Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-07-2019 Ran by Winson (administrator) on LAPTOP-A0CN7GOR (ASUSTeK COMPUTER INC. GL503VD) (01-08-2019 23:10:37) Running from C:\Users\Winson\Documents\FSRT Loaded Profiles: Winson & SQLTELEMETRY & DefaultAppPool (Available Profiles: Winson & SQLTELEMETRY & MSSQLSERVER & DefaultAppPool) Platform: Windows 10 Home Single Language Version 1809 17763.503 (X64) Language: English (United States) Default browser: "C:\Users\Winson\AppData\Local\Chromium\Application\chrome.exe" -- "%1" Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS GiftBox Service\GiftBoxService.exe (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTeK COMPUTER INC.) [File not signed] C:\Program Files (x86)\ASUSTek COMPUTER INC\ROG Gaming Center\ROGGamingCenterService.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel(R) Extreme Tuning Utility -> Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_c9081e50bcffa972\igfxCUIService.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_c9081e50bcffa972\igfxEM.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_c9081e50bcffa972\IntelCpHDCPSvc.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_c9081e50bcffa972\IntelCpHeciSvc.exe (Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\Binn\sqlceip.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (Monotype Imaging Inc. -> Monotype Imaging Inc.) C:\Program Files\Monotype\SkyFonts\Monotype.SkyFonts.Service.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe (Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectMonitor.exe (Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectUI.exe (TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (The Chromium Authors) [File not signed] C:\Users\Winson\AppData\Local\Chromium\Application\chrome.exe (The Chromium Authors) [File not signed] C:\Users\Winson\AppData\Local\Chromium\Application\chrome.exe (The Chromium Authors) [File not signed] C:\Users\Winson\AppData\Local\Chromium\Application\chrome.exe (The Chromium Authors) [File not signed] C:\Users\Winson\AppData\Local\Chromium\Application\chrome.exe (The Chromium Authors) [File not signed] C:\Users\Winson\AppData\Local\Chromium\Application\chrome.exe (The Chromium Authors) [File not signed] C:\Users\Winson\AppData\Local\Chromium\Application\chrome.exe (The Chromium Authors) [File not signed] C:\Users\Winson\AppData\Local\Chromium\Application\chrome.exe (The Chromium Authors) [File not signed] C:\Users\Winson\AppData\Local\Chromium\Application\chrome.exe (The Chromium Authors) [File not signed] C:\Users\Winson\AppData\Local\Chromium\Application\chrome.exe (The Chromium Authors) [File not signed] C:\Users\Winson\AppData\Local\Chromium\Application\chrome.exe (The Chromium Authors) [File not signed] C:\Users\Winson\AppData\Local\Chromium\Application\chrome.exe (The Chromium Authors) [File not signed] C:\Users\Winson\AppData\Local\Chromium\Application\chrome.exe (The Chromium Authors) [File not signed] C:\Users\Winson\AppData\Local\Chromium\Application\chrome.exe (The Chromium Authors) [File not signed] C:\Users\Winson\AppData\Local\Chromium\Application\chrome.exe (The Chromium Authors) [File not signed] C:\Users\Winson\AppData\Local\Chromium\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1923008 2017-09-19] (NVIDIA Corporation -> NVIDIA Corporation) HKLM\...\Run: [Sonic Studio 3] => C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\SS3svc32.exe [1233920 2017-11-15] (ASUSTeK COMPUTER INC.) [File not signed] HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [261512 2019-07-17] (AVAST Software s.r.o. -> AVAST Software) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-2804506713-796569667-501129852-1001\...\Run: [GoogleChromeAutoLaunch_CD4000C31A87C4AB51AF348EE25F0D6B] => C:\Users\Winson\AppData\Local\Chromium\Application\chrome.exe [1527808 2018-09-18] (The Chromium Authors) [File not signed] HKU\S-1-5-21-2804506713-796569667-501129852-1001\...\Policies\Explorer: [NoSecurityTab] 1 HKU\S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2018-09-15] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2018-09-15] (Microsoft Windows -> Microsoft Corporation) HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\system32\bdmjpeg64.dll [75248 2017-01-26] (Bandicam Company -> ) HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\system32\bdmpegv64.dll [75272 2017-01-26] (Bandicam Company -> ) HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\system32\bdmpega64.acm [75784 2017-01-26] (Bandicam Company -> ) HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\SysWOW64\bdmjpeg.dll [71152 2017-01-26] (Bandicam Company -> ) HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\SysWOW64\bdmpegv.dll [71176 2017-01-26] (Bandicam Company -> ) HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\SysWOW64\bdmpega.acm [71176 2017-01-26] (Bandicam Company -> ) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.142\Installer\chrmstp.exe [2019-07-17] (Google LLC -> Google LLC) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast Cleanup Premium.lnk [2019-07-17] ShortcutTarget: Avast Cleanup Premium.lnk -> C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe (AVAST Software s.r.o. -> AVAST Software) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GameFirstIVstart.lnk [2018-07-16] ShortcutTarget: GameFirstIVstart.lnk -> C:\Program Files (x86)\ASUS\GameFirst IV\startGameFirstIV.bat () [File not signed] CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {3C59A376-99EE-4F3A-9968-713C9866D7C3} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [113616 2019-07-14] (Microsoft Corporation -> Microsoft Corporation) Task: {3EC64BBD-734F-4EE0-A19F-E542CC7F8452} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2038320 2019-07-17] (AVAST Software s.r.o. -> AVAST Software) Task: {46C98367-C989-4012-8608-BB92CF350869} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 15.0.26323.1 => D:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\Common7\IDE\VSIXAutoUpdate.exe [179320 2018-08-31] (Microsoft Corporation -> Microsoft Corporation) Task: {6A453A82-BCDC-449A-8ACD-C7CAD7A601DD} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3940232 2019-08-01] (AVAST Software s.r.o. -> AVAST Software) Task: {6FB1A672-722C-44D6-AD0F-2E7F0B97AEF1} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26804232 2019-06-26] (Microsoft Corporation -> Microsoft Corporation) Task: {71940D5A-37C6-47FF-93ED-63FCBDAEC2D3} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [113616 2019-07-14] (Microsoft Corporation -> Microsoft Corporation) Task: {826D7383-1261-4B53-B4A8-1F768210CAC6} - System32\Tasks\SS3svc64Run => C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\x64\SS3svc64.exe [811520 2017-11-15] (ASUSTeK COMPUTER INC.) [File not signed] Task: {9AB5CC6B-766F-4163-885A-BF0D0A147D6D} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1448512 2019-07-14] (Microsoft Corporation -> Microsoft Corporation) Task: {9ADF4456-0DBA-496C-8F41-EE1991487D1E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4544064 2019-07-02] (Microsoft Corporation -> Microsoft Corporation) Task: {9BCAB8FA-ECD1-40BE-8E63-6CE6F1E0223C} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [816960 2017-09-21] (Intel(R) Trust Services -> Intel(R) Corporation) Task: {A4D6CC94-DFC2-47EC-9B99-65E8E90BD1E1} - System32\Tasks\SS3svc32Run => C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\SS3svc32.exe [1233920 2017-11-15] (ASUSTeK COMPUTER INC.) [File not signed] Task: {C2672ACC-9163-4E11-987F-05DB5253D507} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4544064 2019-07-02] (Microsoft Corporation -> Microsoft Corporation) Task: {CEF949A7-C7DC-451F-8B41-0A6882C34D3D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26804232 2019-06-26] (Microsoft Corporation -> Microsoft Corporation) Task: {EDF6097A-44C8-47D0-8CDA-AFF39E0A59EB} - System32\Tasks\Avast Cleanup Update => C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe [1659000 2019-08-01] (AVAST Software s.r.o. -> AVAST Software) Task: {FAB428A3-1FED-4583-B605-E70A386FBE43} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1448512 2019-07-14] (Microsoft Corporation -> Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\..\Interfaces\{35ce3b9b-4f22-435e-b3d5-ba2372cd10b5}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{46da4a2b-0c57-437f-9856-d877d513c0e0}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{94248808-2af2-4dd8-a74b-6cda7b3e75ef}: [DhcpNameServer] 8.8.8.8 8.8.4.4 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131792477834330418&GUID=0E7B2988-E14A-4590-9E0A-CF93EAE31AB2 HKU\S-1-5-21-2804506713-796569667-501129852-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10057_292_190717 HKU\S-1-5-21-2804506713-796569667-501129852-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus17win10.msn.com/?pc=ASTE SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKU\S-1-5-21-2804506713-796569667-501129852-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKU\S-1-5-21-2804506713-796569667-501129852-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKU\S-1-5-21-2804506713-796569667-501129852-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-07-02] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2019-04-06] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-07-14] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-07-14] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-07-14] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-07-14] (Microsoft Corporation -> Microsoft Corporation) Handler: WSKVAllmytubechrome - {91AB862D-07B8-4A85 - No File FireFox: ======== FF DefaultProfile: vwtqtef6.default FF ProfilePath: C:\Users\Winson\AppData\Roaming\Mozilla\Firefox\Profiles\vwtqtef6.default [2019-07-17] FF Homepage: Mozilla\Firefox\Profiles\vwtqtef6.default -> hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10057_292_190717 FF NewTab: Mozilla\Firefox\Profiles\vwtqtef6.default -> hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10057_292_190717 FF Extension: (Avast SafePrice) - C:\Users\Winson\AppData\Roaming\Mozilla\Firefox\Profiles\vwtqtef6.default\Extensions\sp@avast.com.xpi [2019-07-17] [UpdateUrl:hxxps://firefoxext.avcdn.net/firefoxext/avast/sp/update.json] FF Extension: (Avast Online Security) - C:\Users\Winson\AppData\Roaming\Mozilla\Firefox\Profiles\vwtqtef6.default\Extensions\wrc@avast.com.xpi [2019-07-17] FF Extension: (Adblock Plus) - C:\Users\Winson\AppData\Roaming\Mozilla\Firefox\Profiles\vwtqtef6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-07-25] FF Extension: (No Name) - C:\Program Files\Mozilla Firefox\browser\features\{E55C9A17-39B3-4F0A-9546-2E85FE620BE8}.xpi [2019-07-17] [not signed] FF HKU\S-1-5-21-2804506713-796569667-501129852-1001\...