Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-07-2019 Ran by ming2 (administrator) on DESKTOP-KA7J4FM (ASUSTeK COMPUTER INC. G752VSK) (14-07-2019 21:02:43) Running from C:\Users\ming2\Downloads Loaded Profiles: ming2 (Available Profiles: ming2 & Administrator) Platform: Windows 10 Home Single Language Version 1803 17134.407 (X64) Language: English (United States) Default browser: Edge Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () [File not signed] C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\SS2Svc32.exe () [File not signed] C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\x64\SS2Svc64.exe () [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.35.76.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe () [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\Video.UI.exe (ASUS) [File not signed] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ROG MacroKey\AsListen.exe (ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ROG MacroKey\MacroSrv.exe (ASUSTek Computer Inc. -> ASUSTek Computer Inc) C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe (ASUSTek Computer Inc. -> ASUSTek Computer Inc) C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe (ASUSTek Computer Inc. -> ASUSTek Computer Inc) C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe (ASUSTek Computer Inc. -> ASUSTek Computer Inc) C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTeK Computer Inc. -> ASUSTeK COMPUTER INC.) C:\Program Files (x86)\ASUS\ROG Gaming Center\ROGGamingCenterService.exe (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ROG Gaming Center\ROGGamingKey.exe (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (A-Volute -> ) C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\SS2UILauncher.exe (BitTorrent Inc -> BitTorrent Inc.) C:\Users\ming2\AppData\Roaming\uTorrent Web\utweb.exe (Borland Software Corporation) [File not signed] C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe (Borland Software Corporation) [File not signed] C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe (Canon Inc. -> ) C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe (Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE (Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE (CyberLink Corp. -> ) C:\Program Files\CyberLink\Shared files\RichVideo64.exe (Gaijin Network LTD -> Gaijin Entertainment) C:\Users\ming2\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe (Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe (Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Huawei Technologies Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe (Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel(R) Extreme Tuning Utility -> Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe (LAVASOFT SOFTWARE CANADA INC -> ) C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe (McAfee, Inc. -> Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.7.371.0\McCSPServiceHost.exe (McAfee, LLC -> McAfee, Inc.) C:\Program Files\mcafee\WebAdvisor\browserhost.exe (McAfee, LLC -> McAfee, Inc.) C:\Program Files\mcafee\WebAdvisor\servicehost.exe (McAfee, LLC -> McAfee, Inc.) C:\Program Files\mcafee\WebAdvisor\uihost.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Users\ming2\AppData\Local\Microsoft\OneDrive\19.103.0527.0003\FileCoAuth.exe (Microsoft Corporation -> Microsoft Corporation) C:\Users\ming2\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.35.76.0_x64__kzf8qxf38zg5c\SkypeApp.exe (Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.35.76.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Windows Hardware Compatibility Publisher -> ) C:\Windows\SysWOW64\UMonit64.exe (NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.17.3.50\NortonSecurity.exe (Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.17.3.50\NortonSecurity.exe (Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.17.3.50\nsWscSvc.exe (Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve -> Valve Corporation) D:\STM\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) D:\STM\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) D:\STM\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) D:\STM\Steam.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => %ProgramFiles%\Windows Defender\MSASCuiL.exe HKLM\...\Run: [SS2UILauncher] => C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\SS2UILauncher.exe [1143312 2016-11-11] (A-Volute -> ) HKLM\...\Run: [AvastUI.exe] => "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe" HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle America, Inc. -> Oracle Corporation) HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1313408 2017-07-05] (Canon Inc. -> CANON INC.) HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION HKLM\...\Policies\Explorer: [HideSCAHealth] 1 HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-3589471471-3968619273-1564904599-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [7514200 2019-06-04] (LAVASOFT SOFTWARE CANADA INC -> Lavasoft) HKU\S-1-5-21-3589471471-3968619273-1564904599-1001\...\Run: [utweb] => C:\Users\ming2\AppData\Roaming\uTorrent Web\utweb.exe [5116600 2018-02-21] (BitTorrent Inc -> BitTorrent Inc.) HKU\S-1-5-21-3589471471-3968619273-1564904599-1001\...\Run: [Dxtory Update Checker 2.0] => C:\Program Files (x86)\ExKode\Dxtory2.0\UpdateChecker.exe [93696 2010-10-17] (Dxtory Software) [File not signed] HKU\S-1-5-21-3589471471-3968619273-1564904599-1001\...