Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-09-2017 Ran by Ell (22-09-2017 20:25:46) Running from C:\Users\Ell\Desktop Windows 8.1 (Update) (X64) (2015-08-16 18:49:57) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1066567997-190004360-2357831206-500 - Administrator - Disabled) Ell (S-1-5-21-1066567997-190004360-2357831206-1002 - Administrator - Enabled) => C:\Users\Ell Guest (S-1-5-21-1066567997-190004360-2357831206-501 - Limited - Disabled) lydia_000 (S-1-5-21-1066567997-190004360-2357831206-1003 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kaspersky Internet Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Kaspersky Internet Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) A360 Desktop (HKLM\...\{B209E611-5511-4AD6-B4B3-9D36F93DBCD4}) (Version: 6.0.3.1100 - Autodesk) ACA & MEP 2016 Object Enabler (HKLM\...\{5783F2D7-F004-0000-5102-0060B0CE6BBA}) (Version: 7.8.41.0 - Autodesk) Hidden ACAD Private (HKLM\...\{5783F2D7-F001-0000-3102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.2.0.211 - Adobe Systems Incorporated) Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_1_1) (Version: 18.1.1 - Adobe Systems Incorporated) Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.2.172 - Adobe Systems, Inc.) Akamai NetSession Interface (HKU\S-1-5-21-1066567997-190004360-2357831206-1002\...\Akamai) (Version: - Akamai Technologies, Inc) AMD Catalyst Install Manager (HKLM\...\{3FAEEEBE-48F4-84C1-2B49-96AE73E67E3E}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) AutoCAD 2016 (HKLM\...\{5783F2D7-F001-0000-0102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden AutoCAD 2016 Language Pack - Français (French) (HKLM\...\{5783F2D7-F001-040C-1102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden Autodesk App Manager 2016 (HKLM-x32\...\{4ECF9E00-2978-46AF-BD80-455EFEAB7A93}) (Version: 2.0.0 - Autodesk) Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 4.0.69.0 - Autodesk) Autodesk AutoCAD Performance Feedback Tool 1.2.4 (HKLM-x32\...\{4E20873D-BC20-495C-AFD9-B18877B7F9BB}) (Version: 1.2.4.0 - Autodesk) Autodesk BIM 360 Glue AutoCAD 2016 Add-in 64 bit (HKLM\...\{4BEE127E-95C4-434D-ABAC-65155192BB24}) (Version: 4.35.1742 - Autodesk) Autodesk Content Service (HKLM\...\{A37CDB58-AAE8-0000-8C13-E0F7BACB0D5F}) (Version: 3.2.0.0 - Autodesk) Hidden Autodesk Content Service (HKLM\...\Autodesk Content Service) (Version: 3.2.0.0 - Autodesk) Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.1.3.0 - Autodesk) Autodesk Content Service Language Pack (HKLM\...\{A37CDB58-AAE8-0001-8C13-E0F7BACB0D5F}) (Version: 3.2.0.0 - Autodesk) Hidden Autodesk Featured Apps 2016 (HKLM-x32\...\{D42F37CD-9AF9-4435-A474-B387C5BB6B47}) (Version: 2.0.0 - Autodesk) Autodesk Material Library 2016 (HKLM-x32\...\{29A7D6EC-63C2-42FD-8143-5812ABD2923F}) (Version: 6.3.0.15 - Autodesk) Autodesk Material Library Base Resolution Image Library 2016 (HKLM-x32\...\{6B4CFC6E-ECB0-47FE-95D3-65C680ED0687}) (Version: 6.3.0.15 - Autodesk) Autodesk SketchBook Pro 7 (HKLM\...\{4448344E-76B2-45B7-826B-0D4110301533}) (Version: 7.21.0000 - Autodesk) D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden FARO LS 1.1.502.0 (64bit) (HKLM-x32\...\{66D83FE0-D798-4B38-86FE-FB48151E5AEF}) (Version: 5.2.0.35213 - FARO Scanner Production) Galerie de photos Windows Live (HKLM-x32\...\{488F0347-C4A7-4374-91A7-30818BEDA710}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd) HP CoolSense (HKLM-x32\...\{16B7BDA1-B967-4D2D-8B27-E12727C28350}) (Version: 2.10.3 - Hewlett-Packard Company) HP Documentation (HKLM-x32\...\{1AC082E0-049D-4C5C-9ECF-9473AD5A949D}) (Version: 1.1.0.0 - Hewlett-Packard) HP Quick Launch (HKLM-x32\...\{4ED7050C-9332-4FB2-AB07-E94F25A53D39}) (Version: 3.0.3 - Hewlett-Packard Company) HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard) HP Software Framework (HKLM-x32\...\{835B275B-F29B-464B-BD4B-097FD55FAB0A}) (Version: 4.6.8.1 - Hewlett-Packard Company) HP Support Assistant (HKLM-x32\...\{E959FD01-BD01-4CC4-9BB8-4EBE8309BF37}) (Version: 8.4.19.3 - HP) HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.7.27.15 - HP) HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard) HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.5.1 - Hewlett-Packard Company) HydraVision (HKLM-x32\...\{89CE7F9B-B4DF-8585-638B-6BD807ADE9C7}) (Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6417.0 - IDT) Kaspersky Internet Security (HKLM-x32\...