-x32\...\{3FBFBC43-9882-43FA-B979-2D53896747B3}) (Version: 15.11.3.0 - Autodesk)
Autodesk Material Library Low Resolution Image Library 2017 (HKLM-x32\...\{360AC116-6CD4-4E7D-8174-28D47B05E898}) (Version: 15.11.3.0 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2017 (HKLM-x32\...\{CB6E007E-701D-42CD-AF0E-4BE9C36C7F7C}) (Version: 15.11.3.0 - Autodesk)
Autodesk Revit 2017 (HKLM\...\Autodesk Revit 2017) (Version: 17.0.416.0 - Autodesk)
Autodesk Revit 2017 (HKLM\...\Revit 2017) (Version: - )
Autodesk Revit Content Libraries 2017 (HKLM\...\Autodesk Revit Content Libraries 2017) (Version: 17.0.416.0 - Autodesk)
Autodesk Revit Content Libraries 2017 (HKLM\...\Revit Content Libraries 2017) (Version: - )
Autodesk Revit MEP Imperial Content v2.0 (HKLM\...\{F2538944-3E07-4E97-B41A-FC48AB53EE9D}) (Version: 2.0 - Autodesk)
Autodesk Revit MEP Metric Content v2.0 (HKLM\...\{DEF775C7-84BF-4730-976A-FE3747F1757C}) (Version: 2.0 - Autodesk)
Autodesk Workflows 2017 (HKLM\...\{23A13F78-5B67-441A-ABF9-48BE8B5455DB}) (Version: 15.11.13.0 - Autodesk, Inc.)
Cheat Engine 6.6 (HKLM-x32\...\Cheat Engine 6.6_is1) (Version: - Cheat Engine)
Chromium (HKU\S-1-5-21-1694938941-4250371870-4056835700-1001\...\Chromium) (Version: 58.0.2991.0 - Chromium)
Dynamo 0.9.1 (HKLM\...\{85626FB3-CAF9-49C1-AA28-E3C75164BD6F}) (Version: 0.9.1.4062 - Autodesk)
FARO LS 1.1.501.0 (64bit) (HKLM-x32\...\{8A470330-70B2-49AD-86AF-79885EF9898A}) (Version: 5.1.0.30630 - FARO Scanner Production)
FormIt 360 Converter For Revit 2017 (HKLM\...\{637211B6-D2E9-474A-BF06-4F61F1254104}) (Version: 1.9.0.0 - Autodesk)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.84 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation)
IronPython 2.7.3 (HKLM-x32\...\{1EBADAEA-1A0F-40E3-848C-0DD8C5E5A10D}) (Version: 2.7.31000.0 - IronPython Team)
Lumion 6.0 (HKLM\...\Lumion 6.0_is1) (Version: 6.0 - Act-3D B.V.)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.31007 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
NBA 2K17 (HKLM-x32\...\NBA 2K17_is1) (Version: 1.0.0.0 - 2K Games)
NVIDIA GeForce Experience 3.6.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.6.0.74 - NVIDIA Corporation)
NVIDIA Graphics Driver 378.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.49 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.6.0.74 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.4.10.0 - NVIDIA Corporation) Hidden
NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Personal Accelerator for Revit (HKLM\...\{7C317DB0-F31F-4024-A289-92CF4B6FB256}) (Version: 16.0.1109.0 - Autodesk) Hidden
Personal Accelerator for Revit (HKLM\...\Personal Accelerator for Revit) (Version: 16.0.1109.0 - Autodesk)
QuickBooks (HKLM-x32\...\{550E322B-82B7-46E3-863A-14D8DB14AD54}) (Version: 26.0.4001.2607 - Intuit Inc.) Hidden
QuickBooks Enterprise Solutions: Accountant Edition 16.0 (HKLM-x32\...\{5DCE99D1-75F8-4D91-B233-1C3F3694AF06}) (Version: 26.0.4001.2607 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7095 - Realtek Semiconductor Corp.)