\Run: [Steam] => D:\STM\steam.exe [3148576 2019-06-18] (Valve -> Valve Corporation) HKU\S-1-5-21-3589471471-3968619273-1564904599-1001\...\Run: [movavi_videoconverter_agent] => C:\Users\ming2\AppData\Roaming\Movavi Video Converter 19 Premium\ConverterAgent.exe HKU\S-1-5-21-3589471471-3968619273-1564904599-1001\...\Run: [Gaijin.Net Updater] => C:\Users\ming2\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [2105416 2019-04-18] (Gaijin Network LTD -> Gaijin Entertainment) HKU\S-1-5-21-3589471471-3968619273-1564904599-1001\...\Run: [Gaijin.Net Agent] => C:\Users\ming2\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [2105416 2019-04-18] (Gaijin Network LTD -> Gaijin Entertainment) HKU\S-1-5-21-3589471471-3968619273-1564904599-1001\...\RunOnce: [Application Restart #3] => C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe [1049608 2017-07-03] (ASUSTek Computer Inc. -> ASUSTek Computer Inc) HKU\S-1-5-21-3589471471-3968619273-1564904599-1001\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe [1049608 2017-07-03] (ASUSTek Computer Inc. -> ASUSTek Computer Inc) HKU\S-1-5-21-3589471471-3968619273-1564904599-1001\...\MountPoints2: {50974999-c377-11e8-902e-cc2f713c3939} - "G:\HiSuiteDownLoader.exe" HKU\S-1-5-21-3589471471-3968619273-1564904599-1001\...\Winlogon: [Shell] %comspec% <==== ATTENTION HKU\S-1-5-21-3589471471-3968619273-1564904599-1001\...\Command Processor: @mode 20,5 & tasklist /FI "IMAGENAME eq SoundMixer.exe" 2>NUL | find /I /N "SoundMixer.exe">NUL && exit & if exist "C:\Users\ming2\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe" ( start /MIN "" "C:\Users\ming2\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe" & tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) else ( tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) <==== ATTENTION HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\system32\rtvcvfw64.dll [246272 2012-09-28] () [File not signed] HKLM\...\Drivers32: [vidc.xtor] => C:\WINDOWS\system32\DxtoryCodec.dll [2606144 2015-08-10] (ExKode Co.Ltd. -> ExKode Co. Ltd.) HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [File not signed] HKLM\...\Drivers32: [vidc.xtor] => C:\WINDOWS\System32\DxtoryCodec.dll [2606144 2015-08-10] (ExKode Co.Ltd. -> ExKode Co. Ltd.) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.100\Installer\chrmstp.exe [2019-07-03] (Google LLC -> Google LLC) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {006FA409-1DB1-4634-BB1B-590C6F22B25E} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2281944 2019-06-04] (AVAST Software s.r.o. -> AVAST Software) Task: {06970E83-BF59-4DE2-8C08-FD7BC12EACF6} - System32\Tasks\SS2Svc32Run => C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\SS2Svc32.exe [2573312 2016-11-11] () [File not signed] Task: {0704FF8C-C053-4D38-AF8D-FA762A2637FF} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [436160 2017-10-11] (NVIDIA Corporation -> NVIDIA Corporation) Task: {1CD936A5-C436-4291-A535-70B7BDFDCC10} - System32\Tasks\Norton Security with Backup\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.17.3.50\SymErr.exe [101392 2019-06-20] (Symantec Corporation -> Symantec Corporation) Task: {2003E7BA-1A5E-4FF0-AD5A-C7305B05060E} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [655296 2017-10-11] (NVIDIA Corporation -> NVIDIA Corporation) Task: {22EFDDE5-50E8-41D3-9AC5-6D534DA88F66} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9037832 2016-10-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor) Task: {24740FFA-9EE2-44CE-AE42-06D4BE3B1E97} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [468616 2018-12-11] (Microsoft Corporation -> Microsoft Corporation) Task: {27F5DF75-84CE-4DDF-B742-5C3E6C6DB942} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [1542080 2017-10-11] (NVIDIA Corporation -> NVIDIA Corporation) Task: {29992AC6-C3D2-4CEC-8924-7186C2F4112A} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\SplitmediaLabs\XSplit Gamecaster\XSplit.Gamecaster.exe [42190848 2016-06-13] (SplitmediaLabs Limited -> SplitmediaLabs) Task: {2B6F9ECE-525C-48ED-B6D8-7F9B8E01B4D1} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [19786024 2016-08-24] (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.) Task: {339A8D80-E4AF-476D-BCD0-6CC1AD948A1D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24222880 2018-11-15] (Microsoft Corporation -> Microsoft Corporation) Task: {37E0674B-9C13-4A84-A218-71F8D7330C81} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [122008 2015-09-23] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) Task: {427AC9FC-DDF5-4DB0-B637-C7B81D39BAA6} - System32\Tasks\UMonitor Task => C:\WINDOWS\SysWOW64\UMonit64.exe [62016 2017-08-03] (Microsoft Windows Hardware Compatibility Publisher -> ) Task: {46F6A6A1-EA3E-49A4-ABDF-9F7DC2482508} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [728000 2017-10-11] (NVIDIA Corporation -> NVIDIA Corporation) Task: {4A123D6D-E19E-441C-BCD8-AB908F31DF21} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.17.3.50\WSCStub.exe [2225296 2019-06-20] (Symantec Corporation -> Symantec Corporation) Task: {4D9FBF95-45BA-4CE8-A1B0-A45D393E4240} - System32\Tasks\ASUS ROG Macro Key Listener => C:\Program Files (x86)\ASUS\ROG MacroKey\AsListen.exe [516000 2016-03-24] (ASUSTeK Computer Inc. -> ASUS) Task: {4EC29BD8-2823-4652-872A-2614A12EE8EE} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [909112 