PDA

View Full Version : Possible unkown virus



cbff33
2017-03-16, 02:41
Hello,

I am all of a sudden having random computer reboots without warning after accidentally opening a website I didn't want to open. Computer works fine in safe mode, but when booted normally, the computer will only run for a few minutes before it just shuts off, and then automatically reboots. It's been a couple years since I have had any issue and was hoping someone could take a gander and see if they see anything out of the ordinary.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by Buddy (administrator) on I5MSTS (15-03-2017 16:35:30)
Running from C:\Users\Buddy\Desktop
Loaded Profiles: Buddy (Available Profiles: Buddy)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-09-19] (Hewlett-Packard )
HKLM\...\Run: [IgfxTray] => C:\windows\system32\igfxtray.exe
HKLM\...\Run: [HotKeysCmds] => C:\windows\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\windows\system32\igfxpers.exe
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-09-19] (IDT, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [Seagate Scheduler2 Service] => C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe [400384 2015-03-12] (Seagate)
HKLM\...\Run: [Trust.Zone VPN Client UI Helper] => C:\Program Files\Trust.Zone VPN Client\tzclient_x64.exe [4531864 2016-07-30] (Trust.Zone VPN Project)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [16293496 2016-09-29] (Logitech Inc.)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-10-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [UpdReg] => C:\WINDOWS\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585048 2014-04-17] (Razer Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [DiscWizardMonitor.exe] => C:\Seagate\DiscWizard\DiscWizardMonitor.exe [6382568 2015-03-12] (Seagate)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1103424 2013-01-10] (Acronis)
HKLM-x32\...\Run: [X-55 Rhino] => C:\Program Files\Mad Catz\X-55 Rhino\X55_Rhino_Profiler.exe [86528 2015-08-28] (Mad Catz)
HKLM-x32\...\Run: [GoPro Studio Importer] => C:\GoPro\GoPro\Tools\Importer\GoPro Importer.exe [3218184 2015-10-02] (GoPro)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [352648 2016-12-16] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\Real\RealDownloader\downloader2.exe [730864 2016-12-13] ()
HKLM-x32\...\Run: [Sound Blaster Z-Series Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe [877056 2014-11-24] (Creative Technology Ltd)
HKU\S-1-5-21-799792450-1319612783-380193225-1001\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-799792450-1319612783-380193225-1001\...\Run: [ares] => C:\Ares\Ares.exe [3404288 2014-06-29] (Ares Development Group)
HKU\S-1-5-21-799792450-1319612783-380193225-1001\...\Run: [DirectScan] => C:\Users\Buddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Landstar\Imaging\DirectScan.appref-ms
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ConBuilder - Auto Update.lnk [2015-02-04]
ShortcutTarget: ConBuilder - Auto Update.lnk -> C:\CONBUILDER 5.7\cbupdate.exe (ConBuilder)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GoPro Importer.lnk [2015-05-25]
ShortcutTarget: GoPro Importer.lnk -> C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2014-04-20]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2016-12-16]
ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\Users\Buddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk [2016-12-12]
ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe ()
Startup: C:\Users\Buddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TS2017 Raildriver Interface.lnk [2017-03-15]
GroupPolicy: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{20B447B0-B5D8-40B0-917F-04994A8E037F}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{5495823F-374E-40CC-860B-9C51BED2CD60}: [DhcpNameServer] 208.67.222.222 208.67.220.220
Tcpip\..\Interfaces\{9E1CFFF7-DC52-4643-A34F-C058EF05A2E0}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{A5111FD7-2477-443E-965B-359E4052001C}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{B3A84E83-6841-4ABE-99AE-AC09F8106EAD}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{B5471C37-9DA6-42A4-8474-172831A9915E}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
HKU\S-1-5-21-799792450-1319612783-380193225-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
SearchScopes: HKLM -> {7BD59B51-BF68-424C-AB94-97D5E2BF4112} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL =
SearchScopes: HKLM-x32 -> {7BD59B51-BF68-424C-AB94-97D5E2BF4112} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-799792450-1319612783-380193225-1001 -> {7BD59B51-BF68-424C-AB94-97D5E2BF4112} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-799792450-1319612783-380193225-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\program files (x86)\real\realplayer\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2016-11-11] (RealDownloader)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-12-24] (Google Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-02-25] (HP)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\program files (x86)\real\realplayer\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2016-11-11] (RealDownloader)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-20] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-12-24] (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-20] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-02-25] (HP)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-12-24] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-12-24] (Google Inc.)
Toolbar: HKU\S-1-5-21-799792450-1319612783-380193225-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 502ygpxx.default
FF ProfilePath: C:\Users\Buddy\AppData\Roaming\Mozilla\Firefox\Profiles\502ygpxx.default [2017-03-15]
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\502ygpxx.default ->
FF Homepage: Mozilla\Firefox\Profiles\502ygpxx.default -> hxxps://www.malwarebytes.org/restorebrowser//?u=8b2bcc6d0eaf50dd8703d56806c6d345&c=p1&src=hp&inst=1463017487
FF SearchPlugin: C:\Users\Buddy\AppData\Roaming\Mozilla\Firefox\Profiles\502ygpxx.default\searchplugins\search.xml [2016-05-11]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-17] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-17] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2010-11-23] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-20] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-02-09] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-02-09] (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=18.1.6.161 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2016-12-16] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.1.6.161 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2016-12-16] (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-24] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-24] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-11] ()
FF Plugin HKU\S-1-5-21-799792450-1319612783-380193225-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Buddy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-08-08] (Unity Technologies ApS)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default [2017-03-15]
CHR Extension: (Google Slides) - C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-26]
CHR Extension: (Flash Video Downloader) - C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2017-03-15]
CHR Extension: (Google Docs) - C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-10]
CHR Extension: (Google Drive) - C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-10]
CHR Extension: (YouTube) - C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-10]
CHR Extension: (Video Downloader professional) - C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2017-01-10]
CHR Extension: (Google Sheets) - C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-26]
CHR Extension: (Google Docs Offline) - C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-15]
CHR Extension: (Gmail) - C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-10]
CHR Extension: (Chrome Media Router) - C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-15]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-04-19] (Creative Labs) [File not signed]
S2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2012-10-08] (Creative Technology Ltd) [File not signed]
S2 CtHdaSvc; C:\WINDOWS\sysWow64\CtHdaSvc.exe [114176 2014-11-26] (Creative Technology Ltd)
S2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard)
S2 HPRegistrationSvc; c:\Program Files (x86)\Hewlett-Packard\HP Registration Service\HPRegistrationService.exe [205216 2012-07-18] (Hewlett-Packard)
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [26680 2016-02-18] (Hewlett-Packard Company)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-09-04] (Intel Corporation)
S2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-09-29] (Logitech Inc.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation)
S2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-02-09] (NVIDIA Corporation)
S2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-02-23] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2016-06-21] (Electronic Arts)
S2 RealPlayerUpdateSvc; C:\program files (x86)\real\realplayer\UpdateService\RealPlayerUpdateSvc.exe [35104 2016-11-11] ()
S2 RealTimes Desktop Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [987408 2016-12-16] (RealNetworks, Inc.)
S2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-09-19] (IDT, Inc.) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S2 TZVPNCLIENT; C:\Program Files\Trust.Zone VPN Client\tzclient_x64.exe [4531864 2016-07-30] (Trust.Zone VPN Project)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 NVIDIA Wireless Controller Service; "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [21600 2013-03-28] (Advanced Micro Devices, Inc.)
S3 bcm; C:\WINDOWS\system32\DRIVERS\drxvi314_64.sys [416000 2012-03-20] (Beceem Communications Inc.)
S3 bcmbusctr; C:\WINDOWS\System32\drivers\BcmBusCtr_64.sys [64000 2012-03-20] (Beceem Communications Inc.)
S1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 cthda; C:\WINDOWS\system32\drivers\cthda.sys [1074984 2017-01-18] (Creative Technology Ltd)
S3 cthdb; C:\WINDOWS\system32\DRIVERS\cthdb.sys [42792 2017-01-18] (Creative Technology Ltd)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
S1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-12-23] (REALiX(tm))
S2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
S3 LGJoyHidFilter; C:\WINDOWS\system32\drivers\LGJoyHidFilter.sys [57368 2016-09-29] (Logitech Inc.)
S3 LGJoyHidLo; C:\WINDOWS\system32\drivers\LGJoyHidLo.sys [47256 2016-09-29] (Logitech Inc.)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2016-09-29] (Logitech Inc.)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2017-03-15] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 Neo_VPN; C:\WINDOWS\system32\DRIVERS\Neo_VPN.sys [31776 2016-07-30] (Trust.Zone VPN Project)
R3 netr28x; C:\WINDOWS\system32\DRIVERS\netr28x.sys [2541200 2016-12-23] (MediaTek Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-02-23] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47672 2017-01-05] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-01-20] (NVIDIA Corporation)
S3 RTCore64; C:\Program Files (x86)\EVGA Precision X\RTCore64.sys [15176 2013-05-07] ()
S3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [39080 2014-05-19] (Razer Inc)
S3 Said2215; C:\WINDOWS\System32\drivers\Said2215.sys [25280 2015-09-03] (Saitek)
S3 Saida215; C:\WINDOWS\System32\drivers\Saida215.sys [25280 2015-09-03] (Saitek)
S3 SaiG2215; C:\WINDOWS\System32\drivers\SaiG2215.sys [179904 2015-09-03] (Saitek)
S3 SaiGa215; C:\WINDOWS\System32\drivers\SaiGa215.sys [179904 2015-09-03] (Saitek)
S3 SaiK0836; C:\WINDOWS\System32\drivers\SaiK0836.sys [172040 2010-06-17] (Saitek)
S3 SaiK2215; C:\WINDOWS\system32\DRIVERS\SaiK2215.sys [179904 2015-09-03] (Saitek)
S3 SaiKa215; C:\WINDOWS\system32\DRIVERS\SaiKa215.sys [179904 2015-09-03] (Saitek)
S3 SaiMini; C:\WINDOWS\System32\drivers\SaiMini.sys [23968 2016-12-23] (Saitek)
S3 SaiNtBus; C:\WINDOWS\system32\drivers\SaiBus.sys [51488 2016-12-23] (Saitek)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [163644 2016-10-12] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
S3 SWNC5E00; C:\WINDOWS\system32\DRIVERS\SWNC5E00.sys [285696 2010-10-19] (Sierra Wireless Inc.)
R0 tib; C:\WINDOWS\System32\DRIVERS\tib.sys [1120032 2015-09-04] (Acronis International GmbH)
R0 tib_mounter; C:\WINDOWS\System32\DRIVERS\tib_mounter.sys [183224 2015-09-04] (Acronis)
R3 tilfilter; C:\WINDOWS\System32\drivers\TIxHCIlfilter.sys [25728 2016-04-06] (Texas Instruments, Inc.)
R3 tiufilter; C:\WINDOWS\System32\drivers\TIxHCIufilter.sys [30336 2016-04-06] (Texas Instruments, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S2 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 PCTINDIS5X64; \??\C:\WINDOWS\SYSTEM32\PCTINDIS5X64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-15 16:36 - 2017-03-15 16:35 - 05198336 _____ (AVAST Software) C:\Users\Buddy\Desktop\aswMBR.exe
2017-03-15 16:35 - 2017-03-15 16:36 - 00026473 _____ C:\Users\Buddy\Desktop\FRST.txt
2017-03-15 16:35 - 2017-03-15 16:35 - 05198336 _____ (AVAST Software) C:\Users\Buddy\Downloads\aswMBR.exe
2017-03-15 16:34 - 2017-03-15 16:34 - 02424832 _____ (Farbar) C:\Users\Buddy\Downloads\FRST64 (2).exe
2017-03-15 16:34 - 2017-03-15 16:34 - 02424832 _____ (Farbar) C:\Users\Buddy\Desktop\FRST64.exe
2017-03-15 16:32 - 2017-03-15 16:32 - 02424832 _____ (Farbar) C:\Users\Buddy\Downloads\FRST64.exe
2017-03-15 16:32 - 2017-03-15 16:32 - 02424832 _____ (Farbar) C:\Users\Buddy\Downloads\FRST64 (1).exe
2017-03-15 16:10 - 2017-03-15 16:10 - 00002253 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2017-03-15 16:09 - 2017-03-15 16:09 - 05766144 _____ (Tweaking.com) C:\Users\Buddy\Downloads\tweaking.com_registry_backup_setup (2).exe
2017-03-15 16:08 - 2017-03-15 16:08 - 05766144 _____ (Tweaking.com) C:\Users\Buddy\Downloads\tweaking.com_registry_backup_setup (1).exe
2017-03-15 16:07 - 2017-03-15 16:07 - 05766144 _____ (Tweaking.com) C:\Users\Buddy\Downloads\tweaking.com_registry_backup_setup.exe
2017-03-15 16:02 - 2017-03-15 16:02 - 00172086 _____ C:\WINDOWS\ntbtlog.txt
2017-03-14 21:01 - 2017-02-23 08:50 - 00093360 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-03-14 21:01 - 2017-02-22 08:35 - 01609216 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-03-14 21:01 - 2017-02-22 08:35 - 01286144 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-03-14 21:01 - 2017-02-22 08:35 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-03-14 21:01 - 2017-02-22 08:35 - 00556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-03-14 21:01 - 2017-02-22 08:35 - 00335360 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-03-14 21:01 - 2017-02-22 08:35 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\centel.dll
2017-03-14 21:01 - 2017-02-22 08:35 - 00233984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-03-14 21:01 - 2017-02-22 08:35 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-02-26 16:35 - 2017-02-26 16:35 - 00000000 ____D C:\Users\Buddy\AppData\LocalLow\JutsuGames
2017-02-25 23:24 - 2017-02-25 23:24 - 00000000 ____D C:\Users\Buddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rail Simulator Packager Manager
2017-02-25 23:24 - 2017-02-25 23:24 - 00000000 ____D C:\Program Files (x86)\Rail Simulator
2017-02-25 23:24 - 2017-02-25 23:24 - 00000000 ____D C:\PackageUninstallInfo
2017-02-25 17:25 - 2017-02-25 17:26 - 21905129 _____ C:\Users\Buddy\Downloads\CBMsetup611.zip
2017-02-23 17:06 - 2017-02-23 17:06 - 00000201 _____ C:\Users\Buddy\Desktop\The Sims(TM) 3.url
2017-02-18 12:59 - 2017-02-18 12:59 - 00000000 ____D C:\Users\Buddy\AppData\Roaming\The Creative Assembly
2017-02-18 12:55 - 2017-02-18 12:58 - 00000000 ____D C:\Users\Buddy\AppData\Roaming\RWInfo
2017-02-18 12:55 - 2017-02-18 12:55 - 00000000 ____D C:\Users\Buddy\.oracle_jre_usage
2017-02-18 12:53 - 2017-02-18 12:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RWInfo
2017-02-17 22:08 - 2017-02-17 22:08 - 00000202 _____ C:\Users\Buddy\Desktop\Company of Heroes (New Steam Version).url
2017-02-17 22:08 - 2017-02-17 22:08 - 00000201 _____ C:\Users\Buddy\Desktop\Company of Heroes Tales of Valor.url
2017-02-17 22:08 - 2017-02-17 22:08 - 00000200 _____ C:\Users\Buddy\Desktop\Company of Heroes.url
2017-02-17 22:08 - 2017-02-17 22:08 - 00000200 _____ C:\Users\Buddy\Desktop\Company of Heroes Opposing Fronts.url
2017-02-15 16:09 - 2017-02-15 16:09 - 00000000 ____D C:\Users\Buddy\ansel
2017-02-15 15:56 - 2017-02-15 15:58 - 165261072 _____ (Creative Technology Ltd) C:\Users\Buddy\Downloads\SBZ_CD_L13_1_01_10.exe
2017-02-15 15:50 - 2017-02-15 15:50 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-15 15:50 - 2017-02-09 16:39 - 00134592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-02-15 15:50 - 2017-01-25 18:13 - 00103936 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-02-15 15:50 - 2017-01-25 18:12 - 00326656 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-02-15 15:50 - 2017-01-25 18:09 - 00322560 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-02-15 15:50 - 2017-01-25 18:09 - 00118272 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-02-15 15:47 - 2017-02-09 18:52 - 40192056 _____ C:\WINDOWS\system32\nvcompiler.dll
2017-02-15 15:47 - 2017-02-09 18:52 - 35272760 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-02-15 15:47 - 2017-02-09 18:52 - 34937280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-02-15 15:47 - 2017-02-09 18:52 - 28212280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-02-15 15:47 - 2017-02-09 18:52 - 19006832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-02-15 15:47 - 2017-02-09 18:52 - 16510160 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2017-02-15 15:47 - 2017-02-09 18:52 - 14674896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-02-15 15:47 - 2017-02-09 18:52 - 14373824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2017-02-15 15:47 - 2017-02-09 18:52 - 11122912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-02-15 15:47 - 2017-02-09 18:52 - 11019704 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-02-15 15:47 - 2017-02-09 18:52 - 08990072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-02-15 15:47 - 2017-02-09 18:52 - 03627064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-02-15 15:47 - 2017-02-09 18:52 - 03187256 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-02-15 15:47 - 2017-02-09 18:52 - 01983424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437866.dll
2017-02-15 15:47 - 2017-02-09 18:52 - 01589696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437866.dll
2017-02-15 15:47 - 2017-02-09 18:52 - 01051584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-02-15 15:47 - 2017-02-09 18:52 - 00989120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-02-15 15:47 - 2017-02-09 18:52 - 00961080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-02-15 15:47 - 2017-02-09 18:52 - 00912440 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-02-15 15:47 - 2017-02-09 18:52 - 00895272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2017-02-15 15:47 - 2017-02-09 18:52 - 00687224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-02-15 15:47 - 2017-02-09 18:52 - 00611384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-02-15 15:47 - 2017-02-09 18:52 - 00504104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-02-15 15:47 - 2017-02-09 18:52 - 00500792 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-02-15 15:47 - 2017-02-09 18:52 - 00425288 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-02-15 15:47 - 2017-02-09 18:52 - 00408272 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2017-02-15 15:47 - 2017-02-09 18:52 - 00170360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2017-02-15 15:47 - 2017-02-09 18:52 - 00153184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2017-02-15 15:47 - 2017-02-09 18:52 - 00148016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2017-02-15 15:47 - 2017-02-09 18:52 - 00131720 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2017-02-15 15:44 - 2017-02-15 15:44 - 00000000 ____D C:\Users\Buddy\AppData\Roaming\IDT
2017-02-13 17:12 - 2017-02-24 17:26 - 00000518 _____ C:\Users\Buddy\Desktop\FAVORITE ASSETS RAILWORKS.txt
2017-02-13 09:40 - 2017-02-13 09:40 - 00362120 _____ C:\Users\Buddy\Downloads\Trat 417133_W63161_Checksheet_JHOL.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-15 16:35 - 2015-05-23 21:29 - 00000000 ____D C:\FRST
2017-03-15 16:33 - 2015-05-22 22:57 - 00037735 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
2017-03-15 16:06 - 2013-09-29 22:04 - 00956540 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-15 16:06 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\Inf
2017-03-15 16:04 - 2016-11-24 13:52 - 00000000 ____D C:\Users\Buddy\AppData\LocalLow\Mozilla
2017-03-15 16:00 - 2016-07-30 23:17 - 00000000 ____D C:\Program Files\Trust.Zone VPN Client
2017-03-15 16:00 - 2013-11-28 22:52 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-15 16:00 - 2013-08-22 08:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-15 15:54 - 2014-09-12 09:26 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-03-15 15:54 - 2014-04-21 21:17 - 00000000 ___DO C:\Users\Buddy\OneDrive
2017-03-15 14:36 - 2016-12-17 08:54 - 00004146 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-15 14:36 - 2016-10-07 11:03 - 00003852 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-15 14:36 - 2016-10-07 11:03 - 00001430 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-03-15 14:36 - 2016-10-07 11:02 - 00003738 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-15 14:36 - 2016-10-07 11:02 - 00003738 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-15 14:36 - 2016-10-07 11:02 - 00003730 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-15 14:36 - 2016-10-07 11:02 - 00003554 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-15 14:36 - 2016-10-07 11:02 - 00003494 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-15 14:36 - 2013-11-28 22:51 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-03-15 14:36 - 2013-11-28 22:51 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-03-15 14:36 - 2013-11-28 22:51 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-03-15 14:11 - 2015-01-03 20:23 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-03-15 14:11 - 2014-07-13 14:10 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2017-03-15 14:05 - 2012-07-26 01:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-03-15 13:59 - 2013-08-07 10:54 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-03-15 13:59 - 2013-08-07 10:54 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-03-15 13:56 - 2015-06-24 22:57 - 00000000 ____D C:\01 OPEN RAILS 3172
2017-03-15 13:55 - 2013-11-15 23:05 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-03-15 13:55 - 2013-08-07 10:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-03-15 13:55 - 2013-05-16 22:44 - 138634176 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-03-15 13:50 - 2013-11-28 22:55 - 00000000 ____D C:\Users\Buddy
2017-03-15 12:29 - 2015-09-05 09:03 - 00000000 ____D C:\Users\Buddy\AppData\Roaming\BitTorrent
2017-03-15 07:18 - 2015-05-24 11:42 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-799792450-1319612783-380193225-1001
2017-03-15 06:57 - 2013-08-22 09:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-15 06:57 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-15 06:49 - 2017-01-04 00:09 - 00003336 _____ C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-799792450-1319612783-380193225-1001
2017-03-15 06:49 - 2017-01-04 00:09 - 00003280 _____ C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-799792450-1319612783-380193225-1001
2017-03-11 22:49 - 2016-01-28 16:12 - 00000000 ____D C:\Users\Buddy\AppData\Local\CrashDumps
2017-03-11 14:30 - 2013-12-04 10:58 - 00000000 ____D C:\Users\Buddy\Documents\my games
2017-03-11 13:53 - 2013-08-22 07:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2017-03-09 22:34 - 2016-12-10 18:46 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-03-09 22:34 - 2016-12-10 18:46 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-09 13:26 - 2016-12-23 20:18 - 00000000 ____D C:\ProgramData\ProductData
2017-03-09 13:26 - 2016-12-23 20:14 - 00000000 ____D C:\Program Files (x86)\IObit
2017-02-23 17:06 - 2013-12-04 10:52 - 00000000 ____D C:\Users\Buddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-02-23 16:37 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-23 12:35 - 2016-10-07 11:03 - 01880512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2017-02-23 12:35 - 2016-10-07 11:03 - 01755072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2017-02-23 12:35 - 2016-10-07 11:03 - 01468864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2017-02-23 12:35 - 2016-10-07 11:03 - 01317312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2017-02-23 12:35 - 2016-10-07 11:03 - 00120256 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2017-02-23 08:32 - 2016-10-07 11:02 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-02-23 08:30 - 2016-12-17 08:54 - 00001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2017-02-16 15:17 - 2014-04-19 14:12 - 00000000 ____D C:\Users\Public\Creative
2017-02-15 16:02 - 2014-04-19 14:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
2017-02-15 16:02 - 2014-04-19 14:13 - 00000000 ____D C:\Program Files\Creative
2017-02-15 16:02 - 2014-04-19 14:10 - 00000078 ___RH C:\WINDOWS\ctfile.rfc
2017-02-15 16:01 - 2014-04-19 14:09 - 00000000 ____D C:\Program Files (x86)\Creative
2017-02-15 15:50 - 2016-12-23 20:14 - 00002882 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (Buddy)
2017-02-15 15:50 - 2013-11-21 17:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-02-13 10:54 - 2016-11-23 17:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-13 10:54 - 2015-02-11 22:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