\Firefox\Extensions: [dict@www.youdao.com] - C:\Users\Winson\AppData\Local\Youdao\Dict\Application\stable\extensions\firefox FF Extension: (Youdao Word Capturer) - C:\Users\Winson\AppData\Local\Youdao\Dict\Application\stable\extensions\firefox [2018-05-15] [Legacy] [not signed] FF HKU\S-1-5-21-2804506713-796569667-501129852-1001\...\Firefox\Extensions: [capturetext@dict.cn] - C:\Program Files (x86)\dict.cn\Dict4\CaptureText2.0\firefox FF Extension: (Haici dictionary capture text) - C:\Program Files (x86)\dict.cn\Dict4\CaptureText2.0\firefox [2019-05-23] [Legacy] [not signed] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_31_0_0_108.dll [2018-09-15] (Adobe Systems Incorporated -> ) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2019-05-19] (Adobe Inc. -> Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_108.dll [2018-09-15] (Adobe Systems Incorporated -> ) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-04-06] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-04-06] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-09-06] (NVIDIA Corporation -> NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-09-06] (NVIDIA Corporation -> NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2019-05-19] (Adobe Inc. -> Adobe Systems) Chrome: ======= CHR Profile: C:\Users\Winson\AppData\Local\Google\Chrome\User Data\Default [2019-07-17] CHR Extension: (Slides) - C:\Users\Winson\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-03-18] CHR Extension: (Magic Actions for YouTube™) - C:\Users\Winson\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2019-07-17] CHR Extension: (Docs) - C:\Users\Winson\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-03-18] CHR Extension: (Google Drive) - C:\Users\Winson\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-03-18] CHR Extension: (YouTube) - C:\Users\Winson\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-03-18] CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Winson\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-05-03] CHR Extension: (Session Buddy) - C:\Users\Winson\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2019-04-15] CHR Extension: (Tabs Outliner) - C:\Users\Winson\AppData\Local\Google\Chrome\User Data\Default\Extensions\eggkanocgddhmamlbiijnphhppkpkmkl [2019-04-15] CHR Extension: (Sheets) - C:\Users\Winson\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-03-18] CHR Extension: (Avast Online Security) - C:\Users\Winson\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-06-28] CHR Extension: (Chrome Web Store Payments) - C:\Users\Winson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-14] CHR Extension: (Gmail) - C:\Users\Winson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-03] CHR Extension: (Chrome Media Router) - C:\Users\Winson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm CHR HKU\S-1-5-21-2804506713-796569667-501129852-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [pdamflejgcfdmdabfkenohjgkiebolka] - C:\Program Files (x86)\dict.cn\Dict4\CaptureText2.0\CaptureText.crx [2019-05-23] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [816184 2019-05-19] (Adobe Inc. -> Adobe Inc.) R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3117648 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2888272 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated) R2 AsHidService; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe [127864 2017-07-29] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [7834368 2019-07-17] (AVAST Software s.r.o. -> AVAST Software) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [357816 2019-07-17] (AVAST Software s.r.o. -> AVAST Software) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [367728 2019-07-17] (AVAST Software s.r.o. -> AVAST Software) S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-07-17] (AVAST Software s.r.o. -> AVAST Software) R2 CleanupPSvc; C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe [10287216 2019-08-01] (AVAST Software s.r.o. -> AVAST Software) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11413600 2019-06-26] (Microsoft Corporation -> Microsoft Corporation) S3 DevActSvc; C:\Program Files (x86)\ASUS\ASUS Device Activation\DevActSvc.exe [326032 2018-06-05] (ASUSTeK Computer Inc. -> ) R2 GiftBox.Service; C:\Program Files (x86)\ASUS\ASUS GiftBox Service\GiftBoxService.exe [273880 2017-10-04] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) S3 iaStorAfsService; C:\WINDOWS\IAStorAfsService\iaStorAfsService.exe [2413720 2017-06-10] (Intel(R) Rapid Storage Technology -> Intel Corporation) R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [515768 2017-04-14] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation) S4 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [742704 2017-09-21] (Intel(R) Trust Services -> Intel(R) Corporation) S4 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [668472 2017-09-21] (Intel(R) Trust Services -> Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [197264 2017-09-26] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) S2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [485048 2017-08-22] (Microsoft Corporation -> Microsoft Corporation) S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268968 2017-11-13] (Intel(R) Wireless