\{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab) Hidden Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab) Malwarebytes Anti-Malware v2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes Anti-Malware) MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited) Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 47.0.2 (x86 fr) (HKLM-x32\...\Mozilla Firefox 47.0.2 (x86 fr)) (Version: 47.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4 - Mozilla) Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek) Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) SketchUp 2017 (HKLM\...\{F1E181BD-01D6-4754-92CC-DB8C259B9B28}) (Version: 17.0.18899 - Trimble, Inc.) Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation) Skype™ 7.37 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.37.103 - Skype Technologies S.A.) swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated) Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{6DA2B636-698A-3294-BF4A-B5E11B238CDD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation) Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation) Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation) Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation) Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation) Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{14866AAD-1F23-39AC-A62B-7091ED1ADE64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation) Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation) Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) V-Ray 3.4 for SketchUp (HKLM\...\V-Ray 3.4 for SketchUp) (Version: 3.40.04 - Chaos Software Ltd) V-Ray Online License Server (HKLM\...\V-Ray Online License Server) (Version: 4.4.1 - Chaos Software Ltd) Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17343 - Microsoft Corporation) Windows Live (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1066567997-190004360-2357831206-1002_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe /Automation => No File CustomCLSID: HKU\S-1-5-21-1066567997-190004360-2357831206-1002_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe => No File CustomCLSID: HKU\S-1-5-21-1066567997-190004360-2357831206-1002_Classes\CLSID\{5370C727-1451-4700-A960-77630950AF6D}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe /Automation => No File CustomCLSID: HKU\S-1-5-21-1066567997-190004360-2357831206-1002_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe => No File CustomCLSID: HKU\S-1-5-21-1066567997-190004360-2357831206-1002_Classes\CLSID\{7DE1BE5C-CEBA-4F1D-ACBC-9CE11EE9A2A1}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe /Automation => No File CustomCLSID: HKU\S-1-5-21-1066567997-190004360-2357831206-1002_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe /Automation => No File CustomCLSID: HKU\S-1-5-21-1066567997-190004360-2357831206-1002_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2016\fr-FR\acadficn.dll (Autodesk, Inc.) ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Ell\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] () ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Ell\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] () ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Ell\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] () ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => AcSignIcon.dll -> No File ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Ell\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] () ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Ell\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] () ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Ell\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] () ShellIconOverlayIdentifiers-x32: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => AcSignIcon.dll -> No File ContextMenuHandlers1: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Ell\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] () ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll -> No File ContextMenuHandlers1: [Kaspersky Anti-Virus 16.0.0] -> {C845F70F-050A-4052-81DE-587D90C20FE8} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\shellex.dll [2017-06-30] (Kaspersky Lab ZAO) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-18] (Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-18] (Alexander