2016-07-27] (Intel(R) Trusted Connect Service -> Intel(R) Corporation) Task: {50C04686-FE40-4976-8CA5-B8A20E0B8DFC} - System32\Tasks\Norton Security with Backup\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.17.3.50\SymErr.exe [101392 2019-06-20] (Symantec Corporation -> Symantec Corporation) Task: {51AA5708-444E-4433-9E59-845FA6260DB5} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => rundll32.exe StartupCheckLibrary.dll,DllMainRunLibrary <==== ATTENTION Task: {547EA1C0-657C-4A6D-BA72-AC72A8D6BFA6} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => C:\Program Files (x86)\Intel\Thunderbolt Software\\Thunderbolt.exe [440544 2016-05-17] (Intel(R) Client Connectivity Division SW -> Intel Corporation) Task: {554A65E9-CEAA-44B3-8C9C-7FD8F6CF5BFE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-02-04] (Google Inc -> Google Inc.) Task: {5F818B96-0CA3-4B41-A403-D9597B6F6825} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe Task: {6E28355A-06EE-4F95-A375-A0301606A8F5} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2298256 2018-12-08] (Microsoft Corporation -> Microsoft Corporation) Task: {71A63D57-8ECF-4F97-A86E-C856A6CA2235} - System32\Tasks\ROG Gaming Center => C:\Program Files (x86)\ASUS\ROG Gaming Center\ROGGamingKey.exe [3855544 2016-11-24] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) Task: {71C8CAA2-4682-4B93-8D27-244C4706DC04} - System32\Tasks\SS2UILauncherRun => C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\SS2UILauncher.exe [1143312 2016-11-11] (A-Volute -> ) Task: {73C05A41-FFC9-432F-9514-826E30DF3FA5} - System32\Tasks\ASUSTek Computer Inc\ASUS GIFTBOX => C:\Program Files (x86)\ASUS\Giftbox\asusgiftbox.exe [1049608 2017-07-03] (ASUSTek Computer Inc. -> ASUSTek Computer Inc) Task: {77DF86BC-4AE9-49F4-AE40-0C5BCB620D50} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [655296 2017-10-11] (NVIDIA Corporation -> NVIDIA Corporation) Task: {7EC889D9-D831-4A5B-9921-BB56FE03BE79} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [728000 2017-10-11] (NVIDIA Corporation -> NVIDIA Corporation) Task: {7F4BAC96-BBA7-4A33-BB72-ED7AB5801442} - System32\Tasks\Norton Security with Backup\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.17.3.50\SymErr.exe [101392 2019-06-20] (Symantec Corporation -> Symantec Corporation) Task: {800DAD31-7813-4565-90FD-2B4CEC66AA9A} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [55808 2016-10-13] (ASUS) [File not signed] Task: {81D299C9-F5C8-486E-926A-B3689600D254} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => C:\Program Files (x86)\Intel\Thunderbolt Software\\tbtsvc.exe [1897184 2016-05-17] (Intel(R) Client Connectivity Division SW -> Intel Corporation) Task: {895A6FC2-87F1-4955-B3A7-FF1FE1DB6768} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [468616 2018-12-11] (Microsoft Corporation -> Microsoft Corporation) Task: {89862666-77ED-472E-B5FE-243E1A3D1ACC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [468616 2018-12-11] (Microsoft Corporation -> Microsoft Corporation) Task: {8B30E3F8-3A5A-4A28-A2A8-11C25475FF31} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [143160 2019-03-12] (ASUSTek Computer Inc. -> ASUSTek Computer Inc.) Task: {94F78AB9-59C2-4564-B9F4-7FA6684D60A0} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-3589471471-3968619273-1564904599-1001 => {201600D8-6EFF-48CE-B842-E14D37A0682D} C:\WINDOWS\System32\wpninprc.dll [22016 2018-04-12] (Microsoft Windows -> Microsoft Corporation) Task: {9A407403-2F30-4613-AEF5-2D6A3473727B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-02-04] (Google Inc -> Google Inc.) Task: {9EDFA1BF-4EBB-4069-BFB9-A8C839FDCB1F} - System32\Tasks\SS2Svc64Run => C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\x64\SS2Svc64.exe [259072 2016-11-11] () [File not signed] Task: {A087754D-9508-44DD-9499-1494BA5E928D} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [123200 2018-12-08] (Microsoft Corporation -> Microsoft Corporation) Task: {A0F57D1E-E66E-49AA-B582-58B4C2A3A052} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => sc.exe start ThunderboltService Task: {A5424974-8C2E-40BC-B2B3-5398212984EC} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe Task: {A9EBEFF5-91B7-42A1-9934-38C42B9A5DCE} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24222880 2018-11-15] (Microsoft Corporation -> Microsoft Corporation) Task: {AA4B18E6-C73D-4DA8-9B50-CD9D5322B38F} - System32\Tasks\Microsoft\Windows\WDI\SrvHost => rundll32.exe winscomrssrv.dll,SrvMainHost <==== ATTENTION Task: {B325E479-D54F-434F-9B87-641989D38F49} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => C:\Program Files (x86)\Intel\Thunderbolt Software\\Thunderbolt.exe [440544 2016-05-17] (Intel(R) Client Connectivity Division SW -> Intel Corporation) Task: {B649DCDA-C465-4A6F-8791-5F9437BC7333} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [468616 2018-12-11] (Microsoft Corporation -> Microsoft Corporation) Task: {C930195F-41E6-484F-BCA4-F8C67C97B8CE} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1473032 2016-10-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor) Task: {CB17402D-849B-488A-9FB2-54E15AC1849D} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [1579296 2016-11-09] (ASUSTeK Computer Inc. -> ASUSTek COMPUTER INC.) [File not signed] Task: {D20A59B4-8332-49C4-AB5C-A870144BA674} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2298256 2018-12-08] (Microsoft Corporation -> Microsoft Corporation) Task: {D39C2DF6-5E9C-47FD-983B-AB2FB8932CAE} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2225296 2019-06-20] (Symantec Corporation -> Symantec Corporation) Task: {D4C1438E-F72B-447D-BC74-BADF09DFCB63} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [123200 2018-12-08] (Microsoft Corporation -> Microsoft Corporation) Task: {E69966FF-247B-4B99-AA7F-D5ECEEC74821} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [960448 2017-10-11] (NVIDIA Corporation -> NVIDIA Corporation) Task: {ECA12F93-DC1C-4CF7-A256-13C17A955223} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-11] (NVIDIA Corporation -> NVIDIA Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 10.0.0.2 Tcpip\..