Connectivity Solutions -> ) R2 ROGGamingCenterService; C:\Program Files (x86)\ASUSTeK COMPUTER INC\ROG Gaming Center\ROGGamingCenterService.exe [31744 2017-09-12] (ASUSTeK COMPUTER INC.) [File not signed] R2 SkyFontsService; C:\Program Files\Monotype\SkyFonts\Monotype.SkyFonts.Service.exe [73736 2019-02-15] (Monotype Imaging Inc. -> Monotype Imaging Inc.) S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [578744 2017-08-22] (Microsoft Corporation -> Microsoft Corporation) R2 SQLTELEMETRY; C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\Binn\sqlceip.exe [246968 2017-08-22] (Microsoft Corporation -> Microsoft Corporation) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11293936 2018-04-03] (TeamViewer GmbH -> TeamViewer GmbH) S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [128232 2017-02-08] (Microsoft Corporation -> Microsoft Corporation) S3 wampapache64; c:\wamp64\bin\apache\apache2.4.35\bin\httpd.exe [29696 2018-09-19] (Apache Software Foundation) [File not signed] S3 wampmariadb64; c:\wamp64\bin\mariadb\mariadb10.3.9\bin\mysqld.exe [15788968 2018-08-14] (MariaDB Corporation Ab -> ) S3 wampmysqld64; c:\wamp64\bin\mysql\mysql5.7.23\bin\mysqld.exe [39626752 2018-06-08] () [File not signed] S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\NisSrv.exe [4098064 2019-02-23] (Microsoft Corporation -> Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MsMpEng.exe [113992 2019-02-23] (Microsoft Corporation -> Microsoft Corporation) R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe [18264 2017-05-12] (Intel(R) Extreme Tuning Utility -> Intel(R) Corporation) S4 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3758760 2017-11-13] (Intel(R) Wireless Connectivity Solutions -> Intel® Corporation) S3 NvContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -a -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000 S3 NvContainerNetworkService; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerNetworkService -f "C:\ProgramData\NVIDIA\NvContainerNetworkService.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService" -r -p 30000 R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugin" ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AiCharger; C:\WINDOWS\system32\DRIVERS\AiCharger.sys [29312 2016-11-15] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek Computer Inc.) R3 AsusPTPDrv; C:\WINDOWS\System32\drivers\AsusPTPFilter.sys [100752 2017-08-16] (ASUSTeK Computer Inc. -> ASUSTek COMPUTER INC.) R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [209256 2019-08-01] (AVAST Software s.r.o. -> AVAST Software) R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [263224 2019-08-01] (AVAST Software s.r.o. -> AVAST Software) R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [206056 2019-08-01] (AVAST Software s.r.o. -> AVAST Software) R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [61688 2019-08-01] (AVAST Software s.r.o. -> AVAST Software) R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15488 2019-07-17] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software) R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42504 2019-08-01] (AVAST Software s.r.o. -> AVAST Software) R1 aswNetSec; C:\WINDOWS\System32\drivers\aswNetSec.sys [549416 2019-08-01] (AVAST Software s.r.o. -> AVAST Software) R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [112520 2019-08-01] (AVAST Software s.r.o. -> AVAST Software) R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [88160 2019-08-01] (AVAST Software s.r.o. -> AVAST Software) R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1030784 2019-08-01] (AVAST Software s.r.o. -> AVAST Software) R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [477288 2019-08-01] (AVAST Software s.r.o. -> AVAST Software) S3 aswTap; C:\WINDOWS\System32\drivers\aswTap.sys [53904 2019-07-17] (AVAST Software s.r.o. -> The OpenVPN Project) R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [387896 2019-08-01] (AVAST Software s.r.o. -> AVAST Software) R1 ATKWMIACPIIO; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [20096 2015-05-09] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek Computer Inc.) R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsRadioControl.sys [31112 2017-05-03] (ASUSTeK Computer Inc. -> ASUS) S3 iaStorAfs; C:\WINDOWS\System32\drivers\iaStorAfs.sys [70632 2017-06-10] (Intel(R) Rapid Storage Technology -> Intel Corporation) R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [129032 2017-04-14] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation) R2 iocbios2; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [37912 2017-04-18] (Intel Corporation -> Intel Corporation) R1 netfilter2; C:\WINDOWS\System32\drivers\netfilter2.sys [79504 2017-03-13] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) R3 Netwtw06; C:\WINDOWS\System32\drivers\Netwtw06.sys [8723968 2018-09-15] (Microsoft Windows -> Intel Corporation) S3 npcap; C:\WINDOWS\system32\DRIVERS\npcap.sys [81688 2018-03-03] (Insecure.Com LLC -> Insecure.Com LLC.) R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvam.inf_amd64_9b1341e92276ee7c\nvlddmkm.sys [17213616 2018-10-15] (NVIDIA Corporation -> NVIDIA Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-09-19] (NVIDIA Corporation -> NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48064 2017-09-19] (NVIDIA