Roshal) ContextMenuHandlers2: [Kaspersky Anti-Virus 16.0.0] -> {C845F70F-050A-4052-81DE-587D90C20FE8} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\shellex.dll [2017-06-30] (Kaspersky Lab ZAO) ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers4: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Ell\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] () ContextMenuHandlers4: [Kaspersky Anti-Virus 16.0.0] -> {C845F70F-050A-4052-81DE-587D90C20FE8} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\shellex.dll [2017-06-30] (Kaspersky Lab ZAO) ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2014-04-17] (Advanced Micro Devices, Inc.) ContextMenuHandlers6: [Kaspersky Anti-Virus 16.0.0] -> {C845F70F-050A-4052-81DE-587D90C20FE8} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\shellex.dll [2017-06-30] (Kaspersky Lab ZAO) ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-18] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-18] (Alexander Roshal) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {02608101-4B2C-4C3A-AC46-763F22DAE1BE} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION Task: {070B7C78-446D-48F5-96A2-09911B5F508B} - \6ddde594-a416-47af-9f95-0592ff8a588d-5_user -> No File <==== ATTENTION Task: {0DCEC632-F6F3-4654-AE6C-C4F4405EF3AB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-14] (Google Inc.) Task: {26A8C566-44DF-4ABD-828E-89DA2A2FC1E2} - \6ddde594-a416-47af-9f95-0592ff8a588d-1-6 -> No File <==== ATTENTION Task: {3113623E-C511-402E-B184-E471017D3C78} - \6ddde594-a416-47af-9f95-0592ff8a588d-7 -> No File <==== ATTENTION Task: {408067FA-0ED4-4674-B7ED-CA37D678A4DC} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-07-12] (AVAST Software) Task: {422A88ED-937C-4AA0-87D4-E2E05EF20010} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {441AB90F-4DF2-4642-8587-64E6E5A1C100} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2017-06-30] (AO Kaspersky Lab) Task: {51905E34-A8AF-4CD6-BFE9-3EE501E6B774} - System32\Tasks\OrangeDefenderUpdate => C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\updAvTask.exe Task: {589D7632-EE07-4A81-87CF-8E5E6F8D65FD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-04-01] (HP Inc.) Task: {58F5AD20-D72B-4C42-BEA1-0607C76B934F} - System32\Tasks\HPCeeScheduleForEll => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard) Task: {6709E2ED-FE74-4D9D-901E-ABA2C8E8BF20} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe Task: {6C56D8CF-9516-4F24-BAFF-A45E1B015966} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-lydia20011@outlook.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated) Task: {745E12B5-1567-496F-A02D-B1AA58A3AEE6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.) Task: {7EF68824-5556-49EA-A432-96F78477D11D} - \6ddde594-a416-47af-9f95-0592ff8a588d-1-7 -> No File <==== ATTENTION Task: {803C4409-B05B-4B80-BB63-145F78BFA37E} - \Crossbrowse -> No File <==== ATTENTION Task: {83E33DDE-7469-4FF3-A557-308E54716CE7} - System32\Tasks\UninstallMonitor => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe Task: {907DDE22-2B97-452F-BFA5-379244620CA4} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {97112D6A-D68E-499F-AF56-A84808212C5F} - System32\Tasks\Avira System Speedup Tray => C:\Program Files (x86)\Avira\AviraSpeedup\Avira.SystemSpeedup.UI.Systray.exe [2016-12-13] (Avira Operations GmbH & Co. KG) Task: {97AD4B90-9C78-43BD-AF7C-1E49941E9095} - \6ddde594-a416-47af-9f95-0592ff8a588d-6 -> No File <==== ATTENTION Task: {982668DB-6CC9-41A4-99A7-8A9A58C50C92} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {A2EEE92A-DF8F-4B35-A081-FAD21BE263F4} - System32\Tasks\{02494B9A-40E1-4B06-BBCC-22C8B19C6CCE} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\Ell\AppData\Roaming\oursurfing\UninstallManager.exe -c -ptid=2sq3 Task: {A2F73B79-A290-49AD-8CE6-8603BAA954BA} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {A814168E-0BEA-4D5F-BCA5-84521B2F14F5} - \6ddde594-a416-47af-9f95-0592ff8a588d-3 -> No File <==== ATTENTION Task: {B4311AB7-59A6-43BB-85DC-E7FB00336BCB} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe Task: {C7C5ADD7-5FA9-4724-99F4-B656E9D415DA} - \6ddde594-a416-47af-9f95-0592ff8a588d-5 -> No File <==== ATTENTION Task: {CB12FD54-63F6-4E33-A54A-815DA26AA8F1} - System32\Tasks\Health-Check => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe Task: {CF702BC8-87E1-49DA-B312-1D7DA647A8AE} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {D0E05102-DA02-430C-8EF8-83AF40634E99} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {E1350513-1C84-44F6-8D51-83BE46BB5E8E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.) Task: {E5949479-49A8-4C2F-8D22-1D4FD2E5EBE8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.) Task: {E7A184AD-8C9F-4DA1-86EB-48B79AD4D463} - System32\Tasks\AupAvUpdate => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\updAvTask.exe Task: {EAF69D78-C9DA-4D55-B5B0-A4E0040018A6} - System32\Tasks\Health-Check-deep => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe Task: {F0E3EDA9-5CA8-4F04-B759-3EC20DBFD76C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION Task: {F7E41EED-A5F5-4599-997C-E4C668736B0F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-14] (Google Inc.) Task: {F8B591B3-C93F-4B73-A050-A34B2C83DBE7} - System32\Tasks\OrangeDefender => C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\orangedefender.exe Task: {FFA41C1E-7DB0-4FB6-8B67-9C3FCC6A5535} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-09-15] (Microsoft Corporation) Task: {FFC707CA-1B2D-4BBE-B807-6C873C843E7A} - \BackgroundContainer Startup Task -> No File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Health-Check-deep.job => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe Task: C:\WINDOWS\Tasks\Health-Check.job => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe Task: C:\WINDOWS\Tasks\HPCeeScheduleForEll.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\WINDOWS\Tasks\OrangeDefender.job => C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\orangedefender.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2014-05-01 15:13 - 2014-05-01 15:13 - 000470016 _____ () C:\Users\Ell\AppData\Local\MEGAsync\ShellExtX64.dll 2013-09-05 00:17 - 2013-09-05 00:17 - 004300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 15:23 - 2010-10-20 15:23 - 008801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2014-04-17 22:29 - 2014-04-17 22:29 - 000127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2017-09-01 16:55 - 2017-09-01 16:55 - 000144384 _____ () \\?\C:\Program Files\Chaos Group\VRLService\OLS\node_modules\os-service\build\Release\service.node 2017-09-01 16:55 - 2017-09-01 16:55 - 000200704 _____ () \\?\C:\Program Files\Chaos Group\VRLService\OLS\node_modules\vrloffline-win32\vrloffline.node 2017-09-01 16:55 - 2017-09-01 16:55 - 000150528 _____ () \\?\C:\Program Files\Chaos Group\VRLService\OLS\node_modules\proxydetect\proxydetect.node 2016-12-03 16:15 - 2014-12-05 03:27 - 000055688 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\QtSolutions_Service-head.dll 2016-12-03 16:15 - 2014-12-05 03:27 - 000104328 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\qjson0.dll 2015-07-08 23:18 - 2015-07-08 23:18 - 000794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\kpcengine.2.3.dll 2017-05-18 09:02 - 2017-05-18 09:02 - 040524400 _____ () C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\libcef.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0] AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKU\S-1-5-21-1066567997-190004360-2357831206-1002\Software\Classes\.scr: AutoCADScriptFile => C:\WINDOWS\system32\notepad.exe "%1" ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2017-02-19 08:06 - 000000853 _____ C:\WINDOWS\system32\Drivers\etc\hosts 0.0.0.0 keystone.mwbsys.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1066567997-190004360-2357831206-1002\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\StartupFolder: => "AutoCAD Startup Accelerator.lnk" HKLM\...\StartupApproved\Run: => "SysTrayApp" HKLM\...\StartupApproved\Run: => "WindowsDefender" HKLM\...\StartupApproved\Run32: => "StartCCC" HKLM\...\StartupApproved\Run32: => "HP Quick Launch" HKLM\...\StartupApproved\Run32: => "HP CoolSense" HKLM\...\StartupApproved\Run32: => "ADSKAppManager" HKLM\...\StartupApproved\Run32: => "Avira System Speedup User Starter" HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud" HKU\S-1-5-21-1066567997-190004360-2357831206-1002\...\StartupApproved\StartupFolder: => "OneNote 2010 Screen Clipper and Launcher.lnk" HKU\S-1-5-21-1066567997-190004360-2357831206-1002\...\StartupApproved\Run: => "Akamai NetSession Interface" HKU\S-1-5-21-1066567997-190004360-2357831206-1002\...