Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2019 Ran by Winson (01-08-2019 23:11:47) Running from C:\Users\Winson\Documents\FSRT Windows 10 Home Single Language Version 1809 17763.503 (X64) (2019-04-19 11:07:57) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2804506713-796569667-501129852-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-2804506713-796569667-501129852-503 - Limited - Disabled) Guest (S-1-5-21-2804506713-796569667-501129852-501 - Limited - Disabled) WDAGUtilityAccount (S-1-5-21-2804506713-796569667-501129852-504 - Limited - Disabled) Winson (S-1-5-21-2804506713-796569667-501129852-1001 - Administrator - Enabled) => C:\Users\Winson ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402} FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) .NET Core SDK 1.0.2 (x64) (HKLM\...\{EA35E834-8CA4-46DF-A8E5-8F11AC872A30}) (Version: 4.0.37723 - Microsoft Corporation) Hidden .NET Core SDK 1.0.2 (x64) (HKLM-x32\...\{782476be-43c2-4bac-8292-b1ddff900c7b}) (Version: 1.0.2 - Microsoft Corporation) Active Directory Authentication Library for SQL Server (HKLM\...\{6BF11ECE-3CE8-4FBA-991A-1F55AA6BE5BF}) (Version: 15.0.1300.359 - Microsoft Corporation) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.8.2.476 - Adobe Systems Incorporated) Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.108 - Adobe Systems Incorporated) Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.223 - Adobe) AIDA64 Extreme v5.97 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 5.97 - FinalWire Ltd.) Aimersoft Helper Compact 2.5.2 (HKLM-x32\...\{405147F7-FCC5-499B-A27E-EA6BD4A80435}_is1) (Version: 2.5.2 - Aimersoft) Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.) Asus ApoDispatchConfigurator (HKLM\...\{4FEB3307-A0EF-4385-9C8F-4B4C1503311C}) (Version: 3.6.2201 - ASUSTeK COMPUTER INC) Hidden Asus AudioCaptureNotificationConfigurator (HKLM\...\{04C5CE55-7F32-4D2D-AEA2-FDC03E8F65CC}) (Version: 3.6.2201 - ASUSTeK COMPUTER INC) Hidden ASUS Device Activation (HKLM-x32\...\{9C4B0706-9F9A-47BF-B417-0A111FC52B04}) (Version: 1.0.4.0 - ASUSTeK COMPUTER INC.) Asus DeviceRoutingConfigurator (HKLM\...\{AC306567-A1B7-4208-8FED-97CF535050BC}) (Version: 3.6.2201 - ASUSTeK COMPUTER INC) Hidden ASUS GiftBox Service (HKLM-x32\...\{4701E5AB-AF91-4D40-8F18-358CC80E4E5B}) (Version: 3.0.7 - ASUSTeK COMPUTER INC.) ASUS Hello (HKLM-x32\...\{D8CE1923-92A9-4036-817E-9E0D8AA2169B}) (Version: 1.0.4 - ASUSTeK COMPUTER INC.) ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.6.8 - ASUSTeK COMPUTER INC.) Asus NahimicSettingsConfigurator (HKLM\...\{FE301CA2-47B5-4A70-A397-4A8F13D163F1}) (Version: 3.6.2201 - ASUSTeK COMPUTER INC) Hidden Asus ProductDaemonSetup (HKLM\...\{36606417-B1C4-42C2-B5C1-67972DA63DAB}) (Version: 3.6.2201 - ASUSTeK COMPUTER INC) Hidden Asus ProfileSwitcherCleanup (HKLM\...\{54F352F8-6463-4359-8147-A2ECEF489E39}) (Version: 3.6.22.46410 - ASUSTeK COMPUTER INC) Hidden ASUS PTP Driver (HKLM-x32\...\{7618E419-9124-4E6C-9AF4-487A6DDEC1C5}) (Version: 11.0.22 - ASUSTek COMPUTER INC.) Asus Sonic Radar 3 (HKLM-x32\...\{090b16fc-8f5a-4a0c-985d-68ef0a0a8644}) (Version: 3.6.22.46410 - ASUSTeK COMPUTER INC) Asus Sonic Studio 3 (HKLM-x32\...\{ee7e0478-89e2-474f-9a3f-c7db7bc52b7b}) (Version: 3.6.22.46410 - ASUSTeK COMPUTER INC) Asus SonicMapperConfigurator (HKLM\...\{36337267-CDD0-4EDE-A1C4-AB6058D0F61C}) (Version: 3.6.22.46410 - ASUSTeK COMPUTER INC) Hidden Asus SonicRadar3Setup (HKLM\...\{2068AD13-6210-4E8E-AB8F-C058E3C0ECBA}) (Version: 3.6.22.46410 - ASUSTeK COMPUTER INC) Hidden Asus SonicStudio3Setup (HKLM\...\{D09A6D9F-819E-47ED-A5BF-56F75DF378FE}) (Version: 3.6.22.46410 - ASUSTeK COMPUTER INC) Hidden ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.22.0005 - ASUS) ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.2.0 - ASUS) ATK Package (ASUS Keyboard Hotkeys) (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0057 - ASUSTeK COMPUTER INC.) Avast Cleanup Premium (HKLM-x32\...\{075CC190-59EE-499F-828B-0B5C098C8C15}_is1) (Version: 19.1.7734 - AVAST Software) Avast Premier (HKLM-x32\...\Avast Antivirus) (Version: 19.6.2383 - AVAST Software) Bandicam (HKLM-x32\...\Bandicam) (Version: 4.4.0.1535 - Bandicam.com) Bandicam MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandicam.com) Bitvise SSH Client - FlowSshNet (x86) (HKLM-x32\...\{F5724FFA-5FAE-4823-87D0-04AE3A2C9C77}) (Version: 7.45.0.0 - Bitvise Limited) Hidden BlueJeans (HKLM\...\{AC083B9B-9219-4FA7-AE5D-E85CCC4C77CE}) (Version: 2.5.439 - BlueJeans Network, Inc.) Hidden BlueJeans (HKU\S-1-5-21-2804506713-796569667-501129852-1001\...\{bdf62864-344b-4125-a2e8-050a38c7d8fb}) (Version: 2.5.439 - BlueJeans Network, Inc.) Browser for SQL Server 2017 (HKLM-x32\...