Revit 2017 (HKLM\...\{7346B4A0-1700-0510-0000-705C0D862004}) (Version: 17.0.416.0 - Autodesk) Hidden
Revit Content Libraries 2017 (HKLM\...\{941030D0-1700-0410-0000-818BB38A95FC}) (Version: 17.0.416.0 - Autodesk) Hidden
Search the Web (Yahoo) (HKLM-x32\...\{3BF8D338-6B78-02B8-DAF8-72380A78A1B8}) (Version: - ) <==== ATTENTION
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0370 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.6.0.74 - NVIDIA Corporation) Hidden
SketchUp 2017 (HKLM\...\{F1E181BD-01D6-4754-92CC-DB8C259B9B28}) (Version: 17.0.18899 - Trimble, Inc.)
SketchUp Import 2016 (HKLM-x32\...\{C769FB7C-1F55-4B31-9A2A-21CEC50F4F92}) (Version: 2.0.0 - Autodesk)
Spatial Manager™ for AutoCAD (64-bit) (HKLM\...\{B669E14C-AF82-480C-9F67-DA6A54943D2F}) (Version: 3.3.2.6218 - Opencartis) Hidden
Spatial Manager™ for AutoCAD (HKLM-x32\...\{e457adef-8e2f-4d14-916e-c385f8cab7f7}) (Version: 3.3.2.6218 - Opencartis)
Spotify (HKU\S-1-5-21-1694938941-4250371870-4056835700-1001\...\Spotify) (Version: 1.0.69.336.g7edcc575 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{DE083343-D24D-4495-919E-18C65EC0F289}) (Version: 2.8.0.0 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{6DA2B636-698A-3294-BF4A-B5E11B238CDD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{14866AAD-1F23-39AC-A62B-7091ED1ADE64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
V-Ray 3.4 for SketchUp (HKLM\...\V-Ray 3.4 for SketchUp) (Version: 3.40.02 - Chaos Software Ltd)
V-Ray Online License Server (HKLM\...\V-Ray Online License Server) (Version: 4.3.1 - Chaos Software Ltd)
V-Ray Swarm (HKLM\...\V-Ray Swarm) (Version: 1.3.5 - Chaos Software Ltd)
Vulkan Run Time Libraries 1.0.37.0 (HKLM\...\VulkanRT1.0.37.0) (Version: 1.0.37.0 - LunarG, Inc.)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
World in Conflict - Complete Edition (HKLM-x32\...\1438332414_is1) (Version: 2.0.0.3 - GOG.com)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1694938941-4250371870-4056835700-1001_Classes\CLSID\{0a24e6bb-480e-e6cf-57ea-33fd34f4acd37}\InprocServer32 -> 0x60F410B9F4ECD201F40711B9F4ECD201010000000100000000000000 => No File
CustomCLSID: HKU\S-1-5-21-1694938941-4250371870-4056835700-1001_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1694938941-4250371870-4056835700-1001_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1694938941-4250371870-4056835700-1001_Classes\CLSID\{1b145bbd-ea0a-48d6-8d0f-1fa75499f8320}\InprocServer32 -> 0x9C64F5B8F4ECD2011BDEFDB8F4ECD201010000000100000000000000 => No File
CustomCLSID: HKU\S-1-5-21-1694938941-4250371870-4056835700-1001_Classes\CLSID\{5370C727-1451-4700-A960-77630950AF6D}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1694938941-4250371870-4056835700-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2016\en-US\acadficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1694938941-4250371870-4056835700-1001_Classes\CLSID\{f4842d96-3d17-aaa8-846e-beb437c33fc56}\InprocServer32 -> 0x4F5213B9F4ECD201EB0762BEEA72D301490000008D0A000000000000 => No File
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2015-02-06] (Autodesk, Inc.)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2015-02-06] (Autodesk)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2016-11-30] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-01-20] (NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {167EA4A1-9B2C-4409-9699-6264C0ADA4DF} - System32\Tasks\AdobeAAMUpdater-1.0-LIM-LIM => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {2CD9D503-01B9-435F-B916-3D708B396ACF} - System32\Tasks\{0DE0382D-2791-53AD-406A-1C2AB49B2DAB} => C:\Users\LIM\AppData\Local\Raroholo\PRODUC~1.EXE [2013-04-23] ()
Task: {365D96DE-B500-4B31-BC27-DB1C8062CF65} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-04] (NVIDIA Corporation)
Task: {51557E45-E011-43E0-BA30-0D9209F2F63F} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-04] (NVIDIA Corporation)
Task: {53F10F87-A2F1-42EE-9C0C-C1DED3E603DF} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-04] (NVIDIA Corporation)
Task: {6B28D2FB-610A-4991-B490-ADFF76211248} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-05-04] (NVIDIA Corporation)
Task: {6E2BE130-8313-4B74-9D41-676C601C80AD} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-05-04] (NVIDIA Corporation)
Task: {7D61424C-308C-4A0F-9DBF-5A628288BD54} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-27] (Google Inc.)