\StartupApproved\Run: => "9F0FCC58F4532437C0990DE9760FFC474A266A75._service_run" HKU\S-1-5-21-1066567997-190004360-2357831206-1002\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-1066567997-190004360-2357831206-1002\...\StartupApproved\Run: => "Autodesk Sync" HKU\S-1-5-21-1066567997-190004360-2357831206-1002\...\StartupApproved\Run: => "HydraVisionDesktopManager" HKU\S-1-5-21-1066567997-190004360-2357831206-1002\...\StartupApproved\Run: => "BingSvc" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{7A645B69-362E-4EE2-8CE5-DFACAC5603A8}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe FirewallRules: [TCP Query User{D782BA86-E313-4785-BE7A-E0AA52F761A6}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{65FF2F08-B2FD-4C29-9A2D-6C4785952AA4}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{59C4327E-1A5F-40D3-96DE-9C6743B154A6}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{06204FF9-6E76-4B45-B4D2-44073EA1F8AE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE FirewallRules: [{CC59BA0E-A4C8-4871-9697-B06BF0899AA2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE FirewallRules: [{BA6E5C22-B696-4FC1-B8CA-F85D1810CFBC}] => (Allow) LPort=1900 FirewallRules: [{1BEF48EF-6072-421A-8229-D4CD8AFD3B5D}] => (Allow) LPort=2869 FirewallRules: [{9922D39D-8207-43D6-BC1C-81841DA5AE82}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [TCP Query User{E882DFD6-5944-4807-BE36-9F7DCA638F09}C:\users\ell\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\ell\appdata\local\akamai\netsession_win.exe FirewallRules: [UDP Query User{26244B2B-CB95-44D1-9344-7C50E4F0EBCF}C:\users\ell\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\ell\appdata\local\akamai\netsession_win.exe FirewallRules: [{5FA746C5-F586-4737-84E8-F57F0D04F477}] => (Allow) LPort=49470 FirewallRules: [{BE8B78FE-FE0C-42D6-B970-C6C314817AB6}] => (Allow) LPort=5000 FirewallRules: [{E9493B2E-A113-434D-8BCA-B0A9DB7C1FB7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{3E8B0052-4BA3-4415-9091-F1EEAB51BC7F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{467BE659-8B76-48CA-8656-5FD30461E852}C:\program files (x86)\valve\half-life\hl.exe] => (Allow) C:\program files (x86)\valve\half-life\hl.exe FirewallRules: [UDP Query User{EC67D28C-4469-4103-945D-48A8FC530A77}C:\program files (x86)\valve\half-life\hl.exe] => (Allow) C:\program files (x86)\valve\half-life\hl.exe FirewallRules: [{A140E2CE-A15F-4B68-8C30-8C88AAF5FA3D}] => (Block) C:\program files (x86)\valve\half-life\hl.exe FirewallRules: [{1723DA4D-2A86-4684-BB4A-AA5DAD470570}] => (Block) C:\program files (x86)\valve\half-life\hl.exe FirewallRules: [TCP Query User{14E85697-FDE0-478E-82DC-6D030F5A82AC}C:\users\ell\desktop\sketchup pro 2013 13.0 build 3689 (cracked files) [chingliu]\cracked files\sketchup.exe] => (Block) C:\users\ell\desktop\sketchup pro 2013 13.0 build 3689 (cracked files) [chingliu]\cracked files\sketchup.exe FirewallRules: [UDP Query User{F3C2753D-8C12-4615-BEA0-87B96BAC2B7E}C:\users\ell\desktop\sketchup pro 2013 13.0 build 3689 (cracked files) [chingliu]\cracked files\sketchup.exe] => (Block) C:\users\ell\desktop\sketchup pro 2013 13.0 build 3689 (cracked files) [chingliu]\cracked files\sketchup.exe FirewallRules: [TCP Query User{BB400C81-D32A-4452-8638-6539F56F8585}C:\program files (x86)\sketchup\sketchup 2013\sketchup.exe] => (Block) C:\program files (x86)\sketchup\sketchup 2013\sketchup.exe FirewallRules: [UDP Query User{ADA83DE0-EFA8-4D8F-93A2-133C8634A97E}C:\program files (x86)\sketchup\sketchup 2013\sketchup.exe] => (Block) C:\program files (x86)\sketchup\sketchup 2013\sketchup.exe FirewallRules: [TCP Query User{A44F587B-1072-4901-8F6D-0E685D891933}C:\program files (x86)\sketchup\sketchup 2013\sketchup.exe] => (Block) C:\program files (x86)\sketchup\sketchup 2013\sketchup.exe FirewallRules: [UDP Query User{D913DBAD-815B-4BF5-AFA1-0EADD9C66DA7}C:\program files (x86)\sketchup\sketchup 2013\sketchup.exe] => (Block) C:\program files (x86)\sketchup\sketchup 2013\sketchup.exe FirewallRules: [{B28C77E1-1923-4202-9D5F-3D3C3CD5A09B}] => (Allow) LPort=50248 FirewallRules: [TCP Query User{6D8006D1-E865-463F-849B-B53CB0BAA512}C:\program files (x86)\sketchup\sketchup 2013\layout\layout.exe] => (Block) C:\program files (x86)\sketchup\sketchup 2013\layout\layout.exe FirewallRules: [UDP Query User{E0EE1A84-9FAD-48B0-836D-5213151EA0A8}C:\program files (x86)\sketchup\sketchup 