Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-10-2019 Ran by Alex (30-10-2019 09:52:01) Running from D:\Downloads\Chrome Windows 10 Pro Version 1903 18362.449 (X64) (2019-10-29 13:33:28) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2000554322-72074022-1378442669-500 - Administrator - Disabled) Alex (S-1-5-21-2000554322-72074022-1378442669-1002 - Administrator - Enabled) => C:\Users\Alex DefaultAccount (S-1-5-21-2000554322-72074022-1378442669-503 - Limited - Disabled) Guest (S-1-5-21-2000554322-72074022-1378442669-501 - Limited - Disabled) WDAGUtilityAccount (S-1-5-21-2000554322-72074022-1378442669-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402} FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-2000554322-72074022-1378442669-1002\...\uTorrent) (Version: 3.5.5.45311 - BitTorrent Inc.) AdGuard (HKLM-x32\...\{1d7ee810-0b6a-4cf5-8e22-8905eb4734e1}) (Version: 6.3.1399.4073 - Adguard Software Ltd) AdGuard (HKLM-x32\...\{685F6AB3-7C61-42D1-AE5B-3864E48D1035}) (Version: 6.3.1399.4073 - Adguard Software Ltd) Hidden Adobe Photoshop CC 2018 (HKLM\...\{C0FE994F-A638-4DCD-84A9-912A80C92365}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden Alcor Micro USB Card Reader Driver (HKLM-x32\...\{AEEF33DD-E3B9-4049-B709-0E546C2B1AAB}) (Version: 20.25.401.14526 - Alcor Micro Corp.) Hidden Alcor Micro USB Card Reader Driver (HKLM-x32\...\InstallShield_{AEEF33DD-E3B9-4049-B709-0E546C2B1AAB}) (Version: 20.25.401.14526 - Alcor Micro Corp.) Application Verifier x64 External Package (HKLM\...\{62CB44B2-8007-DBB2-1CBA-5CB7309EB3C3}) (Version: 10.1.17134.12 - Microsoft) Hidden Application Verifier x64 External Package (HKLM\...\{B27BC1FC-8474-9E32-73C2-6F7CD58AD1E3}) (Version: 10.1.17763.132 - Microsoft) Hidden ASUS Device Activation (HKLM-x32\...\{9C4B0706-9F9A-47BF-B417-0A111FC52B04}) (Version: 1.0.4.0 - ASUSTeK COMPUTER INC.) ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.6.8 - ASUSTeK COMPUTER INC.) ASUS PTP Driver (HKLM-x32\...\{7618E419-9124-4E6C-9AF4-487A6DDEC1C5}) (Version: 11.0.25 - ASUSTek COMPUTER INC.) ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.23.0001 - ASUS) ATK Package (ASUS Keyboard Hotkeys) (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0060 - ASUSTeK COMPUTER INC.) Avast Cleanup Premium (HKLM-x32\...\{075CC190-59EE-499F-828B-0B5C098C8C15}_is1) (Version: 19.1.7734 - AVAST Software) Avast Driver Updater (HKLM-x32\...\{630C3D8E-2BEE-465F-9E59-BB069ED10761}) (Version: 2.5.6 - AVAST Software) Hidden Avast Driver Updater (HKLM-x32\...\Avast Driver Updater) (Version: 2.5.6 - AVAST Software) Avast Internet Security (HKLM-x32\...\Avast Antivirus) (Version: 19.8.2393 - AVAST Software) CCleaner (HKLM\...\CCleaner) (Version: 5.59 - Piriform) ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{D256A5B9-68DA-4F6C-A447-A93E5639A46D}) (Version: 4.7.03083 - Microsoft Corporation) Hidden Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.94.51 - Conexant) Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform) DiagnosticsHub_CollectionService (HKLM\...\{440C5592-4EA5-4772-B256-969D66068843}) (Version: 15.9.28016 - Microsoft Corporation) Hidden Entity Framework 6.2.0 Tools for Visual Studio 2017 (HKLM-x32\...\{B843915F-00A1-44B1-994C-1AE0A6400AE3}) (Version: 6.2.61807.0 - Microsoft Corporation) Hidden Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Gameloop (HKLM-x32\...\MobileGamePC) (Version: 1.0.0.1 - Tencent Technology Company) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 77.0.3865.120 - Google LLC) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.301 - Google LLC) Hidden Grammarly (HKU\S-1-5-21-2000554322-72074022-1378442669-1002\...\GrammarlyForWindows) (Version: 1.5.48 - Grammarly) icecap_collection_neutral (HKLM-x32\...\{A3B4D258-74E1-49D6-9A86-2DFEFEE48DEC}) (Version: 15.8.27906 - Microsoft Corporation) Hidden icecap_collection_x64 (HKLM\...\{E524832A-C567-499A-8872-0D79596E4DEE}) (Version: 15.8.27906 - Microsoft Corporation) Hidden icecap_collectionresources (HKLM-x32\...\{469961DF-482F-4213-ACD4-4AFD443F2A88}) (Version: 15.8.27924 - Microsoft Corporation) Hidden icecap_collectionresourcesx64 (HKLM-x32\...\{12246E9A-D1A6-4D96-8CEA-CCFD064B16E2}) (Version: 15.8.27924 - Microsoft Corporation) Hidden Intel Driver && Support Assistant (HKLM-x32\...\{6B913517-E442-4045-A3A6-4C9EC4C4F0CC}) (Version: 19.10.42.4 - Intel) Hidden Intel(R) Chipset Device Software (HKLM-x32\...\{17408817-d415-4768-a160-ae6d46d6bdb0}) (Version: 10.1.1.44 - Intel(R) Corporation) Hidden Intel(R) Computing Improvement Program (HKLM\...\{A9133872-C9FE-45CC-8F01-D1947B0F09EA}) (Version: 2.4.04755 - Intel Corporation) Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000040-0210-1037-84C8-B8D95FA3C8C3}) (Version: 21.40.0.1 - Intel Corporation) Intel® Driver & Support Assistant (HKLM-x32\...\{9758f1c4-4afb-42ef-99ca-a0e88d687809}) (Version: 19.10.42.4 - Intel) Intel® PROSet/Wireless Software (HKLM-x32\...\{d5c53162-d8b4-4547-8a40-917a25c0172e}) (Version: 20.60.0 - Intel Corporation) IntelliJ IDEA Community Edition 2019.2 (HKLM-x32\...\IntelliJ IDEA Community Edition 2019.2) (Version: 192.5728.98 - JetBrains s.r.o.) IntelliTraceProfilerProxy (HKLM-x32\...