==================== Files in the root of some directories =======

2014-11-14 16:50 - 2014-11-14 16:50 - 0000132 _____ () C:\Users\Buddy\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-05-17 08:58 - 2016-06-27 19:48 - 0000000 _____ () C:\Users\Buddy\AppData\Roaming\FileIn.cns
2013-05-17 08:58 - 2016-06-27 19:48 - 0000000 _____ () C:\Users\Buddy\AppData\Roaming\FileOut.cns
2014-10-08 16:39 - 2014-11-13 11:36 - 0005120 _____ () C:\Users\Buddy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-02 15:55 - 2016-12-29 16:50 - 0007597 _____ () C:\Users\Buddy\AppData\Local\resmon.resmoncfg
2015-05-14 14:45 - 2015-05-14 14:45 - 0000204 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2013-01-14 21:55 - 2013-01-14 21:55 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2016-12-17 08:55 - 2017-01-08 12:32 - 0005110 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-17 08:55 - 2017-01-08 01:29 - 0005110 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1

Files to move or delete:
====================
C:\Users\Buddy\FlightBeam_Denver International - HD.reg
C:\Users\Buddy\FSDreamTeam_GSX.reg
C:\Users\Buddy\FSDreamTeam_XPOI.reg
C:\Users\Buddy\QualityWings_Ultimate 757 Collection.reg


Some files in TEMP:
====================
2016-10-12 12:44 - 2005-01-27 18:44 - 0684032 _____ (Electronic Arts Inc.) C:\Users\Buddy\AppData\Local\Temp\AutoRun.exe
2016-10-12 12:44 - 2004-11-01 13:11 - 0577536 _____ (Electronic Arts Inc.) C:\Users\Buddy\AppData\Local\Temp\AutoRunGUI.dll
2016-08-01 11:32 - 2016-08-01 11:33 - 7850088 _____ (Microsoft Corporation) C:\Users\Buddy\AppData\Local\Temp\BingBarSetup-Partner.exe
2016-10-12 13:21 - 2003-08-13 19:05 - 0040960 _____ () C:\Users\Buddy\AppData\Local\Temp\comver.dll
2016-10-12 13:54 - 2005-01-27 18:44 - 0335872 _____ (Electronic Arts Inc.) C:\Users\Buddy\AppData\Local\Temp\eauninstall.exe
2016-10-01 11:20 - 2016-11-13 09:57 - 0186280 _____ (RealNetworks, Inc.) C:\Users\Buddy\AppData\Local\Temp\lowproc.exe
2016-10-12 13:54 - 2004-12-10 14:02 - 0073728 _____ (EA) C:\Users\Buddy\AppData\Local\Temp\NASCAR SimRacing_uninst.exe
2016-06-21 12:42 - 2017-01-20 08:07 - 0757240 _____ (NVIDIA Corporation) C:\Users\Buddy\AppData\Local\Temp\nvSCPAPI.dll
2016-06-21 12:42 - 2017-01-20 08:07 - 0872088 _____ (NVIDIA Corporation) C:\Users\Buddy\AppData\Local\Temp\nvSCPAPI64.dll
2016-08-22 10:24 - 2017-01-20 08:07 - 0352704 _____ (NVIDIA Corporation) C:\Users\Buddy\AppData\Local\Temp\nvStInst.exe
2016-10-07 11:02 - 2016-11-17 07:45 - 1135552 _____ (NVIDIA Corporation) C:\Users\Buddy\AppData\Local\Temp\NvTelemetry.dll
2016-10-07 11:02 - 2017-01-05 19:10 - 0255032 _____ (NVIDIA Corporation) C:\Users\Buddy\AppData\Local\Temp\NvTelemetryAPI32.dll
2016-10-07 11:02 - 2017-01-05 19:10 - 0335928 _____ (NVIDIA Corporation) C:\Users\Buddy\AppData\Local\Temp\NvTelemetryAPI64.dll
2016-10-04 22:25 - 2016-10-04 22:25 - 1190832 _____ (RealNetworks, Inc.) C:\Users\Buddy\AppData\Local\Temp\rnsetup0.exe
2016-12-16 17:24 - 2016-12-16 17:24 - 1191856 _____ (RealNetworks, Inc.) C:\Users\Buddy\AppData\Local\Temp\rnsetup1.exe
2016-10-01 11:20 - 2016-11-13 09:57 - 0096496 _____ (RealNetworks, Inc.) C:\Users\Buddy\AppData\Local\Temp\stubhelper.dll
2016-10-04 13:39 - 2016-10-04 13:39 - 0065280 _____ () C:\Users\Buddy\AppData\Local\Temp\utils.dll
2017-01-04 04:34 - 2017-01-04 04:34 - 7194312 _____ (Microsoft Corporation) C:\Users\Buddy\AppData\Local\Temp\vcredist_x64_vs2013.exe
2016-08-01 11:22 - 2016-08-01 10:46 - 0455600 _____ (Macrovision Corporation) C:\Users\Buddy\AppData\Local\Temp\_is4B4.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-06-10 13:12