\{CF8EEB96-E7E7-4EF7-A0A1-559F09953156}) (Version: 14.0.1000.169 - Microsoft Corporation) Canon E500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_E500_series) (Version: - ) Chromium (HKU\S-1-5-21-2804506713-796569667-501129852-1001\...\Chromium) (Version: 69.0.3497.100 - Chromium) ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{E598B692-764A-413C-8530-59163D6B4AE3}) (Version: 4.6.01590 - Microsoft Corporation) Hidden Composer - Php Dependency Manager (HKLM-x32\...\{7315AF68-E777-496A-A6A2-4763A98ED35A}_is1) (Version: - getcomposer.org) CrystalDiskInfo 7.7.0 Kurei Kei Edition (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.7.0 - Crystal Dew World) CrystalDiskMark 6.0.1 (HKLM\...\CrystalDiskMark6_is1) (Version: 6.0.1 - Crystal Dew World) DiagnosticsHub_CollectionService (HKLM\...\{90A561D7-0C29-464D-94E1-2A7E1C553230}) (Version: 15.0.26208 - Microsoft Corporation) Hidden DictCN Dictionary (HKLM-x32\...\DictCN Dictionary_is1) (Version: 4.0.3 - DICT.CN Co.Ltd) Entity Framework 6.1.3 Tools for Visual Studio 15 (HKLM-x32\...\{F8C0447E-D45C-4E52-94E8-C6340AAC9DB8}) (Version: 6.1.60104.0 - Microsoft Corporation) Hidden FastStone Capture 9.0 (HKLM-x32\...\FastStone Capture) (Version: 9.0 - FastStone Soft) Figma (HKU\S-1-5-21-2804506713-796569667-501129852-1001\...\Figma) (Version: 71.4.0 - Figma, Inc.) FileZilla Client 3.38.1 (HKLM-x32\...\FileZilla Client) (Version: 3.38.1 - Tim Kosse) GameFirst IV (HKLM-x32\...\{642F6C9F-40F7-430F-95B8-91E0C24005AA}) (Version: 1.7.0.0 - ASUSTeK COMPUTER INC.) Hidden GameFirst IV (HKLM-x32\...\GameFirst IV 1.7.0.0) (Version: 1.7.0.0 - ASUSTeK COMPUTER INC.) Git version 2.19.0 (HKLM\...\Git_is1) (Version: 2.19.0 - The Git Development Community) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 75.0.3770.142 - Google LLC) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden Grammarly (HKU\S-1-5-21-2804506713-796569667-501129852-1001\...\GrammarlyForWindows) (Version: 1.5.51 - Grammarly) heroku (HKLM-x32\...\heroku) (Version: - Heroku) icecap_collection_neutral (HKLM-x32\...\{64F3E6FC-68E3-4062-9C2C-ABD93FDFF309}) (Version: 15.0.26208 - Microsoft Corporation) Hidden icecap_collection_x64 (HKLM\...\{0AD162D1-4973-4315-97E9-5DE9A92B4049}) (Version: 15.0.26208 - Microsoft Corporation) Hidden icecap_collectionresources (HKLM-x32\...\{12C50688-5919-4A7A-8784-B26A7238FCEE}) (Version: 15.0.26208 - Microsoft Corporation) Hidden icecap_collectionresourcesx64 (HKLM-x32\...\{400E7885-8851-43F1-849C-5A720CB4F001}) (Version: 15.0.26208 - Microsoft Corporation) Hidden IIS 10.0 Express (HKLM\...\{0148E8AA-4A50-4673-B532-DB9F30F804BE}) (Version: 10.0.1737 - Microsoft Corporation) IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version: - ) Hidden IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version: - ) Hidden Integration Services (HKLM-x32\...\{9106A154-A2D8-4F97-9F68-FC169523AAF2}) (Version: 15.0.1300.376 - Microsoft Corporation) Hidden Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation) Intel(R) Chipset Device Software (HKLM-x32\...\{17408817-d415-4768-a160-ae6d46d6bdb0}) (Version: 10.1.1.44 - Intel(R) Corporation) Hidden Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1043 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 23.20.16.4973 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.7.0.1014 - Intel Corporation) Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1725.1 - Intel Corporation) Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.715.0 - Intel Corporation) Hidden Intel(R) Trusted Connect Services Client (HKLM-x32\...\{2b32b7d0-4f9f-47c8-adb7-807e6cb2fb75}) (Version: 1.47.715.0 - Intel Corporation) Hidden Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{559FA847-377D-4926-80A3-ED9E014D363A}) (Version: 19.60.0 - Intel Corporation) Intel® Hardware Accelerated Execution Manager (HKLM\...\{73D60EDA-FD00-4CB4-8723-212AFB2219CF}) (Version: 7.3.0 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{6da487a6-c50d-494e-aaa0-6d8ce9c37ef3}) (Version: 20.10.2 - Intel Corporation) IntelliTraceProfilerProxy (HKLM-x32\...\{51783942-DFB0-4452-97CC-BDF2D4AB3A48}) (Version: 15.0.24.0 - Microsoft Corporation) Hidden Lightshot-5.4.0.35 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.35 - Skillbrains) Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes) Microsoft Help Viewer 2.3 (HKLM-x32\...\Microsoft Help Viewer 2.3) (Version: 2.3.28107 - Microsoft Corporation) Microsoft ODBC Driver 13 for SQL Server (HKLM\...\{76CF9EF4-ABA0-484E-8042-12B99499AF5F}) (Version: 14.0.1000.169 - Microsoft Corporation) Microsoft ODBC Driver 17 for SQL Server (HKLM\...\{175BC9FC-C256-4EFC-9D87-4A9AF3B47A12}) (Version: 17.3.1.1 - Microsoft Corporation) Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.11727.20244 - Microsoft Corporation) Microsoft OLE DB Driver for SQL Server (HKLM\...\{EE6D1BC2-277F-4841-8FC9-DE132F856BB8}) (Version: 18.2.1.0 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2804506713-796569667-501129852-1001\...