Task: {872F9BAC-4858-45B4-9992-B8F31E0C62E7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {8F24F334-AC29-44E4-AD5C-75E8D706C2B6} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2017-03-09] (AsusTek)
Task: {AC7290A8-F902-4DCD-B11D-2909D0400736} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-27] (Google Inc.)
Task: {B0B5ECBD-1CAE-4525-A1C1-DC35C8FF3E2A} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {BF07C018-759F-47BB-ABA5-EF2AEC605CEB} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-04] (NVIDIA Corporation)
Task: {D7D876FB-2043-4761-B3BD-1C658F3A2CD3} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-05-04] (NVIDIA Corporation)
Task: {E251C2DD-36E2-42C3-AED8-D64050FD27DB} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-G07V13C-LIM => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {E361C44D-B7F5-4CBD-B530-7652783D0952} - System32\Tasks\Microsoft Office 15 Sync Maintenance for LIM-LIM LIM => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation)
Task: {FA973858-6522-4116-9D36-8E1E66DDABC9} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-05-04] (NVIDIA Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-07-16 19:42 - 2016-07-16 19:42 - 000231424 _____ () C:\Windows\SYSTEM32\ism32k.dll
2016-12-20 12:06 - 2016-12-09 18:29 - 002681200 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-12-28 12:33 - 2017-01-20 23:13 - 000134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2009-08-03 03:53 - 2009-08-03 03:53 - 000027648 _____ () C:\Windows\System32\sso2ml6.dll
2016-12-28 15:15 - 2017-05-04 04:21 - 001267320 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-11-14 17:13 - 2017-11-14 17:13 - 000090176 _____ () C:\Program Files\Chaos Group\V-Ray Swarm\register-service.exe
2017-11-14 17:13 - 2017-11-14 17:13 - 000204800 _____ () \\?\C:\Program Files\Chaos Group\V-Ray Swarm\node_modules\v8-profiler\build\profiler\v5.6.5\node-v48-win32-x64\profiler.node
2017-11-14 17:13 - 2017-11-14 17:13 - 000163328 _____ () \\?\C:\Program Files\Chaos Group\V-Ray Swarm\node_modules\ref\build\Release\binding.node
2017-11-14 17:13 - 2017-11-14 17:13 - 000174592 _____ () \\?\C:\Program Files\Chaos Group\V-Ray Swarm\node_modules\ffi\build\Release\ffi_bindings.node
2016-10-25 09:57 - 2016-10-25 09:57 - 000491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-12-27 20:51 - 2016-12-27 20:51 - 000959168 _____ () C:\Users\LIM\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\ClientTelemetry.dll
2015-08-14 14:28 - 2016-11-30 21:57 - 000401888 _____ () C:\Windows\system32\igfxTray.exe
2016-09-17 08:23 - 2016-09-07 12:56 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 10:10 - 2016-12-21 15:09 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-11 10:09 - 2016-12-21 14:54 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 10:09 - 2016-12-21 14:48 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-11 10:09 - 2016-12-21 14:48 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 10:09 - 2016-12-21 14:48 - 002424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 10:09 - 2016-12-21 14:53 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-04-21 12:44 - 2015-04-21 12:44 - 000059784 _____ () C:\Program Files\Autodesk\Personal Accelerator for Revit\qoauth_Ad_1.dll
2015-04-21 12:44 - 2015-04-21 12:44 - 000232328 _____ () C:\Program Files\Autodesk\Personal Accelerator for Revit\qjson_Ad_0.dll
2015-04-21 12:44 - 2015-04-21 12:44 - 000922504 _____ () C:\Program Files\Autodesk\Personal Accelerator for Revit\qca_Ad_2.dll
2015-04-21 12:44 - 2015-04-21 12:44 - 000048520 _____ () C:\Program Files\Autodesk\Personal Accelerator for Revit\QtSolutions_MFCMigrationFramework_Ad_2.dll