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Buddy (15-03-2017 16:36:41)
Running from C:\Users\Buddy\Desktop
Windows 8.1 (Update) (X64) (2013-11-29 05:36:34)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-799792450-1319612783-380193225-500 - Administrator - Disabled)
Buddy (S-1-5-21-799792450-1319612783-380193225-1001 - Administrator - Enabled) => C:\Users\Buddy
Guest (S-1-5-21-799792450-1319612783-380193225-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1994 BN Aluminum Grain Cars 1.0.0 (HKLM-x32\...\1994 BN Aluminum Grain Cars 1.0.0) (Version: 1.0.0 - Tigertrains.com)
2 Bay UP Ribbed Hoppers 1.0.0 (HKLM-x32\...\2 Bay UP Ribbed Hoppers 1.0.0) (Version: 1.0.0 - Tigertrains.com)
3 Bay UP Ribbed Hoppers 1.0.0 (HKLM-x32\...\3 Bay UP Ribbed Hoppers 1.0.0) (Version: 1.0.0 - Tigertrains.com)
4 Bay UP Ribbed Hoppers 1.0.0 (HKLM-x32\...\4 Bay UP Ribbed Hoppers 1.0.0) (Version: 1.0.0 - Tigertrains.com)
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
52' Darling Tanker Set 1.0.0 (HKLM-x32\...\52' Darling Tanker Set 1.0.0) (Version: 1.0.0 - Tigertrains.com)
52' DRPX Tanker Set 1.0.0 (HKLM-x32\...\52' DRPX Tanker Set 1.0.0) (Version: 1.0.0 - Tigertrains.com)
52' Tankers ACTX Honeywell 1.0.0 (HKLM-x32\...\52' Tankers ACTX Honeywell 1.0.0) (Version: 1.0.0 - Tigertrains.com)
7-Zip 9.20 (HKLM-x32\...\{23170F69-40C1-2701-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
7-Zip 9.25 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0925-000001000000}) (Version: 9.25.00.0 - Igor Pavlov)
911 Operator (HKLM\...\Steam App 503560) (Version: - Jutsu Games)
AAS-Sounds Cessna 208B Caravan Soundset (HKU\S-1-5-21-799792450-1319612783-380193225-1001\...\AAS-Sounds Cessna 208B Caravan Soundset) (Version: - )
Abacus CoPilot Pro (HKLM-x32\...\{69050DD3-976A-4818-9E30-C785A4C6A141}) (Version: 4.00.0003 - Abacus Software)
AceIt v1.3.1 (HKLM-x32\...\AceIt_is1) (Version: - Scott M. Miller)
Adobe Acrobat 4.0 (HKLM-x32\...\Adobe Acrobat 4.0) (Version: 4.0 - Adobe Systems, Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Aerosoft - Cuczco X (HKLM-x32\...\{4818E804-E461-4EBC-A11C-D2DE2B5B8F46}_is1) (Version: 1 - Aerosoft - Cuczco X)
Aerosoft - Faro X V 1.01 (HKLM-x32\...\{19447237-EDFD-445A-92B3-8067ECFF7436}_is1) (Version: 1.01 - Aerosoft - Faro X)
Aerosoft - Iceland X (HKLM-x32\...\{E5390E6D-3012-42EF-9F19-156B1B362372}_is1) (Version: 1 - Aerosoft - Iceland X)
Aerosoft's - Airbus A318-A319 - FSX STEAM Edition (HKLM-x32\...\Airbus A318-A319 - FSX STEAM Edition) (Version: 1.31 - Aerosoft)
Aerosoft's - Airbus A320-A321 - FSX STEAM Edition (HKLM-x32\...\Airbus A320-A321 - FSX STEAM Edition) (Version: 1.31 - Aerosoft)
Aerosoft's - Airport Toulouse X - FSX (HKLM-x32\...\Airport Toulouse X - FSX) (Version: - )
Aerosoft's - Antarctica X - FSX STEAM Edition (HKLM-x32\...\Antarctica X - FSX STEAM Edition) (Version: 1.10 - Aerosoft)
aerosoft's - Approaching Innsbruck X (HKLM-x32\...\{70864384-DD19-44CB-A999-A917F32F623D}) (Version: 1.20 - aerosoft)
Aerosoft's - Bari X - FSX (HKLM-x32\...\Bari X - FSX) (Version: - )
Aerosoft's - Calvi X - FSX STEAM Edition (HKLM-x32\...\Calvi X - FSX STEAM Edition) (Version: 1.00 - Aerosoft)
Aerosoft's - Corfu X (HKLM-x32\...\{8A073262-FB25-4224-AE36-C2725A616E05}) (Version: 1.10 - Aerosoft)
Aerosoft's - Erfurt X (HKLM-x32\...\{8D0E7A20-7D95-427F-BDB2-218CA6E0E7A5}) (Version: 1.20 - Aerosoft)
Aerosoft's - F-14 X - FSX SP2 (HKLM-x32\...\F-14 X - FSX-SP2) (Version: 1.00 - Aerosoft)
Aerosoft's - Fairbank X - FSX (HKLM-x32\...\Fairbank X - FSX) (Version: - )
aerosoft's - FDC Live Cockpit (HKLM-x32\...\{1E147940-0F40-4A88-9566-66490B2E841B}) (Version: 3.8.3 - aerosoft)
aerosoft's - FlightSim Commander 9 (HKLM-x32\...\{F941AABE-E868-42D9-9F38-884250F7898A}) (Version: E: - aerosoft)
Aerosoft's - Frankfurt-Hahn X - FSX (HKLM-x32\...\Frankfurt-Hahn X - FSX) (Version: - )
Aerosoft's - German Airports 1 - Friedrichshafen X (HKLM-x32\...\{411B6A8F-0088-496D-8A0A-1319BB825D7C}) (Version: 1.00 - Aerosoft)
aerosoft's - German Airports 2 - 2012 (FSX) (HKLM-x32\...\{01C3630A-7FD2-46DF-B514-A4B829B0021A}) (Version: 1.01 - aerosoft)
aerosoft's - German Airports 3 - 2012 (Fs2004) (HKLM-x32\...\{531AC261-AAA6-4A1E-9193-5812A616D7D5}) (Version: 1.04 - aerosoft)
aerosoft's - German Airports 3 - 2012 (FSX) (HKLM-x32\...\{857D0DD6-42D4-4BD7-B299-EA70A064302D}) (Version: 1.04 - aerosoft)
aerosoft's - Gibraltar X (HKLM-x32\...\{9E710825-EF34-4976-B6A0-821FE314266F}) (Version: 1.01 - aerosoft)
Aerosoft's - Hawaii Dillingham X (HKLM-x32\...\{A0663B00-3376-42C1-B719-995B9CB44DEF}) (Version: 1.00 - Aerosoft)
Aerosoft's - Heraklion X (HKLM-x32\...\{0CA7BE0D-3DC3-4F04-B64D-9AA2041B76AB}) (Version: 1.00 - Aerosoft)
aerosoft's - Huey X (HKLM-x32\...\{F8F3F4BD-A69A-4345-AE81-656862093FBE}) (Version: 1.10 - aerosoft)
Aerosoft's - La Palma X - FSX STEAM Edition (HKLM-x32\...\La Palma X - FSX STEAM Edition) (Version: 1.01 - Aerosoft)
aerosoft's - Lukla X - Mount Everest (HKLM-x32\...\{EF32F291-8B08-43EF-8BAA-58B9F8C9540F}) (Version: 1.00 - aerosoft)
Aerosoft's - Luxembourg Airports (HKLM-x32\...\{F293A032-EB67-4ADC-8646-F1AA7F9E0143}) (Version: 3.20 - Aerosoft)
Aerosoft's - Mallorca X Evolution - FSX STEAM Edition (HKLM-x32\...\Mallorca X Evolution - FSX STEAM Edition) (Version: 1.00 - Aerosoft)
Aerosoft's - Manhattan X (HKLM-x32\...\{6ED3756D-BA23-4938-94F9-7C2BFC9B86FC}) (Version: 1.30 - Aerosoft)
Aerosoft's - Mega Airport Brussels X (HKLM-x32\...\{CB858C75-8537-4B71-9080-2A4F7D51F128}) (Version: 1.00 - Aerosoft)
Aerosoft's - Mega Airport Budapest (HKLM-x32\...\{AD6C554F-5050-40B1-B84D-51D74A09C7E4}) (Version: 2.00 - Aerosoft)
Aerosoft's - Mega Airport Lisbon V2.0 - FSX (HKLM-x32\...\Mega Airport Lisbon V2.0 - FSX) (Version: 2.00 - Aerosoft)
aerosoft's - Mega Airport Munich X (HKLM-x32\...\{1B19DA07-6870-4E60-9171-5C53AD21A0E0}) (Version: 1.02 - aerosoft)
Aerosoft's - Mega Airport Oslo 2.0 - FSX (HKLM-x32\...\Mega Airport Oslo 2.0 - FSX) (Version: 1.00 - Aerosoft)
aerosoft's - Mega Airport Paris CDG X (HKLM-x32\...\{0F5E7FC8-3D49-47DA-9A51-6A8B4BE393B0}) (Version: 1.00 - aerosoft)
aerosoft's - Mega Airport Paris Orly X (HKLM-x32\...\{5946BF7B-BB03-4B01-B329-04C02D1E5815}) (Version: 1.01 - aerosoft)
Aerosoft's - Mega Airport Rome - FSX STEAM Edition (HKLM-x32\...\Mega Airport Rome - FSX STEAM Edition) (Version: 1.01 - Aerosoft)
Aerosoft's - Mega Airport Zurich V2.0 - FSX STEAM Edition (HKLM-x32\...\Mega Airport Zurich V2.0 - FSX STEAM Edition) (Version: 1.02 - Aerosoft)
Aerosoft's - MonacoX (HKLM-x32\...\{B56D25A0-1316-4255-AB45-1147C9D01C5E}) (Version: 1.01 - Aerosoft)
Aerosoft's - Mykonos X - FSX (HKLM-x32\...\Mykonos X - FSX) (Version: - )
Aerosoft's - MyTraffic 2013 (HKLM-x32\...\{37F50C53-EDED-4FFE-9877-532A335C5C18}) (Version: 1.00 - Aerosoft)
aerosoft's - Rotterdam X (HKLM-x32\...\{FCCC0BAD-386F-4866-9877-F78428CB0E37}) (Version: 1.00 - aerosoft)
Aerosoft's - Saarbruecken X - FSX (HKLM-x32\...\Saarbruecken X - FSX) (Version: - )
Aerosoft's - Sharm El-Sheikh 2012 - FSX (HKLM-x32\...\{2C36035A-65D8-4711-A2CB-ED18A725EBDF}) (Version: 1.00 - Aerosoft)
aerosoft's - Tahiti X (HKLM-x32\...\{4C7F54EE-DC36-431F-9978-DA678D77C4BA}) (Version: 1.10 - aerosoft)
aerosoft's - USCitiesX - Cleveland (HKLM-x32\...\{5ABA58A2-8962-4C74-A07E-2D01AD834BB3}) (Version: 1.00 - aerosoft)
aerosoft's - Venice X (HKLM-x32\...\{74F493A2-1264-4BF2-A135-0184C68BD580}) (Version: 1.00 - aerosoft)
aerosoft's - VFR London X (HKLM-x32\...\{C1002665-A1DD-4764-AEDC-0769E09FAA4D}) (Version: 1.20 - aerosoft)
Agrium Covered Hopper Set A 1.0.0 (HKLM-x32\...\Agrium Covered Hopper Set A 1.0.0) (Version: 1.0.0 - Tigertrains.com)
Airport 2.60 for Windows (HKLM-x32\...\ST6UNST #1) (Version: - )
Airport Design Editor 1.65 (HKLM-x32\...\{E8A70E2D-4315-407E-9B03-B4665EDD3A94}) (Version: 1.66.5555.0 - ScruffyDuck Software)
Alcor Micro USB Card Reader Driver (HKLM-x32\...\InstallShield_{261ED3C4-356F-4810-80B9-EDD0992ED5AA}) (Version: 20.3.44.03963 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver (x32 Version: 20.3.44.03963 - Alcor Micro Corp.) Hidden
AMD Catalyst Install Manager (HKLM\...\{5AE0838D-19B1-5D12-5FE8-E6503B2C8716}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
American Truck Simulator (HKLM\...\Steam App 270880) (Version: - SCS Software)
Amtrak ExpressTrak Reefers 1.0.0 (HKLM-x32\...\Amtrak ExpressTrak Reefers 1.0.0) (Version: 1.0.0 - Tigertrains.com)
Amtrak P32AC-DM Engine Pack 1.0.1 (HKLM-x32\...\Amtrak P32AC-DM Engine Pack 1.0.1) (Version: 1.0.1 - Tigertrains.com)
Amtrak U.S. Mail Boxcar Set 1.0.0 (HKLM-x32\...\Amtrak U.S. Mail Boxcar Set 1.0.0) (Version: 1.0.0 - Tigertrains.com)
Animated Gates 2010 West Coast (HKLM-x32\...\Animated Gates 2010 West Coast) (Version: - )
Ansel (Version: 378.66 - NVIDIA Corporation) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ares 3.1.8.4045 (HKLM-x32\...\{C9FF844C-02F5-4221-8AD4-0BD823533C6E}_is1) (Version: 3.1.8.4045 - Ares)
Atlanta (HKLM-x32\...\MegaCity - Atlanta_is1) (Version: 1 - PC Aviator Inc.)
ATR 42-500 72-500 Pack FSX & P3D (HKLM\...\{2A080C46-F37A-4C7E-9676-173807C136CA}) (Version: 1 - Francisco Sánchez-Castañer, Philippe Wallaert, repack by Rikoooo)
ATSF Seligman Route 2.0 (HKLM-x32\...\ATSF Seligman Route 2.0) (Version: - )
BeamNG.drive (HKLM\...\Steam App 284160) (Version: - BeamNG)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
BitTorrent (HKU\S-1-5-21-799792450-1319612783-380193225-1001\...\BitTorrent) (Version: 7.9.9.42974 - BitTorrent Inc.)
BN & ATSF Tank Cars 1.0.0 (HKLM-x32\...\BN & ATSF Tank Cars 1.0.0) (Version: 1.0.0 - Tigertrains.com)
BNSF Ore Trainset #1 1.0.3 (HKLM-x32\...\BNSF Ore Trainset #1 1.0.3) (Version: 1.0.3 - Tigertrains.com)
BNSF Ore Trainset 1.0.2 (HKLM-x32\...\BNSF Ore Trainset 1.0.2) (Version: 1.0.2 - Edstrainsonline.com)
BNSF Seligman Route 2.0 Upgrade (HKLM-x32\...\BNSF Seligman Route 2.0 Upgrade) (Version: - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) Hidden
Canadian Pacfic Mactier Subdivision Route (Version 1.5) (HKU\S-1-5-21-799792450-1319612783-380193225-1001\...\Canadian Pacfic Mactier Subdivision Route (Version 1.5)) (Version: - )
Canadian Pacific Alstom Coil Cars 1.0.1 (HKLM-x32\...\Canadian Pacific Alstom Coil Cars 1.0.1) (Version: 1.0.1 - Tigertrains.com)
Canadian Pacific Coil Cars Set #2 1.0.1 (HKLM-x32\...\Canadian Pacific Coil Cars Set #2 1.0.1) (Version: 1.0.1 - Tigertrains.com)
Canadian Pacific Coil Cars Set #3 1.0.0 (HKLM-x32\...\Canadian Pacific Coil Cars Set #3 1.0.0) (Version: 1.0.0 - Tigertrains.com)
Canon MX360 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX360_series) (Version: - )
Canton (HKLM-x32\...\Canton) (Version: - )
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CLS DC10 (HKLM-x32\...\CLS DC10) (Version: - )
Coal Country: The Orin Line (HKLM-x32\...\{89EF5B71-BFB4-400E-ABD6-A331A153F304}_is1) (Version: 1.0 - van Birgelen)
Company of Heroes (HKLM\...\Steam App 4560) (Version: - Relic Entertainment)
Company of Heroes (New Steam Version) (HKLM\...\Steam App 228200) (Version: - Relic)
Company of Heroes: Opposing Fronts (HKLM\...\Steam App 9340) (Version: - Relic Entertainment)
Company of Heroes: Tales of Valor (HKLM\...\Steam App 20540) (Version: - Relic Entertainment)
ConBuilder (HKLM-x32\...\ConBuilder) (Version: 6.0.0.5 - ConBuilder)
ConTEXT v0.98.6 (HKLM-x32\...\{73E0D3A0-9C30-4F59-ABBF-6233686FB396}_is1) (Version: - ConTEXT Project Ltd)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CR-Software's - German Landmarks FSX (HKLM-x32\...\{53E5E2ED-1603-4531-B602-42526F2BB973}) (Version: 2.0 - CR-Software)
CSX M&M Subdivision (HKLM-x32\...\CSX M&M Subdivision) (Version: - )
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5510 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3109 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1902 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.5.3414 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1.4319 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dallas (HKLM-x32\...\MegaCITY - Dallas_is1) (Version: 1.0 - PC Aviator Inc.)
DARv2 (HKU\S-1-5-21-799792450-1319612783-380193225-1001\...\DARv2) (Version: - )
Data Lifeguard Diagnostic for Windows 1.27 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version: - Western Digital Corporation)
Data Rescue PC3 v110714 (HKLM-x32\...\Data Rescue PC3_is1) (Version: v110714 - Prosoft Engineering, Inc.)
Denver (HKLM-x32\...\MegaCITY - Denver_is1) (Version: 1.0 - PC Aviator Inc.)
DirectScan (HKU\S-1-5-21-799792450-1319612783-380193225-1001\...\cb59a91e7790dee5) (Version: 1.0.0.163 - Landstar)
DOCX Trinity 4460 cu.ft. Hoppers 1.0.0 (HKLM-x32\...\DOCX Trinity 4460 cu.ft. Hoppers 1.0.0) (Version: 1.0.0 - Tigertrains.com)
Dolby Cockpit Sounds FS9 (HKLM-x32\...\{E8E8AFCA-31C0-0F20-88A6-96167E74D14C}) (Version: 1.9.0.0 - FSPS)
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.03 - Creative Technology Limited)
DTM - EMD GP50 CNW (HKLM-x32\...\DTM - EMD GP50 CNW) (Version: - )
DTM - GE C36-7 Conrail (HKLM-x32\...\DTM - GE C36-7 Conrail) (Version: - )
DTM EMD GP50 BNSF (HKLM-x32\...\DTM EMD GP50 BNSF) (Version: - )
DTM EMD SD50 D&RGW (HKLM-x32\...\DTM EMD SD50 D&RGW) (Version: - )
DTM EMD SD50-2 CSX V1.6 (HKLM-x32\...\DTM EMD SD50-2 CSX V1.6) (Version: - )
DTM EMD SD50-2 CSX YN-2 (HKLM-x32\...\DTM EMD SD50-2 CSX YN-2) (Version: - )
DTS Connect Pack (HKLM-x32\...\DTS Connect Pack) (Version: 1.00 - Creative Technology Limited)
DWC Bulkhead Set 1.0.0 (HKLM-x32\...\DWC Bulkhead Set 1.0.0) (Version: 1.0.0 - Tigertrains.com)
EditVoicepack (HKLM-x32\...\{1EC65D1D-3911-4F7D-8B6A-63C69EDBFC6E}) (Version: 3.1.0 - Bevelstone Production)
EditVoicepack X (HKLM-x32\...\{493687F8-8D57-47C4-87B6-D46D7C5203BF}) (Version: 4.0.7 - Bevelstone Production)
EMD 645E3 Turbo Charged Soundset (HKLM-x32\...\EMD 645E3 Turbo Charged Soundset) (Version: - )
EMD GP35 D&RGW (HKLM-x32\...\EMD GP35 D&RGW) (Version: - )
EMD GP35 Western Pacific (HKLM-x32\...\EMD GP35 Western Pacific) (Version: - )
Euro Truck Simulator (HKLM\...\Steam App 232010) (Version: - SCS Software)
Euro Truck Simulator 2 (HKLM\...\Steam App 227300) (Version: - SCS Software)
EVE Online (HKLM-x32\...\{C8101096-8241-44C3-9D30-FFC38FF60DB9}) (Version: 3.0.0 - CCP Games Ltd.)
EVE Online (HKLM-x32\...\{F66A87E9-5BC1-4E9E-9411-9A15136A132E}) (Version: 3.0.0 - CCP Games Ltd.)
EVE Online (HKU\S-1-5-21-799792450-1319612783-380193225-1001\...\{30cbb164-d9a2-4f6b-a0ac-fe576cd441d5}) (Version: 1.0.0 - CCP)
EVE Online (HKU\S-1-5-21-799792450-1319612783-380193225-1001\...\{33274a13-3e8c-4bb6-a6c1-4d46af2080e7}) (Version: 1.0.0 - CCP)
EVGA OC Scanner X 3.4.0 (64-bit) (HKLM\...\{CC520CF6-B02E-49AA-8192-C1DDC159E0AA}}_is1) (Version: - EVGA)
EVGA Precision X 4.2.0 (HKLM-x32\...\PrecisionX) (Version: 4.2.0 - EVGA Corporation)
EZ Scenery Library (HKLM-x32\...\EZ Scenery Library) (Version: - )
F1 2013 (HKLM\...\Steam App 223670) (Version: - Codemasters Birmingham)
F1 2014 (HKLM-x32\...\RjEyMDE0_is1) (Version: 1 - )
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farming Simulator 15 (HKLM\...\Steam App 313160) (Version: - Giants Software)
Farming Simulator 17 (HKLM\...\Steam App 447020) (Version: - Giants Software)
FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
Feather River Route (HKLM-x32\...\Feather River Routev1.03) (Version: v1.03 - 3DTrains)
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
FJ&G v1 Full Version (HKU\S-1-5-21-799792450-1319612783-380193225-1001\...\FJ&G v1 Full Version) (Version: - )
FlatOut 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Flight1 Downloader (HKU\S-1-5-21-799792450-1319612783-380193225-1001\...\Flight1 Downloader) (Version: - )
FlightBeam Denver FSX-SE (HKLM-x32\...\FlightBeam Denver FSX-SE_is1) (Version: 1.2.0 - FlightBeam.)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
Freight Sound Package 1.0.7 (HKLM-x32\...\Freight Sound Package 1.0.7) (Version: 1.0.7 - Tigertrains.com)
Frisco Kansas Division 4.2.0 (HKLM-x32\...\Frisco Kansas Division_is1) (Version: - The Silence Breaker, Inc.)
FS Flight Keeper (3.0) (HKLM-x32\...\{EB2423B8-2060-4260-874B-3ED7A68D1275}) (Version: 3.0 - Thomas Molitor & Aerosoft GmbH)
FS Real Time v1.97.23 (HKLM-x32\...\FS_Real_Time) (Version: - )
FS2Crew: PMDG 737 NGX Reboot Edition (HKLM-x32\...\FS2Crew: PMDG 737 NGX Reboot Edition) (Version: - )
FSCaptain Version 1.07.02 (HKU\S-1-5-21-799792450-1319612783-380193225-1001\...\FSCaptain Version 1.07.02) (Version: - )
FSDG-Djerba v2 (HKLM-x32\...\FSDG-Djerba v2) (Version: - )
FSDG's - Ayers Rock X - FSX (HKLM-x32\...\Ayers Rock X - FSX) (Version: 1.00 - FSDG)
FSDreamTeam GSX FSX-SE (HKLM-x32\...\FSDreamTeam GSX FSX-SE_is1) (Version: 1.9.12 - VIRTUALI Sagl)
FSDreamTeam XPOI FSX-SE (HKLM-x32\...\FSDreamTeam XPOI FSX-SE_is1) (Version: 2.0.0 - VIRTUALI Sagl)
FSFlyingSchool Pro 2013 (HKLM-x32\...\FSFlyingSchool Pro 2013) (Version: - )
FSFlyingSchool Pro 2016 (HKLM-x32\...\FSFlyingSchool Pro 2016) (Version: - )
FSGenesis Alabama 19m Terrain Mesh for FS2004 (HKLM-x32\...\Alabama 19m Terrain Mesh for FS20041.0.0) (Version: 1.0.0 - FSGenesis)
FSGenesis Appalachians & Northeast 38m Terrain (HKLM-x32\...\FSGenesis Appalachians & Northeast 38m Terrain) (Version: - )
FSGenesis Arizona 19m Terrain Mesh for FS2004 (HKLM-x32\...\Arizona 19m Terrain Mesh for FS20041.0.0) (Version: 1.0.0 - FSGenesis)
FSGenesis Florida 19m Terrain Mesh for FS2004 (HKLM-x32\...\Florida 19m Terrain Mesh for FS20041.0.0) (Version: 1.0.0 - FSGenesis)
FSGenesis North America Terrain Mesh for FSX -- Eastern Rockies (HKLM-x32\...\North America Terrain Mesh for FSX -- Eastern Rockies2.0.0) (Version: 2.0.0 - FSGenesis)
FSGenesis North America Terrain Mesh for FSX -- Northeast (HKLM-x32\...\North America Terrain Mesh for FSX -- Northeast2.0.0) (Version: 2.0.0 - FSGenesis)
FSGenesis North America Terrain Mesh for FSX -- Plains (HKLM-x32\...\North America Terrain Mesh for FSX -- Plains2.0.0) (Version: 2.0.0 - FSGenesis)
FSGenesis North America Terrain Mesh for FSX -- Southeast (HKLM-x32\...\North America Terrain Mesh for FSX -- Southeast2.0.0) (Version: 2.0.0 - FSGenesis)
FSGenesis North America Terrain Mesh for FSX -- West Coast (HKLM-x32\...\North America Terrain Mesh for FSX -- West Coast2.0.0) (Version: 2.0.0 - FSGenesis)
FSGenesis North America Terrain Mesh for FSX -- Western Rockies (HKLM-x32\...\North America Terrain Mesh for FSX -- Western Rockies2.0.0) (Version: 2.0.0 - FSGenesis)
FSGenesis Texas & Southeast 38m Terrain (HKLM-x32\...\FSGenesis Texas & Southeast 38m Terrain) (Version: - )
FSGenesis The Great Plains 38m Terrain (HKLM-x32\...\FSGenesis The Great Plains 38m Terrain) (Version: - )
FSGenesis The Rockies 38m Terrain (HKLM-x32\...\FSGenesis The Rockies 38m Terrain) (Version: - )
FSGenesis The West Coast 38m Terrain (HKLM-x32\...\FSGenesis The West Coast 38m Terrain) (Version: - )
FSGenesis US National Landclass Project (HKLM-x32\...\FSGenesis US National Landclass Project) (Version: - )
FSGenesis Worldwide LOD 4/5/6 Terrain (HKLM-x32\...\FSGenesis Worldwide LOD 4/5/6 Terrain) (Version: - )
FSGenesis Yukon Territory 38.2m Terrain (HKLM-x32\...\FSGenesis Yukon Territory 38.2m Terrain) (Version: - )
FsPassengersX for Microsoft Flight Simulator X (HKLM-x32\...\FsPassengersX) (Version: 20151226 - SecondReality Software)
FSX Missions - A321 Lufthansa (HKLM-x32\...\FSX Missions - A321 Lufthansa) (Version: - )
FSX REX 4 Texture Direct Configuration Tool (HKLM-x32\...\Steam App 389350) (Version: - )
FsxAdventures KLM Missions v1.00 (HKU\S-1-5-21-799792450-1319612783-380193225-1001\...\FsxAdventures KLM Missions v1.00) (Version: - )