\OneDriveSetup.exe) (Version: 19.103.0527.0003 - Microsoft Corporation) Microsoft SQL Server 2012 Native Client (HKLM\...\{9D93D367-A2CC-4378-BD63-79EF3FE76C78}) (Version: 11.4.7462.6 - Microsoft Corporation) Microsoft SQL Server 2016 LocalDB (HKLM\...\{E359515A-92E6-4FA3-A2C9-E1BA02D8DE6E}) (Version: 13.0.1601.5 - Microsoft Corporation) Microsoft SQL Server 2017 (64-bit) (HKLM\...\Microsoft SQL Server SQL2017) (Version: - Microsoft Corporation) Microsoft SQL Server 2017 Setup (English) (HKLM\...\{405252DC-ADF7-4BC8-95F5-F89DE513DD62}) (Version: 14.0.1000.169 - Microsoft Corporation) Microsoft SQL Server 2017 T-SQL Language Service (HKLM\...\{C8A51693-98B9-4AB1-91B8-9A1B86729D5F}) (Version: 14.0.1000.169 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Management Studio - 18.0 (HKLM-x32\...\{2d54e901-e51d-41e2-8161-2adaa6a700d6}) (Version: 15.0.18118.0 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2016 (HKLM\...\{96EB5054-C775-4BEF-B7B9-AA96A295EDCD}) (Version: 13.0.1601.5 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2016 (HKLM-x32\...\{84C23ECA-FE4D-494F-9247-3EBAD57E7F0C}) (Version: 13.0.1601.5 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation) Microsoft Visual Studio 2017 (HKLM-x32\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.9.30330.1 - Microsoft Corporation) Microsoft Visual Studio Code (HKLM\...\{EA457B21-F73E-494C-ACAB-524FDE069978}_is1) (Version: 1.36.1 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2017 (HKLM-x32\...\{f895a2f1-ae3f-4212-8af1-7fa1f8c212ea}) (Version: 15.0.27520 - Microsoft Corporation) Microsoft VSS Writer for SQL Server 2017 (HKLM\...\{20B328C9-C6BB-434A-928A-00F05CD820B8}) (Version: 14.0.1000.169 - Microsoft Corporation) Microsoft Web Deploy 3.6 (HKLM\...\{5CB4DD27-6252-4C08-BFCF-22F6A110CBFA}) (Version: 10.0.1972 - Microsoft Corporation) Mozilla Firefox 60.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 60.0.1 (x64 en-US)) (Version: 60.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0.3 - Mozilla) Nmap 7.70 (HKLM-x32\...\Nmap) (Version: 7.70 - Nmap Project) Node.js (HKLM\...\{9A1DA61D-112C-46CE-AB8F-AD31985866F5}) (Version: 10.13.0 - Node.js Foundation) Npcap 0.99-r2 (HKLM-x32\...\NpcapInst) (Version: 0.99-r2 - Nmap Project) NVIDIA 3D Vision Driver 399.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 399.24 - NVIDIA Corporation) NVIDIA GeForce Experience 3.9.0.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.9.0.97 - NVIDIA Corporation) NVIDIA Graphics Driver 399.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 399.24 - NVIDIA Corporation) NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11727.20244 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11727.20244 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11727.20244 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11727.20244 - Microsoft Corporation) Hidden Postman-win64-6.1.4 (HKU\S-1-5-21-2804506713-796569667-501129852-1001\...\Postman) (Version: 6.1.4 - Postman) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.15063.29094 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.16.323.2017 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8219 - Realtek Semiconductor Corp.) ROG Gaming Center (HKLM\...\{CC182DBF-FC67-4F79-9930-6A2682E60BDD}) (Version: 2.1.5 - ASUSTeK COMPUTER INC.) SkyFonts™ (HKLM\...\{E1D048A2-0A35-4DC8-B70E-4818A21E5FC5}) (Version: 5.9.5.3 - Monotype Imaging Inc.) SQL Server 2017 Batch Parser (HKLM\...\{2C6E8311-28BD-4615-9545-6E39E8E83A4B}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Client Tools (HKLM\...\{A6A9EFA1-AFEB-4209-B25D-3CFF2E6FAE2C}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Client Tools (HKLM\...\{BD1502B1-778B-44B6-B2B4-0B77BD0366A1}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Client Tools Extensions (HKLM\...\{06324A5D-66BB-4FAC-8D0B-9FEC1B230FFF}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Client Tools Extensions (HKLM\...\{200F38B2-1492-4576-B08C-78F2C2C953FC}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Common Files (HKLM\...\{9D1C0509-D490-4E9E-ACF5-A73E5C53742D}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Common Files (HKLM\...\{B777C4C0-A1CD-4AB9-99B1-AD5FBED6F8E5}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Connection Info (HKLM\...\{89A7644F-E056-4EC1-BFDE-9D1A531D6855}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Connection Info (HKLM\...\{A9A443F5-56E1-4FC6-937C-5F481345A843}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Database Engine Services (HKLM\...\{28EEF6BA-A23A-42D2-86BA-A6BEE723B969}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Database Engine Services (HKLM\...\{DED314CA-0EFE-4593-9D66-EF75E5289A4C}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Database Engine Shared (HKLM\...