\Interfaces\{7e847706-107c-470a-a7d9-0507dd0c47a0}: [DhcpNameServer] 10.0.0.2 Tcpip\..\Interfaces\{b8e1759a-637a-4d42-87ef-26abff9e6ece}: [DhcpNameServer] 10.0.0.2 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-3589471471-3968619273-1564904599-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10440__180225 HKU\S-1-5-21-3589471471-3968619273-1564904599-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus17win10.msn.com/?pc=ASTE SearchScopes: HKU\S-1-5-21-3589471471-3968619273-1564904599-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3589471471-3968619273-1564904599-1001 -> {993F5746-4C15-42BC-99C1-064A1764271B} URL = hxxps://securesearch.org?q={searchTerms} SearchScopes: HKU\S-1-5-21-3589471471-3968619273-1564904599-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://za.search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10440__180225__yaie&p={searchTerms} BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.17.3.50\coIEPlg.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation) BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2019-07-12] (McAfee, LLC -> McAfee, Inc.) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2018-12-08] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.17.3.50\coIEPlg.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-03-15] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2019-07-12] (McAfee, LLC -> McAfee, Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-03-15] (Oracle America, Inc. -> Oracle Corporation) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.17.3.50\coIEPlg.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.17.3.50\coIEPlg.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-12-08] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-12-08] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-12-08] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-12-08] (Microsoft Corporation -> Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-12-08] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-12-08] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-12-08] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-12-08] (Microsoft Corporation -> Microsoft Corporation) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File FireFox: ======== FF DefaultProfile: crw27yce.default FF ProfilePath: C:\Users\ming2\AppData\Roaming\Mozilla\Firefox\Profiles\crw27yce.default [2019-06-04] FF Homepage: Mozilla\Firefox\Profiles\crw27yce.default -> hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10440__180225 FF NewTab: Mozilla\Firefox\Profiles\crw27yce.default -> hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10440__180225 FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\ming2\AppData\Roaming\Mozilla\Firefox\Profiles\crw27yce.default\Extensions\sp@avast.com.xpi [2018-09-15] [UpdateUrl:hxxps://firefoxext.avcdn.net/firefoxext/avast/sp/update.json] FF Extension: (Avast Online Security) - C:\Users\ming2\AppData\Roaming\Mozilla\Firefox\Profiles\crw27yce.default\Extensions\wrc@avast.com.xpi [2018-07-20] FF Extension: (Google Reverse Image Search) - C:\Users\ming2\AppData\Roaming\Mozilla\Firefox\Profiles\crw27yce.default\Extensions\{95322c08-05ff-4f3c-85fd-8ceb821988dd}.xpi [2018-09-15] FF Extension: (Google Code Correction) - C:\Users\ming2\AppData\Roaming\Mozilla\Firefox\Profiles\crw27yce.default\features\{03601851-27e3-4939-9991-e20a31d73260}\google-code-correction@mozilla.org.xpi [2018-09-15] [Legacy] FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2019-07-12] FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-09-18] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2017-03-13] (CANON INC.) [File not signed] FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2011-10-18] (Google) [File not signed] FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-03-15] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-03-15] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2018-09-18] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-17] (Google Inc -> Google LLC) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-17] (Google Inc -> Google LLC) Chrome: ======= CHR Profile: C:\Users\ming2\AppData\Local\Google\Chrome\User Data\Default [2019-07-14] CHR Extension: (Slides) - C:\Users\ming2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-02-04] CHR Extension: (Docs) - C:\Users\ming2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-02-04] CHR Extension: (Google Drive) - C:\Users\ming2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-02-04] CHR Extension: (MEGA) - C:\Users\ming2\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2019-07-14] CHR