2017-12-28 06:48 - 2017-12-06 12:24 - 004063064 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.84\libglesv2.dll
2017-12-28 06:48 - 2017-12-06 12:24 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.84\libegl.dll
2016-07-16 19:42 - 2016-07-16 19:42 - 000025088 _____ () C:\Windows\System32\GamePanelExternalHook.dll
2017-11-22 18:18 - 2016-01-19 13:15 - 000055304 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\QtSolutions_Service-head.dll
2017-11-22 18:18 - 2016-01-19 13:15 - 000103944 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\qjson0.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
HKU\S-1-5-21-1694938941-4250371870-4056835700-1001\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1"
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2016-12-28 11:46 - 2016-12-27 22:12 - 000001023 _____ C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 activate.adobe.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1694938941-4250371870-4056835700-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
HKU\S-1-5-21-1694938941-4250371870-4056835700-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 192.168.254.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\Services: AdAppMgrSvc => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeUpdateService => 2
MSCONFIG\Services: Autodesk Content Service => 2
HKLM\...\StartupApproved\StartupFolder: => "ScpToolkit Tray Notifications.lnk"
HKLM\...\StartupApproved\StartupFolder: => "QuickBooks Web Connector.lnk"
HKLM\...\StartupApproved\StartupFolder: => "QuickBooks Update Agent.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Intuit Data Protect.lnk"
HKLM\...\StartupApproved\StartupFolder: => "QuickBooks_Standard_21.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "XboxStat"
HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
HKLM\...\StartupApproved\Run32: => "ADSKAppManager"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Intuit SyncManager"
HKU\S-1-5-21-1694938941-4250371870-4056835700-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1694938941-4250371870-4056835700-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1694938941-4250371870-4056835700-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1694938941-4250371870-4056835700-1001\...\StartupApproved\Run: => "Steam"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{F6B4F9F3-FD24-497A-9379-F93AE3640F36}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{1B796C16-1956-4197-8E2B-65CD1DA4F7DD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{7B73D304-D0A3-41D0-A18F-EEE379BFC1E5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{06CE313C-B5E6-4FA5-931B-80B5E571BBC4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{03FE52A1-E407-4F47-956E-A1133798EE0B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{6A526C3E-9912-491A-A3C3-578D0054322C}] => (Allow) F:\from DRIVE D computer\Installers (important)\Microsoft Office Professional Plus 2013\Microsoft Toolkit.exe
FirewallRules: [{7AF38980-7029-4179-A9F3-73A8A3D77396}] => (Allow) C:\Users\LIM\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FBB86429-2184-4CBB-B8E4-CA2AF8442B99}] => (Allow) C:\Users\LIM\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{63D3B672-A0F6-40B9-ABE9-6280D53228F6}] => (Allow) C:\Users\LIM\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CC6B7358-80A5-4EF6-86EA-7FC4CF0623DA}] => (Allow) C:\Users\LIM\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2EC77C86-06F5-4A73-BB52-C4E639A24AC1}] => (Allow) C:\Users\LIM\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{741FA67B-8937-4A7D-9CCC-77867F5E4664}] => (Allow) C:\Users\LIM\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{98AA678B-E228-41B7-AB75-F938140B94C8}] => (Allow) LPort=50248