\{0E22DBB4-691B-400C-B52D-8DFE8EC421AA}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Database Engine Shared (HKLM\...\{793F1C1E-5C83-4E33-A29B-6EAA7C1E791C}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 DMF (HKLM\...\{B9998A13-5563-496C-B95E-597FFC70B670}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 DMF (HKLM\...\{D7D28BBF-3B0E-43F0-A457-331F1CD9E9EB}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Shared Management Objects (HKLM\...\{10855B1A-F7F2-4D8A-A725-9287C73BED5A}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Shared Management Objects (HKLM\...\{6CBBF624-696C-499E-948D-ADBAFFA2F548}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Shared Management Objects Extensions (HKLM\...\{8C515C22-BE07-4908-985C-0AA9349E1ED4}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Shared Management Objects Extensions (HKLM\...\{C6D92730-3EC0-47B1-8F6C-6F5635D1EFAC}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 SQL Diagnostics (HKLM\...\{DFA6A906-3024-49DE-87AD-750EAED2FA49}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 XEvent (HKLM\...\{12D2DB8D-80FF-4152-8F51-EDB3BD3C6976}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 XEvent (HKLM\...\{AA2A015C-C210-413B-95F6-BF9D3CDD6E0D}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server Management Studio (HKLM\...\{4FA59221-0112-4A7B-A7C4-89259C3AE8CD}) (Version: 15.0.18118.0 - Microsoft Corporation) Hidden SQL Server Management Studio (HKLM\...\{809B42D5-69C9-4088-B00F-357CF2F58F88}) (Version: 15.0.18118.0 - Microsoft Corporation) Hidden SQL Server Management Studio for Analysis Services (HKLM\...\{512DE2A3-850F-4606-A666-262A7B2B87D5}) (Version: 15.0.18118.0 - Microsoft Corporation) Hidden SQL Server Management Studio for Reporting Services (HKLM\...\{C0E20347-DBCD-4D72-BEB4-AA288FD2BB3B}) (Version: 15.0.18118.0 - Microsoft Corporation) Hidden SSMS Post Install Tasks (HKLM\...\{6C046E22-6FB3-449C-85F7-50FD615B6DB4}) (Version: 15.0.18118.0 - Microsoft Corporation) Hidden Sublime Text Build 3176 (HKLM\...\Sublime Text 3_is1) (Version: - Sublime HQ Pty Ltd) TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.1.3629 - TeamViewer) Telegram Desktop version 1.7.14 (HKU\S-1-5-21-2804506713-796569667-501129852-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.7.14 - Telegram Messenger LLP) TemplateToaster 6 (HKLM-x32\...\TemplateToaster 6_is1) (Version: 6.0.0.11509 - TemplateToaster.com) TypeScript Power Tool (HKLM-x32\...\{0B693FB7-DF61-44DB-AEAA-E2E30F85A781}) (Version: 2.1.5.0 - Microsoft Corporation) Hidden Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{B2E25355-C24E-4E7D-8AD3-455D59810838}) (Version: 2.57.0.0 - Microsoft Corporation) Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{344F3227-F502-4219-9DC4-1967E586FAFA}) (Version: 2.51.0.0 - Microsoft Corporation) vcpp_crt.redist.clickonce (HKLM-x32\...\{93FDC294-0726-48EA-989D-50E89C67ABF0}) (Version: 14.10.25008 - Microsoft Corporation) Hidden VS JIT Debugger (HKLM\...\{2901E697-0E9C-404B-B7D0-6E2D43F64CE5}) (Version: 16.0.59.0 - Microsoft Corporation) Hidden VS Script Debugging Common (HKLM\...\{3B64C68E-14E0-4214-A53D-502E9FBD32E7}) (Version: 16.0.59.0 - Microsoft Corporation) Hidden VS WCF Debugging (HKLM\...\{9E1EF6F7-ED70-4BD8-A1AE-83C5DEF0DA91}) (Version: 16.0.59.0 - Microsoft Corporation) Hidden vs_BlendMsi (HKLM-x32\...\{1070C8E8-4DFB-419F-984A-5C835828897E}) (Version: 15.0.26208 - Microsoft Corporation) Hidden vs_clickoncebootstrappermsi (HKLM-x32\...\{B9F4AA09-F4AC-4108-ADA0-27CDD45FCEC3}) (Version: 15.0.26208 - Microsoft Corporation) Hidden vs_clickoncebootstrappermsires (HKLM-x32\...\{AEF5E0F2-31D1-454A-A992-C523C0007B4D}) (Version: 15.0.26208 - Microsoft Corporation) Hidden vs_clickoncesigntoolmsi (HKLM-x32\...\{DE8B48BF-82B9-434A-B254-1EA2306E5FBA}) (Version: 15.0.26208 - Microsoft Corporation) Hidden vs_codecoveragemsi (HKLM-x32\...\{5E8B6B34-D844-495C-8B27-30792E229B0A}) (Version: 15.0.26208 - Microsoft Corporation) Hidden vs_communitymsi (HKLM-x32\...\{A041943F-C97B-48F6-8F23-C5078F99BB3A}) (Version: 15.0.26323 - Microsoft Corporation) Hidden vs_communitymsires (HKLM-x32\...\{1210EE60-E253-407D-B537-D36898049CF0}) (Version: 15.0.26228 - Microsoft Corporation) Hidden vs_devenvmsi (HKLM-x32\...\{581E5656-26E2-4A02-9711-48C8E4998310}) (Version: 15.0.26208 - Microsoft Corporation) Hidden vs_enterprisemsi (HKLM-x32\...\{8A4C52AC-02E4-430F-AC1C-AC208F6BCFD6}) (Version: 15.0.26228 - Microsoft Corporation) Hidden vs_filehandler_amd64 (HKLM-x32\...\{15D591B0-7B40-4957-B6C0-EB7452B5AAB6}) (Version: 15.0.26228 - Microsoft Corporation) Hidden vs_filehandler_x86 (HKLM-x32\...\{DC296244-0701-4EDE-9696-05B9C1D017B3}) (Version: 15.0.26228 - Microsoft Corporation) Hidden vs_FileTracker_Singleton (HKLM-x32\...