Corporation -> NVIDIA Corporation) R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-09-19] (NVIDIA Corporation -> NVIDIA Corporation) S3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [189152 2017-08-08] (Paramount Software UK Ltd -> Windows (R) Win 7 DDK provider) S3 PSVolAcc; C:\Windows\System32\Drivers\PSVolAcc.sys [31856 2017-03-23] (Paramount Software UK Ltd -> Windows (R) Win 7 DDK provider) S4 RsFx0500; C:\WINDOWS\System32\DRIVERS\RsFx0500.sys [261848 2017-08-22] (Microsoft Corporation -> Microsoft Corporation) R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [329184 2017-04-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [954368 2017-04-12] (Realtek Semiconductor Corp. -> Realtek ) S3 RtlWlanu_OldIC; C:\WINDOWS\System32\drivers\rtwlanu_oldIC.sys [3814400 2018-09-15] (Microsoft Windows -> Realtek Semiconductor Corporation ) S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46472 2019-02-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [333792 2019-02-23] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62432 2019-02-23] (Microsoft Windows -> Microsoft Corporation) S3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [54168 2017-04-18] (Intel Corporation -> Intel Corporation) R2 aswMonFlt; system32\drivers\aswMonFlt.sys [X] R2 aswStm; system32\drivers\aswStm.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-08-02 14:33 - 2019-07-20 05:18 - 023855104 _____ C:\WINDOWS\system32\config\system.oem 2019-08-01 23:10 - 2019-08-01 23:10 - 000000000 ____D C:\Users\Winson\Documents\FSRT 2019-08-01 23:06 - 2019-08-01 23:06 - 000000020 ___SH C:\Users\DefaultAppPool\ntuser.ini 2019-08-01 23:06 - 2019-08-01 23:06 - 000000000 ____D C:\Users\DefaultAppPool 2019-08-01 23:06 - 2018-09-15 15:29 - 000001105 _____ C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2019-08-01 22:40 - 2019-08-01 22:40 - 000363400 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2019-08-01 22:40 - 2019-08-01 22:40 - 000225816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw5e9c5fc8d0d38ffc.tmp 2019-08-01 22:40 - 2019-08-01 22:40 - 000168896 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswc7a99de7a98d29e7.tmp 2019-08-01 22:35 - 2019-08-01 22:35 - 000456104 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2019-07-24 16:10 - 2019-07-20 11:16 - 000262144 _____ C:\WINDOWS\system32\config\system.backup 2019-07-24 16:05 - 2019-07-24 16:07 - 000000000 ____D C:\WINDOWS\system32\config\test 2019-07-22 08:30 - 2019-07-22 08:31 - 000000000 ____D C:\WINDOWS\system32\config\backup 2019-07-19 15:16 - 2019-07-24 15:53 - 000000000 _____ C:\Recovery.txt 2019-07-19 05:36 - 2019-08-01 23:10 - 000000000 ____D C:\FRST 2019-07-18 23:53 - 2019-07-18 23:53 - 000338386 _____ C:\WINDOWS\ntbtlog.txt 2019-07-18 10:54 - 2019-07-18 10:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2019-07-17 22:19 - 2019-07-17 22:19 - 000004012 _____ C:\WINDOWS\System32\Tasks\Avast Cleanup Update 2019-07-17 22:19 - 2019-07-17 22:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2019-07-17 22:19 - 2019-07-17 22:19 - 000000000 ____D C:\Program Files (x86)\AVAST Software 2019-07-17 22:06 - 2019-07-17 22:20 - 000000000 ____D C:\Users\Winson\AppData\Roaming\AVAST Software 2019-07-17 22:06 - 2019-07-17 22:06 - 000001981 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Premier.lnk 2019-07-17 22:06 - 2019-07-17 22:06 - 000000000 ___HD C:\$AV_ASW 2019-07-17 22:06 - 2019-07-17 22:06 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software 2019-07-17 22:06 - 2019-07-17 22:06 - 000000000 ____D C:\Users\Winson\AppData\Local\AVAST Software 2019-07-17 22:05 - 2019-08-01 22:40 - 001030784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2019-07-17 22:05 - 2019-08-01 22:40 - 000477288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2019-07-17 22:05 - 2019-08-01 22:40 - 000387896 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys 2019-07-17 22:05 - 2019-08-01 22:40 - 000112520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2019-07-17 22:05 - 2019-08-01 22:40 - 000088160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys 2019-07-17 22:05 - 2019-08-01 22:40 - 000042504 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys 2019-07-17 22:05 - 2019-08-01 22:40 - 000003990 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update 2019-07-17 22:05 - 2019-08-01 22:39 - 000549416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetSec.sys 2019-07-17 22:05 - 2019-08-01 22:39 - 000263224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys 2019-07-17 22:05 - 2019-08-01 22:39 - 000209256 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys 2019-07-17 22:05 - 2019-08-01 22:39 - 000206056 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys 2019-07-17 22:05 - 2019-08-01 22:39 - 000061688 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys 2019-07-17 22:05 - 2019-07-17 22:05 - 001034056 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbd36fe93a60b75f5.tmp 2019-07-17 22:05 - 2019-07-17 22:05 - 000512048 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw8b1c1b9e0d7a73ed.tmp 2019-07-17 22:05 - 2019-07-17 22:05 - 000474648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw395641358dea71e0.tmp 2019-07-17 22:05 - 2019-07-17 22:05 - 000380144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswb1959307669da255.tmp 2019-07-17 22:05 - 2019-07-17 22:05 - 000320888 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswdc4080719370fd87.tmp 2019-07-17 22:05 - 2019-07-17 22:05 - 000223056 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw8e76d44dfe445893.tmp 2019-07-17 22:05 - 2019-07-17 22:05 - 000218056 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw6f43d4545b374739.tmp 2019-07-17 22:05 - 2019-07-17 22:05 - 000203488 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw4127cc4db38df536.tmp 2019-07-17 22:05 - 2019-07-17 22:05 - 000196264 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw01b651d75c97f771.tmp 2019-07-17 22:05 - 2019-07-17 22:05 - 000166792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw670fbce2d226d3b0.tmp 2019-07-17 22:05 - 2019-07-17 22:05 - 000111992 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw5cfd80dcc2d8df5a.tmp 2019-07-17 22:05 - 2019-07-17 22:05 - 000088144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw02090688781eb5a3.tmp 2019-07-17 22:05 - 2019-07-17 22:05 - 000058160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw49ee621d2a332d8b.tmp 2019-07-17 22:05 - 2019-07-17 22:05 - 000053904 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\aswTap.sys 2019-07-17 22:05 - 2019-07-17 22:05 - 000046584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw3893823347bd71e7.tmp 2019-07-17 22:05 - 2019-07-17 22:05 - 000042488 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswcd0022a95ae7cc7a.tmp 2019-07-17 22:05 - 2019-07-17 22:05 - 000015488 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys 2019-07-17 22:05 - 2019-07-17 22:05 - 000015488 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw00cdb7682cae28f6.tmp 2019-07-17 22:05 - 2019-07-17 22:05 - 000000000 ____D C:\Program Files\Common Files\AVAST Software 2019-07-17 22:05 - 2019-07-17 22:05 - 000000000 ____D C:\Program Files\AVAST Software 2019-07-17 22:03 - 2019-07-17 22:19 - 000000000 ____D C:\ProgramData\AVAST Software 2019-07-17 21:35 - 2019-07-17 21:35 - 000000258 __RSH C:\Users\Winson\ntuser.pol 2019-07-17 21:33 - 2019-07-19 15:28 - 000000000 ___HD C:\$SysReset 2019-07-17 21:23 - 2019-07-17 22:16 - 000000000 ____D C:\Program Files (x86)\Sending 2019-07-17 21:22 - 2019-07-18 11:03 - 000000000 ____D C:\Users\Winson\AppData\Roaming\1337 2019-07-17 21:22 - 2019-07-18 11:02 - 000000000 ____D C:\WINDOWS\System32\Tasks\System 2019-07-17 21:22 - 2019-07-17 21:22 - 000000000 ____D C:\ProgramData\Lamia 2019-07-17 21:06 - 2019-07-17 21:06 - 000016384 _____ C:\WINDOWS\SysWOW64\d.jfm 2019-07-17 21:06 - 2019-07-17 21:06 - 000002682 _____ C:\WINDOWS\SysWOW64\d.INTEG.RAW 2019-07-17 20:12 - 2019-07-17 20:12 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IIS 2019-07-17 20:12 - 2019-07-17 20:12 - 000000000 ____D C:\WINDOWS\SysWOW64\BestPractices 2019-07-17 20:12 - 2019-07-17 20:12 - 000000000 ____D C:\WINDOWS\system32\BestPractices 2019-07-17 20:12 - 2019-07-17 20:12 - 000000000 ____D C:\inetpub 2019-07-17 20:06 - 2019-07-17 21:36 - 000722944 _____ C:\Users\Winson\AppData\Local\sha.db 2019-07-17 20:06 - 2019-07-17 20:06 - 000140800 _____ C:\Users\Winson\AppData\Local\installer.dat 2019-07-17 20:06 - 2019-07-17 20:06 - 000126464 _____ C:\Users\Winson\AppData\Local\lobby.dat 2019-07-17 20:06 - 2019-07-17 20:06 - 000054272 _____ C:\Users\Winson\AppData\Local\ApplicationHosting.dat 2019-07-14 00:18 - 2019-07-14 00:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools 2019-07-11 18:35 - 2019-07-11 18:35 - 000000775 _____ C:\Users\Winson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ScrapeBox.lnk 2019-07-11 16:32 - 2019-07-11 16:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinHTTrack 2019-07-11 00:06 - 2019-07-11 00:06 - 000000847 _____ C:\Users\Public\Desktop\TemplateToaster 6.lnk 2019-07-11 00:06 - 2019-07-11 00:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TemplateToaster 6 2019-07-10 23:39 - 2019-07-11 00:47 - 000000000 ____D C:\Users\Winson\AppData\Roaming\TemplateToaster 2019-07-10 23:30 - 2019-07-10 23:31 - 000000000 ____D C:\ProgramData\TemplateToaster 2019-07-08 09:49 - 2019-07-08 09:49 - 000000000 ___HD C:\WINDOWS\system32\CanonIJ Uninstaller Information 2019-07-08 09:49 - 2019-07-08 09:49 - 000000000 ___HD C:\ProgramData\CanonBJ 2019-07-08 09:49 - 2019-07-08 09:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon E500 series 2019-07-08 09:49 - 2011-05-23 05:00 - 000385536 _____ (CANON INC.) C:\WINDOWS\system32\CNMLMAX.DLL 2019-07-08 09:49 - 2011-04-27 11:01 - 000373248 _____ (CANON INC.) C:\WINDOWS\system32\CNC_AXL.dll 2019-07-08 09:49 - 2011-04-27 11:00 - 000323584 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNC_AXL.dll 2019-07-08 09:49 - 2011-03-31 10:07 - 000302080 _____ (CANON INC.) C:\WINDOWS\system32\CNC_AXC.dll 2019-07-08 09:49 - 2011-03-31 10:07 - 000114688 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNC_AXU.dll 2019-07-08 09:49 - 2011-03-31 10:06 - 000112128 _____ (CANON INC.) C:\WINDOWS\system32\CNC_AXI.dll 2019-07-08 09:49 - 2010-11-29 09:15 - 000063744 _____ C:\WINDOWS\SysWOW64\CNC1758D.TBL 2019-07-08 09:49 - 2010-11-29 09:15 - 000063744 _____ C:\WINDOWS\system32\CNC1758D.TBL 2019-07-08 09:49 - 2008-08-25 18:02 - 000017920 _____ (CANON INC.) C:\WINDOWS\system32\CNHMCA6.dll 2019-07-08 09:49 - 2008-08-25 18:02 - 000015872 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNHMCA.dll ==================== One