FSXDB - Learning Center (HKLM-x32\...\FSXDB - Learning Center) (Version: - )
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version: - )
GE FDL-12 ES44 Soundset (HKLM-x32\...\GE FDL-12 ES44 Soundset) (Version: - )
GE FDL-16 V1.0 Soundset (HKLM-x32\...\GE FDL-16 V1.0 Soundset) (Version: - )
GEOTRANS (HKLM-x32\...\GEOTRANS) (Version: 1.0.0.0 - BAE Systems)
German Landmarks FSX (x32 Version: 2.0 - CR-Software) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Earth (HKLM-x32\...\{6DB7AD00-F781-11DF-9EEF-001279CD8240}) (Version: 6.0.0.1735 - Google)
Google Earth Pro (HKLM-x32\...\{6D5E5B27-D872-4A5F-A1D9-CE681DB7B96A}) (Version: 7.1.7.2606 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GoPro App (x32 Version: 5.7.549 - GoPro, Inc.) Hidden
GoPro Studio 2.5.7 (HKLM-x32\...\{b996dca2-156c-4d2c-b9a3-59fac08cef33}) (Version: 2.5.7.549 - GoPro, Inc.)
GoPro VR Player 2.1 (HKLM\...\GoPro VR Player 2.1) (Version: V2.1.2 - GoPro)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
grcanyon1 (HKU\S-1-5-21-799792450-1319612783-380193225-1001\...\grcanyon1) (Version: - )
grcanyon2 (HKU\S-1-5-21-799792450-1319612783-380193225-1001\...\grcanyon2) (Version: - )
Grove City (HKLM-x32\...\Grove City) (Version: - )
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1206 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.2.8.25 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.2.8.17 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6418.0 - IDT)
ImagineSim Chep Lap Kok Airport for FSX 1.00 (HKLM-x32\...\ImagineSim Chep Lap Kok Airport for FSX 1.00) (Version: - )
Inland Cement Hoppers Set#1 1.0.0 (HKLM-x32\...\Inland Cement Hoppers Set#1 1.0.0) (Version: 1.0.0 - Tigertrains.com)
Inland Cement Hoppers Set#2 1.0.0 (HKLM-x32\...\Inland Cement Hoppers Set#2 1.0.0) (Version: 1.0.0 - Tigertrains.com)
InstallVC90Support (x32 Version: 1.01.0000 - Novatel Wireless) Hidden
Intel(R) Chipset Device Software (x32 Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1167 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2828 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden <==== ATTENTION
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Johnstown America Autocarriers AMTK 1.0.1 (HKLM-x32\...\Johnstown America Autocarriers AMTK 1.0.1) (Version: 1.0.1 - Tigertrains.com)
Johnstown America Autocarriers CNA 1.0.2 (HKLM-x32\...\Johnstown America Autocarriers CNA 1.0.2) (Version: 1.0.2 - Tigertrains.com)
Johnstown America Autocarriers CP 1.0.1 (HKLM-x32\...\Johnstown America Autocarriers CP 1.0.1) (Version: 1.0.1 - Tigertrains.com)
KATL Atlanta 2016 FSX (HKLM-x32\...\{57D4CB73-0B82-4668-B000-8121EB2038A5}) (Version: 0.4.0 - Imagine Simulation)
KAUS Austin 2014 FSX (HKLM-x32\...\{1C4E7B5E-F52F-4CFB-803F-C8098415A41E}) (Version: 0.1.0 - Imagine Simulation)
KCLT Charlotte FSX 2013 (HKLM-x32\...\{E44D8D6F-D1C9-437B-9D39-454BF975C98D}) (Version: 0.2.0 - Imagine Simulation)
KDTW Detroit (HKLM-x32\...\KDTW Detroit) (Version: - )
KIAD Washington Dulles FSX (HKLM-x32\...\{ECD78977-137C-4237-BBE6-4DEB81AA42B4}) (Version: 0.2.0 - Imagine Simulation)
Kinect for Windows Speech Recognition Language Pack (en-AU) (HKLM-x32\...\{48CEC0A3-AE10-4EE3-AC62-76D3D58792E5}) (Version: 11.0.7400.336 - Microsoft Corporation)
Kinect for Windows Speech Recognition Language Pack (en-CA) (HKLM-x32\...\{9C5505DA-F9C1-46CB-9F8F-AC38F8EA518A}) (Version: 11.0.7400.336 - Microsoft Corporation)
Kinect for Windows Speech Recognition Language Pack (en-GB) (HKLM-x32\...\{A0186231-0A8B-455A-8A25-B64AABCC11A6}) (Version: 11.0.7400.336 - Microsoft Corporation)
Kinect for Windows Speech Recognition Language Pack (en-US) (HKLM-x32\...\{8AAA44BB-487E-4D01-AF76-484ACB90DBFE}) (Version: 11.0.7400.336 - Microsoft Corporation)
KLAX v1.1.2 for FSX (HKLM\...\{5B9AE6C1-60A6-483D-8C47-69CA0E995A08}) (Version: 1.1.2 - BluePrint Simulations)
KLAX v2.1.2 Upgrade for FSX (HKLM\...\{240FEAAD-9C7D-408C-B705-9A4B301ACEF7}) (Version: 2.1.2 - BluePrint Simulations)
KLGA La Guardia FSX (HKLM-x32\...\KLGA La Guardia FSX) (Version: - )
Legendary 727 1.7 (HKLM-x32\...\LEGENDARY727PRO) (Version: 1.7.00 - © 1999-2007 Captain Sim)
Lockheed C-130 Hercules Sound Pack for Flight Simulator X SP1-SP2 (HKU\S-1-5-21-799792450-1319612783-380193225-1001\...\Lockheed C-130 Hercules Sound Pack for Flight Simulator X SP1-SP2) (Version: - )
Logitech Gaming Software 8.88 (HKLM\...\Logitech Gaming Software) (Version: 8.88.30 - Logitech Inc.)
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MBKX Coil Car Set 1.0.0 (HKLM-x32\...\MBKX Coil Car Set 1.0.0) (Version: 1.0.0 - Tigertrains.com)
MegaSceneryEarth Colorado 001 2.0 (HKLM-x32\...\MegaSceneryEarth Colorado 001 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Colorado 002 2.0 (HKLM-x32\...\MegaSceneryEarth Colorado 002 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Colorado 003 2.0 (HKLM-x32\...\MegaSceneryEarth Colorado 003 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Colorado 004 2.0 (HKLM-x32\...\MegaSceneryEarth Colorado 004 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Colorado 005 2.0 (HKLM-x32\...\MegaSceneryEarth Colorado 005 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Colorado 006 2.0 (HKLM-x32\...\MegaSceneryEarth Colorado 006 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Colorado 007 2.0 (HKLM-x32\...\MegaSceneryEarth Colorado 007 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Colorado 008 2.0 (HKLM-x32\...\MegaSceneryEarth Colorado 008 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Colorado 009 2.0 (HKLM-x32\...\MegaSceneryEarth Colorado 009 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Colorado 010 2.0 (HKLM-x32\...\MegaSceneryEarth Colorado 010 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Colorado 011 2.0 (HKLM-x32\...\MegaSceneryEarth Colorado 011 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Colorado 012 2.0 (HKLM-x32\...\MegaSceneryEarth Colorado 012 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Colorado 013 2.0 (HKLM-x32\...\MegaSceneryEarth Colorado 013 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Colorado 014 2.0 (HKLM-x32\...\MegaSceneryEarth Colorado 014 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Colorado 015 2.0 (HKLM-x32\...\MegaSceneryEarth Colorado 015 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Colorado 016 2.0 (HKLM-x32\...\MegaSceneryEarth Colorado 016 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Colorado 017 2.0 (HKLM-x32\...\MegaSceneryEarth Colorado 017 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Colorado 018 2.0 (HKLM-x32\...\MegaSceneryEarth Colorado 018 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Colorado 019 2.0 (HKLM-x32\...\MegaSceneryEarth Colorado 019 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Colorado 020 2.0 (HKLM-x32\...\MegaSceneryEarth Colorado 020 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Colorado 021 2.0 (HKLM-x32\...\MegaSceneryEarth Colorado 021 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Colorado 022 2.0 (HKLM-x32\...\MegaSceneryEarth Colorado 022 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Colorado 023 2.0 (HKLM-x32\...\MegaSceneryEarth Colorado 023 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Colorado 024 2.0 (HKLM-x32\...\MegaSceneryEarth Colorado 024 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Colorado 025 2.0 (HKLM-x32\...\MegaSceneryEarth Colorado 025 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Colorado 026 2.0 (HKLM-x32\...\MegaSceneryEarth Colorado 026 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Colorado 027 2.0 (HKLM-x32\...\MegaSceneryEarth Colorado 027 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Colorado 028 2.0 (HKLM-x32\...\MegaSceneryEarth Colorado 028 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Colorado 029 2.0 (HKLM-x32\...\MegaSceneryEarth Colorado 029 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Colorado 030 2.0 (HKLM-x32\...\MegaSceneryEarth Colorado 030 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Colorado 031 2.0 (HKLM-x32\...\MegaSceneryEarth Colorado 031 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Colorado 032 2.0 (HKLM-x32\...\MegaSceneryEarth Colorado 032 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Colorado 033 2.0 (HKLM-x32\...\MegaSceneryEarth Colorado 033 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Colorado 034 2.0 (HKLM-x32\...\MegaSceneryEarth Colorado 034 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Colorado 035 2.0 (HKLM-x32\...\MegaSceneryEarth Colorado 035 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Colorado Charts 2.0 (HKLM-x32\...\MegaSceneryEarth Colorado Charts 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Denver Ultra Res 001 2.0 (HKLM-x32\...\MegaSceneryEarth Denver Ultra Res 001 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Denver Ultra Res 002 2.0 (HKLM-x32\...\MegaSceneryEarth Denver Ultra Res 002 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Denver Ultra Res 003 2.0 (HKLM-x32\...\MegaSceneryEarth Denver Ultra Res 003 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Denver Ultra Res 004 2.0 (HKLM-x32\...\MegaSceneryEarth Denver Ultra Res 004 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Denver Ultra Res 005 2.0 (HKLM-x32\...\MegaSceneryEarth Denver Ultra Res 005 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Denver Ultra Res 006 2.0 (HKLM-x32\...\MegaSceneryEarth Denver Ultra Res 006 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Denver Ultra Res 007 2.0 (HKLM-x32\...\MegaSceneryEarth Denver Ultra Res 007 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Denver Ultra Res 008 2.0 (HKLM-x32\...\MegaSceneryEarth Denver Ultra Res 008 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Denver Ultra Res 009 2.0 (HKLM-x32\...\MegaSceneryEarth Denver Ultra Res 009 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Denver Ultra Res 010 2.0 (HKLM-x32\...\MegaSceneryEarth Denver Ultra Res 010 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Denver Ultra Res 011 2.0 (HKLM-x32\...\MegaSceneryEarth Denver Ultra Res 011 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Denver Ultra Res 012 2.0 (HKLM-x32\...\MegaSceneryEarth Denver Ultra Res 012 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Denver Ultra Res 013 2.0 (HKLM-x32\...\MegaSceneryEarth Denver Ultra Res 013 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Denver Ultra Res 014 2.0 (HKLM-x32\...\MegaSceneryEarth Denver Ultra Res 014 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Denver Ultra Res 015 2.0 (HKLM-x32\...\MegaSceneryEarth Denver Ultra Res 015 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Denver Ultra Res 016 2.0 (HKLM-x32\...\MegaSceneryEarth Denver Ultra Res 016 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Denver Ultra Res 017 2.0 (HKLM-x32\...\MegaSceneryEarth Denver Ultra Res 017 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Denver Ultra Res 018 2.0 (HKLM-x32\...\MegaSceneryEarth Denver Ultra Res 018 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Denver Ultra Res 019 2.0 (HKLM-x32\...\MegaSceneryEarth Denver Ultra Res 019 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Denver Ultra Res 020 2.0 (HKLM-x32\...\MegaSceneryEarth Denver Ultra Res 020 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Denver Ultra Res 021 2.0 (HKLM-x32\...\MegaSceneryEarth Denver Ultra Res 021 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Denver Ultra Res 022 2.0 (HKLM-x32\...\MegaSceneryEarth Denver Ultra Res 022 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Denver Ultra Res 023 2.0 (HKLM-x32\...\MegaSceneryEarth Denver Ultra Res 023 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Denver Ultra Res 024 2.0 (HKLM-x32\...\MegaSceneryEarth Denver Ultra Res 024 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Denver Ultra Res 025 2.0 (HKLM-x32\...\MegaSceneryEarth Denver Ultra Res 025 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Denver Ultra Res 026 2.0 (HKLM-x32\...\MegaSceneryEarth Denver Ultra Res 026 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Denver Ultra Res 027 2.0 (HKLM-x32\...\MegaSceneryEarth Denver Ultra Res 027 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Denver Ultra Res 028 2.0 (HKLM-x32\...\MegaSceneryEarth Denver Ultra Res 028 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Denver Ultra Res 029 2.0 (HKLM-x32\...\MegaSceneryEarth Denver Ultra Res 029 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Denver Ultra Res 030 2.0 (HKLM-x32\...\MegaSceneryEarth Denver Ultra Res 030 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Denver Ultra Res 031 2.0 (HKLM-x32\...\MegaSceneryEarth Denver Ultra Res 031 2.0) (Version: 2.0 - MegaSceneryEarth)
Metrolink CEM Rotem Coaches & CabCar (HKU\S-1-5-21-799792450-1319612783-380193225-1001\...\Metrolink CEM Rotem Coaches & CabCar) (Version: - )
Michigan Iron Ore (HKLM-x32\...\Michigan Iron Ore) (Version: - )
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft ESP SimConnect Client v1.0.20.0 (HKLM-x32\...\{C0A9FCC1-9725-4679-8AC2-FE501B139B63}) (Version: 1.0.20.0 - Microsoft Corporation)
Microsoft Flight Simulator 2004 A Century of Flight (HKLM-x32\...\Flight Simulator 9.0) (Version: 9.0 - Microsoft)
Microsoft Flight Simulator SimConnect Client v10.0.60905.0 (HKLM-x32\...\{D1AC9B0B-2727-4811-91DC-1FC3C4E47A9B}) (Version: 10.0.60905.0 - Microsoft Corporation)
Microsoft Flight Simulator SimConnect Client v10.0.61242.0 (HKLM-x32\...\{85DF6786-66AA-42EE-8616-AE456B07BD99}) (Version: 10.0.61242.0 - Microsoft Corporation)
Microsoft Flight Simulator SimConnect Client v10.0.61259.0 (HKLM-x32\...\{D61CA184-3F6D-4A50-B2CC-7A18447D6A8D}) (Version: 10.0.61259.0 - Microsoft Corporation)
Microsoft Flight Simulator SimConnect Client v10.0.62615.0 (HKLM-x32\...\{33D89314-361A-4495-A1E1-0ACBCE08F78D}) (Version: 10.0.62615.0 - Microsoft Corporation)
Microsoft Flight Simulator X: Steam Edition (HKLM-x32\...\Steam App 314160) (Version: - Microsoft Game Studios)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office XP Professional with FrontPage (HKLM-x32\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.4330.0 - Microsoft Corporation)
Microsoft Server Speech Platform Runtime (x64) (HKLM\...\{3B433087-E62E-4BF5-97F9-4AF6E1C2409C}) (Version: 11.0.7400.345 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50905.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft Train Simulator (HKLM-x32\...\Train Simulator 1.0) (Version: - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Millennium TiONA Tankers 1.0.0 (HKLM-x32\...\Millennium TiONA Tankers 1.0.0) (Version: 1.0.0 - Tigertrains.com)
Missouri Pacific McPherson Sub 2.1 (HKLM-x32\...\Missouri Pacific McPherson Sub 2.1_is1) (Version: - The Silence Breaker, Inc)
MK-Studios's - Bologna X - FSX (HKLM-x32\...\Bologna X - FSX) (Version: 1.00 - MK-Studios)
MLWAudio - 16N-710G3B - Sound Pack (HKLM-x32\...\MLWAudio - 16N-710G3B - Sound Pack) (Version: - )
MLWAudio - 16N-710G3C-II - Sound Pack (HKLM-x32\...\MLWAudio - 16N-710G3C-II - Sound Pack) (Version: - )
MLWAudio - BNSF Repaints Patch - 16N 710G3C-II (HKLM-x32\...\MLWAudio - BNSF Repaints Patch - 16N 710G3C-II) (Version: - )
MLWAudio - BNSF Repaints Patch (HKLM-x32\...\MLWAudio - BNSF Repaints Patch) (Version: - )
Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
MSTS APK Extractor v3 (HKU\S-1-5-21-799792450-1319612783-380193225-1001\...\MSTS APK Extractor v3) (Version: - )
MSTS Bernina Bahn v0.7.3 (HKLM-x32\...\{DF270969-CDFB-4005-B0A1-0CE6F19AB76A}_is1) (Version: - )
MSTS FURX SD40-2 Pack (HKU\S-1-5-21-799792450-1319612783-380193225-1001\...\MSTS FURX SD40-2 Pack) (Version: - )
MSTS Patch 1.8.0521 EN (HKLM-x32\...\{587A2120-41D3-11DB-3D6C-00E19E4D4AE1}) (Version: 1.8.052113 - George)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MTA P32AC-DM Engine Set 1.0.0 (HKLM-x32\...\MTA P32AC-DM Engine Set 1.0.0) (Version: 1.0.0 - Tigertrains.com)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
NASCAR '15 Victory Edition (HKLM\...\Steam App 345890) (Version: - Eutechnyx)
NASCAR Thunder TM 2004 Demo (HKLM-x32\...\{D310F6C5-39F2-48A4-0093-FD349EBFE5A3}) (Version: - )
Norfolk Southern Coil Car Set #3 1.0.0 (HKLM-x32\...\Norfolk Southern Coil Car Set #3 1.0.0) (Version: 1.0.0 - Tigertrains.com)
Northern California Scenery (HKLM-x32\...\MegaScenery - Northern California_is1) (Version: 1.0 - PC Aviator Inc.)
NS Coal District Scenario Pack 01 (HKLM-x32\...\NS Coal District Scenario Pack 01) (Version: - )
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.66 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.4.0.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.4.0.70 - NVIDIA Corporation)
NVIDIA Graphics Driver 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.66 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.21 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 378.66 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.3.16.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 9.4.6.2792 - Electronic Arts, Inc.)
Pacific Northwest Scenery (HKLM-x32\...\MegaScenery - Pacific Northwest_is1) (Version: 1.0 - PC Aviator Inc.)
PdaNet+ for Android 4.19 (HKLM-x32\...\PdaNet_is1) (Version: - June Fabrics Technology Inc)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Phoenix (HKLM-x32\...\MegaCity - Phoenix_is1) (Version: 1 - PC Aviator Inc.)
Plague Inc: Evolved (HKLM\...\Steam App 246620) (Version: - Ndemic Creations)
PMDG 737 6700 NGX Expansion FSX (HKLM-x32\...\{C7EE862A-D83D-4A9F-B746-CBDE39BD7001}) (Version: 1.10.6461 - PMDG Simulations, LLC.)
PMDG 737 8900 NGX Base Package FSX (HKLM-x32\...\{20708FD5-E94D-4097-A21E-E28564CDBC06}) (Version: 1.10.6461 - PMDG Simulations, LLC.)
PMDG 747-400/400F for FSX (HKLM-x32\...\{EDCEE320-0FB3-4197-9F86-8C1CCF2278FB}) (Version: 2.10.0040 - Precision Manuals Development Group)
PMDG 777-200LR/F Base Package FSX (HKLM-x32\...\{0F16340B-5B5B-4531-8D87-4952E3BCA6E6}) (Version: 1.10.6155 - PMDG Simulations, LLC.)
PMDG 777-300ER Expansion (HKLM-x32\...\{E65EFDE6-0864-40BA-8DDF-E31F736D9000}) (Version: 1.10.6036 - PMDG Simulations, LLC.)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Prepar3D v2 Professional Plus (HKLM-x32\...\{4335A9AB-9907-4B55-86C8-3D6D655B11FF}) (Version: 2.5.12942.0 - Lockheed Martin)
Prepar3D v2 Professional Plus Bundle (x32 Version: 2.5.12942.0 - Lockheed Martin) Hidden
Prepar3D v3 SDK (HKLM-x32\...\{528E770D-6E72-4479-8D40-79531DC737A6}) (Version: 3.1.2.15831 - Lockheed Martin)
QualityWings Ultimate 757 Collection FSX (HKLM-x32\...\QualityWings Ultimate 757 Collection FSX_is1) (Version: 1.3.6 - QualityWings)
QualityWings Ultimate 757 Collection FSX-SE (HKLM-x32\...\QualityWings Ultimate 757 Collection FSX-SE_is1) (Version: 1.3.9 - QualityWings)
QualityWings Ultimate 757 Collection P3D v2.x (HKLM-x32\...\QualityWings Ultimate 757 Collection P3D v2.x_is1) (Version: 1.3.9 - QualityWings)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
RAAS Professional by FS2Crew (LOCKED) (HKLM-x32\...\RAAS Professional by FS2Crew (LOCKED)) (Version: - )
RailDriver (HKLM-x32\...\{32C47C66-6393-413B-92D6-295E8A1D65DC}) (Version: - )
Railworks Community Asset Project (HKLM-x32\...\Railworks Community Asset Projectv2.09.29.13) (Version: v2.09.29.13 - RCAP)
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.0.0 - Ralink)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.02 - Razer Inc.)
RBMN Covered Hoppers 1.0.0 (HKLM-x32\...\RBMN Covered Hoppers 1.0.0) (Version: 1.0.0 - Tigertrains.com)
Real Environment Xtreme for FS2004 Overdrive (HKLM-x32\...\{BA1DF5FA-905A-4BD5-9AE8-A8EFB4156DE3}) (Version: 1.5.2010.1210 - Real Environment Simulations, Inc.)