\{11230C85-1813-4BC3-9C24-E0B74B59653E}) (Version: 15.0.26208 - Microsoft Corporation) Hidden vs_minshellinteropmsi (HKLM-x32\...\{9477F337-FD16-4ACA-8217-E2D7A0F92603}) (Version: 15.0.26301 - Microsoft Corporation) Hidden vs_minshellmsi (HKLM-x32\...\{ACFEA151-D1BE-4114-875A-87328B6002D4}) (Version: 15.0.26315 - Microsoft Corporation) Hidden vs_minshellmsires (HKLM-x32\...\{A8B77523-13AB-46B9-B54F-5483E09668F9}) (Version: 15.0.26228 - Microsoft Corporation) Hidden vs_networkemulationmsi_x64 (HKLM-x32\...\{01186500-C2AD-44D1-BDEE-BE7F6DCE9E25}) (Version: 15.0.26208 - Microsoft Corporation) Hidden vs_professionalmsi (HKLM-x32\...\{03888DC4-ED57-4E6D-9397-1912885CE14B}) (Version: 15.0.26228 - Microsoft Corporation) Hidden vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{D396CF10-5F2B-417D-9571-0B669B99440E}) (Version: 15.0.26208 - Microsoft Corporation) Hidden vs_tipsmsi (HKLM-x32\...\{A32A9CF6-E7AA-48B8-A3D3-50C157E69F53}) (Version: 15.0.26208 - Microsoft Corporation) Hidden Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-2) (Version: 1.0.65.1 - LunarG, Inc.) Hidden Wampserver64 3.1.4 (HKLM\...\{wampserver64}_is1) (Version: 3.1.4 - Dominique Ottello aka Otomatic) Windows Driver Package - ASUSTek COMPUTER INC. (AsusPTPDrv) HIDClass (08/02/2017 11.0.0.18) (HKLM\...\E90A37D273EA609437C18750E3A7AB5C391A4E33) (Version: 08/02/2017 11.0.0.18 - ASUSTek COMPUTER INC.) WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.2.2 - ASUSTeK COMPUTER INC.) WinRAR 5.60 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.60.0 - win.rar GmbH) XAMPP (HKLM-x32\...\xampp) (Version: 7.2.9-0 - Bitnami) XSplit Gamecaster (HKLM-x32\...\{A39B5969-9683-49F9-AA69-F40EF0D91441}) (Version: 3.0.1705.3123 - SplitmediaLabs) Yarn (HKLM-x32\...\{7245DEA3-DF39-4B0A-8570-DDDE72FF3141}) (Version: 1.12.3 - Yarn Contributors) Packages: ========= Adobe XD -> C:\Program Files\WindowsApps\Adobe.CC.XD_19.1.22.6_x64__adky2gkssdxte [2019-05-24] (Adobe Systems Incorporated) ASUS GIFTBOX -> C:\Program Files\WindowsApps\B9ECED6F.ASUSGIFTBOX_3.0.10.0_x64__qmba6cd70vzyy [2019-07-19] (ASUSTeK COMPUTER INC.) ASUS Product Registration Program -> C:\Program Files\WindowsApps\B9ECED6F.ASUSProductRegistrationProgram_3.0.1.0_x86__qmba6cd70vzyy [2019-07-19] (ASUSTeK COMPUTER INC.) eManual -> C:\Program Files\WindowsApps\B9ECED6F.eManual_2.0.0.0_x64__qmba6cd70vzyy [2019-07-19] (ASUSTeK COMPUTER INC.) Ink To Code -> C:\Program Files\WindowsApps\Microsoft.459869C218FA_1.1.5.0_x64__8wekyb3d8bbwe [2018-09-02] (Microsoft Corporation) LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_2.0.1.0_neutral__w1wdnht996qgy [2019-07-19] (LinkedIn) Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9330.21365.0_x64__8wekyb3d8bbwe [2019-07-19] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1804.2.0_x64__8wekyb3d8bbwe [2019-07-19] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1804.2.0_x86__8wekyb3d8bbwe [2019-07-19] (Microsoft Corporation) [MS Ad] Microsoft People -> C:\Program Files\WindowsApps\Microsoft.People_10.1805.1361.0_x64__8wekyb3d8bbwe [2019-07-19] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.1.5252.0_x86__8wekyb3d8bbwe [2019-07-19] (Microsoft Studios) [MS Ad] Microsoft To-Do -> C:\Program Files\WindowsApps\Microsoft.Todos_1.38.12321.0_x64__8wekyb3d8bbwe [2018-09-02] (Microsoft Corporation) MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.12127.0_x64__8wekyb3d8bbwe [2019-07-19] (Microsoft Corporation) [MS Ad] MyASUS -> C:\Program Files\WindowsApps\B9ECED6F.MyASUS_3.3.2.0_x86__qmba6cd70vzyy [2019-07-19] (ASUSTeK COMPUTER INC.) Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.30.144.0_x64__mcm4njqhnhss8 [2019-07-19] (Netflix, Inc.) ROG Aura Core -> C:\Program Files\WindowsApps\B9ECED6F.ROGAuraCore_2.0.5.0_x86__qmba6cd70vzyy [2019-07-19] (ASUSTeK COMPUTER INC.) WPS Office -> C:\Program Files\WindowsApps\ZhuhaiKingsoftOfficeSoftw.WPSOffice_10.2.0.0_x86__924xes6e8q1tw [2019-07-19] (Zhuhai Kingsoft Office Software Co.,Ltd) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2804506713-796569667-501129852-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-25534F4D91FF} -> [Creative Cloud Files] => C:\Users\Winson\Creative Cloud Files [2019-05-26 00:09] CustomCLSID: HKU\S-1-5-21-2804506713-796569667-501129852-1001_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\localserver32 -> C:\Users\Winson\AppData\Local\Chromium\Application\69.0.3497.100\notification_helper.exe (The Chromium Authors) [File not signed] <==== ATTENTION CustomCLSID: HKU\S-1-5-21-2804506713-796569667-501129852-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> ) ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> ) ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> ) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-07-17] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> ) ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-07-17] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-24] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-06-24] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-07-17] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll -> No File ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_c9081e50bcffa972\igfxDTCM.dll [2018-04-17] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-09-06] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> ) ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-07-17] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll -> No File ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-24] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-06-24] (win.rar GmbH -> Alexander Roshal) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2019-07-17 22:19 - 2018-11-14 17:54 - 048936448 _____ () [File not signed] C:\Program Files (x86)\AVAST Software\Avast Cleanup\libcef.dll 2018-09-27 21:50 - 2018-03-12 15:00 - 000021504 _____ () [File not signed] C:\Program Files (x86)\Thunder Network\XMP\V5.4.0.6151\Bin\minizip.dll 2018-09-27 21:50 - 2015-09-29 13:02 - 000427008 _____ () [File not signed] C:\Users\Public\Thunder Network\APlayer\codecs\audioswitcher.dll 2018-09-27 21:50 - 2009-07-30 21:44 - 000319488 _____ () [File not signed] C:\Users\Public\Thunder Network\APlayer\codecs\coreaac.ax 2018-09-27 21:50 - 2018-01-05 21:25 - 013125120 _____ () [File not signed] C:\Users\Public\Thunder Network\APlayer\codecs\lavfilters-2\avcodec-58.dll 2018-09-27 21:50 - 2018-01-05 21:25 - 002652672 _____ () [File not signed] C:\Users\Public\Thunder Network\APlayer\codecs\lavfilters-2\avfilter-7.dll 2018-09-27 21:50 - 2018-01-05 21:25 - 002494464 _____ () [File not signed] C:\Users\Public\Thunder Network\APlayer\codecs\lavfilters-2\avformat-58.dll 2018-09-27 21:50 - 2018-01-05 21:25 - 000343552 _____ () [File not signed] C:\Users\Public\Thunder Network\APlayer\codecs\lavfilters-2\avresample-4.dll 2018-09-27 21:50 - 2018-01-05 21:25 - 000811008 _____ () [File not signed] C:\Users\Public\Thunder Network\APlayer\codecs\lavfilters-2\avutil-56.dll 2018-09-27 21:50 - 2018-01-05 21:25 - 000324608 _____ () [File not signed] C:\Users\Public\Thunder Network\APlayer\codecs\lavfilters-2\swresample-3.dll 2018-09-27 21:50 - 2018-01-05 21:25 - 000780800 _____ () [File not signed] C:\Users\Public\Thunder Network\APlayer\codecs\lavfilters-2\swscale-5.dll 2018-09-27 21:50 - 2018-01-05 18:03 - 000648192 _____ () [File not signed] C:\Users\Public\Thunder Network\APlayer\codecs\mp4splitter.dll 2018-09-27 21:50 - 2016-12-13 14:51 - 001323008 _____ () [File not signed] C:\Users\Public\Thunder Network\APlayer\codecs\vsfilter.dll 2018-09-27 21:50 - 2018-03-12 15:00 - 000684032 _____ () [File not signed] C:\Users\Public\Thunder Network\xmp5\V5.4.0.6151\Program\libexpat.dll 2018-09-27 21:50 - 2018-03-12 15:00 - 000162304 _____ () [File not signed] C:\Users\Public\Thunder Network\xmp5\V5.4.0.6151\Program\libpng13.dll 2018-09-27 21:50 - 2018-03-12 15:00 - 000062464 _____ () [File not signed] C:\Users\Public\Thunder Network\xmp5\V5.4.0.6151\Program\zlib1.dll 2018-09-22 15:46 - 2018-09-18 18:37 - 000142848 _____ () [File not signed] C:\Users\Winson\AppData\Local\Chromium\Application\69.0.3497.100\swiftshader\libegl.dll 2018-09-22 15:46 - 2018-09-18 18:37 - 002679808 _____ () [File not signed] C:\Users\Winson\AppData\Local\Chromium\Application\69.0.3497.100\swiftshader\libglesv2.dll 2018-09-27 21:50 - 2018-01-05 21:26 - 000989696 _____ (1f0.de - Hendrik Leppkes) [File not signed] C:\Users\Public\Thunder Network\APlayer\codecs\lavfilters-2\lavvideo.dll 2017-09-12 08:00 - 2017-09-12 08:00 - 000031744 _____ (ASUSTeK COMPUTER INC.) [File not signed] C:\Program Files (x86)\ASUSTeK COMPUTER INC\ROG Gaming Center\ROGGamingCenterService.exe 2018-09-27 21:50 - 2018-02-05 11:04 - 000090112 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Thunder Network\XMP\V5.4.0.6151\Bin\atl71.dll 2017-12-08 22:57 - 2017-12-08 22:57 - 000069632 _____ (ShenZhen Thunder Networking Technologies, LTD) [File not signed] C:\Users\Public\Thunder Network\APlayer\codecs\evrcp.dll 2018-09-22 15:46 - 2018-09-18 18:37 - 057064960 _____ (The Chromium Authors) [File not signed] C:\Users\Winson\AppData\Local\Chromium\Application\69.0.3497.100\chrome.dll 2018-09-22 15:46 - 2018-09-18 18:37 - 079711744 _____ (The Chromium Authors) [File not signed] C:\Users\Winson\AppData\Local\Chromium\Application\69.0.3497.100\chrome_child.dll 2018-09-22 15:46 - 2018-09-18 18:37 - 000568832 _____ (The Chromium Authors) [File not signed] C:\Users\Winson\AppData\Local\Chromium\Application\69.0.3497.100\chrome_elf.dll 2018-09-22 15:46 - 2018-09-18 18:37 - 001527808 _____ (The Chromium Authors) [File not signed] C:\Users\Winson\AppData\Local\Chromium\Application\chrome.exe 2019-05-15 18:22 - 2019-05-15 18:22 - 004064368 _____ (Tonec Inc. -> Tonec Inc.) [File not signed] C:\Program Files (x86)\Internet Download Manager\IDMan.exe ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-2804506713-796569667-501129852-1001\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-2804506713-796569667-501129852-1001\...