\{ACBAA378-519A-441D-9349-C0AAD8DEAD04}) (Version: 15.0.17289.01 - Microsoft Corporation) Hidden Java 8 Update 231 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180231F0}) (Version: 8.0.2310.11 - Oracle Corporation) Java 8 Update 231 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180231F0}) (Version: 8.0.2310.11 - Oracle Corporation) Java(TM) SE Development Kit 10.0.2 (64-bit) (HKLM\...\{71307D56-8005-5F5E-9227-BFA2754D6E54}) (Version: 10.0.2.0 - Oracle Corporation) Kits Configuration Installer (HKLM-x32\...\{29B915AE-013F-151F-3E61-67F7363C3A09}) (Version: 10.1.17763.132 - Microsoft) Hidden Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Lightshot-5.5.0.4 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.5.0.4 - Skillbrains) Microsoft .NET Core SDK 2.1.403 (x64) (HKLM-x32\...\{2eabe091-c571-4b9d-bdaa-5df5d11c84d4}) (Version: 2.1.403 - Microsoft Corporation) Microsoft .NET Core SDK 2.1.500 (x64) (HKLM-x32\...\{d83984c4-b4ab-41e1-8d62-84f151ca642b}) (Version: 2.1.500 - Microsoft Corporation) Microsoft .NET Core SDK 2.1.502 (x64) (HKLM-x32\...\{6e700b89-6f3c-4dff-b957-44b77c8a4b0e}) (Version: 2.1.502 - Microsoft Corporation) Microsoft Office Professional Plus 2019 - en-us (HKLM\...\ProPlus2019Retail - en-us) (Version: 16.0.12026.20344 - Microsoft Corporation) Microsoft Office Professional Plus 2019 - he-il (HKLM\...\ProPlus2019Retail - he-il) (Version: 16.0.12026.20344 - Microsoft Corporation) Microsoft OneDrive (HKLM-x32\...\OneDriveSetup.exe) (Version: 19.174.0902.0013 - Microsoft Corporation) Microsoft SQL Server 2012 Native Client (HKLM\...\{1385D3DB-8E80-427B-91D2-B7535862B8E4}) (Version: 11.3.6518.0 - Microsoft Corporation) Microsoft SQL Server 2016 LocalDB (HKLM\...\{9097BF1A-13A0-4A4A-A1F8-473E2A669863}) (Version: 13.1.4001.0 - Microsoft Corporation) Microsoft System CLR Types for SQL Server vNext CTP1.6 (HKLM\...\{98DD6908-C582-452A-954D-E79E6DF0310A}) (Version: 15.0.600.33 - Microsoft Corporation) Microsoft System CLR Types for SQL Server vNext CTP1.6 (HKLM-x32\...\{640EECB8-1962-4D23-ACB2-310107EC7ED9}) (Version: 15.0.600.33 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27012 (HKLM-x32\...\{427ada59-85e7-4bc8-b8d5-ebf59db60423}) (Version: 14.16.27012.6 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27012 (HKLM-x32\...\{67f67547-9693-4937-aa13-56e296bd40f6}) (Version: 14.16.27012.6 - Microsoft Corporation) Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.18.1089.1204 - Microsoft Corporation) MSI Development Tools (HKLM-x32\...\{1E406B46-65F4-91CE-65DA-DB66D5443B68}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden MSI Development Tools (HKLM-x32\...\{6C961B30-A670-8A05-3BFE-3947E84DD4E4}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.19 - NVIDIA Corporation) Hidden NVIDIA GeForce Experience 3.20.0.118 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.0.118 - NVIDIA Corporation) NVIDIA Graphics Driver 440.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 440.97 - NVIDIA Corporation) NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.12026.20344 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.12026.20344 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.12026.20344 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-040D-1000-0000000FF1CE}) (Version: 16.0.12026.20344 - Microsoft Corporation) Hidden Oracle VM VirtualBox 6.0.12 (HKLM\...\{E572CA5C-A60B-4C3B-9E9E-1302BBE4DBEE}) (Version: 6.0.12 - Oracle Corporation) Rainmeter (HKLM-x32\...\Rainmeter) (Version: 4.3 beta r3260 - Rainmeter) Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform) Revo Uninstaller Pro 4.1.0 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 4.1.0 - VS Revo Group, Ltd.) SDK ARM Additions (HKLM-x32\...\{0B5D6FB7-05A5-271B-5B99-82384219A471}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden SDK ARM Redistributables (HKLM-x32\...\{4A5F6E94-7967-A333-8231-CA9AF35E03BD}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden SourceGear DiffMerge 4.2.0.697.stable (x64) (HKLM\...\{F6BEC317-F689-4158-B1F0-F229B794CFBA}) (Version: 4.2.0.697 - SourceGear, LLC) Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) TypeScript SDK (HKLM-x32\...\{3CBDDAE8-99AE-4168-BDA7-8352BF15BE73}) (Version: 3.1.2.0 - Microsoft Corporation) Hidden TypeScript SDK (HKLM-x32\...\{A3055644-FB53-420D-8724-EBEAB330D64F}) (Version: 3.0.3.0 - Microsoft Corporation) Hidden Universal CRT Extension SDK (HKLM-x32\...\{18ABFDF6-23D9-87E6-015E-FFE3C7F153D5}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden Universal CRT Extension SDK (HKLM-x32\...\{7D225043-6CC5-7B56-11DD-AFF90E4C1C0C}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden Universal CRT Headers Libraries and Sources (HKLM-x32\...\{0D6B41AF-D117-8944-A059-3F9346A896C5}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden Universal CRT Headers Libraries and Sources (HKLM-x32\...\{CB19DBA2-C210-5646-9522-695A1317CD34}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden Universal CRT Redistributable (HKLM-x32\...\{5F577A45-3C65-352B-061D-D6A57F05402C}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden Universal CRT Redistributable (HKLM-x32\...