Extension: (YouTube) - C:\Users\ming2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-02-04] CHR Extension: (Sheets) - C:\Users\ming2\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-02-04] CHR Extension: (McAfee® WebAdvisor) - C:\Users\ming2\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2019-05-09] CHR Extension: (Google Docs Offline) - C:\Users\ming2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-03] CHR Extension: (Avast Online Security) - C:\Users\ming2\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-07-03] CHR Extension: (Adaware Secure) - C:\Users\ming2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj [2019-04-06] CHR Extension: (Chrome Web Store Payments) - C:\Users\ming2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-07] CHR Extension: (Gmail) - C:\Users\ming2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-09] CHR Extension: (Chrome Media Router) - C:\Users\ming2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-07-03] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [nladljmabboanhihfkjacnnkgjhnokhj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [nladljmabboanhihfkjacnnkgjhnokhj] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AsHidService; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe [126648 2016-06-16] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) R2 ASUS Rog Macro Key; C:\Program Files (x86)\ASUS\ROG MacroKey\MacroSrv.exe [492344 2015-07-03] (ASUSTeK Computer Inc. -> ASUS) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9646240 2018-11-20] (Microsoft Corporation -> Microsoft Corporation) R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [190784 2018-08-23] (Huawei Technologies Co., Ltd. -> ) [File not signed] S3 iaStorAfsService; C:\WINDOWS\IAStorAfsService\iaStorAfsService.exe [2397816 2017-04-04] (Intel Corporation - pGFX -> Intel Corporation) R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [190208 2016-10-15] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation) R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [391744 2017-07-11] (Canon Inc. -> ) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-07-27] (Intel(R) Trusted Connect Service -> Intel(R) Corporation) R2 InterBaseGuardian; C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe [32768 2001-11-29] (Borland Software Corporation) [File not signed] R3 InterBaseServer; C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe [1769472 2001-11-29] (Borland Software Corporation) [File not signed] R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [177440 2016-10-06] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [899264 2019-07-12] (McAfee, LLC -> McAfee, Inc.) R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.7.371.0\\McCSPServiceHost.exe [2140888 2017-12-14] (McAfee, Inc. -> McAfee, Inc.) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-11-29] (Intel Corporation-Wireless Connectivity Solutions -> ) R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.17.3.50\NortonSecurity.exe [225608 2019-06-20] (Symantec Corporation -> Symantec Corporation) R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.17.3.50\nsWscSvc.exe [933200 2019-06-20] (Symantec Corporation -> Symantec Corporation) R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-11] (NVIDIA Corporation -> NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-11] (NVIDIA Corporation -> NVIDIA Corporation) R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1046456 2017-09-24] (McAfee, Inc. -> Intel Security, Inc.) R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-15] (CyberLink Corp. -> ) R3 ROGGamingCenterService; C:\Program Files (x86)\ASUS\ROG Gaming Center\ROGGamingCenterService.exe [42680 2016-11-25] (ASUSTeK Computer Inc. -> ASUSTeK COMPUTER INC.) S3 ThunderboltService; C:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [1897184 2016-05-17] (Intel(R) Client Connectivity Division SW -> Intel Corporation) R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [28760 2019-06-04] (LAVASOFT SOFTWARE CANADA INC -> ) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe [3880120 2018-12-11] (Microsoft Corporation -> Microsoft Corporation) R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe [18232 2016-11-10] (Intel(R) Extreme Tuning Utility -> Intel(R) Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-11-29] (Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) S3 aswbIDSAgent; "C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe" [X] S2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [X] S3 AvastWscReporter; "C:\Program Files\AVAST Software\Avast\wsc_proxy.exe" /runassvc [X] S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [X] R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 AiCharger; C:\WINDOWS\system32\DRIVERS\AiCharger.sys [29312 2016-08-24] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek Computer Inc.) R3 AsusPTPDrv; C:\WINDOWS\System32\drivers\AsusPTPFilter.sys [107008 2016-09-01] (ASUSTeK Computer Inc. -> ASUS Corporation) S3 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [201240 2018-12-03] (AVAST Software s.r.o. -> AVAST Software) S3 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [230344 2018-12-03] (AVAST Software s.r.o. -> AVAST Software) S3 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [201768 2018-12-03] (AVAST Software s.r.o. -> AVAST Software) S3 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [346592 