month (modified) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-08-01 23:03 - 2018-09-15 15:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2019-08-01 22:46 - 2018-09-15 15:23 - 000000000 ____D C:\WINDOWS\CbsTemp 2019-08-01 22:42 - 2019-04-19 19:04 - 001914082 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2019-08-01 22:42 - 2019-04-19 18:44 - 000584638 _____ C:\WINDOWS\system32\prfh0804.dat 2019-08-01 22:42 - 2019-04-19 18:44 - 000199200 _____ C:\WINDOWS\system32\prfc0804.dat 2019-08-01 22:42 - 2018-09-15 15:31 - 000000000 ____D C:\WINDOWS\INF 2019-08-01 22:40 - 2018-09-15 15:33 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2019-08-01 22:38 - 2018-09-15 15:33 - 000000000 ____D C:\WINDOWS\AppReadiness 2019-08-01 22:35 - 2019-04-19 19:07 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2019-08-01 22:35 - 2019-04-19 19:02 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2019-08-01 22:35 - 2018-07-12 22:59 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2019-08-01 22:35 - 2018-03-19 02:15 - 000000000 __SHD C:\Users\Winson\IntelGraphicsProfiles 2019-08-01 22:35 - 2018-03-19 02:07 - 000000000 ____D C:\ProgramData\NVIDIA 2019-07-19 15:34 - 2019-04-19 19:04 - 000000000 ____D C:\Users\Winson 2019-07-19 15:34 - 2018-09-15 17:11 - 000000000 ____D C:\Program Files\Windows Photo Viewer 2019-07-19 15:34 - 2018-09-15 17:11 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2019-07-19 15:34 - 2018-09-15 17:08 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts 2019-07-19 15:34 - 2018-09-15 17:08 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts 2019-07-19 15:34 - 2018-09-15 15:33 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs 2019-07-19 15:34 - 2018-09-15 15:33 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs 2019-07-19 15:34 - 2018-09-15 15:33 - 000000000 ____D C:\WINDOWS\TextInput 2019-07-19 15:34 - 2018-09-15 15:33 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe 2019-07-19 15:34 - 2018-09-15 15:33 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV 2019-07-19 15:34 - 2018-09-15 15:33 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT 2019-07-19 15:34 - 2018-09-15 15:33 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE 2019-07-19 15:34 - 2018-09-15 15:33 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX 2019-07-19 15:34 - 2018-09-15 15:33 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2019-07-19 15:34 - 2018-09-15 15:33 - 000000000 ____D C:\WINDOWS\SystemResources 2019-07-19 15:34 - 2018-09-15 15:33 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2019-07-19 15:34 - 2018-09-15 15:33 - 000000000 ____D C:\WINDOWS\system32\oobe 2019-07-19 15:34 - 2018-09-15 15:33 - 000000000 ____D C:\WINDOWS\system32\migwiz 2019-07-19 15:34 - 2018-09-15 15:33 - 000000000 ____D C:\WINDOWS\system32\lv-LV 2019-07-19 15:34 - 2018-09-15 15:33 - 000000000 ____D C:\WINDOWS\system32\lt-LT 2019-07-19 15:34 - 2018-09-15 15:33 - 000000000 ____D C:\WINDOWS\system32\et-EE 2019-07-19 15:34 - 2018-09-15 15:33 - 000000000 ____D C:\WINDOWS\system32\es-MX 2019-07-19 15:34 - 2018-09-15 15:33 - 000000000 ____D C:\WINDOWS\system32\DDFs 2019-07-19 15:34 - 2018-09-15 15:33 - 000000000 ____D C:\WINDOWS\system32\appraiser 2019-07-19 15:34 - 2018-09-15 15:33 - 000000000 ____D C:\WINDOWS\System 2019-07-19 15:34 - 2018-09-15 15:33 - 000000000 ____D C:\WINDOWS\ShellExperiences 2019-07-19 15:34 - 2018-09-15 15:33 - 000000000 ____D C:\WINDOWS\ShellComponents 2019-07-19 15:34 - 2018-09-15 15:33 - 000000000 ____D C:\WINDOWS\Provisioning 2019-07-19 15:34 - 2018-09-15 15:33 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2019-07-19 15:34 - 2018-09-15 15:33 - 000000000 ____D C:\WINDOWS\L2Schemas 2019-07-19 15:34 - 2018-09-15 15:33 - 000000000 ____D C:\WINDOWS\bcastdvr 2019-07-19 15:34 - 2018-09-15 14:09 - 000000000 ____D C:\WINDOWS\system32\Sysprep 2019-07-19 15:34 - 2018-09-15 14:09 - 000000000 ____D C:\WINDOWS\system32\Dism 2019-07-19 15:33 - 2018-09-15 15:33 - 000000000 ____D C:\WINDOWS\ServiceState 2019-07-19 15:33 - 2018-09-15 15:33 - 000000000 ____D C:\WINDOWS\schemas 2019-07-19 15:33 - 2018-09-15 15:33 - 000000000 ____D C:\WINDOWS\Globalization 2019-07-19 15:33 - 2018-09-15 15:33 - 000000000 ____D C:\WINDOWS\Containers 2019-07-19 15:31 - 2018-09-15 15:33 - 000000000 ___HD C:\Program Files\WindowsApps 2019-07-19 15:30 - 2018-09-15 15:33 - 000000000 ____D C:\WINDOWS\registration 2019-07-19 05:17 - 2018-09-15 15:33 - 000000000 ___RD C:\Program Files\Windows Defender 2019-07-18 11:07 - 2019-06-06 16:16 - 000000000 ____D C:\Users\Winson\AppData\Roaming\DMCache 2019-07-18 11:07 - 2018-06-23 17:53 - 000000000 ____D C:\Users\Winson\AppData\Roaming\tixati 2019-07-18 11:03 - 2019-04-19 19:07 - 000000000 ____D C:\WINDOWS\System32\Tasks\{5AD17DCA-2298-B66F-227F-4D6238E86F16} 2019-07-18 11:03 - 2018-03-18 11:48 - 000002309 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2019-07-17 23:36 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated 2019-07-17 23:36 - 2018-04-06 23:30 - 000000000 ____D C:\ProgramData\{C519007A-4F5B-8ABC-C99D-14FE53DF9F30} 2019-07-17 23:25 - 2018-05-20 23:26 - 000000000 ____D C:\Users\Winson\AppData\Local\D3DSCache 2019-07-17 22:58 - 2019-04-19 19:04 - 000002515 _____ C:\Users\Winson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2019-07-17 22:58 - 2018-09-22 15:47 - 000002517 _____ C:\Users\Winson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk 2019-07-17 22:58 - 2018-07-27 21:20 - 000002363 _____ C:\Users\Winson\Desktop\Postman.lnk 2019-07-17 22:58 - 2018-05-12 13:43 - 000002205 _____ C:\Users\Winson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BlueJeans.lnk 2019-07-17 22:58 - 2018-05-12 13:43 - 000002197 _____ C:\Users\Winson\Desktop\BlueJeans.lnk 2019-07-17 22:25 - 2019-06-06 15:53 - 000000000 ____D C:\Users\Winson\Downloads\Compressed 2019-07-17 22:24 - 2019-04-19 18:07 - 000000000 ___DC C:\WINDOWS\Panther 2019-07-17 22:24 - 2018-11-21 23:31 - 000000000 ____D C:\Users\Winson\AppData\Local\CrashDumps 2019-07-17 22:24 - 2018-11-01 23:55 - 000000000 ____D C:\Users\Winson\AppData\Roaming\FileZilla 2019-07-17 22:24 - 2018-07-12 22:59 - 000000000 ____D C:\Users\Winson\AppData\Roaming\TeamViewer 2019-07-17 21:34 - 2018-09-15 14:09 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2019-07-17 21:28 - 2018-02-01 10:58 - 000000000 ____D C:\Program Files\ASUS 2019-07-17 21:23 - 2019-04-15 23:28 - 000000258 __RSH C:\ProgramData\ntuser.pol 2019-07-17 21:06 - 2017-09-29 21:46 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy 2019-07-17 20:22 - 2018-12-15 16:52 - 000000000 ____D C:\Users\Winson\AppData\Roaming\Telegram Desktop 2019-07-17 20:19 - 2018-05-20 21:32 - 000000000 ____D C:\Users\Winson\AppData\Local\Adobe 2019-07-17 20:17 - 2018-09-15 15:33 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2019-07-17 20:17 - 2018-09-15 15:33 - 000000000 ____D C:\WINDOWS\system32\Macromed 2019-07-17 20:12 - 2018-09-15 15:33 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv 2019-07-17 20:12 - 2018-09-15 15:33 - 000000000 ____D C:\WINDOWS\system32\inetsrv 2019-07-17 20:02 - 2018-03-19 02:16 - 000000219 _____ C:\Users\Winson\AppData\Roaming\sp_data.sys 2019-07-16 23:35 - 2019-04-22 23:20 - 000000000 ____D C:\Users\Winson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Grammarly 2019-07-16 23:35 - 2019-04-22 23:20 - 000000000 ____D C:\Users\Winson\AppData\Local\GrammarlyForWindows 2019-07-15 21:29 - 2018-03-19 02:15 - 000000000 ____D C:\Users\Winson\AppData\Local\Packages 2019-07-14 14:30 - 2019-03-20 23:08 - 000000000 ____D C:\Users\Winson\Downloads\Telegram Desktop 2019-07-14 00:18 - 2019-01-26 21:40 - 000002500 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk 2019-07-14 00:18 - 2019-01-26 21:40 - 000002495 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk 2019-07-14 00:18 - 2019-01-26 21:40 - 000002494 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk 2019-07-14 00:18 - 2019-01-26 21:40 - 000002458 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk 2019-07-14 00:18 - 2019-01-26 21:40 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk 2019-07-14 00:18 - 2019-01-26 21:40 - 000002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk 2019-07-14 00:18 - 2019-01-26 21:40 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk 2019-07-14 00:18 - 2019-01-26 21:40 - 000002437 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk 2019-07-14 00:17 - 2019-01-24 23:27 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2019-07-13 23:05 - 2018-08-31 23:27 - 000000000 ____D C:\Users\Winson\Documents\Visual Studio 2017 2019-07-12 21:57 - 2019-06-12 17:37 - 000000000 ____D C:\Users\Winson\AppData\Local\Deployment 2019-07-11 22:25 - 2018-03-19 02:17 - 000000000 ___RD C:\Users\Winson\OneDrive 2019-07-10 21:40 - 2018-08-05 18:49 - 000000000 ____D C:\Users\Winson\AppData\Roaming\Code 2019-07-10 21:39 - 2018-08-05 18:45 - 000000000 ____D C:\Program Files\Microsoft VS Code 2019-07-10 21:38 - 2018-08-05 18:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Code 2019-07-10 13:54 - 2018-03-18 11:31 - 000000000 ____D C:\WINDOWS\system32\MRT 2019-07-10 13:51 - 2018-03-18 11:31 - 136618864 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2019-07-08 09:49 - 2018-09-15 15:33 - 000000000 __RSD C:\WINDOWS\media ==================== Files in the root of some directories ================ 2018-03-19 02:16 - 2019-07-17 20:02 - 000000219 _____ () C:\Users\Winson\AppData\Roaming\sp_data.sys 2018-04-08 00:31 - 2018-08-20 22:09 - 000000312 _____ () C:\Users\Winson\AppData\Roaming\WB.CFG 2019-07-17 20:06 - 2019-07-17 20:06 - 000054272 _____ () C:\Users\Winson\AppData\Local\ApplicationHosting.dat 2019-07-17 20:06 - 2019-07-17 20:06 - 000140800 _____ () C:\Users\Winson\AppData\Local\installer.dat 2019-07-17 20:06 - 2019-07-17 20:06 - 000126464 _____ () C:\Users\Winson\AppData\Local\lobby.dat 2019-05-24 23:27 - 2019-05-24 23:27 - 000000410 _____ () C:\Users\Winson\AppData\Local\oobelibMkey.log 2018-10-06 21:52 - 2018-10-09 21:45 - 000000600 _____ () C:\Users\Winson\AppData\Local\PUTTY.RND 2019-01-27 11:47 - 2019-01-27 11:47 - 000000017 _____ () C:\Users\Winson\AppData\Local\resmon.resmoncfg 2019-07-17 20:06 - 2019-07-17 21:36 - 000722944 _____ () C:\Users\Winson\AppData\Local\sha.db 2018-05-20 22:57 - 2018-05-20 22:57 - 000000003 _____ () C:\Users\Winson\AppData\Local\updater.log 2018-05-20 22:57 - 2018-05-20 22:57 - 000000425 _____ () C:\Users\Winson\AppData\Local\UserProducts.xml 2018-05-12 14:54 - 2018-05-12 14:54 - 000000000 _____ () C:\Users\Winson\AppData\Local\zenmap.exe.log ==================== SigCheck =============================== (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ============================