RealDownloader (x32 Version: 18.1.6.161 - RealNetworks, Inc.) Hidden
RealDownloader (x32 Version: 18.1.6.165 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (RealTimes) (HKLM-x32\...\RealPlayer 18.1) (Version: 18.1.6 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.38.115.2015 - Realtek)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recovery Manager (x32 Version: 5.5.0.5530 - CyberLink Corp.) Hidden
Remove UK2000 Edinburgh Xtreme files (HKLM-x32\...\UK2000 Edinburgh Xtreme) (Version: - )
RivaTuner Statistics Server 5.1.1 (HKLM-x32\...\RTSS) (Version: 5.1.1 - Unwinder)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Route_Riter v7.5 (HKU\S-1-5-21-799792450-1319612783-380193225-1001\...\Route_Riter v7.5) (Version: - )
Runway Bumping Effect (HKLM-x32\...\{DFCDABE2-F3FC-48D8-9507-8455D7207060}) (Version: 1.5.0.0 - FSPS)
Runway Bumping Effect 1.2.0.0 (HKLM-x32\...\Runway Bumping Effect) (Version: 1.2.0.0 - FSPS)
RW_Tools V7 (HKU\S-1-5-21-799792450-1319612783-380193225-1001\...\RW_Tools V7) (Version: - )
RWInfo (HKLM-x32\...\RWInfo) (Version: 1.5.1 - Thomas Kläger)
Rwy12 Library (HKLM-x32\...\Rwy12 Library) (Version: - )
Saitek ProFlight Fsx Plugin 7.0.50.1 (HKLM\...\{918582C7-0F0E-4FA1-A49C-65CA9864DDD8}) (Version: 7.0.50.1 - Saitek)
ScaleRail (HKLM-x32\...\ScaleRail1.77) (Version: 1.77 - 3DTrains)
ScaleRoad (HKLM-x32\...\ScaleRoad1.77) (Version: 1.77 - 3DTrains)
Scania Truck Driving Simulator (HKLM\...\Steam App 258760) (Version: - SCS Software)
Seagate DiscWizard (HKLM-x32\...\{FDE52A79-D081-483F-8291-BD180887644C}) (Version: 16.0.5861 - Seagate)
SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital)
Shape Viewer (HKLM-x32\...\{88DA244E-4CEA-49E4-AD6A-301B65131E25}) (Version: 2.2.0.237 - )
SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
SIMADDONS CYOW 2011 (HKLM-x32\...\SIMADDONS CYOW 2011) (Version: - )
SIMADDONS CYTZ (HKLM-x32\...\SIMADDONS CYTZ) (Version: - )
Simaddons Halifax 2010 (HKLM-x32\...\Simaddons Halifax 2010) (Version: - )
Sims 3 - Nude Clothes Females (HKLM-x32\...\xSIMS_Nude_Clothes_Females) (Version: - )
Sims 3 - Nude Clothes Males (HKLM-x32\...\xSIMS_Nude_Clothes_Males) (Version: - )
Sims 3 - Nude Skins (HKLM-x32\...\xSIMS_Nude_Skins) (Version: - )
Solution for Real Terrain 0.5.2 (HKLM-x32\...\Solution for Real Terrain) (Version: 0.5.2 - Andres Blaho)
Sound Blaster Z-Series (HKLM-x32\...\{DAB64FB1-0BBB-486E-9C57-A3E34F463AEB}) (Version: 1.01.10 - Creative Technology Limited)
Sound Blaster Z-Series Extras (HKLM-x32\...\{9D9DB4BA-E352-4AC8-AD2B-B10104F5AB80}) (Version: 1.0 - Creative Technology Limited)
South Dakota Soybean Set 1.0.0 (HKLM-x32\...\South Dakota Soybean Set 1.0.0) (Version: 1.0.0 - Tigertrains.com)
Southern California (HKLM-x32\...\MegaScenery - Southern California_is1) (Version: 2 - PC Aviator Inc.)
SP WEST COLTON (HKLM-x32\...\SP WEST COLTON1.0) (Version: 1.0 - 3D Train Stuff Llc.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SR - The Full Bucket Line (HKLM-x32\...\SR - The Full Bucket Line) (Version: V1.0 - The Locomotive Paintshop)
SS CFM56-5B Soundset (HKLM-x32\...\SS CFM56-5B Soundset) (Version: - )
SS CFM56-7B 700_800 (HKLM-x32\...\SS CFM56-7B 700_800) (Version: - )
SS Pratt & Whitney PW4060 (HKLM-x32\...\SS Pratt & Whitney PW4060 ) (Version: - )
SS RB211-535 (HKLM-x32\...\SS RB211-535) (Version: - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SuperTrafficBoard (HKLM-x32\...\{9E7AC723-F54E-4D13-A888-0EAE66586FF8}) (Version: 3.1 - FlyingWSimulation)
Synchro-Soft 767 GE Soundset (HKLM-x32\...\Synchro-Soft 767 GE Soundset) (Version: - )
Synchro-Soft ATR-72 Soundset (HKLM-x32\...\Synchro-Soft ATR-72 Soundset) (Version: - )
Synchro-Soft B-52 Soundset (HKLM-x32\...\Synchro-Soft B-52 Soundset) (Version: - )
Synchro-Soft EA GP7200 Soundset (HKLM-x32\...\Synchro-Soft EA GP7200 Soundset) (Version: - )
Synchro-Soft GE90 Soundset (HKLM-x32\...\Synchro-Soft GE90 Soundset) (Version: - )
Synchro-Soft IAE V2500 (HKLM-x32\...\Synchro-Soft IAE V2500) (Version: - )
Synchro-Soft MD11 Soundset (HKLM-x32\...\Synchro-Soft MD11 Soundset) (Version: - )
TaD - Along the Coast (HKLM-x32\...\TaD - Along the Coast) (Version: - )
TaD - Canadian Freight (HKLM-x32\...\TaD - Canadian Freight) (Version: - )
TaD - CZ Crossing Donner Pass (HKLM-x32\...\TaD - CZ Crossing Donner Pass) (Version: - )
TaD - Over the Mountains (HKLM-x32\...\TaD - Over the Mountains) (Version: - )
TaD - Railtour US (HKLM-x32\...\TaD - Railtour US) (Version: - )
TaD - Sherman Hill Freight Work (HKLM-x32\...\TaD - Sherman Hill Freight Work) (Version: - )
TaD California Dreaming (HKLM-x32\...\TaD California Dreaming) (Version: - )
TaD Empire Builder on Stevens Pass 1.2 (HKLM-x32\...\TaD Empire Builder on Stevens Pass 1.2) (Version: - )
TaD NEC Series III - Commuter (HKLM-x32\...\TaD NEC Series III - Commuter) (Version: - )
TaD NEC Series IV (HKLM-x32\...\TaD NEC Series IV) (Version: - )
TaD NEC Series V - North Jersey Coast Line Scenarios (HKLM-x32\...\TaD NEC Series V - North Jersey Coast Line Scenarios) (Version: - )
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
TaxiSigns HD (HKLM-x32\...\{8629901B-D28A-405A-9006-55BB99E2FE35}) (Version: 1.1.0 - FlightSimTools.com)
Tehachapi Pass Route II 1.0 (HKLM-x32\...\Tehachapi_Pass_Route_II_1.0) (Version: - )
TGATool2A version 4.00.34 (HKLM-x32\...\TGATool2A_is1) (Version: - Martin Wright)
The MLWAudio Evolution Series Enhancement Pack (HKU\S-1-5-21-799792450-1319612783-380193225-1001\...\The MLWAudio Evolution Series Enhancement Pack) (Version: - )
The Sims(TM) 3 (HKLM\...\Steam App 47890) (Version: - The Sims Studio)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.69.43.024017 - Electronic Arts Inc.)
The Sims™ 3 70s, 80s, & 90s Stuff (HKLM-x32\...\{E1868CAE-E3B9-4099-8C18-AA8944D336FD}) (Version: 17.0.77 - Electronic Arts)
The Sims™ 3 Ambitions (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
The Sims™ 3 Diesel Stuff (HKLM-x32\...\{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43}) (Version: 14.0.48 - Electronic Arts)
The Sims™ 3 Fast Lane Stuff (HKLM-x32\...\{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}) (Version: 5.0.44 - Electronic Arts)
The Sims™ 3 Generations (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
The Sims™ 3 High-End Loft Stuff (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
The Sims™ 3 Into the Future (HKLM-x32\...\{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}) (Version: 21.0.150 - Electronic Arts)
The Sims™ 3 Island Paradise (HKLM-x32\...\{DB21639E-FE55-432C-BCA2-0C5249E3F79E}) (Version: 19.0.101 - Electronic Arts)
The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
The Sims™ 3 Master Suite Stuff (HKLM-x32\...\{08A25478-C5DD-4EA7-B168-3D687CA987FF}) (Version: 11.0.84 - Electronic Arts)
The Sims™ 3 Movie Stuff (HKLM-x32\...\{D0087539-3C57-44E0-BEE7-D779D546CBE1}) (Version: 20.0.53 - Electronic Arts)
The Sims™ 3 Outdoor Living Stuff (HKLM-x32\...\{117B6BF6-82C3-420C-B284-9247C8568E53}) (Version: 7.0.55 - Electronic Arts)
The Sims™ 3 Pets (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
The Sims™ 3 Seasons (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
The Sims™ 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)
The Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
The Sims™ 3 Town Life Stuff (HKLM-x32\...\{7B11296A-F894-449C-8DF6-6AAAA7D4D118}) (Version: 9.0.73 - Electronic Arts)
The Sims™ 3 University Life (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
The Sims™ 3 World Adventures (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
The Siskiyou Route (HKLM-x32\...\The Siskiyou RouteBeta 0.05) (Version: Beta 0.05 - Dale Rickert)
Thompson (HKLM-x32\...\Thompson) (Version: - )
TJSJ San Juan FSX (HKLM-x32\...\TJSJ San Juan FSX) (Version: - )
Train Sim Interface Quick Fix (HKLM-x32\...\Product_Name) (Version: - )
Train Sim World: CSX Heavy Haul Beta (HKLM\...\Steam App 397880) (Version: - )
Train Simulator (HKLM\...\Steam App 24010) (Version: - Dovetail Games)
Train Simulator 2014 (HKLM-x32\...\Steam App 24010) (Version: - RailSimulator.com)
Train Store V3.2 (HKLM-x32\...\Train Store V3.2) (Version: - )
Trains and Drivers - NEC Series Volume 1 (HKU\S-1-5-21-799792450-1319612783-380193225-1001\...\Trains and Drivers - NEC Series Volume 1) (Version: - )
Trains and Drivers - NEC Series Volume 2 (HKU\S-1-5-21-799792450-1319612783-380193225-1001\...\Trains and Drivers - NEC Series Volume 2) (Version: - )
Trinity Blue Long Door Coal Hoppers 1.0.0 (HKLM-x32\...\Trinity Blue Long Door Coal Hoppers 1.0.0) (Version: 1.0.0 - Tigertrains.com)
Trinity Green Long Door Coal Hoppers 1.0.0 (HKLM-x32\...\Trinity Green Long Door Coal Hoppers 1.0.0) (Version: 1.0.0 - Tigertrains.com)
Trucks & Trailers (HKLM\...\Steam App 302060) (Version: - SCS Software)
Trust.Zone VPN Client (HKLM\...\trustzone_tztzclient) (Version: 1.00.1008 - Trust.Zone VPN Project)
TSS A380 GP7000 Sound FSX (HKU\S-1-5-21-799792450-1319612783-380193225-1001\...\TSS A380 GP7000 Sound FSX) (Version: - )
TSS Airbus CFM56 5B FSX (HKLM-x32\...\TSS Airbus CFM56 5B FSX) (Version: - )
TSS ATR 42 72 PW (HKLM-x32\...\TSS ATR 42 72 PW) (Version: - )
TSS B757 PW2000 Sound FSX (HKU\S-1-5-21-799792450-1319612783-380193225-1001\...\TSS B757 PW2000 Sound FSX) (Version: - )
TSS B777 RR Trent FSX (HKU\S-1-5-21-799792450-1319612783-380193225-1001\...\TSS B777 RR Trent FSX) (Version: - )
TSS Boeing 727 JT8D Sound (HKLM-x32\...\TSS Boeing 727 JT8D Sound) (Version: - )
TSS Boeing 767 GE Sound (HKLM-x32\...\TSS Boeing 767 GE Sound) (Version: - )
TSS Boeing 767 RR (HKLM-x32\...\TSS Boeing 767 RR) (Version: - )
TSS Boeing 777 GE 90 Sound FSX (HKLM-x32\...\TSS Boeing 777 GE 90 Sound FSX) (Version: - )
TSS BOEING 777 PW4000 FSX (HKLM-x32\...\TSS BOEING 777 PW4000 FSX) (Version: - )
TSS Cessna Citation PW JT15D (HKLM-x32\...\TSS Cessna Citation PW JT15D) (Version: - )
TSS EMB-170 CF34 New generation sound (HKLM-x32\...\TSS EMB-170 CF34 New generation sound) (Version: - )
TSS FA18 Hornet Sound (HKLM-x32\...\TSS FA18 Hornet Sound) (Version: - )
TSS MD11 GE sound FSX (HKLM-x32\...\TSS MD11 GE sound FSX) (Version: - )
TSS MD11 PW Sound FSX (HKLM-x32\...\TSS MD11 PW Sound FSX) (Version: - )
TSS MD500 Soundpack (HKLM-x32\...\TSS MD500 Soundpack) (Version: - )
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
TweakUAC (HKLM-x32\...\TweakUAC_is1) (Version: 1.1 - WinAbility Software Corp.)
UK2000 Doncaster Xtreme FSX (HKLM-x32\...\UK2000 Doncaster Xtreme FSX) (Version: 1.02 - UK2000 Scenery)
UK2000 Liverpool Xtreme FSX (HKLM-x32\...\UK2000 Liverpool Xtreme FSX) (Version: 1.00 - UK2000 Scenery)
UKTS Freeware Pack - Ambient Audio #1 (HKLM-x32\...\{77FA1B68-15F4-4C79-A17C-1232151DF1C2}) (Version: 1.0.10 - UKTrainSim)
UKTS Freeware Pack - Blocks-Lofts-Bridges #1 (HKLM-x32\...\{07BB63A6-188D-4447-A0B6-8ED8B2075B81}) (Version: 1.0.9 - UKTrainSim)
UKTS Freeware Pack - CN Rolling Stock Pack #1 (HKLM-x32\...\{03569D73-4E4E-440E-99B0-DD4F3686531E}) (Version: 1.0.1 - UKTrainSim)
UKTS Freeware Pack - Foliage #1 (HKLM-x32\...\{C02FEE81-6830-4186-B82B-4832A2BECB19}) (Version: 1.0.3 - UKTrainSim)
UKTS Freeware Pack - Industrial #1 (HKLM-x32\...\{B19E2B7A-745D-4B67-B21B-C97F727F3923}) (Version: 1.0.3 - UKTrainSim)
UKTS Freeware Pack - Terrain Textures #1 (HKLM-x32\...\{2004CCA6-D67D-4F0C-BD0A-C7CD1DF4B4A7}) (Version: 1.0.1 - UKTrainSim)
Ultimate Checklist (HKLM-x32\...\{D2A7B238-4563-49DE-B307-76DF2BE6D47D}) (Version: 2.0.0.0 - FSPS)
Ultimate Checklist 1.9.0.0 (HKLM-x32\...\Ultimate Checklist) (Version: 1.9.0.0 - FSPS)
Ultimate General: Civil War (HKLM\...\Steam App 502520) (Version: - Game-Labs)
Ultimate Traffic (HKLM-x32\...\F1UT2) (Version: 2 - Flight One Software)
Ultimate Traffic 2 Power Pack (HKLM-x32\...\F1UT2PP) (Version: 2.02 - Flight One Software)
Union Pacific 60' Coil Car Set 1.0.0 (HKLM-x32\...\Union Pacific 60' Coil Car Set 1.0.0) (Version: 1.0.0 - Tigertrains.com)
Union Pacific Feather River 1984 (HKU\S-1-5-21-799792450-1319612783-380193225-1001\...\Union Pacific Feather River 1984) (Version: - )
Union Pacific Sherman Hill Beta (HKLM-x32\...\Union Pacific Sherman Hill Betav1.06.19.15a) (Version: v1.06.19.15a - 3DTrains)
Unity Web Player (HKU\S-1-5-21-799792450-1319612783-380193225-1001\...\UnityWebPlayer) (Version: 4.5.3f3 - Unity Technologies ApS)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Vacation Quest™ - Australia (x32 Version: 2.2.0.98 - WildTangent) Hidden
vc2012_redist (x32 Version: 1.0.0.0 - Realnetworks) Hidden
VFW_Codec32 (x32 Version: 0.1.160.0 - GoPro, Inc.) Hidden
VFW_Codec64 (Version: 0.1.160.0 - GoPro, Inc.) Hidden
Video Downloader (x32 Version: 1.3.0 - RealNetworks) Hidden
VistaMare ViMaCore X (HKLM-x32\...\ViMaCore X) (Version: - )
vs2015_redist x86 (x32 Version: 1.0.0.0 - Realnetworks) Hidden
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
Washington State Grain Train Set 1.0.0 (HKLM-x32\...\Washington State Grain Train Set 1.0.0) (Version: 1.0.0 - Tigertrains.com)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.6 - WildTangent) Hidden
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012 - GoPro)
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (01/19/2011 1.0.0009.0) (HKLM\...\4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20) (Version: 01/19/2011 1.0.0009.0 - Western Digital Technologies)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
WSSS Singapore FSX (HKLM-x32\...\{F6CACDDB-E633-4EA8-B4E4-F502D78CFDF7}) (Version: 0.2.0 - Imagine Simulation)
WX Advantage Radar - Update 2 (HKLM-x32\...\{34F8E7A6-D39F-4AD4-B866-74BCFC1E5896}) (Version: 1.0.2016.0621 - MILVIZ - REX Game Studios, LLC.)
X-55 Rhino (HKLM\...\{1F5E0FC0-3811-40C9-9AB3-7358EFFDB3A4}) (Version: 7.0.41.10 - Mad Catz Inc)
ZSPD Shanghai 2014 FSX (HKLM-x32\...\{9AB038F0-8C73-424A-A560-5DDBE73A1743}) (Version: 0.2.0 - Imagine Simulation)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {058A7492-99B3-405C-88A6-588F9711710F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-03-15] (Microsoft Corporation)
Task: {0592332A-1656-4D5F-AB8F-918616F81A79} - System32\Tasks\Keyboard Updater Viewer => C:\Program Files (x86)\Keyboard Updater\KeyboardUpdater.exe <==== ATTENTION
Task: {096A7710-71D4-43C6-8395-7DC0FFC4FF70} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)
Task: {2286A83B-1970-466F-A73F-29DE6A00019F} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-17] (Adobe Systems Incorporated)
Task: {25211B16-8DB3-4086-A5C1-334703BFBA42} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-04-06] (Hewlett-Packard)
Task: {32602108-B553-4955-9383-7B8E62A2C2AD} - System32\Tasks\UpdateService => C:\Users\Buddy\AppData\Local\Temp\SoftUpdater.exe <==== ATTENTION
Task: {3B0E084C-C431-445D-A6DF-4CB87AC718DF} - System32\Tasks\GPUSpeed => C:\Users\Buddy\AppData\Roaming\VideoDrivers\GPU\run.vbs [2014-11-15] ()
Task: {3D6C7932-4E39-4E88-BE71-550EE9F1F7F8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-05-18] (HP Inc.)
Task: {518C51FB-7299-4753-B6FC-53E571EABAC7} - System32\Tasks\HPCeeScheduleForBuddy => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {51C5F059-0101-4B39-B570-BCF1234828E6} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation)
Task: {5860EBE5-2357-414D-92DA-454DE4058A79} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-cbfirefighter@yahoo.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {5ED2FD7A-9EF2-4C0F-A049-ADA41A453D7D} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-05-18] (HP Inc.)
Task: {6B51AFAA-320D-4620-A408-FDF40FC0339E} - System32\Tasks\RealDownloader Update Check => C:\program files (x86)\real\realplayer\RealDownloader\downloader2.exe
Task: {6C94D10F-F357-4B37-ACBF-DDB3E071B700} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-14] (Google Inc.)
Task: {7B06CEA7-4A6A-49B9-A377-02031B1F8A22} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-03-07] (Hewlett-Packard)
Task: {7BF2B36E-D9C1-483C-96F1-9061CEF348EA} - System32\Tasks\Driver Booster SkipUAC (Buddy) => C:\Program Files (x86)\IObit\Driver Booster\4.1.0\DriverBooster.exe
Task: {84F9602C-1F6E-4A3A-A439-DA5622E397A0} - \SmartComp Safe Network Viewer -> No File <==== ATTENTION
Task: {877280A7-10BB-4DBB-B1C1-5F8D9B17A568} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-799792450-1319612783-380193225-1001 => C:\program files (x86)\real\realplayer\RealDownloader\RealUpgrade.exe [2016-11-11] (RealNetworks, Inc.)
Task: {89E585CE-7C54-4430-8FBE-D8EF47F79CB4} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-799792450-1319612783-380193225-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2016-11-11] (RealNetworks, Inc.)
Task: {8EBD0E2C-9CED-466D-BF19-3438AC173F5D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8EDD31FE-F34C-484D-8B7A-2919CC90015E} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation)
Task: {916C501C-8DD0-4C21-B2F3-12E12D7E7A0B} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-02-23] (NVIDIA Corporation)
Task: {96FF12C3-3C08-4B56-9664-1130217D45B2} - \Smart Driver Updater Schedule -> No File <==== ATTENTION
Task: {980FC731-F73E-4040-A423-04F831E08DAF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-14] (Google Inc.)
Task: {A039F7C8-2ED7-4488-97AE-BD66ADD38680} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation)
Task: {B8272131-4B9C-4D03-9D32-7C72294DF090} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-02-23] (NVIDIA Corporation)
Task: {B8F4A92C-65B4-4E81-B7FE-BD53A6E60680} - System32\Tasks\{085F7EC6-E889-47B4-9A4E-D1AA4E676665} => pcalua.exe -a "C:\Microsoft Games\Flight Simulator 9\UNINSTAL.EXE" -c /runtemp /addremove
Task: {BE10E1F4-844A-44DE-8428-8691AA2EA2A1} - \SmartComp Safe Network Viewer -> No File <==== ATTENTION
Task: {C0397FC9-40DB-4DD0-9DD5-E4A42E77152A} - \SmartComp Safe Network Viewer -> No File <==== ATTENTION
Task: {C11752F3-6B42-4EC4-BE17-2F1B802BC324} - no filepath
Task: {C28DD928-9CF7-4A7D-911E-21021099BCE4} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-02-23] (NVIDIA Corporation)
Task: {D29A6624-0927-45C4-9C31-337F72A9F8E6} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation)
Task: {EBF969AD-DFDF-4D68-A527-E584ED7F5EC8} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-799792450-1319612783-380193225-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2016-11-11] (RealNetworks, Inc.)
Task: {F5B60CB9-F8D0-49C3-89DC-EEB890A92AB9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)
Task: {F6731E59-36A7-459F-80ED-E99AE3470BEF} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-799792450-1319612783-380193225-1001 => C:\program files (x86)\real\realplayer\RealDownloader\recordingmanager.exe [2016-11-11] (RealNetworks, Inc.)
Task: {FC448FC1-098E-419A-A88E-DB0759F3B362} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-799792450-1319612783-380193225-1001 => C:\program files (x86)\real\realplayer\RealDownloader\RealUpgrade.exe [2016-11-11] (RealNetworks, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForBuddy.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Buddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Orbx\BackupRestore.lnk -> E:\Steam\steamapps\common\FSX\ORBX\Scripts\FTXCentral\Work\BackupRestore.bat ()
Shortcut: C:\Users\Buddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FSGenesis\FSGenesis BugTracker.lnk -> hxxp://www.fsgenesis.net/flyspray
Shortcut: C:\Users\Buddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FSGenesis\FSGenesis Forums.lnk -> hxxp://www.fsgenesis.net/forum
Shortcut: C:\Users\Buddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FSGenesis\FSGenesis Store.lnk -> hxxp://www.fsgenesis.com