\{B6273353-8B54-1F89-1A16-5940925104CE}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden Universal CRT Tools x64 (HKLM\...\{3B588BBE-EB02-D1B2-5CD5-7DB85AD8A3E7}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden Universal CRT Tools x86 (HKLM-x32\...\{D2DC1EDF-EE04-9B5F-BDD7-06645D859EC3}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden Universal General MIDI DLS Extension SDK (HKLM-x32\...\{775886B8-DEE1-CB20-8A94-FC09FA54ECF6}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden Universal General MIDI DLS Extension SDK (HKLM-x32\...\{CE83D0BD-418A-F3D1-D6CE-687E96D1EBD0}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9CBA860F-7437-4A75-941C-8EF559F2D145}) (Version: 2.52.0.0 - Microsoft Corporation) vcpp_crt.redist.clickonce (HKLM-x32\...\{16E08161-F78C-4FFC-8E12-F9BEA280795F}) (Version: 14.16.27012 - Microsoft Corporation) Hidden Visual Studio Enterprise 2017 (HKLM-x32\...\8bbda070) (Version: 15.9.28307.222 - Microsoft Corporation) VS Immersive Activate Helper (HKLM-x32\...\{54FBC9A9-CCA1-417E-ACA6-203A32A39F37}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden VS JIT Debugger (HKLM\...\{4B816AD0-D12B-498A-8148-7CBE3ED328DE}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden VS Script Debugging Common (HKLM\...\{8B657335-3813-4CF4-A6FE-2AA44BE23F94}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden vs_BlendMsi (HKLM-x32\...\{C5D83E0F-12E7-4BA3-98E6-DAE0E73B5BF9}) (Version: 15.0.27205 - Microsoft Corporation) Hidden vs_clickoncebootstrappermsi (HKLM-x32\...\{A68D7884-F036-4A0D-AE1A-410E0311E135}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_clickoncebootstrappermsires (HKLM-x32\...\{91DDDFB5-1782-48C2-BA2A-8F4D9DE39D27}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_clickoncesigntoolmsi (HKLM-x32\...\{6A1ECF65-2CBF-4B33-9D4A-D1C0A0E5FE45}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_codecoveragemsi (HKLM-x32\...\{B2DB38F7-4225-4EA6-A7B2-F9A0E089DD89}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_codeduitestframeworkmsi (HKLM-x32\...\{4379D9C7-B16D-486C-BC6D-43550A4C55EE}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_communitymsi (HKLM-x32\...\{71797C29-380A-492C-B35A-F5E4A7B57BDC}) (Version: 15.9.28307 - Microsoft Corporation) Hidden vs_communitymsires (HKLM-x32\...\{40040E64-50EB-4FCF-B209-DA0B20821759}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_cuitcommoncoremsi (HKLM-x32\...\{060D7518-16AC-41F1-9956-38CA636FCF7B}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_cuitextensionmsi (HKLM-x32\...\{88484E59-774D-4947-AF0E-4524D6C3147D}) (Version: 15.8.27729 - Microsoft Corporation) Hidden vs_cuitextensionmsi_x64 (HKLM-x32\...\{184D5702-3AD2-4F0D-95E6-11E1C75A9298}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_devenvmsi (HKLM-x32\...\{BFFA2FFB-1095-4ADD-A352-368806D2412B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_enterprisemsi (HKLM-x32\...\{6E0FB913-0E76-44B5-B0D4-2B71A7984BD2}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_filehandler_amd64 (HKLM-x32\...\{A254DA0E-26A1-43C3-95BE-7A24D5599473}) (Version: 15.9.28302 - Microsoft Corporation) Hidden vs_filehandler_x86 (HKLM-x32\...\{1F42A73E-CF26-4D67-BA79-752CA56B639F}) (Version: 15.9.28302 - Microsoft Corporation) Hidden vs_FileTracker_Singleton (HKLM-x32\...\{A41E138F-5A3F-443C-B72D-957AB994FB5A}) (Version: 15.9.28128 - Microsoft Corporation) Hidden vs_Graphics_Singletonx64 (HKLM\...\{B6BAC9A6-A70D-4E4D-B90A-7EE2B336E090}) (Version: 15.8.27729 - Microsoft Corporation) Hidden vs_Graphics_Singletonx86 (HKLM-x32\...\{3161DA68-DD37-4798-82DB-B3A0BD6BA233}) (Version: 15.8.27729 - Microsoft Corporation) Hidden vs_minshellinteropmsi (HKLM-x32\...\{3A78DA3D-C8D4-429D-B536-6E59A0088451}) (Version: 15.8.27825 - Microsoft Corporation) Hidden vs_minshellmsi (HKLM-x32\...\{68B8AD33-CE97-4C3D-9583-669C39D21BA5}) (Version: 15.9.28302 - Microsoft Corporation) Hidden vs_minshellmsires (HKLM-x32\...\{6DFE6F8D-B61D-4348-AB70-4ABF1210DFD5}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_networkemulationmsi_x64 (HKLM-x32\...\{674BB892-7904-4B94-8077-9DA3D2CBFC70}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_professionalmsi (HKLM-x32\...\{C135A30B-7258-4E11-8660-87C5642A4AAE}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{5779B6DD-604A-41CE-BC3D-9D4BDDA22AD2}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_tipsmsi (HKLM-x32\...\{1AC6CC3D-7724-4D84-9270-798A2191AB1C}) (Version: 15.0.27005 - Microsoft Corporation) Hidden Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-2) (Version: 1.0.65.1 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-3) (Version: 1.0.65.1 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-4) (Version: 1.0.65.1 - LunarG, Inc.) Hidden WinAppDeploy (HKLM-x32\...\{5AD4A604-B476-1578-2A20-6B02FC6258BE}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinAppDeploy (HKLM-x32\...\{716AE8F2-1BE3-7657-DF6B-F23DEEC75AF9}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22899 - Microsoft Corporation) Windows Driver Package - ASUSTek COMPUTER INC. (AsusPTPDrv) HIDClass (10/25/2017 11.0.0.21) (HKLM\...\38D64A6EF13E2FAA5DE3820CB44E2994223DD766) (Version: 10/25/2017 11.0.0.21 - ASUSTek COMPUTER INC.) Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (01/27/2014 9.0.0000.00000) (HKLM\...