2013\layout\layout.exe] => (Block) C:\program files (x86)\sketchup\sketchup 2013\layout\layout.exe FirewallRules: [TCP Query User{C1293E44-8F8D-4A8C-84E9-11BAE4FCE15B}C:\users\ell\desktop\sketchup pro 2013 13.0 build 3689 (cracked files) [chingliu]\cracked files\sketchup.exe] => (Allow) C:\users\ell\desktop\sketchup pro 2013 13.0 build 3689 (cracked files) [chingliu]\cracked files\sketchup.exe FirewallRules: [UDP Query User{109B28AB-A439-46D6-B91C-1DC6D424AE00}C:\users\ell\desktop\sketchup pro 2013 13.0 build 3689 (cracked files) [chingliu]\cracked files\sketchup.exe] => (Allow) C:\users\ell\desktop\sketchup pro 2013 13.0 build 3689 (cracked files) [chingliu]\cracked files\sketchup.exe FirewallRules: [TCP Query User{634FB0B0-911A-4472-AA11-A1B3FD389474}C:\program files\sketchup\sketchup 2016\sketchup.exe] => (Block) C:\program files\sketchup\sketchup 2016\sketchup.exe FirewallRules: [UDP Query User{FE16509F-1FFD-4D6B-BB12-07E5FDB7ECC3}C:\program files\sketchup\sketchup 2016\sketchup.exe] => (Block) C:\program files\sketchup\sketchup 2016\sketchup.exe FirewallRules: [TCP Query User{BC75A0BD-FF96-4041-A81B-D6EF4E609126}C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe] => (Block) C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe FirewallRules: [UDP Query User{DC319B7E-3628-4C30-B912-D22F179CE423}C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe] => (Block) C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe FirewallRules: [TCP Query User{FE429DC8-2073-4C1C-91D0-38B8EB35CF6F}C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe] => (Block) C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe FirewallRules: [UDP Query User{82F1BA54-DE6F-458E-955F-EFB82B0B005E}C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe] => (Block) C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe FirewallRules: [TCP Query User{E3B78D5F-3064-4D51-842B-0B151E4EAFF2}C:\program files\sketchup\sketchup 2016\sketchup.exe] => (Block) C:\program files\sketchup\sketchup 2016\sketchup.exe FirewallRules: [UDP Query User{A3D2F767-4F8B-44AA-B262-ABB05FCD2865}C:\program files\sketchup\sketchup 2016\sketchup.exe] => (Block) C:\program files\sketchup\sketchup 2016\sketchup.exe FirewallRules: [TCP Query User{DA09C15C-FE37-4869-AC35-70FAE3BBA503}C:\users\ell\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\ell\appdata\local\akamai\netsession_win.exe FirewallRules: [UDP Query User{B4F640E3-6105-463A-971C-5AE1D5F9D92F}C:\users\ell\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\ell\appdata\local\akamai\netsession_win.exe FirewallRules: [{F200758C-F4C0-401B-8AD2-2B1F9E92CCFE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{364BF091-0FF2-4762-A9C2-AF8C4D7AFD53}] => (Allow) C:\Program Files\Chaos Group\V-Ray\V-Ray 3.4 for SketchUp\extension\vrayneui-win32-x64\vrayneui.exe FirewallRules: [{482FA6CE-2CD5-4AF9-B6DF-E1668E8D7E3F}] => (Allow) C:\Program Files\Chaos Group\V-Ray\V-Ray 3.4 for SketchUp\extension\vrayneui-win32-x64\vrayneui.exe FirewallRules: [{F851DB0B-E124-41D3-A091-24DACAB00F28}] => (Allow) C:\Program Files\Chaos Group\VRLService\OLS\vrol.exe FirewallRules: [{7E9964E4-E2E0-4E69-864B-D50F5DA0A4B0}] => (Allow) C:\Program Files\Chaos Group\VRLService\OLS\vrol.exe ==================== Restore Points ========================= ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (09/22/2017 08:25:42 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: Avira.SystemSpeedup.UI.Systray.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.IO.FileNotFoundException at Avira.SystemSpeedup.UI.Systray.Program.Main() Error: (09/22/2017 08:22:56 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1154 Start Time: 01d333d7760ba330 Termination Time: 4294967295 Application Path: C:\WINDOWS\system32\wwahost.exe Report Id: 681e366d-9fcb-11e7-81e7-28924a4e870a Faulting package full name: AD2F1837.GettingStartedwithWindows8_1.6.0.0_neutral__v10z8vjag6ke6 Faulting package-relative application ID: App Error: (09/22/2017 06:12:02 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Avira.SystemSpeedup.UI.Systray.exe, version: 3.1.0.4242, time stamp: 0x58502f1f Faulting module name: KERNELBASE.dll, version: 6.3.9600.18666, time stamp: 0x58f32841 Exception code: 0xe0434352 Fault offset: 0x00015608 Faulting process ID: 0xdc0 Faulting application start time: 0x01d333c5bbbffd9f Faulting application path: C:\Program Files (x86)\Avira\AviraSpeedup\Avira.SystemSpeedup.UI.Systray.exe Faulting module path: C:\WINDOWS\SYSTEM32\KERNELBASE.dll Report ID: 26315c05-9fb9-11e7-81e6-28924a4e870a Faulting package full name: Faulting package-relative application ID: Error: (09/22/2017 06:11:35 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: Avira.SystemSpeedup.UI.Systray.