2018-12-03] (AVAST Software s.r.o. -> AVAST Software) S3 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [59496 2018-12-03] (AVAST Software s.r.o. -> AVAST Software) R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15360 2018-07-20] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software) R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [239840 2018-12-03] (AVAST Software s.r.o. -> AVAST Software) S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46384 2018-12-03] (AVAST Software s.r.o. -> AVAST Software) R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42288 2018-12-03] (AVAST Software s.r.o. -> AVAST Software) R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [163208 2018-12-03] (AVAST Software s.r.o. -> AVAST Software) S3 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111800 2018-12-03] (AVAST Software s.r.o. -> AVAST Software) R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [87432 2018-12-03] (AVAST Software s.r.o. -> AVAST Software) S3 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1028680 2018-12-03] (AVAST Software s.r.o. -> AVAST Software) R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [469272 2018-12-03] (AVAST Software s.r.o. -> AVAST Software) S3 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [208472 2018-12-03] (AVAST Software s.r.o. -> AVAST Software) S3 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [380464 2018-12-03] (AVAST Software s.r.o. -> AVAST Software) R1 ATKWMIACPIIO; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [20096 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek Computer Inc.) R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.17.1.50\Definitions\BASHDefs\20190709.001\BHDrvx64.sys [1935880 2019-06-25] (Symantec Corporation -> Symantec Corporation) R1 ccSet_NGC; C:\WINDOWS\System32\drivers\NGCx64\1611030.032\ccSetx64.sys [192704 2019-06-20] (Symantec Corporation -> Symantec Corporation) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [515592 2019-06-15] (Symantec Corporation -> Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153096 2019-06-16] (Symantec Corporation -> Symantec Corporation) S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18944 2017-07-26] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.) S3 GeneStor; C:\WINDOWS\system32\DRIVERS\GeneStor.sys [130920 2017-08-03] (Genesys Logic, Inc. -> GenesysLogic) R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsRadioControl.sys [31120 2016-12-19] (ASUSTeK Computer Inc. -> ASUS) U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2018-08-23] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.) S3 iaStorAfs; C:\WINDOWS\System32\drivers\iaStorAfs.sys [69632 2017-03-28] (Intel(R) Rapid Storage Technology -> Intel Corporation) R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [732416 2016-10-15] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation) R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.17.1.50\Definitions\IPSDefs\20190712.061\IDSvia64.sys [1441800 2019-07-02] (Symantec Corporation -> Symantec Corporation) R2 iocbios2; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [37064 2016-08-25] (Intel Corporation -> Intel Corporation) R1 netfilter2; C:\WINDOWS\System32\drivers\netfilter2.sys [79504 2016-09-18] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7689728 2018-04-12] (Microsoft Windows -> Intel Corporation) R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvam.inf_amd64_45d4f41b93b9677a\nvlddmkm.sys [14461344 2017-06-14] (NVIDIA Corporation -> NVIDIA Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-10-11] (NVIDIA Corporation -> NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50624 2017-10-11] (NVIDIA Corporation -> NVIDIA Corporation) R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-10-11] (NVIDIA Corporation -> NVIDIA Corporation) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2016-08-01] (Realtek Semiconductor Corp. -> Realtek ) R1 SRTSP; C:\WINDOWS\System32\drivers\NGCx64\1611030.032\SRTSP64.SYS [864776 2019-06-20] (Symantec Corporation -> Symantec Corporation) R1 SRTSPX; C:\WINDOWS\System32\drivers\NGCx64\1611030.032\SRTSPX64.SYS [49672 2019-06-20] (Symantec Corporation -> Symantec Corporation) S3 sshid; C:\WINDOWS\System32\drivers\sshid.sys [45936 2017-08-15] (SteelSeries ApS -> SteelSeries ApS) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\1611030.032\SYMEFASI64.SYS [1998552 2019-06-20] (Symantec Corporation -> Symantec Corporation) S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\1611030.032\SymELAM.sys [25744 2019-06-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Symantec Corporation) R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [99848 2019-06-16] (Symantec Corporation -> Symantec Corporation) S4 SymEvnt; C:\Program Files\Norton Security\NortonData\22.17.1.50\SymPlatform\SymEvnt.sys [712200 2019-06-26] (Symantec Corporation -> Symantec Corporation) R1 SymIRON; C:\WINDOWS\System32\drivers\NGCx64\1611030.032\Ironx64.SYS [315912 2019-06-20] (Symantec Corporation -> Symantec Corporation) R1 SymNetS; C:\WINDOWS\System32\drivers\NGCx64\1611030.032\symnets.sys [573448 2019-06-20] (Symantec Corporation -> Symantec Corporation) R3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [213216 2018-11-08] (Oracle Corporation -> Oracle Corporation) R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [223000 