\9CA77E2A8332A0824C54DA611BBE4CA24AB1F750) (Version: 01/27/2014 9.0.0000.00000 - Google, Inc.) Windows Driver Package - libusb-win32 WorldCup Device (02/23/2013 1.2.6.0) (HKLM\...\607E81836F3E58EDC7289F7B7047149AE2C7F301) (Version: 02/23/2013 1.2.6.0 - libusb-win32) Windows Mobile Connectivity Tools 10.0.15254.0 - Desktop x86 (HKLM-x32\...\{833F02C5-2C39-49F6-BD64-91D351081274}) (Version: 10.1.15254.1 - Microsoft Corporation) Windows SDK AddOn (HKLM-x32\...\{E77C2F78-6089-48F8-89DF-DDF2850DFFD9}) (Version: 10.1.0.0 - Microsoft Corporation) Windows Software Development Kit - Windows 10.0.17134.12 (HKLM-x32\...\{5f83ccda-0498-4b97-a298-16a642bf49f2}) (Version: 10.1.17134.12 - Microsoft Corporation) Windows Software Development Kit - Windows 10.0.17763.132 (HKLM-x32\...\{5fe95b9d-9219-4d8b-a031-71323ae48a81}) (Version: 10.1.17763.132 - Microsoft Corporation) WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.2.9.0 - ASUSTeK COMPUTER INC.) WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH) WinRT Intellisense Desktop - en-us (HKLM-x32\...\{00B12DF9-5428-9406-DE2C-8E8A1A062B05}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense Desktop - en-us (HKLM-x32\...\{389D182F-0ADA-5C7E-FF32-2573A821592C}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{C3776B36-B34E-00E2-3009-95A6F1870B58}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{E82A4A6C-C21C-35FE-B805-3E44318F6D63}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense IoT - en-us (HKLM-x32\...\{7E898893-9C42-A572-7F57-FDE55CE812F7}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense IoT - en-us (HKLM-x32\...\{965D1746-D94A-49B9-2A48-A14914CA3B57}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{84C6B91B-67DA-DDE3-86F1-87A3E307E8C1}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{E8B1CB29-5C24-D882-3CEF-F8A7263BC63D}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense Mobile - en-us (HKLM-x32\...\{3755CD99-C62E-3312-DDD3-29A4F259270D}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinRT Intellisense Mobile - en-us (HKLM-x32\...\{F6F11150-93DE-0507-FCA0-F746E0207017}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense PPI - en-us (HKLM-x32\...\{729DA966-8590-2C1F-2178-16C1D32FD7FD}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinRT Intellisense PPI - en-us (HKLM-x32\...\{8329C3A0-8582-D1C2-67FF-800654BFDF45}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{771C9DEF-7C0B-85DA-6426-7A20F06BEC94}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{F1C18506-3168-A9D9-E2D9-D23A512A326E}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinRT Intellisense UAP - en-us (HKLM-x32\...\{4095D263-6A13-78D3-DEDA-AA3452011F6E}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinRT Intellisense UAP - en-us (HKLM-x32\...\{B047C746-63E8-41C7-A5C0-7ABD390CF3E6}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{0063AF94-397B-9C64-1C71-D404B27C5D96}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{C3243E23-2EB6-4419-2692-40944923B112}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden Packages: ========= EdgeDevtoolsPlugin -> C:\WINDOWS\SystemApps\Microsoft.EdgeDevtoolsPlugin_cw5n1h2txyewy [2019-10-29] (Microsoft Corporation) HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_100.1.575.0_x64__v10z8vjag6ke6 [2019-06-28] (HP Inc.) Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe [2019-07-09] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-22] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-22] (Microsoft Corporation) [MS Ad] Microsoft Midi gm.dls -> C:\Program Files\WindowsApps\Microsoft.Midi.GmDls_1.0.1.0_neutral__8wekyb3d8bbwe [2019-05-19] (Microsoft Platform Extensions) Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.31.11723.0_x64__8wekyb3d8bbwe [2019-06-27] (Microsoft Corporation) [MS Ad] Microsoft To-Do -> C:\Program Files\WindowsApps\Microsoft.Todos_1.60.21782.0_x64__8wekyb3d8bbwe [2019-07-03] (Microsoft Corporation) MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.28.10351.0_x64__8wekyb3d8bbwe [2019-02-13] (Microsoft Corporation) [MS Ad] PDF Document Scanner -> C:\Program Files\WindowsApps\61083ApeApps.PDFDocumentScanner_4.19.0.0_x64__d2yynfvsn01f4 [2019-07-13] (Ape Apps) [MS Ad] Photo Editor | Polarr -> C:\Program Files\WindowsApps\613EBCEA.PolarrPhotoEditorAcademicEdition_5.5.8.0_x64__jb41c8remg0x2 [2019-06-25] (Polarr) Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2019-05-23] (Microsoft Corporation) WhatsApp Desktop -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_0.3.3794.0_x64__cv1g1gvanyjgm [2019-07-09] (WhatsApp Inc.) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2000554322-72074022-1378442669-1002_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Alex\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-2000554322-72074022-1378442669-1002_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe (IDSA Production signing key -> Intel) CustomCLSID: HKU\S-1-5-21-2000554322-72074022-1378442669-1002_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Alex\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-2000554322-72074022-1378442669-1002_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Alex\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll => No File SSODL: EldosMountNotificator-cbfs6 - {3041C05F-484E-4B19-A0B9-C51C3506C05B} - C:\WINDOWS\system32\cbfsMntNtf6.dll (EldoS Corporation -> /n software, Inc.) SSODL-x32: EldosMountNotificator-cbfs6 - {3041C05F-484E-4B19-A0B9-C51C3506C05B} - C:\WINDOWS\SysWOW64\cbfsMntNtf6.dll (EldoS Corporation -> /n software, Inc.) ShellServiceObjects: Virtual Storage Mount Notification -> {3041C05F-484E-4B19-A0B9-C51C3506C05B} => C:\WINDOWS\system32\cbfsMntNtf6.dll [2016-09-09] (EldoS Corporation -> /n software, Inc.) ShellServiceObjects-x32: Virtual Storage Mount Notification -> {3041C05F-484E-4B19-A0B9-C51C3506C05B} => C:\WINDOWS\SysWOW64\cbfsMntNtf6.dll [2016-09-09] (EldoS Corporation -> /n software, Inc.) ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files (x86)\Microsoft OneDrive\19.174.0902.0013\amd64\FileSyncShell64.dll [2019-10-28] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files (x86)\Microsoft OneDrive\19.174.0902.0013\amd64\FileSyncShell64.dll [2019-10-28] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files (x86)\Microsoft OneDrive\19.174.0902.0013\amd64\FileSyncShell64.dll [2019-10-28] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files (x86)\Microsoft OneDrive\19.174.0902.0013\amd64\FileSyncShell64.dll [2019-10-28] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files (x86)\Microsoft OneDrive\19.174.0902.0013\amd64\FileSyncShell64.dll [2019-10-28] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files (x86)\Microsoft OneDrive\19.174.0902.0013\amd64\FileSyncShell64.dll [2019-10-28] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files (x86)\Microsoft OneDrive\19.174.0902.0013\amd64\FileSyncShell64.dll [2019-10-28] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files (x86)\Microsoft OneDrive\19.174.0902.0013\amd64\FileSyncShell64.dll [2019-10-28] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files (x86)\Microsoft OneDrive\19.174.0902.0013\amd64\FileSyncShell64.dll [2019-10-28] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files (x86)\Microsoft OneDrive\19.174.0902.0013\amd64\FileSyncShell64.dll [2019-10-28] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files (x86)\Microsoft OneDrive\19.174.0902.0013\amd64\FileSyncShell64.dll [2019-10-28] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files (x86)\Microsoft OneDrive\19.174.0902.0013\amd64\FileSyncShell64.dll [2019-10-28] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files (x86)\Microsoft OneDrive\19.174.0902.0013\amd64\FileSyncShell64.dll [2019-10-28] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files (x86)\Microsoft OneDrive\19.174.0902.0013\amd64\FileSyncShell64.dll [2019-10-28] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-29] (AVAST Software s.r.o. -> AVAST Software) ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs6] -> {9570AEB6-09DB-44CD-8B62-1C5B6757F2F6} => C:\WINDOWS\system32\cbfsMntNtf6.dll [2016-09-09] (EldoS Corporation -> /n software, Inc.) ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files (x86)\Microsoft OneDrive\19.174.0902.0013\amd64\FileSyncShell64.dll [2019-10-28] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files (x86)\Microsoft OneDrive\19.174.0902.0013\amd64\FileSyncShell64.dll [2019-10-28] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files (x86)\Microsoft OneDrive\19.174.0902.0013\amd64\FileSyncShell64.dll [2019-10-28] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files (x86)\Microsoft OneDrive\19.174.0902.0013\amd64\FileSyncShell64.dll [2019-10-28] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files (x86)\Microsoft OneDrive\19.174.0902.0013\amd64\FileSyncShell64.dll [2019-10-28] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files (x86)\Microsoft OneDrive\19.174.0902.0013\amd64\FileSyncShell64.dll [2019-10-28] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files (x86)\Microsoft OneDrive\19.174.0902.0013\amd64\FileSyncShell64.dll [2019-10-28] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs6] -> {9570AEB6-09DB-44CD-8B62-1C5B6757F2F6} => C:\WINDOWS\system32\cbfsMntNtf6.dll [2016-09-09] (EldoS Corporation -> /n software, Inc.) ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\19.174.0902.0013\amd64\FileSyncShell64.dll [2019-10-28] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-29] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd -> Piriform Ltd) ContextMenuHandlers1-x32: [SourceGearDiffMergeShellExtension32] -> {2F410E77-24FD-4788-8412-3810115E7BCB} => C:\Program Files (x86)\SourceGear\Common\DiffMerge\SourceGearDiffMergeShellExtension32.dll [2013-10-23] (SourceGear LLC) [File not signed] ContextMenuHandlers1: [SourceGearDiffMergeShellExtension64] -> {41E0355D-F488-487D-B7BA-D235D5834F1D} => C:\Program Files\SourceGear\Common\DiffMerge\SourceGearDiffMergeShellExtension64.dll [2013-10-23] (SourceGear LLC) [File not signed] ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-29] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\19.174.0902.0013\amd64\FileSyncShell64.dll [2019-10-28] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-01] (Piriform Ltd -> Piriform Ltd) ContextMenuHandlers4-x32: [SourceGearDiffMergeShellExtension32] -> {2F410E77-24FD-4788-8412-3810115E7BCB} => C:\Program Files (x86)\SourceGear\Common\DiffMerge\SourceGearDiffMergeShellExtension32.dll [2013-10-23] (SourceGear LLC) [File not signed] ContextMenuHandlers4: [SourceGearDiffMergeShellExtension64] -> {41E0355D-F488-487D-B7BA-D235D5834F1D} => C:\Program Files\SourceGear\Common\DiffMerge\SourceGearDiffMergeShellExtension64.dll [2013-10-23] (SourceGear LLC) [File not signed] ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\19.174.0902.0013\amd64\FileSyncShell64.dll [2019-10-28] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_c9081e50bcffa972\igfxDTCM.dll [2018-04-17] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-10-17] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-29] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd -> Piriform Ltd) ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-01] (Piriform Ltd -> Piriform Ltd) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\b04caf901f490205\Magic Actions for YouTube™.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=abjcfabbhafbcdfjoecdgepllmpfceif ==================== Loaded Modules (Whitelisted) ============= 2017-03-15 17:08 - 2017-03-15 17:08 - 000732672 _____ () [File not signed] C:\Program Files (x86)\Adguard\brolib32.dll 2017-10-03 12:45 - 2017-10-03 12:45 - 000147968 _____ () [File not signed] C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll 2017-10-24 11:24 - 2017-10-24 11:24 - 000036864 _____ () [File not signed] C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll 2017-06-21 10:51 - 2017-06-21 10:51 - 000029184 _____ () [File not signed] C:\Program Files (x86)\ASUS\Splendid\VideoEnhance.dll 2019-10-29 12:32 - 2016-09-12 15:53 - 048936448 _____ () [File not signed] C:\Program Files (x86)\AVAST Software\Avast Cleanup\libcef.dll 2018-10-16 14:41 - 2018-10-16 14:41 - 000315392 _____ () [File not signed] C:\Program Files\Rainmeter\Plugins\ActionTimer.DLL 2018-10-16 14:42 - 2018-10-16 14:42 - 000023552 _____ () [File not signed] C:\Program Files\Rainmeter\Plugins\InputText.DLL 2017-10-24 11:24 - 2017-10-24 11:24 - 000073216 _____ (ASUS TeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\Splendid\ApplyLUT.dll 2017-10-24 11:24 - 2017-10-24 11:24 - 000242688 _____ (ASUS TeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\Splendid\GenLUT.dll 2017-10-24 11:24 - 2017-10-24 11:24 - 000407040 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\Splendid\ColorU.dll 2019-10-29 15:36 - 2018-03-13 10:21 - 001173504 _____ (Conexant Systems, Inc.) [File not signed] C:\Program Files\Conexant\SAII\CxHDAudioAPI.dll 2017-11-01 20:58 - 2017-11-01 20:58 - 001141248 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\Adguard\SQLite.Interop.dll 2017-10-24 11:24 - 2017-10-24 11:24 - 000403968 _____ (TODO: ) [File not signed] C:\Program Files (x86)\ASUS\Splendid\ColorUGameDLL.dll 2017-10-24 11:24 - 2017-10-24 11:24 - 000029184 _____ (TODO: ) [File not signed] C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll ==================== Alternate Data Streams (Whitelisted) ======== (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [220] ==================== Safe Mode (Whitelisted) ================== ==================== Association (Whitelisted) ================= ==================== Internet Explorer trusted/restricted ========== ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2017-09-29 15:46 - 2019-09-16 14:23 - 000002112 ____R C:\WINDOWS\system32\drivers\etc\hosts 0.0.0.0 api.adguard.com 0.0.0.0 adclick.g.doublecklick.net 0.0.0.0 adeventtracker.spotify.com 0.0.0.0 ads-fa.spotify.com 0.0.0.0 analytics.spotify.com 0.0.0.0 audio2.spotify.com 0.0.0.0 b.scorecardresearch.com 0.0.0.0 bounceexchange.com 0.0.0.0 bs.serving-sys.com 0.0.0.0 content.bitsontherun.com 0.0.0.0 core.insightexpressai.com 0.0.0.0 crashdump.spotify.com 0.0.0.0 d2gi7ultltnc2u.cloudfront.net 0.0.0.0 d3rt1990lpmkn.cloudfront.net 0.0.0.0 desktop.spotify.com 0.0.0.0 doubleclick.net 0.0.0.0 ds.serving-sys.com 0.0.0.0 googleadservices.com 0.0.0.0 googleads.g.doubleclick.net 0.0.0.0 gtssl2-ocsp.geotrust.com 0.0.0.0 log.spotify.com 0.0.0.0 media-match.com 0.0.0.0 omaze.com 0.0.0.0 pagead46.l.doubleclick.net 0.0.0.0 pagead2.googlesyndication.com 0.0.0.0 partner.googleadservices.com 0.0.0.0 pubads.g.doubleclick.net 0.0.0.0 redirector.gvt1.com 0.0.0.0 s0.2mdn.net 0.0.0.0 securepubads.g.doubleclick.net 2019-05-17 10:06 - 2019-05-17 10:06 - 000000438 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\SourceGear\Common\DiffMerge\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files\dotnet\;C:\Program Files\Microsoft SQL Server\130\Tools\Binn\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Users\Alex\AppData\Local\Microsoft\WindowsApps;C:\adb;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\ HKU\S-1-5-21-2000554322-72074022-1378442669-1002\Control Panel\Desktop\\Wallpaper -> D:\Media\Saved Pictures\cityscapes_old_Czech_history_flags_town_Prague_rivers_6022x3988(1).png DNS Servers: 10.100.102.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run: => "system_jconsole.jar" HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0" HKLM\...