FirewallRules: [TCP Query User{540D0C86-B20C-48BB-891E-AD716579C7C2}C:\program files\sketchup\sketchup 2016\sketchup.exe] => (Block) C:\program files\sketchup\sketchup 2016\sketchup.exe
FirewallRules: [UDP Query User{AFCE1BBC-73EE-4947-B932-ECC2D7AFEDCC}C:\program files\sketchup\sketchup 2016\sketchup.exe] => (Block) C:\program files\sketchup\sketchup 2016\sketchup.exe
FirewallRules: [TCP Query User{B2BF88CC-30B6-4C02-B9DF-5A785755385C}C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe] => (Block) C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe
FirewallRules: [UDP Query User{BDA800E3-FA9F-48A9-9165-E07F7A8ACB9F}C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe] => (Block) C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe
FirewallRules: [TCP Query User{01B9054B-C183-44FC-9090-7161A0A9BC23}C:\users\lim\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\lim\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{85045D50-1300-4D43-AFEE-BF0A4E850DEE}C:\users\lim\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\lim\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{C22A11F1-34A2-4A31-93CD-FDFE266F4F9D}C:\program files (x86)\2k games\nba 2k17\nba2k17.exe] => (Allow) C:\program files (x86)\2k games\nba 2k17\nba2k17.exe
FirewallRules: [UDP Query User{D422B3EE-4230-4C2B-B9CC-B8A146086D38}C:\program files (x86)\2k games\nba 2k17\nba2k17.exe] => (Allow) C:\program files (x86)\2k games\nba 2k17\nba2k17.exe
FirewallRules: [{E3FB2386-316A-41D9-81DF-0FC94B08514C}] => (Block) %ProgramFiles%\Adobe\Adobe Premiere Pro CC 2017\Adobe Premiere Pro.exe
FirewallRules: [{C8899157-8923-4CD5-BAC2-24A3D716FD07}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop CC 2015\Photoshop.exe
FirewallRules: [{E4237EEE-757C-48A6-AC89-935D5F79182A}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 16.0\qbdbmgrn.exe
FirewallRules: [{5F02E580-C370-48AB-9FFA-7DA51F0A8CB0}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 16.0\qbdbmgrn.exe
FirewallRules: [{5E20228F-3FFB-4923-8DFD-6E87BF669909}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 16.0\qbw32.exe
FirewallRules: [{5C5E8FD8-8D82-4C05-A14A-7EC81587B6A4}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 16.0\qbw32.exe
FirewallRules: [{A3980C04-B1F5-43B3-AC56-8978C299181E}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 16.0\dbmanagerexe.exe
FirewallRules: [{DE94AAE4-EC7A-4B10-9C3B-01F83455D148}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 16.0\dbmanagerexe.exe
FirewallRules: [{3A5F205C-734B-48D8-885B-16AAB43BDF2D}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 16.0\filemanagement.exe
FirewallRules: [{5E2F4969-2DFB-4088-BBF2-12EEB32F2885}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 16.0\filemanagement.exe
FirewallRules: [{D6BD718E-EA5A-4EF6-A3B2-66E2ACCF7E0F}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\qblaunch.exe
FirewallRules: [{753F30E8-7D12-4C1F-8ACB-3821C23FDC84}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\qblaunch.exe
FirewallRules: [{17CA482F-AA68-4931-B117-97923596299B}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
FirewallRules: [{4C15C720-E936-433A-B8C4-C5C9775997C8}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