==================== Loaded Modules (Whitelisted) ==============

2017-03-15 16:10 - 2016-09-06 12:00 - 05197312 _____ () C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libglesv2.dll
2017-03-15 16:10 - 2016-09-06 12:00 - 00147456 _____ () C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libegl.dll
2014-09-12 09:43 - 2008-06-19 17:35 - 00333288 _____ () C:\Program Files (x86)\Spybot - Search & Destroy\sqlite3.dll
2014-09-12 09:43 - 2008-03-04 14:52 - 00790392 _____ () C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\Chai.dll
2014-09-12 09:43 - 2008-03-05 09:34 - 00795520 _____ () C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\Fennel.dll
2014-09-12 09:43 - 2008-02-26 11:04 - 00717176 _____ () C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\Mate.dll
2014-09-12 09:43 - 2007-12-24 01:05 - 00121344 _____ () C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\TCPIPAddress.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:00934A10 [133]
AlternateDataStreams: C:\ProgramData\Temp:054203E4 [130]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
e"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7866 more sites.

IE restricted site: HKU\S-1-5-21-799792450-1319612783-380193225-1001\...\0025.pics -> hxxp://i8mzz.watchmovies.0025.pics
IE restricted site: HKU\S-1-5-21-799792450-1319612783-380193225-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-799792450-1319612783-380193225-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-799792450-1319612783-380193225-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-799792450-1319612783-380193225-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-799792450-1319612783-380193225-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-799792450-1319612783-380193225-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-799792450-1319612783-380193225-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-799792450-1319612783-380193225-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-799792450-1319612783-380193225-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-799792450-1319612783-380193225-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-799792450-1319612783-380193225-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-799792450-1319612783-380193225-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-799792450-1319612783-380193225-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-799792450-1319612783-380193225-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-799792450-1319612783-380193225-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-799792450-1319612783-380193225-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-799792450-1319612783-380193225-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-799792450-1319612783-380193225-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-799792450-1319612783-380193225-1001\...\123moviedownload.com -> www.123moviedownload.com

There are 7876 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 07:25 - 2016-01-04 19:39 - 00449985 ____R C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com

There are 15463 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-799792450-1319612783-380193225-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Buddy\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-799792450-1319612783-380193225-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Buddy\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKLM\...\StartupApproved\Run32: => "GoPro Studio Importer"
HKU\S-1-5-21-799792450-1319612783-380193225-1001\...\StartupApproved\Run: => "ares"
HKU\S-1-5-21-799792450-1319612783-380193225-1001\...\StartupApproved\Run: => "DirectScan"
HKU\S-1-5-21-799792450-1319612783-380193225-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "ares"
HKU\S-1-5-21-799792450-1319612783-380193225-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "DirectScan"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{5181A3A4-D0DF-409C-9438-17EEBEC7EC37}C:\program files (x86)\ccp\eve\bin\exefile.exe] => (Allow) C:\program files (x86)\ccp\eve\bin\exefile.exe
FirewallRules: [TCP Query User{E50FFBDF-E22C-468A-8302-B84270F70645}C:\program files (x86)\ccp\eve\bin\exefile.exe] => (Allow) C:\program files (x86)\ccp\eve\bin\exefile.exe
FirewallRules: [{0AE12153-9030-4641-A41D-5508C42AD69A}] => (Allow) C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{B0888CCB-89B3-4C22-87DA-B85FB80742E4}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{6CC8E0A0-7CEA-4476-AB42-C36A81E64705}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{E7A0E439-F1CF-44F2-988F-15E1E8EEAD47}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F9D28541-1353-493E-9CEF-F68A98A4D31D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D73FABD6-08D3-48A9-9415-9522A425A846}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6ED82E29-8E27-42C0-BEBF-3A7774FB3DF7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{8140A7E0-42F7-41F4-AF5A-B950508C5A69}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [UDP Query User{8E11ADBE-22CB-4726-9E89-CFB947F8CE83}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [{4071FA56-FBE0-474D-A1CA-AF6EE0F67D1C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{7B888F92-8387-4D59-97EF-95BC0C83764A}] => (Allow) LPort=2869
FirewallRules: [{5744481E-2BC3-45B1-92A7-729EA036FD80}] => (Allow) LPort=1900
FirewallRules: [{5A59DE3A-B052-4E36-B533-C9CDEF4320B3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3027A9D6-7479-457C-85AC-9AE4DABF3512}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{148B68C8-AA35-4189-8CC9-D35F0D1969D1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Farming Simulator 2013\FarmingSimulator2013Game.exe
FirewallRules: [{33CD255A-DECB-4E0C-9CF9-99FF99D2466E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Farming Simulator 2013\FarmingSimulator2013Game.exe
FirewallRules: [{7E8BD4B9-6F87-487A-86A6-1350ED53D5BE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\RailWorks\RailWorks.exe
FirewallRules: [{2C3E6A3A-D31B-4F3F-B020-CA35541E50A6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\RailWorks\RailWorks.exe
FirewallRules: [{EEB216BF-04C6-4A45-A05C-34F9E6FA9054}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Farming Simulator 2013\FarmingSimulator2013Game.exe
FirewallRules: [{98FC052F-4FD6-4683-B02E-1608F1EFC5BE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Farming Simulator 2013\FarmingSimulator2013Game.exe
FirewallRules: [TCP Query User{8949387A-640F-4F2A-925C-76EA30C06333}C:\program files (x86)\ccp\eve\bin\exefile.exe] => (Allow) C:\program files (x86)\ccp\eve\bin\exefile.exe
FirewallRules: [UDP Query User{938CDC07-5B67-4AA5-9364-3A284FA26E13}C:\program files (x86)\ccp\eve\bin\exefile.exe] => (Allow) C:\program files (x86)\ccp\eve\bin\exefile.exe
FirewallRules: [TCP Query User{9C4D818E-19E3-4AF2-9933-C18267CF0AE8}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [UDP Query User{3D1253C2-EEBE-49B3-BE34-CFAF88A1E868}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [{621B51B8-CBD6-4751-A962-41C643A94042}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{41403454-C9EB-4C6A-8F49-2A57AFEAA94D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{9E949E53-BF66-454D-9801-D907A329E5B9}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{4409A616-7C9D-4658-841C-3115F5270682}C:\ares\ares.exe] => (Allow) C:\ares\ares.exe
FirewallRules: [UDP Query User{D43D453D-626C-4942-8260-AC47A2144A8A}C:\ares\ares.exe] => (Allow) C:\ares\ares.exe
FirewallRules: [{1613D331-2FD2-4784-93CC-D90BAA086AF8}] => (Allow) LPort=3333
FirewallRules: [{26DEA898-6BB6-4CF4-82D7-A2FEB4DF0F01}] => (Allow) LPort=44444
FirewallRules: [{078D6F8E-3AB9-47C1-AA5F-E2DC0DD15279}] => (Allow) C:\Users\Buddy\AppData\Roaming\VideoDrivers\GPU\cudaminer.exe
FirewallRules: [{07EE2F87-0271-49F3-BC11-295A92B84B3B}] => (Allow) C:\Users\Buddy\AppData\Roaming\VideoDrivers\GPU\cudaminer.exe
FirewallRules: [TCP Query User{040D88EB-BD80-42D8-BC28-97B83C8D39A1}C:\ares\ares.exe] => (Allow) C:\ares\ares.exe
FirewallRules: [UDP Query User{3B28208E-655C-4A10-97D0-0A4FDDE73F4D}C:\ares\ares.exe] => (Allow) C:\ares\ares.exe
FirewallRules: [{83BE2977-8ABB-4D0F-AA49-C6A696FAA619}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FAE90B2C-0A2D-4056-BC13-CB8DED8EFFFE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4E5C5CF5-A2D4-4239-8005-2134B80B6996}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{F2318C60-E64E-4BA3-AB0F-EF185439536B}] => (Allow) C:\Users\Buddy\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{FAAA4945-FCBA-4CF7-A4A2-B62EC3A2E1B1}] => (Allow) C:\Users\Buddy\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{6CDE7904-ED8E-488F-865A-18F28770CA63}] => (Allow) C:\Users\Buddy\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{0FCF5FB6-29C4-4EDE-A928-9743ECD57103}] => (Allow) C:\Users\Buddy\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{D8235D35-ECD8-4B22-B13F-2EC041862512}] => (Allow) C:\Users\Buddy\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{68F0FE8C-342F-4D9C-A474-4E1D8D862A93}] => (Allow) C:\Users\Buddy\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{7C8465F2-C19B-459A-AC81-2BD0C596E3A3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7CFD9D6B-9C38-4EE3-B9A7-5B0362087B42}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A80BDC0C-6DF1-41B0-AF36-8466A6E0E2C8}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{539B4ECF-4169-4420-9C98-88D23B1CE54F}] => (Allow) C:\Steam\Steam.exe
FirewallRules: [{04BB16A9-857F-4592-9CA3-3622AE3F8340}] => (Allow) C:\Steam\Steam.exe
FirewallRules: [{21E74AC2-68E4-4135-B539-77A35A0B317E}] => (Allow) C:\Steam\bin\steamwebhelper.exe
FirewallRules: [{7066292E-E56B-44B1-AC63-154EB1D07003}] => (Allow) C:\Steam\bin\steamwebhelper.exe
FirewallRules: [{3C3D6321-3DF5-454E-A11F-D7C53D3A0DEB}] => (Allow) C:\Steam\steamapps\common\FSX\fsx.exe
FirewallRules: [{AFE11258-5C6D-4325-8603-8723B0A7E867}] => (Allow) C:\Steam\steamapps\common\FSX\fsx.exe
FirewallRules: [{335DAE83-D571-4BBA-B8CA-A75AD25EFCD3}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{0AA5CD37-53B9-4051-B71C-496DF652657E}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{51101AF7-B78E-41D5-AEAE-CECF98A86E21}] => (Allow) E:\Steam\bin\steamwebhelper.exe
FirewallRules: [{F5F2915F-6EE8-4BE5-AE8F-655DF0766FB6}] => (Allow) E:\Steam\bin\steamwebhelper.exe
FirewallRules: [{852E3154-9F8A-4401-97E9-D93F2446770B}] => (Allow) E:\Steam\steamapps\common\FSX\fsx.exe
FirewallRules: [{921CBE04-FF39-4542-AC32-6D1861F9F99D}] => (Allow) E:\Steam\steamapps\common\FSX\fsx.exe
FirewallRules: [{B86978A4-6BDC-4E21-8B06-A888BC3D0E46}] => (Allow) E:\Steam\steamapps\common\FSX\DLC\379542\REX 4 Texture Direct\rextexturedirect_se.exe
FirewallRules: [{CD37ED65-E137-4D2B-AF99-0D5D5367BA78}] => (Allow) E:\Steam\steamapps\common\FSX\DLC\379542\REX 4 Texture Direct\rextexturedirect_se.exe
FirewallRules: [{044D0184-E1EF-4AB2-A1B4-0BD4EB37CA65}] => (Allow) E:\Lockheed Martin\Prepar3D v2\Prepar3D.exe
FirewallRules: [{65CFFDDF-8C03-4FA7-A09F-227E4E03B7D8}] => (Allow) E:\Lockheed Martin\Prepar3D v2\Prepar3D.exe
FirewallRules: [TCP Query User{A68B4F61-2EAF-4DEC-B97E-C04D7B4BDAB6}E:\supertrafficboard\trafficboardfrontend.exe] => (Allow) E:\supertrafficboard\trafficboardfrontend.exe
FirewallRules: [UDP Query User{7E10362A-5133-4B89-B8EB-330C97D5E2C1}E:\supertrafficboard\trafficboardfrontend.exe] => (Allow) E:\supertrafficboard\trafficboardfrontend.exe
FirewallRules: [TCP Query User{ED36490E-1090-4763-8F15-E4CB4B636F5F}C:\programdata\ccp\eve\sharedcache\tq\bin\exefile.exe] => (Allow) C:\programdata\ccp\eve\sharedcache\tq\bin\exefile.exe
FirewallRules: [UDP Query User{78CA755D-C5EC-4CE2-B2B0-EFF907A0A57E}C:\programdata\ccp\eve\sharedcache\tq\bin\exefile.exe] => (Allow) C:\programdata\ccp\eve\sharedcache\tq\bin\exefile.exe
FirewallRules: [{43632C31-811C-42FC-BE49-07B447C5A04A}] => (Allow) C:\Program Files\Trust.Zone VPN Client\trustzone_x64.exe
FirewallRules: [{03F851F1-2CDF-470D-9A76-1FCEAA562EFB}] => (Allow) C:\Program Files\Trust.Zone VPN Client\trustzone.exe
FirewallRules: [{87E747C3-3814-47C4-8187-08C28EFCC282}] => (Allow) C:\Program Files\Trust.Zone VPN Client\tzclient.exe
FirewallRules: [{5A0A476D-0D7D-45C5-A27D-BBB1120944CE}] => (Allow) C:\Program Files\Trust.Zone VPN Client\tzclient_x64.exe
FirewallRules: [TCP Query User{9A30DF1B-7162-41CB-9FF9-A52A671DB0E9}E:\steam\steamapps\common\fsx\flight one software\ultimate traffic 2\ut2services.exe] => (Allow) E:\steam\steamapps\common\fsx\flight one software\ultimate traffic 2\ut2services.exe
FirewallRules: [UDP Query User{57C22055-C029-4F08-A96C-14770D29BBE9}E:\steam\steamapps\common\fsx\flight one software\ultimate traffic 2\ut2services.exe] => (Allow) E:\steam\steamapps\common\fsx\flight one software\ultimate traffic 2\ut2services.exe
FirewallRules: [TCP Query User{C4F8C877-AB2A-419D-93CE-5EB00E3AB4ED}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{9A8A7502-8568-4AE4-B2CD-BB31D2EE6A18}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{6FAB0FE7-831E-41E6-B947-031E20C89920}] => (Allow) E:\GameSpy Arcade\Aphex.exe
FirewallRules: [{714A36B4-D4A5-4963-8C94-6EF605A85853}] => (Allow) E:\GameSpy Arcade\Aphex.exe
FirewallRules: [{7EC159F0-DD64-42DA-A150-31485620EF26}] => (Allow) E:\Steam\steamapps\common\NASCAR 15\bin\NASCAR15.exe
FirewallRules: [{85CA314A-1B78-42DC-B8BE-36AB4A124F15}] => (Allow) E:\Steam\steamapps\common\NASCAR 15\bin\NASCAR15.exe
FirewallRules: [{79F3EACE-1C77-4378-B6B7-4E9A0D3C329B}] => (Allow) E:\Steam\steamapps\common\RailWorks\RailWorks.exe
FirewallRules: [{AF069338-E609-4E89-BBAB-A21029793E2D}] => (Allow) E:\Steam\steamapps\common\RailWorks\RailWorks.exe
FirewallRules: [{52C55E53-2C76-4074-BAF2-31C0209D8019}] => (Allow) E:\Steam\steamapps\common\Trucks & Trailers\bin\win_x86\trucks_n_trailers.exe
FirewallRules: [{689A1034-DA99-4A62-A53B-505CC186B835}] => (Allow) E:\Steam\steamapps\common\Trucks & Trailers\bin\win_x86\trucks_n_trailers.exe
FirewallRules: [{94AD479E-5D99-495F-8DC0-5274F36FF2A4}] => (Allow) E:\Steam\steamapps\common\Scania Truck Driving Simulator\bin\win_x86\scania_truck_driving_simulator.exe
FirewallRules: [{03D67848-5C66-40D8-AED6-DD8D97A662B3}] => (Allow) E:\Steam\steamapps\common\Scania Truck Driving Simulator\bin\win_x86\scania_truck_driving_simulator.exe
FirewallRules: [{19CBA5AE-5724-4BB0-ABB7-80FFE138EA87}] => (Allow) E:\Steam\steamapps\common\f12013\F1_2013.exe
FirewallRules: [{AF72CA37-6B59-433E-87E6-D94B0A7F2539}] => (Allow) E:\Steam\steamapps\common\f12013\F1_2013.exe
FirewallRules: [{D87E6619-6153-43B5-9EB1-8FFC95275B06}] => (Allow) E:\Steam\steamapps\common\Bus Driver\bin\win_x86\busdriver.exe
FirewallRules: [{DD30748A-B9CF-444D-9DFE-E3343CF3CD82}] => (Allow) E:\Steam\steamapps\common\Bus Driver\bin\win_x86\busdriver.exe
FirewallRules: [{4E979168-ACD4-4F4B-B44A-1DA7886730B3}] => (Allow) E:\Steam\steamapps\common\Bus Driver\bin\win_x86\launcher.exe
FirewallRules: [{EAE97C63-6AE1-4E9D-89CD-115325FC03CF}] => (Allow) E:\Steam\steamapps\common\Bus Driver\bin\win_x86\launcher.exe
FirewallRules: [{060C42AE-CE70-4469-B42D-9A64343C9D5B}] => (Allow) E:\Steam\steamapps\common\Euro Truck Simulator\eurotrucks.exe
FirewallRules: [{3F737E0B-5686-47E5-9270-DC3ED5A445D6}] => (Allow) E:\Steam\steamapps\common\Euro Truck Simulator\eurotrucks.exe
FirewallRules: [{7408E760-5FA3-488C-8339-9FB990A7D355}] => (Allow) E:\Steam\steamapps\common\Farming Simulator 15\x64\FarmingSimulator2015Game.exe
FirewallRules: [{BEBF9772-A5BA-460B-B1EA-A66B416B182F}] => (Allow) E:\Steam\steamapps\common\Farming Simulator 15\x64\FarmingSimulator2015Game.exe
FirewallRules: [{EF15ECB4-7030-457F-8558-7EB68CB06466}] => (Allow) E:\Steam\steamapps\common\Farming Simulator 15\x86\FarmingSimulator2015Game.exe
FirewallRules: [{5D6F8925-8A4B-4648-911F-3B8D30A0BE9A}] => (Allow) E:\Steam\steamapps\common\Farming Simulator 15\x86\FarmingSimulator2015Game.exe
FirewallRules: [{6CBD85F4-E8EA-4029-9B82-980143890AEF}] => (Allow) E:\Steam\steamapps\common\Ultimate General Civil War\Ultimate General Civil War.exe
FirewallRules: [{4DEDD44B-1445-49CA-A149-051ABAFBA3D8}] => (Allow) E:\Steam\steamapps\common\Ultimate General Civil War\Ultimate General Civil War.exe
FirewallRules: [{EAB7934C-05B5-4EEA-A622-3FF6080240A0}] => (Allow) E:\Steam\steamapps\common\TSW\WindowsNoEditor\TS2Prototype.exe
FirewallRules: [{970F4F6A-FBFA-4B0C-928D-8B2B7BC983B3}] => (Allow) E:\Steam\steamapps\common\TSW\WindowsNoEditor\TS2Prototype.exe
FirewallRules: [TCP Query User{69C79DCD-A56B-4D36-BB8F-BF2B2B2DFBF8}E:\steam\steamapps\common\tsw\windowsnoeditor\ts2prototype\binaries\win64\ts2prototype-win64-shipping.exe] => (Allow) E:\steam\steamapps\common\tsw\windowsnoeditor\ts2prototype\binaries\win64\ts2prototype-win64-shipping.exe
FirewallRules: [UDP Query User{D42D89A0-549D-4418-8FD6-4AA091326BEE}E:\steam\steamapps\common\tsw\windowsnoeditor\ts2prototype\binaries\win64\ts2prototype-win64-shipping.exe] => (Allow) E:\steam\steamapps\common\tsw\windowsnoeditor\ts2prototype\binaries\win64\ts2prototype-win64-shipping.exe
FirewallRules: [{27A13A44-71E8-41CA-9065-96DF9ADCF566}] => (Allow) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{769E8017-38D0-4B54-9299-8A0D157EE94E}] => (Allow) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{D5A8BC65-4394-4C8B-9B6E-B116A968713A}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{E0A5669F-37CB-406C-B966-2E3FD47701E5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{BE798362-FBBE-4C50-A508-128BE1DDFA52}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{3A85D22B-70B3-4A76-BAEB-B3B8D72419EA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{C6D15B1E-6EDC-4FCC-B0FD-3BE527BB5F01}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{62822125-1407-48BE-9457-AFCC98E150BF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8F2CEEE4-F23E-4CCF-8B98-43A15FBFB7BD}] => (Allow) E:\Steam\steamapps\common\Ultimate General Civil War\UGCWReporter.exe
FirewallRules: [{3648C597-CECA-49B4-A932-FDC3D01C788A}] => (Allow) E:\Steam\steamapps\common\Ultimate General Civil War\UGCWReporter.exe
FirewallRules: [{4CA725CE-6846-459E-83E7-FDD6597F249F}] => (Allow) E:\Steam\steamapps\common\BeamNG.drive\BeamNG.drive.exe
FirewallRules: [{A0F8660E-CC43-4EC8-87AE-126D17228F92}] => (Allow) E:\Steam\steamapps\common\BeamNG.drive\BeamNG.drive.exe
FirewallRules: [{E894FD69-7F5C-476D-9330-2BBEAFA43921}] => (Allow) E:\Steam\steamapps\common\PlagueInc\PlagueIncEvolved.exe
FirewallRules: [{213EA0A7-018E-4874-B866-8958CB04CC75}] => (Allow) E:\Steam\steamapps\common\PlagueInc\PlagueIncEvolved.exe
FirewallRules: [{A16AAEE3-6E4C-484D-B089-19C1ACD5A8A1}] => (Allow) E:\Steam\steamapps\common\Farming Simulator 17\x64\FarmingSimulator2017Game.exe
FirewallRules: [{40AF5E0C-5CFF-45BB-A3CC-7294CC0BFACC}] => (Allow) E:\Steam\steamapps\common\Farming Simulator 17\x64\FarmingSimulator2017Game.exe
FirewallRules: [{8A05E68C-A455-4E34-B4D4-E384C9E449D7}] => (Allow) E:\Steam\steamapps\common\Farming Simulator 17\x86\FarmingSimulator2017Game.exe
FirewallRules: [{854EBC2D-485E-40F1-820A-11FA4F5B27EB}] => (Allow) E:\Steam\steamapps\common\Farming Simulator 17\x86\FarmingSimulator2017Game.exe
FirewallRules: [TCP Query User{A40E47C4-7FF5-4A2E-A904-BF8DD6299B2A}E:\steam\steamapps\common\beamng.drive\bin64\beamng.drive.x64.exe] => (Allow) E:\steam\steamapps\common\beamng.drive\bin64\beamng.drive.x64.exe
FirewallRules: [UDP Query User{1C9F9906-9BE5-4721-8633-48491D67C3D0}E:\steam\steamapps\common\beamng.drive\bin64\beamng.drive.x64.exe] => (Allow) E:\steam\steamapps\common\beamng.drive\bin64\beamng.drive.x64.exe
FirewallRules: [{86AD4AE2-6A0B-4814-8D1E-AC766051CAEF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{FFD01AE7-2671-4AB3-8086-ACB6EB834570}] => (Allow) E:\Steam\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe
FirewallRules: [{032DF090-BBCE-4754-A95D-7807DA85589C}] => (Allow) E:\Steam\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe
FirewallRules: [{CBE7EB9C-03C1-4ECC-83C3-831235ABEA10}] => (Allow) E:\Steam\steamapps\common\Company of Heroes\RelicCOH.exe
FirewallRules: [{BF4A0E24-501C-4D7B-92B9-D16506868AEE}] => (Allow) E:\Steam\steamapps\common\Company of Heroes\RelicCOH.exe
FirewallRules: [{93349EDF-541C-4143-AFD6-E55A1112E4DF}] => (Allow) E:\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{9C97F89D-061F-4E6A-B475-5F3F5A1D2E3E}] => (Allow) E:\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{DF04FE03-CAAD-45DD-A511-9CD29CCB5289}] => (Allow) E:\Steam\steamapps\common\Company of Heroes 2\RelicCoH2.exe
FirewallRules: [{4117E0EB-5DA5-42F4-B5B0-3386ED241533}] => (Allow) E:\Steam\steamapps\common\Company of Heroes 2\RelicCoH2.exe
FirewallRules: [{EC4D0F27-F660-44CB-B157-74A6601380D1}] => (Allow) E:\Steam\steamapps\common\Company of Heroes Relaunch\RelicCOH.exe
FirewallRules: [{1B06A2F1-DF45-4CCA-8044-19DCCE0557E9}] => (Allow) E:\Steam\steamapps\common\Company of Heroes Relaunch\RelicCOH.exe
FirewallRules: [TCP Query User{11D4C44D-1611-4373-A0C1-71C0B2137F7F}E:\steam\steamapps\common\total war rome ii\rome2.exe] => (Allow) E:\steam\steamapps\common\total war rome ii\rome2.exe
FirewallRules: [UDP Query User{7D250EE2-EF3C-4AAE-8168-684B1389F404}E:\steam\steamapps\common\total war rome ii\rome2.exe] => (Allow) E:\steam\steamapps\common\total war rome ii\rome2.exe
FirewallRules: [{89B4A876-FE08-4F5C-86AC-A816E01729C6}] => (Allow) E:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{5B5B0B4B-90EF-495A-9465-871D791D1FFB}] => (Allow) E:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{B7E831C0-5DF9-494F-9B3B-C78F7AACCE47}] => (Allow) E:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{346847D7-0D25-4F2A-97E4-2E08B6B04B15}] => (Allow) E:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{76D2A884-B8AA-4F3A-BD9A-9F0C5ABCE60B}] => (Allow) E:\Steam\steamapps\common\Farming Simulator 17\x64\FarmingSimulator2017Game.exe
FirewallRules: [{5A7C8599-E941-43E8-AC5A-120DBD1B125F}] => (Allow) E:\Steam\steamapps\common\Farming Simulator 17\x64\FarmingSimulator2017Game.exe
FirewallRules: [{F230227E-05BF-4006-9ED9-770FF3B64DEB}] => (Allow) E:\Steam\steamapps\common\The Sims 3\Game\Bin\Sims3Launcher.exe
FirewallRules: [{DCF74291-7C0B-46E4-8916-923973FF57A7}] => (Allow) E:\Steam\steamapps\common\The Sims 3\Game\Bin\Sims3Launcher.exe
FirewallRules: [{5F154F06-633B-49A7-9D86-E8857E4D7D1E}] => (Allow) E:\Steam\steamapps\common\911 Operator\911.exe
FirewallRules: [{8C1CAEB6-E9FC-4194-91A1-DAF7AFCA994C}] => (Allow) E:\Steam\steamapps\common\911 Operator\911.exe
FirewallRules: [TCP Query User{544930E2-E824-41F7-A4F0-ED90F9D21C95}E:\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe] => (Allow) E:\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe
FirewallRules: [UDP Query User{8FED2A00-996A-4985-BFF6-BA31C8B23D2E}E:\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe] => (Allow) E:\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe
FirewallRules: [{A37063E0-94A8-4009-A490-73709C7275EB}] => (Allow) LPort=53000
FirewallRules: [{012747F6-9BB3-4A54-8B91-62833AFC94F6}] => (Allow) LPort=52000
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Sprint\Sprint SmartView\SwiApiMux.exe] => Enabled:SwiApiMux