\webcompanion.com -> hxxp://webcompanion.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %INTEL_DEV_REDIST%redist\intel64\compiler;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Microsoft VS Code\bin;C:\Program Files\Microsoft SQL Server\130\Tools\Binn\;C:\Program Files\dotnet\;D:\xampp\php;D:\xampp\mysql\bin;C:\ProgramData\ComposerSetup\bin;D:\Program Files\Git\cmd;C:\Program Files\nodejs\;C:\ProgramData\chocolatey\bin;C:\Program Files (x86)\Yarn\bin\;C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\130\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\140\Tools\Binn\;C:\Program Files\Microsoft SQL Server\140\Tools\Binn\;C:\Program Files\Microsoft SQL Server\140\DTS\Binn\;C:\Program Files (x86)\Microsoft SQL Server\150\DTS\Binn\ HKU\S-1-5-21-2804506713-796569667-501129852-1001\Control Panel\Desktop\\Wallpaper -> D:\Winson\Pictures\fb\41079321_1813710012010047_4568114163619987456_n.jpg HKU\S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg DNS Servers: 8.8.8.8 - 8.8.4.4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. HKLM\...\StartupApproved\StartupFolder: => "GameFirstIVstart.lnk" HKLM\...\StartupApproved\Run: => "Sonic Studio 3" HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run32: => "Lightshot" HKLM\...\StartupApproved\Run32: => "KeepVidProUpdateHelper.exe" HKLM\...\StartupApproved\Run32: => "Aimersoft Helper Compact.exe" HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud" HKU\S-1-5-21-2804506713-796569667-501129852-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-2804506713-796569667-501129852-1001\...\StartupApproved\Run: => "BlueJeans.Detector" HKU\S-1-5-21-2804506713-796569667-501129852-1001\...\StartupApproved\Run: => "LAN Messenger" HKU\S-1-5-21-2804506713-796569667-501129852-1001\...\StartupApproved\Run: => "Monotype SkyFonts System Extension" HKU\S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775\...\StartupApproved\Run: => "OneDriveSetup" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [TCP Query User{24DFFBAF-4123-4273-8AFA-C51D31B40231}C:\users\winson\appdata\local\chromium\application\chrome.exe] => (Allow) C:\users\winson\appdata\local\chromium\application\chrome.exe (The Chromium Authors) [File not signed] FirewallRules: [UDP Query User{3B2ED776-2C9D-4D22-AC40-9BB7CCA0D75B}C:\users\winson\appdata\local\chromium\application\chrome.exe] => (Allow) C:\users\winson\appdata\local\chromium\application\chrome.exe (The Chromium Authors) [File not signed] FirewallRules: [TCP Query User{D0799ED4-184C-4B5B-B4E3-000D8538FCCE}D:\program files\tixati\tixati.exe] => (Allow) D:\program files\tixati\tixati.exe (Tixati Software Inc. -> Tixati Software Inc.) FirewallRules: [UDP Query User{E36462C4-5E8C-4511-BB10-858E7097286D}D:\program files\tixati\tixati.exe] => (Allow) D:\program files\tixati\tixati.exe (Tixati Software Inc. -> Tixati Software Inc.) FirewallRules: [{9D1AE19E-30BD-4671-9F87-4C92B7B531CF}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{2ACB55E0-AD39-45C3-9968-4D69E440A1EA}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{5F3B9CCD-631B-469E-943E-886B5D9B3588}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{9C0F75C0-CA58-47EC-BEDE-2D3C229A0ADC}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{E1FA8CD5-ABB8-4188-988F-BB8907FCAF3B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{002951F2-E522-4B58-98D9-91F5920AB5B4}D:\xampp\mysql\bin\mysqld.exe] => (Allow) D:\xampp\mysql\bin\mysqld.exe (MariaDB Corporation Ab -> ) FirewallRules: [UDP Query User{72422EFA-0874-4B65-8B74-9225FDD0B17C}D:\xampp\mysql\bin\mysqld.exe] => (Allow) D:\xampp\mysql\bin\mysqld.exe (MariaDB Corporation Ab -> ) FirewallRules: [TCP Query User{AA5FF1AA-6F63-465F-8DC8-68ED2D429537}D:\xampp\apache\bin\httpd.exe] => (Allow) D:\xampp\apache\bin\httpd.exe (Apache Software Foundation) [File not signed] FirewallRules: [UDP Query User{2CA95E51-5D99-4975-9E35-1845D15DD9ED}D:\xampp\apache\bin\httpd.exe] => (Allow) D:\xampp\apache\bin\httpd.exe (Apache Software Foundation) [File not signed] FirewallRules: [{CFEEA2A2-96A9-40BD-842C-220C19E2A76C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) ==================== Restore Points ========================= 18-07-2019 11:07:12 18-7-2019 restore 01-08-2019 22:41:45 Windows Update ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/01/2019 10:52:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary aswblog. System Error: The system