FirewallRules: [{7508DB39-82D2-4FB7-94CA-1DFD02347587}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2E4DB797-E6E7-4017-8CE9-9742936612F9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{DDECBAB9-2A4A-4FBB-8842-3500469EA1E4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{22C4C7A6-3099-4D74-BC97-EC2880E5DAD6}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{74D30090-C9E0-4310-8A0B-15E2DFC05F19}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{9A097499-C5EE-4DE3-9612-449E8C8F34A4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [TCP Query User{D7419773-F197-4BAF-A675-5F98199D4694}D:\movies\[pc] battlefield vietnam [dopeman]\battlefield vietnam\bfvietnam.exe] => (Block) D:\movies\[pc] battlefield vietnam [dopeman]\battlefield vietnam\bfvietnam.exe
FirewallRules: [UDP Query User{62B69899-E63E-4E37-9F96-43D100DCC3CB}D:\movies\[pc] battlefield vietnam [dopeman]\battlefield vietnam\bfvietnam.exe] => (Block) D:\movies\[pc] battlefield vietnam [dopeman]\battlefield vietnam\bfvietnam.exe
FirewallRules: [TCP Query User{DA98701B-62EC-4881-A1D0-FFC5993FD633}C:\program files (x86)\world in conflict - complete edition\wic.exe] => (Allow) C:\program files (x86)\world in conflict - complete edition\wic.exe
FirewallRules: [UDP Query User{88CD954B-2406-47E4-B084-DD316282F105}C:\program files (x86)\world in conflict - complete edition\wic.exe] => (Allow) C:\program files (x86)\world in conflict - complete edition\wic.exe
FirewallRules: [{0C329B36-A09C-4A3B-9C9F-B7A8D25F643A}] => (Allow) C:\Users\LIM\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{A98F39EE-C585-40D0-A38B-64D2C869BD8F}] => (Allow) C:\Program Files\Chaos Group\V-Ray\V-Ray 3.4 for SketchUp\extension\vrayneui-win32-x64\vrayneui.exe
FirewallRules: [{D4B78C5C-24A0-4D52-BB87-D9088DDAB44A}] => (Allow) C:\Program Files\Chaos Group\V-Ray\V-Ray 3.4 for SketchUp\extension\vrayneui-win32-x64\vrayneui.exe
FirewallRules: [{F0BA7A48-8E54-46CE-8D4F-2A317562CBE4}] => (Allow) C:\Program Files\Chaos Group\VRLService\OLS\vrol.exe
FirewallRules: [{93321966-275B-4736-B20C-BA3E3644DED3}] => (Allow) C:\Program Files\Chaos Group\VRLService\OLS\vrol.exe
FirewallRules: [{5B9C6D6F-5900-4FB7-97D2-5D47948CA1C1}] => (Allow) LPort=20208
FirewallRules: [{47E200FD-FF30-49AE-AF8D-229AB63AA875}] => (Allow) LPort=20208
FirewallRules: [{57565F21-D9BE-4674-BFD9-21D2FF369CCE}] => (Allow) C:\Program Files\Chaos Group\V-Ray Swarm\swrm.exe
FirewallRules: [{E2CE141A-CED7-4BE9-8326-0B440DAB4725}] => (Allow) C:\Program Files\Chaos Group\V-Ray Swarm\swrm.exe
FirewallRules: [TCP Query User{CBE7DE90-F99B-4D1F-9B57-4864EB4EDE7F}C:\program files\sketchup\sketchup 2017\sketchup.exe] => (Allow) C:\program files\sketchup\sketchup 2017\sketchup.exe
FirewallRules: [UDP Query User{00C8D070-61B2-458A-A862-038D72C9F0E2}C:\program files\sketchup\sketchup 2017\sketchup.exe] => (Allow) C:\program files\sketchup\sketchup 2017\sketchup.exe
FirewallRules: [TCP Query User{10F120AB-69A5-4291-A674-B65E5562DF88}C:\users\lim\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\lim\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{A98CCC44-BC8D-44F5-8801-61B54C1D8A2F}C:\users\lim\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\lim\appdata\local\akamai\netsession_win.exe
FirewallRules: [{E3577175-03CC-4F0B-AED2-53019E34C6B5}] => (Allow) LPort=50395
FirewallRules: [{2E6AFBF5-0A0B-43AB-AF62-DA420FBEF236}] => (Allow) LPort=5000
FirewallRules: [{28AB18F4-6C4E-4688-B9B8-0447F1513CEF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
08-12-2017 15:49:57 Windows Update
13-12-2017 06:54:05 Windows Update
28-12-2017 07:26:21 Windows Update
==================== Faulty Device Manager Devices =============
Name: NVIDIA Virtual Audio Device (Wave Extensible) (WDM)
Description: NVIDIA Virtual Audio Device (Wave Extensible) (WDM)
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: NVIDIA
Service: nvvad_WaveExtensible
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
Name: NVVHCI Enumerator