==================== Restore Points =========================

26-02-2017 00:07:14 Installed DirectX
15-03-2017 13:53:15 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/15/2017 04:00:53 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "select * from __InstanceModificationEvent where targetinstance isa '__ArbitratorConfiguration'" could not be reactivated in namespace "//./root" because of error 0x80041033. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/15/2017 04:00:53 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider $Core attempted to register query "select * from __TimerEvent" whose target class "__TimerEvent" in //./root/CIMV2 namespace does not exist. The query will be ignored.

Error: (03/15/2017 04:00:53 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider $Core attempted to register query "select * from __TimerEvent" whose target class "__TimerEvent" in //./root/subscription namespace does not exist. The query will be ignored.

Error: (03/15/2017 04:00:53 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider $Core attempted to register query "select * from __TimerEvent" whose target class "__TimerEvent" in //./root namespace does not exist. The query will be ignored.

Error: (03/15/2017 04:00:53 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider $Core attempted to register query "select * from __SystemEvent" whose target class "__SystemEvent" in //./root/CIMV2 namespace does not exist. The query will be ignored.

Error: (03/15/2017 04:00:53 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider $Core attempted to register query "select * from __SystemEvent" whose target class "__SystemEvent" in //./root/subscription namespace does not exist. The query will be ignored.

Error: (03/15/2017 04:00:53 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider $Core attempted to register query "select * from __SystemEvent" whose target class "__SystemEvent" in //./root namespace does not exist. The query will be ignored.

Error: (03/15/2017 04:00:53 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider $Core attempted to register query "select * from __NamespaceOperationEvent" whose target class "__NamespaceOperationEvent" in //./root/CIMV2 namespace does not exist. The query will be ignored.

Error: (03/15/2017 04:00:53 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider $Core attempted to register query "select * from __NamespaceOperationEvent" whose target class "__NamespaceOperationEvent" in //./root/subscription namespace does not exist. The query will be ignored.

Error: (03/15/2017 04:00:53 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider $Core attempted to register query "select * from __NamespaceOperationEvent" whose target class "__NamespaceOperationEvent" in //./root namespace does not exist. The query will be ignored.


System errors:
=============
Error: (03/15/2017 04:39:08 PM) (Source: DCOM) (EventID: 10005) (User: I5MSTS)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (03/15/2017 04:39:07 PM) (Source: DCOM) (EventID: 10005) (User: I5MSTS)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (03/15/2017 04:39:07 PM) (Source: DCOM) (EventID: 10005) (User: I5MSTS)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (03/15/2017 04:39:07 PM) (Source: DCOM) (EventID: 10005) (User: I5MSTS)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (03/15/2017 04:39:07 PM) (Source: DCOM) (EventID: 10005) (User: I5MSTS)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (03/15/2017 04:39:07 PM) (Source: DCOM) (EventID: 10005) (User: I5MSTS)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (03/15/2017 04:39:01 PM) (Source: DCOM) (EventID: 10005) (User: I5MSTS)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (03/15/2017 04:39:01 PM) (Source: DCOM) (EventID: 10005) (User: I5MSTS)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (03/15/2017 04:39:01 PM) (Source: DCOM) (EventID: 10005) (User: I5MSTS)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (03/15/2017 04:38:48 PM) (Source: DCOM) (EventID: 10005) (User: I5MSTS)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}


CodeIntegrity:
===================================
Date: 2017-02-26 09:29:00.771
Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-26 09:29:00.225
Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-26 09:28:59.636
Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-25 19:12:18.571
Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-25 19:12:18.016
Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-25 19:12:17.405
Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-25 02:54:09.696
Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-25 02:54:09.212
Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-25 02:54:08.712
Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-23 16:06:33.670
Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz
Percentage of memory in use: 23%
Total physical RAM: 8147.3 MB
Available physical RAM: 6195.58 MB
Total Virtual: 8547.3 MB
Available Virtual: 6758.91 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:909.93 GB) (Free:98.49 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery Image) (Fixed) (Total:19.76 GB) (Free:2.43 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (GAMING) (Fixed) (Total:3725.9 GB) (Free:2878.75 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 3726 GB) (Disk ID: 8CB69180)

Partition: GPT.

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: CB9ADFE0)

Partition: GPT.

==================== End of Addition.txt ============================


aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2017-03-15 16:39:59
-----------------------------
16:39:59.834 OS Version: Windows x64 6.3.9600
16:39:59.834 Number of processors: 4 586 0x2A07
16:39:59.834 ComputerName: I5MSTS UserName: Buddy
16:40:22.150 Initialize success
16:41:57.389 AVAST engine defs: 17030301
16:42:20.228 Disk 0 \Device\Harddisk0\DR0 -> \Device\00000031
16:42:20.230 Disk 0 Vendor: ST4000DX001-1CE168 CC44 Size: 3815447MB BusType: 11
16:42:20.231 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\00000032
16:42:20.232 Disk 1 Vendor: ST1000DM003-9YN162 HP16 Size: 953869MB BusType: 11
16:42:20.413 Disk 1 MBR read successfully
16:42:20.414 Disk 1 MBR scan
16:42:20.417 Disk 1 unknown MBR code
16:42:20.418 Disk 1 Partition 1 00 EE GPT 2097151 MB offset 1
16:42:20.436 Disk 1 scanning C:\WINDOWS\system32\drivers
16:42:34.239 Service scanning
16:42:58.599 Modules scanning
16:42:58.603 Disk 1 trace - called modules:
16:42:58.627 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys storahci.sys hal.dll
16:42:58.631 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xffffe00164cdc550]
16:42:58.633 3 CLASSPNP.SYS[fffff801f758a170] -> nt!IofCallDriver -> [0xffffe001643cde50]
16:42:58.636 5 ACPI.sys[fffff801f7179c21] -> nt!IofCallDriver -> \Device\00000032[0xffffe001643cb060]
16:43:19.377 AVAST engine scan C:\WINDOWS
16:43:44.718 AVAST engine scan C:\WINDOWS\system32
16:47:47.402 AVAST engine scan C:\WINDOWS\system32\drivers
16:48:20.343 AVAST engine scan C:\Users\Buddy
17:29:01.635 AVAST engine scan C:\ProgramData
17:46:26.668 Disk 1 statistics 7407789/0/0 @ 1.18 MB/s
17:46:26.672 Scan finished successfully
18:18:32.055 Disk 1 MBR has been saved successfully to "C:\Users\Buddy\Desktop\MBR.dat"
18:18:32.058 The log file has been saved successfully to "C:\Users\Buddy\Desktop\aswMBR.txt"

Juliet
2017-03-16, 14:36
No idea what would cause the computer to randomly just shut off/down...

Please uninstall following programs:
Please go to Start Menu -> Control Panel -> Uninstall a program or Programs and Features
In the list of installed programs locate and click on the program to uninstall.
Click uninstall.

Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden <==== ATTENTION
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle) <= we can install the most current version later

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

BitTorrent
I see you have peer-to-peer (P2P) file sharing software installed on your computer (uTorrent). I advise you avoid P2P file sharing programmes; they are a security risk which can make your computer susceptible to malware. File sharing networks are thoroughly infected and infested with malware - worms (http://en.wikipedia.org/wiki/Computer_worm), backdoor Trojans (http://www.symantec.com/security_response/writeup.jsp?docid=2001-062614-1754-99), IRCBots (http://en.wikipedia.org/wiki/IRC_bot), and rootkits (http://en.wikipedia.org/wiki/Rootkit) propagate via P2P file sharing networks, gaming, and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans, and spyware. The best way to reduce the risk of infection is to avoid these types of web sites and not use P2P applications. Please read the following articles for more information.

Risks of File-Sharing Technology (http://www.us-cert.gov/cas/tips/ST05-007.html)
P2P Software User Advisories (http://aresgalaxy.sourceforge.net/p2prisks.htm)
More malware is traveling on P2P networks these days (http://www.computerworld.com/s/article/9240067/More_malware_is_traveling_on_P2P_networks_these_days)

Your P2P software can be removed by following the instructions below.

Press the Windows Key http://i.imgur.com/pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
Search for the aforementioned programme(s), right-click and click Uninstall.

If you choose not to, please refrain from using the programme(s) during this process.

~~~~~~~~~~~~~~~~~~~~~~~~~

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
Or use this method Press the windows key http://i1106.photobucket.com/albums/h363/debojyotidas/Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)


https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG


start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
GroupPolicy: Restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL =
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-20] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-20] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-799792450-1319612783-380193225-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-20] (Oracle Corporation)
C:\Users\Buddy\FlightBeam_Denver International - HD.reg
C:\Users\Buddy\FSDreamTeam_GSX.reg
C:\Users\Buddy\FSDreamTeam_XPOI.reg
C:\Users\Buddy\QualityWings_Ultimate 757 Collection.reg
2016-10-12 12:44 - 2005-01-27 18:44 - 0684032 _____ (Electronic Arts Inc.) C:\Users\Buddy\AppData\Local\Temp\AutoRun.exe
2016-10-12 12:44 - 2004-11-01 13:11 - 0577536 _____ (Electronic Arts Inc.) C:\Users\Buddy\AppData\Local\Temp\AutoRunGUI.dll
2016-08-01 11:32 - 2016-08-01 11:33 - 7850088 _____ (Microsoft Corporation) C:\Users\Buddy\AppData\Local\Temp\BingBarSetup-Partner.exe
2016-10-12 13:21 - 2003-08-13 19:05 - 0040960 _____ () C:\Users\Buddy\AppData\Local\Temp\comver.dll
2016-10-12 13:54 - 2005-01-27 18:44 - 0335872 _____ (Electronic Arts Inc.) C:\Users\Buddy\AppData\Local\Temp\eauninstall.exe
2016-10-01 11:20 - 2016-11-13 09:57 - 0186280 _____ (RealNetworks, Inc.) C:\Users\Buddy\AppData\Local\Temp\lowproc.exe
2016-10-12 13:54 - 2004-12-10 14:02 - 0073728 _____ (EA) C:\Users\Buddy\AppData\Local\Temp\NASCAR SimRacing_uninst.exe
2016-06-21 12:42 - 2017-01-20 08:07 - 0757240 _____ (NVIDIA Corporation) C:\Users\Buddy\AppData\Local\Temp\nvSCPAPI.dll
2016-06-21 12:42 - 2017-01-20 08:07 - 0872088 _____ (NVIDIA Corporation) C:\Users\Buddy\AppData\Local\Temp\nvSCPAPI64.dll
2016-08-22 10:24 - 2017-01-20 08:07 - 0352704 _____ (NVIDIA Corporation) C:\Users\Buddy\AppData\Local\Temp\nvStInst.exe
2016-10-07 11:02 - 2016-11-17 07:45 - 1135552 _____ (NVIDIA Corporation) C:\Users\Buddy\AppData\Local\Temp\NvTelemetry.dll
2016-10-07 11:02 - 2017-01-05 19:10 - 0255032 _____ (NVIDIA Corporation) C:\Users\Buddy\AppData\Local\Temp\NvTelemetryAPI32.dll
2016-10-07 11:02 - 2017-01-05 19:10 - 0335928 _____ (NVIDIA Corporation) C:\Users\Buddy\AppData\Local\Temp\NvTelemetryAPI64.dll
2016-10-04 22:25 - 2016-10-04 22:25 - 1190832 _____ (RealNetworks, Inc.) C:\Users\Buddy\AppData\Local\Temp\rnsetup0.exe
2016-12-16 17:24 - 2016-12-16 17:24 - 1191856 _____ (RealNetworks, Inc.) C:\Users\Buddy\AppData\Local\Temp\rnsetup1.exe
2016-10-01 11:20 - 2016-11-13 09:57 - 0096496 _____ (RealNetworks, Inc.) C:\Users\Buddy\AppData\Local\Temp\stubhelper.dll
2016-10-04 13:39 - 2016-10-04 13:39 - 0065280 _____ () C:\Users\Buddy\AppData\Local\Temp\utils.dll
2017-01-04 04:34 - 2017-01-04 04:34 - 7194312 _____ (Microsoft Corporation) C:\Users\Buddy\AppData\Local\Temp\vcredist_x64_vs2013.exe
2016-08-01 11:22 - 2016-08-01 10:46 - 0455600 _____ (Macrovision Corporation) C:\Users\Buddy\AppData\Local\Temp\_is4B4.exe
Task: {0592332A-1656-4D5F-AB8F-918616F81A79} - System32\Tasks\Keyboard Updater Viewer => C:\Program Files (x86)\Keyboard Updater\KeyboardUpdater.exe <==== ATTENTION
Task: {32602108-B553-4955-9383-7B8E62A2C2AD} - System32\Tasks\UpdateService => C:\Users\Buddy\AppData\Local\Temp\SoftUpdater.exe <==== ATTENTION
Task: {84F9602C-1F6E-4A3A-A439-DA5622E397A0} - \SmartComp Safe Network Viewer -> No File <==== ATTENTION
Task: {96FF12C3-3C08-4B56-9664-1130217D45B2} - \Smart Driver Updater Schedule -> No File <==== ATTENTION
Task: {BE10E1F4-844A-44DE-8428-8691AA2EA2A1} - \SmartComp Safe Network Viewer -> No File <==== ATTENTION
Task: {C0397FC9-40DB-4DD0-9DD5-E4A42E77152A} - \SmartComp Safe Network Viewer -> No File <==== ATTENTION
Task: {C11752F3-6B42-4EC4-BE17-2F1B802BC324} - no filepath
AlternateDataStreams: C:\ProgramData\Temp:00934A10 [133]
AlternateDataStreams: C:\ProgramData\Temp:054203E4 [130]
C:\Program Files (x86)\IObit
EmptyTemp:
Hosts:
End


Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~``

http://i.imgur.com/BY4dvz9.png AdwCleaner

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) and save the file to your Desktop.
In order to use AdwCleaner, you have to agree the Eula:
Right-click AdwCleaner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts.
Click http://i.imgur.com/A49sxPr.png Scan.
Upon completion, click http://i.imgur.com/6cyn5v5.png Logfile. A log (AdwCleaner[S1].txt) will open. Briefly check the log for anything you know to be legitimate.
Return to AdwCleaner. Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab.
Click http://i.imgur.com/MqHawIb.png Clean.
Follow the prompts and allow your computer to reboot.
After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and folder backups are made for items removed using this programme. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[C1].txt.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/)
or from here http://downloads.malwarebytes.org/file/jrt
to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.