\StartupApproved\Run32: => "Intel Driver & Support Assistant" HKU\S-1-5-21-2000554322-72074022-1378442669-1002\...\StartupApproved\Run: => "Spotify Web Helper" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [OpenSSH-Server-In-TCP] => (Allow) %SystemRoot%\system32\OpenSSH\sshd.exe No File FirewallRules: [{A6E742F5-7ADD-4DB8-AB7B-FF655E0E9A94}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) Software Development Products -> ) FirewallRules: [{68A5A69C-8CED-415B-B5F7-D409F8482878}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) Software Development Products -> ) FirewallRules: [{7A2577C3-672C-44F9-8AFD-409BDEE81755}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) Software Development Products -> ) FirewallRules: [{524F3A9F-6BED-4CC9-A43F-B126D2BE2EC4}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) Software Development Products -> ) FirewallRules: [{577D2496-EF0D-493A-953E-9663512467D1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{4DA68222-27A5-4A79-800F-D846E7C88DB6}] => (Allow) d:\program files\txgameassistant\appmarket\GF186\TUpdate.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent) FirewallRules: [{D640598E-ECDD-44D3-904B-F05328506E3D}] => (Allow) d:\program files\txgameassistant\appmarket\GameDownload.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent) FirewallRules: [{9B7633EE-8D21-4947-885C-01CDB5D072FE}] => (Allow) d:\program files\txgameassistant\appmarket\QQExternal.exe (Tencent Technology(Shenzhen) Company Limited -> ) FirewallRules: [{4742B0C1-6577-463F-BF31-62287CF0DD45}] => (Allow) d:\program files\txgameassistant\appmarket\bugreport.exe (Tencent Technology(Shenzhen) Company Limited -> 腾讯公司) FirewallRules: [{B7D58553-EF6B-4EEC-A18C-32C3E587F92C}] => (Allow) d:\program files\txgameassistant\appmarket\TInst.exe (Tencent Technology(Shenzhen) Company Limited -> ) FirewallRules: [{5CF9BE72-29DB-4065-87AF-A5A03312D357}] => (Allow) d:\program files\txgameassistant\appmarket\AppMarket.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent) FirewallRules: [{38091BCD-8AA0-4448-8742-317ECCAC3325}] => (Allow) d:\program files\txgameassistant\ui\TxGaDcc.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent) FirewallRules: [{BB18E79F-3B42-4D8A-9788-135C18DEB62D}] => (Allow) d:\program files\txgameassistant\ui\bugreport.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent) FirewallRules: [{8F2CA185-87A5-4D03-93D4-CF774A38283B}] => (Allow) d:\program files\txgameassistant\ui\TInst.exe (Tencent Technology(Shenzhen) Company Limited -> ) FirewallRules: [{5299FF4D-8636-4309-89C7-8F01FC5FFF9F}] => (Allow) d:\program files\txgameassistant\ui\adb.exe () [File not signed] FirewallRules: [{BE90AC7D-C2D8-488E-90E3-8AA44F3E38DD}] => (Allow) d:\program files\txgameassistant\ui\AndroidEmulator.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent) FirewallRules: [{F8E027E1-F7EC-4B68-B313-22CED4DD06D3}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe No File FirewallRules: [{F074CC3B-C0FC-4976-9A72-0BF1DB857327}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe No File FirewallRules: [{C78341EC-A155-49CD-A73C-BE3BC73DACF5}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe No File FirewallRules: [{7474C3D8-ABF0-4B7F-9A4F-135BC132FEC2}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe No File FirewallRules: [{7FD0DED7-51B2-4B98-B131-EA3B8AA629E9}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe No File FirewallRules: [{BD26B09B-AFD1-4B43-82ED-8DB0B7A458F9}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe No File FirewallRules: [{1624C483-F0D1-4B39-83E6-81E7091103BE}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe No File FirewallRules: [{CAFAE633-21C8-4A2B-89DB-C9D29CD069CF}] => (Allow) C:\Program Files (x86)\Bignox\BigNoxVM\RT\NoxVMHandle.exe No File FirewallRules: [{0455BF38-F4D9-4BCF-9992-E56A10F8C4A1}] => (Allow) D:\Program Files\Nox\bin\Nox.exe No File FirewallRules: [{5DB6114C-5745-498A-893E-44A6402BD520}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{2C854FE7-FCB8-44EA-8F68-A4C7EEEC7D1A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{79DE7D3E-9DBE-40A9-A4E6-A05876FC2959}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{57999D92-A754-4B3C-AB83-63380E558862}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{0F80F91A-ED6B-4622-BC3E-2C7B11C9E1FF}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{5938A0AE-CEBD-43A7-9C6F-E06151ABB66C}] => (Allow) d:\program files\txgameassistant\appmarket\GF186\TUpdate.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent) FirewallRules: [{F22A64ED-7B1A-4173-9E44-D60F0B95A23A}] => (Allow) d:\program files\txgameassistant\appmarket\GameDownload.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent) FirewallRules: [{6720C6AE-4B5D-4B6A-9920-5F8265284079}] => (Allow) d:\program files\txgameassistant\appmarket\QQExternal.exe (Tencent Technology(Shenzhen) Company Limited -> ) FirewallRules: [{FA7DD936-1693-4101-9B98-122F1DDA3526}] => (Allow) d:\program files\txgameassistant\appmarket\bugreport.exe (Tencent Technology(Shenzhen) Company Limited -> 腾讯公司) FirewallRules: [{84AE89C1-8E21-49FB-814A-30272211C733}] => (Allow) d:\program files\txgameassistant\appmarket\TInst.exe (Tencent Technology(Shenzhen) Company Limited -> ) FirewallRules: [{86BE9FB3-E0DD-46BD-A38E-97A198503178}] => (Allow) d:\program files\txgameassistant\appmarket\AppMarket.