2018-11-08] (Oracle Corporation -> Oracle Corporation) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46680 2018-12-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [330936 2018-12-11] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62136 2018-12-11] (Microsoft Windows -> Microsoft Corporation) S3 wpCtrlDrv_NGC; C:\WINDOWS\System32\drivers\NGCx64\1611030.032\wpCtrlDrv.sys [1012120 2019-06-20] (Symantec Corporation -> Symantec Corporation) R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [54352 2016-08-18] (Intel Corporation -> Intel Corporation) U3 aswbdisk; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2099-09-08 08:07 - 2018-04-12 01:34 - 000098304 _____ (Microsoft Corporation) C:\Utilman.exe 2099-09-07 22:33 - 2117-09-07 23:42 - 000000000 ___DC C:\Users\Administrator\AppData\Local\CrashDumps 2099-09-07 22:33 - 2117-09-07 22:33 - 000000000 ___DC C:\Users\Administrator\AppData\Local\DBG 2099-09-07 22:29 - 2117-09-07 22:29 - 000000000 ___DC C:\Users\Administrator\AppData\Local\Comms 2099-09-07 22:17 - 2117-09-07 22:17 - 000000000 ___DC C:\Users\Administrator\AppData\Roaming\Sun 2099-09-07 22:17 - 2117-09-07 22:17 - 000000000 ___DC C:\Users\Administrator\AppData\LocalLow\Sun 2099-09-07 22:15 - 2117-09-07 23:41 - 000000182 ____C C:\Users\Administrator\AppData\Roaming\sp_data.sys 2099-09-07 22:14 - 2117-09-07 22:14 - 000000000 ___HD C:\Users\Administrator\MicrosoftEdgeBackups 2099-09-07 22:13 - 2117-09-07 22:13 - 000003306 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2 2099-09-07 22:13 - 2117-09-07 22:13 - 000000000 ___RD C:\Users\Administrator\OneDrive 2099-09-07 22:12 - 2117-09-07 22:30 - 000000000 ___DC C:\Users\Administrator\AppData\Local\Packages 2099-09-07 22:12 - 2117-09-07 22:14 - 000000000 ___DC C:\Users\Administrator\AppData\Local\NVIDIA Corporation 2099-09-07 22:12 - 2117-09-07 22:14 - 000000000 ____D C:\Users\Administrator 2099-09-07 22:12 - 2117-09-07 22:13 - 000002389 ____C C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2099-09-07 22:12 - 2117-09-07 22:12 - 000001417 ____C C:\Users\Administrator\Desktop\Microsoft Edge.lnk 2099-09-07 22:12 - 2117-09-07 22:12 - 000000020 ___SH C:\Users\Administrator\ntuser.ini 2099-09-07 22:12 - 2117-09-07 22:12 - 000000000 ___RD C:\Users\Administrator\3D Objects 2099-09-07 22:12 - 2117-09-07 22:12 - 000000000 ___DC C:\Users\Administrator\AppData\Roaming\Intel 2099-09-07 22:12 - 2117-09-07 22:12 - 000000000 ___DC C:\Users\Administrator\AppData\Roaming\Canon 2099-09-07 22:12 - 2117-09-07 22:12 - 000000000 ___DC C:\Users\Administrator\AppData\Roaming\Adobe 2099-09-07 22:12 - 2117-09-07 22:12 - 000000000 ___DC C:\Users\Administrator\AppData\Local\SS22.0.34 2099-09-07 22:12 - 2117-09-07 22:12 - 000000000 ___DC C:\Users\Administrator\AppData\Local\Publishers 2099-09-07 22:12 - 2117-09-07 22:12 - 000000000 ___DC C:\Users\Administrator\AppData\Local\NVIDIA 2099-09-07 22:12 - 2117-09-07 22:12 - 000000000 ___DC C:\Users\Administrator\AppData\Local\MicrosoftEdge 2099-09-07 22:12 - 2117-09-07 22:12 - 000000000 ___DC C:\Users\Administrator\AppData\Local\Google 2099-09-07 22:12 - 2117-09-07 22:12 - 000000000 ___DC C:\Users\Administrator\AppData\Local\Crashpad 2099-09-07 22:12 - 2117-09-07 22:12 - 000000000 ___DC C:\Users\Administrator\AppData\Local\ConnectedDevicesPlatform 2099-09-07 22:12 - 2117-09-07 22:12 - 000000000 ___DC C:\Users\Administrator\AppData\Local\ASUS GIFTBOX 2099-09-07 22:12 - 2117-09-07 22:12 - 000000000 ___DC C:\Users\Administrator\AppData\Local\ASUS 2019-07-14 21:02 - 2019-07-14 21:03 - 000051235 _____ C:\Users\ming2\Downloads\FRST.txt 2019-07-14 21:02 - 2019-07-14 21:02 - 000000000 ____D C:\FRST 2019-07-14 21:00 - 2019-07-14 21:01 - 002095104 _____ (Farbar) C:\Users\ming2\Downloads\FRST64.exe 2019-07-14 20:45 - 2019-07-14 20:45 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation 2019-07-14 17:52 - 2019-07-14 19:25 - 000000000 ___HD C:\$WINDOWS.~BT 2019-07-12 21:29 - 2019-07-14 17:50 - 000000000 ___HD C:\$GetCurrent 2019-07-12 21:28 - 2019-07-14 18:01 - 000000000 ____D C:\Windows10Upgrade 2019-07-12 21:19 - 2019-07-12 21:19 - 000000000 ___DC C:\Users\ming2\AppData\Local\PackageStaging 2019-07-07 19:16 - 2019-07-14 19:57 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton Security with Backup 2019-07-07 19:11 - 2019-07-07 19:11 - 000003376 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration 2019-07-07 19:11 - 2019-07-07 19:11 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security 2019-07-03 16:20 - 2019-07-07 21:05 - 000000000 ____D C:\Program Files\Common Files\AV 2019-07-03 14:34 - 2019-07-04 00:45 - 000000000 ___HD C:\$SysReset 2019-06-16 18:23 - 2019-07-07 19:11 - 000002410 _____ C:\Users\Public\Desktop\Norton Security.lnk 2019-06-16 18:23 - 2019-06-16 18:23 - 000099848 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS 2019-06-16 18:23 - 2019-06-16 18:23 - 000008616 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT 2019-06-16 18:23 - 2019-06-16 18:23 - 000000000 ____D C:\Program Files\Common Files\Symantec Shared 2019-06-16 18:22 - 2019-07-07 19:11 - 000000000 ____D C:\WINDOWS\system32\Drivers\NGCx64 2019-06-16 18:22 - 2019-06-16 18:23 - 000000000 ____D C:\Program Files\Norton Security 2019-06-16 18:22 - 2019-06-16 18:22 - 000000000 ____D C:\ProgramData\NortonInstaller 2019-06-16 18:22 - 2019-06-16 18:22 - 000000000 ____D C:\Program Files (x86)\NortonInstaller 2019-06-16 18:20 - 2019-06-16 