~~~
please post
Fixlog.txt
AdwCleaner[C1].txt
JRT.txt

cbff33
2017-03-16, 16:00
I did the first step and uninstalled java. And then when i try to access this forum with computer, i can no longer access site to be able to copy and paste the text you needed me too!

cbff33
2017-03-16, 16:29
disregard my last post. #3. got it working. proceeding now

cbff33
2017-03-16, 16:47
Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Buddy (16-03-2017 09:31:22) Run:2
Running from C:\Users\Buddy\Desktop
Loaded Profiles: Buddy (Available Profiles: Buddy)
Boot Mode: Safe Mode (with Networking)
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
GroupPolicy: Restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL =
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-20] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-20] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-799792450-1319612783-380193225-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-20] (Oracle Corporation)
C:\Users\Buddy\FlightBeam_Denver International - HD.reg
C:\Users\Buddy\FSDreamTeam_GSX.reg
C:\Users\Buddy\FSDreamTeam_XPOI.reg
C:\Users\Buddy\QualityWings_Ultimate 757 Collection.reg
2016-10-12 12:44 - 2005-01-27 18:44 - 0684032 _____ (Electronic Arts Inc.) C:\Users\Buddy\AppData\Local\Temp\AutoRun.exe
2016-10-12 12:44 - 2004-11-01 13:11 - 0577536 _____ (Electronic Arts Inc.) C:\Users\Buddy\AppData\Local\Temp\AutoRunGUI.dll
2016-08-01 11:32 - 2016-08-01 11:33 - 7850088 _____ (Microsoft Corporation) C:\Users\Buddy\AppData\Local\Temp\BingBarSetup-Partner.exe
2016-10-12 13:21 - 2003-08-13 19:05 - 0040960 _____ () C:\Users\Buddy\AppData\Local\Temp\comver.dll
2016-10-12 13:54 - 2005-01-27 18:44 - 0335872 _____ (Electronic Arts Inc.) C:\Users\Buddy\AppData\Local\Temp\eauninstall.exe
2016-10-01 11:20 - 2016-11-13 09:57 - 0186280 _____ (RealNetworks, Inc.) C:\Users\Buddy\AppData\Local\Temp\lowproc.exe
2016-10-12 13:54 - 2004-12-10 14:02 - 0073728 _____ (EA) C:\Users\Buddy\AppData\Local\Temp\NASCAR SimRacing_uninst.exe
2016-06-21 12:42 - 2017-01-20 08:07 - 0757240 _____ (NVIDIA Corporation) C:\Users\Buddy\AppData\Local\Temp\nvSCPAPI.dll
2016-06-21 12:42 - 2017-01-20 08:07 - 0872088 _____ (NVIDIA Corporation) C:\Users\Buddy\AppData\Local\Temp\nvSCPAPI64.dll
2016-08-22 10:24 - 2017-01-20 08:07 - 0352704 _____ (NVIDIA Corporation) C:\Users\Buddy\AppData\Local\Temp\nvStInst.exe
2016-10-07 11:02 - 2016-11-17 07:45 - 1135552 _____ (NVIDIA Corporation) C:\Users\Buddy\AppData\Local\Temp\NvTelemetry.dll
2016-10-07 11:02 - 2017-01-05 19:10 - 0255032 _____ (NVIDIA Corporation) C:\Users\Buddy\AppData\Local\Temp\NvTelemetryAPI32.dll
2016-10-07 11:02 - 2017-01-05 19:10 - 0335928 _____ (NVIDIA Corporation) C:\Users\Buddy\AppData\Local\Temp\NvTelemetryAPI64.dll
2016-10-04 22:25 - 2016-10-04 22:25 - 1190832 _____ (RealNetworks, Inc.) C:\Users\Buddy\AppData\Local\Temp\rnsetup0.exe
2016-12-16 17:24 - 2016-12-16 17:24 - 1191856 _____ (RealNetworks, Inc.) C:\Users\Buddy\AppData\Local\Temp\rnsetup1.exe
2016-10-01 11:20 - 2016-11-13 09:57 - 0096496 _____ (RealNetworks, Inc.) C:\Users\Buddy\AppData\Local\Temp\stubhelper.dll
2016-10-04 13:39 - 2016-10-04 13:39 - 0065280 _____ () C:\Users\Buddy\AppData\Local\Temp\utils.dll
2017-01-04 04:34 - 2017-01-04 04:34 - 7194312 _____ (Microsoft Corporation) C:\Users\Buddy\AppData\Local\Temp\vcredist_x64_vs2013.exe
2016-08-01 11:22 - 2016-08-01 10:46 - 0455600 _____ (Macrovision Corporation) C:\Users\Buddy\AppData\Local\Temp\_is4B4.exe
Task: {0592332A-1656-4D5F-AB8F-918616F81A79} - System32\Tasks\Keyboard Updater Viewer => C:\Program Files (x86)\Keyboard Updater\KeyboardUpdater.exe <==== ATTENTION
Task: {32602108-B553-4955-9383-7B8E62A2C2AD} - System32\Tasks\UpdateService => C:\Users\Buddy\AppData\Local\Temp\SoftUpdater.exe <==== ATTENTION
Task: {84F9602C-1F6E-4A3A-A439-DA5622E397A0} - \SmartComp Safe Network Viewer -> No File <==== ATTENTION
Task: {96FF12C3-3C08-4B56-9664-1130217D45B2} - \Smart Driver Updater Schedule -> No File <==== ATTENTION
Task: {BE10E1F4-844A-44DE-8428-8691AA2EA2A1} - \SmartComp Safe Network Viewer -> No File <==== ATTENTION
Task: {C0397FC9-40DB-4DD0-9DD5-E4A42E77152A} - \SmartComp Safe Network Viewer -> No File <==== ATTENTION
Task: {C11752F3-6B42-4EC4-BE17-2F1B802BC324} - no filepath
AlternateDataStreams: C:\ProgramData\Temp:00934A10 [133]
AlternateDataStreams: C:\ProgramData\Temp:054203E4 [130]
C:\Program Files (x86)\IObit
EmptyTemp:
Hosts:
End
*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1 => key removed successfully
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2 => key removed successfully
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3 => key removed successfully
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1 => key removed successfully
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2 => key removed successfully
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3 => key removed successfully
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key not found.
HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found.
HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found.
HKU\S-1-5-21-799792450-1319612783-380193225-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.55.2 => key not found.
C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll => not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2 => key not found.
C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => not found.
C:\Users\Buddy\FlightBeam_Denver International - HD.reg => moved successfully
C:\Users\Buddy\FSDreamTeam_GSX.reg => moved successfully
C:\Users\Buddy\FSDreamTeam_XPOI.reg => moved successfully
C:\Users\Buddy\QualityWings_Ultimate 757 Collection.reg => moved successfully
C:\Users\Buddy\AppData\Local\Temp\AutoRun.exe => moved successfully
C:\Users\Buddy\AppData\Local\Temp\AutoRunGUI.dll => moved successfully
C:\Users\Buddy\AppData\Local\Temp\BingBarSetup-Partner.exe => moved successfully
C:\Users\Buddy\AppData\Local\Temp\comver.dll => moved successfully
C:\Users\Buddy\AppData\Local\Temp\eauninstall.exe => moved successfully
C:\Users\Buddy\AppData\Local\Temp\lowproc.exe => moved successfully
C:\Users\Buddy\AppData\Local\Temp\NASCAR SimRacing_uninst.exe => moved successfully
C:\Users\Buddy\AppData\Local\Temp\nvSCPAPI.dll => moved successfully
C:\Users\Buddy\AppData\Local\Temp\nvSCPAPI64.dll => moved successfully
C:\Users\Buddy\AppData\Local\Temp\nvStInst.exe => moved successfully
C:\Users\Buddy\AppData\Local\Temp\NvTelemetry.dll => moved successfully
C:\Users\Buddy\AppData\Local\Temp\NvTelemetryAPI32.dll => moved successfully
C:\Users\Buddy\AppData\Local\Temp\NvTelemetryAPI64.dll => moved successfully
C:\Users\Buddy\AppData\Local\Temp\rnsetup0.exe => moved successfully
C:\Users\Buddy\AppData\Local\Temp\rnsetup1.exe => moved successfully
C:\Users\Buddy\AppData\Local\Temp\stubhelper.dll => moved successfully
C:\Users\Buddy\AppData\Local\Temp\utils.dll => moved successfully
C:\Users\Buddy\AppData\Local\Temp\vcredist_x64_vs2013.exe => moved successfully
C:\Users\Buddy\AppData\Local\Temp\_is4B4.exe => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0592332A-1656-4D5F-AB8F-918616F81A79} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0592332A-1656-4D5F-AB8F-918616F81A79} => key removed successfully
C:\WINDOWS\System32\Tasks\Keyboard Updater Viewer => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Keyboard Updater Viewer => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{32602108-B553-4955-9383-7B8E62A2C2AD} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{32602108-B553-4955-9383-7B8E62A2C2AD} => key removed successfully
C:\WINDOWS\System32\Tasks\UpdateService => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdateService => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{84F9602C-1F6E-4A3A-A439-DA5622E397A0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84F9602C-1F6E-4A3A-A439-DA5622E397A0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartComp Safe Network Viewer => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{96FF12C3-3C08-4B56-9664-1130217D45B2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{96FF12C3-3C08-4B56-9664-1130217D45B2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Smart Driver Updater Schedule => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BE10E1F4-844A-44DE-8428-8691AA2EA2A1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE10E1F4-844A-44DE-8428-8691AA2EA2A1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartComp Safe Network Viewer => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C0397FC9-40DB-4DD0-9DD5-E4A42E77152A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C0397FC9-40DB-4DD0-9DD5-E4A42E77152A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartComp Safe Network Viewer => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C11752F3-6B42-4EC4-BE17-2F1B802BC324} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C11752F3-6B42-4EC4-BE17-2F1B802BC324} => key removed successfully
C:\ProgramData\Temp => ":00934A10" ADS removed successfully.
C:\ProgramData\Temp => ":054203E4" ADS removed successfully.
C:\Program Files (x86)\IObit => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 50006714 B
Java, Flash, Steam htmlcache => 412418064 B
Windows/system/drivers => 602896237 B
Edge => 0 B
Chrome => 254790811 B
Firefox => 19198703 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 1427456 B
LocalService => 0 B
NetworkService => 130957600 B
Buddy => 1961359315 B
UpdatusUser => 0 B

RecycleBin => 50178882594 B
EmptyTemp: => 49.9 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 09:34:27 ====

cbff33
2017-03-16, 17:08
# AdwCleaner v6.044 - Logfile created 16/03/2017 at 09:57:46
# Updated on 28/02/2017 by Malwarebytes
# Database : 2017-03-15.2 [Local]
# Operating System : Windows 8.1 (X64)
# Username : Buddy - I5MSTS
# Running from : C:\Users\Buddy\Desktop\AdwCleaner (1).exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Users\Buddy\Documents\Smart Driver Updater
[-] Folder deleted: C:\ProgramData\Uniblue
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Uniblue


***** [ Files ] *****

[-] File deleted: C:\Users\Buddy\AppData\Roaming\Mozilla\Firefox\Profiles\502ygpxx.default\invalidprefs.js
[-] File deleted: C:\Users\Buddy\AppData\Roaming\Mozilla\Firefox\Profiles\502ygpxx.default\searchplugins\search.xml


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\driverscanner
[-] Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[-] Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\driverscanner
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
[-] Key deleted: HKU\S-1-5-21-799792450-1319612783-380193225-1001\Software\APN PIP
[-] Key deleted: HKU\S-1-5-21-799792450-1319612783-380193225-1001\Software\Smart Driver Updater
[#] Key deleted on reboot: HKCU\Software\APN PIP
[#] Key deleted on reboot: HKCU\Software\Smart Driver Updater
[-] Key deleted: HKLM\SOFTWARE\SecureWeb
[-] Key deleted: HKLM\SOFTWARE\Uniblue
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D}
[#] Key deleted on reboot: [x64] HKCU\Software\APN PIP
[#] Key deleted on reboot: [x64] HKCU\Software\Smart Driver Updater
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
[-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\adnetworkperformance.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\dotomi.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\foxi69.tlscdn.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\land.pckeeper.software
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\pckeeper.software
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\tlscdn.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\utop.it
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\adnetworkperformance.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\dotomi.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\foxi69.tlscdn.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\land.pckeeper.software
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\pckeeper.software
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\tlscdn.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\utop.it
[-] Value deleted: HKU\S-1-5-21-799792450-1319612783-380193225-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Interstat]
[#] Value deleted on reboot: HKU\S-1-5-21-799792450-1319612783-380193225-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [InterStat]


***** [ Web browsers ] *****



*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [5518 Bytes] - [16/03/2017 09:57:46]
C:\AdwCleaner\AdwCleaner[S0].txt - [5481 Bytes] - [16/03/2017 09:52:23]
C:\AdwCleaner\AdwCleaner[S1].txt - [5554 Bytes] - [16/03/2017 09:54:09]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [5737 Bytes] ##########

cbff33
2017-03-16, 17:17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.2 (03.10.2017)
Operating System: Windows 8.1 x64
Ran by Buddy (Administrator) on Thu 03/16/2017 at 10:05:11.68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 5

Successfully deleted: C:\ProgramData\esellerate (Folder)
Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\Users\Buddy\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\searchplugins\search.xml (File)
Successfully deleted: C:\WINDOWS\system32\Tasks\Driver Booster Scheduler (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\Driver Booster SkipUAC (Buddy) (Task)



Registry: 2

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7BD59B51-BF68-424C-AB94-97D5E2BF4112} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{7BD59B51-BF68-424C-AB94-97D5E2BF4112} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 03/16/2017 at 10:11:33.93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

cbff33
2017-03-16, 17:18
all requested steps completed.

Juliet
2017-03-16, 21:58
yes!

Since you already have Malwarebytes Anti-Malware onboard let's update and run a new scan


Open Malwarebytes Anti-Malware
Windows Vista, Windows 7 , 8, 8.1 and 10 : Right click and select "Run as Administrator"
http://i24.photobucket.com/albums/c30/ken545/MBAM3_zpsw0f8rn9n.jpg

On the Dashboard click on Update Now

Go to the Setting Tab

Under Setting go to Detection and Protection

Under PUP and PUM make sure both are set to show Treat Detections as Malware

Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked

Then on the Dashboard click on Scan

Make sure to select THREAT SCAN

Then click on Scan

Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.

When the scan is finished on the bottom right click on SAVE RESULTS then select Copy to Clipboard
If threats are detected, click Remove Selected. If you are prompted to reboot, click Yes.

Please paste the log back into this thread for review


Exit Malwarebytes


Seeing any improvements on the computer?

cbff33
2017-03-16, 22:36
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/16/2017
Scan Time: 3:01 PM
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2017.03.16.07
Rootkit Database: v2017.03.11.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Buddy

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 377016
Time Elapsed: 24 min, 28 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 3
PUP.Optional.AdvancedSystemCare, C:\Users\Buddy\AppData\Roaming\IObit\Advanced SystemCare, , [6c4befdb198fae88be24fc24dc26a55b],
PUP.Optional.AdvancedSystemCare, C:\ProgramData\IObit\ASCDownloader, , [b007e2e86840c472ad3c64bf9d656e92],
PUP.Optional.AdvancedSystemCare, C:\ProgramData\IObit\ASCDownloader\db4, , [b007e2e86840c472ad3c64bf9d656e92],

Files: 5
PUP.Optional.AdvancedSystemCare, C:\Users\Buddy\AppData\Roaming\IObit\Advanced SystemCare\Main.ini, , [6c4befdb198fae88be24fc24dc26a55b],
PUP.Optional.AdvancedSystemCare, C:\ProgramData\IObit\ASCDownloader\db4Downloader.log, , [b007e2e86840c472ad3c64bf9d656e92],
PUP.Optional.AdvancedSystemCare, C:\ProgramData\IObit\ASCDownloader\Downloader.log, , [b007e2e86840c472ad3c64bf9d656e92],
PUP.Optional.AdvancedSystemCare, C:\ProgramData\IObit\ASCDownloader\db4\IObit Uninstaller.exe, , [b007e2e86840c472ad3c64bf9d656e92],
PUP.Optional.AdvancedSystemCare, C:\ProgramData\IObit\ASCDownloader\db4\IObit Uninstaller.exe.dat, , [b007e2e86840c472ad3c64bf9d656e92],

Physical Sectors: 0
(No malicious items detected)


(end)

cbff33
2017-03-16, 22:38
Computer is behaving properly now. It has been running for a number of hours with no repeat of the auto shutdown and instant reboot. Went ahead and loaded the system also with various graphic intensive games to ensure I wasn't having a hardware problem of any type.

I think we are good to go now for a couple more years.

Thank you for your help.

Should I now install the most recent Java?

Juliet
2017-03-17, 13:04
This should be the last scan we need to do.


Download Emsisoft Emergency Kit (http://www.emsisoft.com/en/software/eek/download/) and save it to your desktop.
Double-click icon then click Install
A Window should open highlighting Start Emergency Kit Scanner
Right click on the icon and select Run as administrator
Click 1. Update now!
Once the update is completed select Settings under Scan
Uncheck Join the Emsisoft Anti-Malware Network
Click Scan at the top
Click On scan completion
Click Quarantine detected objects, then click OK
Click Malware Scan
Once completed click View Report
Save the file to your Desktop using the default file name
Copy and paste the report in your reply

===============

How is your computer now?

Juliet
2017-03-22, 12:03
still with me?

Juliet
2017-03-24, 01:30
Glad we could help. :)

Since this issue appears resolved ... this Topic is closed.