Description: NVVHCI Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: NVIDIA
Service: nvvhci
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
==================== Event log errors: =========================
Application errors:
==================
Error: (12/28/2017 09:02:47 AM) (Source: ESENT) (EventID: 474) (User: )
Description: Catalog Database (1612) Catalog Database: The database page read from the file "C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 6283264 (0x00000000005fe000) (database page 1533 (0x5FD)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The stored checksum was [1d991d99a310fa30] and the computed checksum was [1d991d99a310df98]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Error: (12/28/2017 08:50:11 AM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfParticipantDisplayService
GetDisplayBrightnessFromPowerSettings: Could not inform driver of current brightness value.
Error: (12/28/2017 08:50:11 AM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfParticipantDisplayService
SetBrightnessSettingInDriver: p_handle is NULL.
Error: (12/28/2017 08:50:11 AM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfParticipantDisplayService
SetDisplayBrightnessViaPowerSettings: Could not obtain brightness value to set from driver.
Error: (12/28/2017 08:50:11 AM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfParticipantDisplayService
GetBrightnessSettingFromDriver: p_handle is NULL.
Error: (12/28/2017 08:50:11 AM) (Source: DptfEvent) (EventID: 2) (User: )
Description: DptfParticipantDisplayService
ConnectToDptfDisplayDriver: SetupDiEnumDeviceInterfaces() failed.
Last error = [0x00000103]
System errors:
=============
Error: (12/28/2017 08:58:32 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (12/28/2017 08:53:50 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error:
Unspecified error
Error: (12/28/2017 08:51:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (12/28/2017 08:51:25 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the FontCache3.0.0.0 service to connect.
Error: (12/28/2017 08:50:55 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (12/28/2017 08:50:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Ds3Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (12/28/2017 08:50:39 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Ds3Service service to connect.
Error: (12/28/2017 08:50:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMService service failed to start due to the following error:
The system cannot find the file specified.
Error: (12/28/2017 08:48:41 AM) (Source: DCOM) (EventID: 10010) (User: LIM)
Description: The server Windows.Media.Capture.Internal.AppCaptureShell did not register with DCOM within the required timeout.
Error: (12/28/2017 08:48:40 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
==================== Memory info ===========================
Processor: Intel® Core™ i7-4500U CPU @ 1.80GHz
Percentage of memory in use: 46%
Total physical RAM: 7321.43 MB
Available physical RAM: 3943.7 MB
Total Virtual: 11161.43 MB
Available Virtual: 7534.44 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:372.6 GB) (Free:235.76 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (DATA) (Fixed) (Total:537.8 GB) (Free:187.29 GB) NTFS
Drive f: () (Removable) (Total:7.48 GB) (Free:7.48 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 85AEADEC)
Partition: GPT.
========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 08FE6CD8)
Partition 1: (Not Active) - (Size=7.5 GB) - (Type=0B)
==================== End of Addition.txt ============================
Sign In
Create Account