18:28 - 000000000 ____D C:\ProgramData\Norton 2019-06-16 18:20 - 2019-06-16 18:20 - 000000000 ____D C:\Users\Public\Downloads\Norton 2019-06-15 18:24 - 2019-06-15 18:24 - 000000000 ____D C:\ProgramData\TSR7Settings 2019-06-15 18:06 - 2019-06-15 18:06 - 000065706 _____ C:\WINDOWS\system32\%diagtrack_action_output%dxdiag.txt 2019-06-15 18:06 - 2019-06-15 18:06 - 000000000 ____D C:\Users\ming2\OneDrive\Documents\FeedbackHub 2019-06-15 18:01 - 2019-07-14 20:43 - 000000000 ___DC C:\Users\ming2\AppData\Local\PlaceholderTileLogoFolder ==================== One month (modified) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2099-09-07 22:30 - 2018-07-05 20:28 - 000000000 ____D C:\ProgramData\Packages 2099-09-07 22:12 - 2017-09-08 20:36 - 000000000 __RHD C:\Users\Public\AccountPictures 2019-07-14 20:11 - 2018-04-12 01:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2019-07-14 20:07 - 2018-04-12 01:30 - 000000000 ____D C:\WINDOWS\CbsTemp 2019-07-14 20:00 - 2018-09-29 11:25 - 000761100 _____ C:\WINDOWS\system32\prfh0416.dat 2019-07-14 20:00 - 2018-09-29 11:25 - 000148248 _____ C:\WINDOWS\system32\prfc0416.dat 2019-07-14 20:00 - 2018-09-29 11:23 - 000775498 _____ C:\WINDOWS\system32\prfh0816.dat 2019-07-14 20:00 - 2018-09-29 11:23 - 000151752 _____ C:\WINDOWS\system32\prfc0816.dat 2019-07-14 20:00 - 2018-09-29 11:21 - 000789246 _____ C:\WINDOWS\system32\perfh00C.dat 2019-07-14 20:00 - 2018-09-29 11:21 - 000149092 _____ C:\WINDOWS\system32\perfc00C.dat 2019-07-14 20:00 - 2018-09-29 11:17 - 000785584 _____ C:\WINDOWS\system32\perfh00A.dat 2019-07-14 20:00 - 2018-09-29 11:17 - 000154772 _____ C:\WINDOWS\system32\perfc00A.dat 2019-07-14 20:00 - 2018-09-29 11:15 - 000703544 _____ C:\WINDOWS\system32\perfh01F.dat 2019-07-14 20:00 - 2018-09-29 11:15 - 000143920 _____ C:\WINDOWS\system32\perfc01F.dat 2019-07-14 20:00 - 2018-09-29 01:41 - 005349780 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2019-07-14 20:00 - 2018-04-12 01:36 - 000000000 ____D C:\WINDOWS\INF 2019-07-14 19:55 - 2018-02-04 16:26 - 000000182 ____C C:\Users\ming2\AppData\Roaming\sp_data.sys 2019-07-14 19:54 - 2019-02-18 00:52 - 000000000 ___HD C:\OneDriveTemp 2019-07-14 19:54 - 2018-02-04 16:25 - 000000000 ___RD C:\Users\ming2\OneDrive 2019-07-14 19:52 - 2018-09-29 01:39 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2019-07-14 19:52 - 2017-09-08 20:42 - 000000000 ____D C:\ProgramData\NVIDIA 2019-07-14 19:51 - 2018-04-11 23:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2019-07-14 19:33 - 2018-10-30 21:50 - 000000000 ____D C:\ivory 2019-07-14 19:30 - 2018-12-09 21:11 - 000000000 ___DC C:\Users\ming2\AppData\Roaming\uTorrent 2019-07-14 19:30 - 2018-02-25 22:47 - 000000000 ___DC C:\Users\ming2\AppData\Local\CrashDumps 2019-07-14 19:22 - 2018-09-29 01:33 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2019-07-14 19:02 - 2019-03-07 00:22 - 000000000 ____D C:\WINDOWS\Panther 2019-07-14 19:02 - 2018-09-29 01:39 - 000001908 _____ C:\WINDOWS\diagwrn.xml 2019-07-14 19:02 - 2018-09-29 01:39 - 000001908 _____ C:\WINDOWS\diagerr.xml 2019-07-14 18:01 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\Registration 2019-07-14 17:55 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\AppReadiness 2019-07-14 17:52 - 2018-03-11 16:54 - 000000036 _____ C:\WINDOWS\progress.ini 2019-07-14 17:50 - 2018-03-09 23:52 - 000000733 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Update Assistant.lnk 2019-07-12 23:23 - 2018-04-11 23:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM 2019-07-12 21:19 - 2018-02-04 16:23 - 000000000 ___DC C:\Users\ming2\AppData\Local\Packages 2019-07-12 21:18 - 2018-10-30 22:05 - 000000000 ___DC C:\Users\ming2\AppData\Local\ElevatedDiagnostics 2019-07-12 21:00 - 2018-09-29 01:39 - 000004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6C8E1341-1372-4261-A633-F6C028A0E18A} 2019-07-12 20:59 - 2018-09-29 01:39 - 000003380 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3589471471-3968619273-1564904599-1001 2019-07-12 20:59 - 2018-09-29 01:34 - 000002369 ____C C:\Users\ming2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2019-07-07 21:01 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\NDF 2019-07-07 19:24 - 2018-04-12 01:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2019-07-03 14:39 - 2018-03-16 16:00 - 000000000 ____D C:\ProgramData\CanonIJPLM 2019-07-03 14:32 - 2018-02-04 20:18 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2019-07-03 14:32 - 2018-02-04 20:18 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2019-06-16 23:46 - 2018-04-12 01:38 - 000000000 ___RD C:\Program Files\Windows Defender 2019-06-16 17:52 - 2019-02-26 18:39 - 000000000 ___DC C:\Users\ming2\AppData\Local\BitTorrentHelper ==================== Files in the root of some directories ================ 2019-02-19 21:50 - 2019-02-19 21:50 - 000000033 __RSH () C:\Program Files\8f82c851.log 2019-02-19 21:50 - 2019-02-19 21:50 - 000000033 __RSH () C:\Program Files (x86)\8f82c851.log 2018-02-04 16:26 - 2019-07-14 19:55 - 000000182 ____C () C:\Users\ming2\AppData\Roaming\sp_data.sys 2018-02-08 07:07 - 2018-02-26 15:55 - 001065984 ____C () C:\Users\ming2\AppData\Local\file__0.localstorage ==================== SigCheck =============================== (There is no automatic fix for files that do not pass verification.) ATTENTION: ==> Could not access BCD. -> ==================== End of FRST.txt ============================