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.IO.FileNotFoundException at Avira.SystemSpeedup.UI.Systray.Program.Main() Error: (09/22/2017 03:59:43 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error: (09/22/2017 03:59:43 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (09/22/2017 03:59:43 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (09/22/2017 02:57:29 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error: (09/22/2017 02:57:29 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (09/22/2017 02:57:29 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. System errors: ============= Error: (09/22/2017 08:23:22 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The HP Support Solutions Framework Service service did not respond on starting. Error: (09/22/2017 08:17:34 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Work Folders service did not respond on starting. Error: (09/22/2017 08:15:58 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Windows Encryption Provider Host Service service terminated with the following error: An exception occurred in the service when handling the control request. Error: (09/22/2017 08:15:57 PM) (Source: Service Control Manager) (EventID: 7003) (User: ) Description: The W3C Logging Service service depends on the following service: W3SVC. This service might not be installed. Error: (09/22/2017 08:15:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Autodesk Content Service service failed to start due to the following error: The system cannot find the file specified. Error: (09/22/2017 08:14:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The AppEx Networks Accelerator LWF service failed to start due to the following error: The system cannot find the file specified. Error: (09/22/2017 06:11:44 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Work Folders service did not respond on starting. Error: (09/22/2017 06:10:10 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Windows Encryption Provider Host Service service terminated with the following error: An exception occurred in the service when handling the control request. Error: (09/22/2017 06:10:10 PM) (Source: Service Control Manager) (EventID: 7003) (User: ) Description: The W3C Logging Service service depends on the following service: W3SVC. This service might not be installed. Error: (09/22/2017 06:09:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Autodesk Content Service service failed to start due to the following error: The system cannot find the file specified. CodeIntegrity: =================================== Date: 2017-09-22 20:22:41.920 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system. Date: 2017-09-22 20:03:04.818 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system. Date: 2017-09-22 19:50:26.147 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system. Date: 2017-09-22 19:45:39.255 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system. Date: 2017-09-22 19:42:45.588 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system. Date: 2017-09-22 19:40:08.951 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system. Date: 2017-09-22 19:38:57.797 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system. Date: 2017-09-22 19:25:18.091 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system. Date: 2017-09-22 19:21:30.081 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system. Date: 2017-09-22 19:05:01.093 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: AMD E2-1800 APU with Radeon(tm) HD Graphics Percentage of memory in use: 18% Total physical RAM: 7770.26 MB Available physical RAM: 6354.56 MB Total Virtual: 8986.26 MB Available Virtual: 7516.34 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:910.5 GB) (Free:762.73 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: (RECOVERY) (Fixed) (Total:19.8 GB) (Free:2.47 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 1E28E0A4) Partition: GPT. ==================== End of Addition.txt ============================