cannot find the file specified. . Error: (08/01/2019 10:41:47 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary aswblog. System Error: The system cannot find the file specified. . Error: (08/01/2019 10:35:25 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: ) Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -550. Error: (08/01/2019 10:35:25 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY) Description: User hive is loaded by another process (Registry Lock) Process name: C:\Windows\System32\svchost.exe, PID: 3824, ProfSvc PID: 1328. Error: (08/01/2019 10:35:25 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY) Description: User hive is loaded by another process (Registry Lock) Process name: C:\Program Files\AVAST Software\Avast\AvastSvc.exe, PID: 2900, ProfSvc PID: 1328. Error: (08/01/2019 10:35:25 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY) Description: User hive is loaded by another process (Registry Lock) Process name: C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe, PID: 4084, ProfSvc PID: 1328. Error: (07/17/2019 10:06:05 PM) (Source: SecurityCenter) (EventID: 17) (User: ) Description: Security Center failed to validate caller with error %1. Error: (07/17/2019 09:35:21 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT AUTHORITY) Description: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code 126). System errors: ============= Error: (08/01/2019 10:35:51 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-A0CN7GOR) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user LAPTOP-A0CN7GOR\Winson SID (S-1-5-21-2804506713-796569667-501129852-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (08/01/2019 10:35:02 PM) (Source: volmgr) (EventID: 46) (User: ) Description: Crash dump initialization failed! Error: (07/18/2019 11:08:03 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "1115" attempting to start the service SecurityHealthService with arguments "Unavailable" in order to run the server: {2D15188C-D298-4E10-83B2-64666CCBEBBD} Error: (07/18/2019 11:08:02 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "1115" attempting to start the service SecurityHealthService with arguments "Unavailable" in order to run the server: {2D15188C-D298-4E10-83B2-64666CCBEBBD} Error: (07/18/2019 11:08:02 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "1115" attempting to start the service SecurityHealthService with arguments "Unavailable" in order to run the server: {2D15188C-D298-4E10-83B2-64666CCBEBBD} Error: (07/18/2019 11:08:02 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "1115" attempting to start the service SecurityHealthService with arguments "Unavailable" in order to run the server: {2D15188C-D298-4E10-83B2-64666CCBEBBD} Error: (07/18/2019 11:08:02 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "1115" attempting to start the service SecurityHealthService with arguments "Unavailable" in order to run the server: {2D15188C-D298-4E10-83B2-64666CCBEBBD} Error: (07/18/2019 11:08:02 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "1115" attempting to start the service SecurityHealthService with arguments "Unavailable" in order to run the server: {2D15188C-D298-4E10-83B2-64666CCBEBBD} CodeIntegrity: =================================== Date: 2019-07-18 10:58:09.104 Description: Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes. Date: 2019-07-17 21:34:56.583 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\8f00b204e9800998.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-07-17 21:22:59.546 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\8f00b204e9800998.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== BIOS: American Megatrends Inc. GL503VD.305 10/16/2017 Motherboard: ASUSTeK COMPUTER INC. GL503VD Processor: Intel(R) Core(TM) i7-7700HQ CPU @ 2.80GHz Percentage of memory in use: 29% Total physical RAM: 20360.14 MB Available physical RAM: 14269.83 MB Total Virtual: 55176.14 MB Available Virtual: 48387.37 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:118.19 GB) (Free:14.51 GB) NTFS Drive d: (DATA) (Fixed) (Total:931.51 GB) (Free:701.62 GB) NTFS Drive e: (ESD-USB) (Removable) (Total:7.44 GB) (Free:3.31 GB) FAT32 \\?\Volume{427bc91b-c797-42cc-aa35-d808caf8c0d4}\ (RECOVERY) (Fixed) (Total:0.78 GB) (Free:0.39 GB) NTFS \\?\Volume{7598813d-4806-45b4-b020-4b9e638e8797}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 119.2 GB) (Disk ID: 3CD1437C) Partition: GPT. ======================================================== Disk: 1 (Size: 931.5 GB) (Disk ID: 40C71973) Partition: GPT. ======================================================== Disk: 2 (MBR Code: Windows 7/8/10) (Size: 7.5 GB) (Disk ID: 55F60548) Partition 1: (Active) - (Size=7.5 GB) - (Type=0C) ==================== End of Addition.txt ============================