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent) FirewallRules: [{6681289E-6D79-42EC-9A32-E6A4EEBC0730}] => (Allow) d:\program files\txgameassistant\ui\TxGaDcc.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent) FirewallRules: [{07EE5E51-5497-4FC9-8D53-39FC3CCD1C5C}] => (Allow) d:\program files\txgameassistant\ui\bugreport.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent) FirewallRules: [{FD559080-8F94-40E8-9070-019C54035F3B}] => (Allow) d:\program files\txgameassistant\ui\TInst.exe (Tencent Technology(Shenzhen) Company Limited -> ) FirewallRules: [{7D4D7F5A-C808-4908-8D39-6D335924671C}] => (Allow) d:\program files\txgameassistant\ui\adb.exe () [File not signed] FirewallRules: [{DA43770C-7B5B-44B4-B3B1-75DAE5439956}] => (Allow) d:\program files\txgameassistant\ui\AndroidEmulator.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent) FirewallRules: [{226A6013-BD27-4F13-B589-4E4F824F8ADB}] => (Allow) C:\Users\Alex\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent) FirewallRules: [{868C39F0-7333-4EB6-AA9A-BA1FD30D79F3}] => (Allow) C:\Users\Alex\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent) FirewallRules: [{C0D39196-5CDF-419E-8EFF-EF0AFE032E21}] => (Allow) E:\Games\Steam\bin\cef\cef.win7\steamwebhelper.exe No File FirewallRules: [{53B08AC8-626F-48B2-8774-9FCFAD7E0180}] => (Allow) E:\Games\Steam\bin\cef\cef.win7\steamwebhelper.exe No File FirewallRules: [UDP Query User{A62F5F0D-8A48-4DE4-9B4D-56AEA52E99D9}C:\program files\java\jre1.8.0_221\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_221\bin\javaw.exe No File FirewallRules: [TCP Query User{49FEA4F2-E579-41B6-8F43-2F2A61D869B9}C:\program files\java\jre1.8.0_221\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_221\bin\javaw.exe No File FirewallRules: [{D1E928E2-FCE0-417D-9917-ADD821F1D42C}] => (Allow) d:\program files\txgameassistant\appmarket\GF186\TUpdate.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent) FirewallRules: [{321545A3-3BF8-439A-AA10-053810E88FC0}] => (Allow) d:\program files\txgameassistant\appmarket\GameDownload.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent) FirewallRules: [{F52DCE59-DF77-4F87-8B60-C0C6287E84A3}] => (Allow) d:\program files\txgameassistant\appmarket\QQExternal.exe (Tencent Technology(Shenzhen) Company Limited -> ) FirewallRules: [{24515E23-D6F2-4A4A-91E2-E91C2660D8D2}] => (Allow) d:\program files\txgameassistant\appmarket\bugreport.exe (Tencent Technology(Shenzhen) Company Limited -> 腾讯公司) FirewallRules: [{DE98A226-5D8B-4AC8-94D0-52E783091897}] => (Allow) d:\program files\txgameassistant\appmarket\TInst.exe (Tencent Technology(Shenzhen) Company Limited -> ) FirewallRules: [{742EE7DA-E373-415D-926F-CFAD506B01D2}] => (Allow) d:\program files\txgameassistant\appmarket\AppMarket.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent) FirewallRules: [{A53C8DB6-1BE4-4DA7-89E5-7FFA0A14CB5C}] => (Allow) d:\program files\txgameassistant\ui\TxGaDcc.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent) FirewallRules: [{06AE5CC8-5C2E-4F9E-99D7-DD4C46D722EF}] => (Allow) d:\program files\txgameassistant\ui\bugreport.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent) FirewallRules: [{91EA2ED4-500F-408A-8641-21A5EF3D0C0E}] => (Allow) d:\program files\txgameassistant\ui\TInst.exe (Tencent Technology(Shenzhen) Company Limited -> ) FirewallRules: [{942A1A1B-7EE9-4777-BFED-8EA6E0705CBC}] => (Allow) d:\program files\txgameassistant\ui\adb.exe () [File not signed] FirewallRules: [{69E9319C-B678-4BD9-92A5-7D5E38821E67}] => (Allow) d:\program files\txgameassistant\ui\AndroidEmulator.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent) FirewallRules: [{2E6451A3-AD40-4FB8-ACCF-42D64BD1FD2C}] => (Allow) E:\Games\Steam\Steam.exe No File FirewallRules: [{AA615BA0-1374-42A0-B4AA-80D8CDDAEC96}] => (Allow) E:\Games\Steam\Steam.exe No File FirewallRules: [UDP Query User{E97CE564-7775-4244-8BF4-5835BD6E5E56}D:\downloads\chrome\anydesk.exe] => (Allow) D:\downloads\chrome\anydesk.exe No File FirewallRules: [TCP Query User{C57139D4-BD70-4180-9C1F-E837F7D4926B}D:\downloads\chrome\anydesk.exe] => (Allow) D:\downloads\chrome\anydesk.exe No File FirewallRules: [{6ED47E32-23DC-47E2-B18B-1285D2A35999}] => (Allow) d:\program files\txgameassistant\ui\TxGaDcc.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent) FirewallRules: [{747C537C-EBDD-4722-8214-7DB0995717C0}] => (Allow) d:\program files\txgameassistant\ui\bugreport.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent) FirewallRules: [{20BAAE53-1AD8-4317-97D3-760FD8EBC8F2}] => (Allow) d:\program files\txgameassistant\ui\TInst.exe (Tencent Technology(Shenzhen) Company Limited -> ) FirewallRules: [{A3C2388C-2A35-4636-9130-DCB1874558D0}] => (Allow) d:\program files\txgameassistant\ui\adb.exe () [File not signed] FirewallRules: [{A6A3C05E-49BF-4C1A-86DE-26106BA2864B}] => (Allow) d:\program files\txgameassistant\ui\AndroidEmulator.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent) FirewallRules: [{2893747B-7DBE-4AA9-ABCA-9433AB8436D1}] => (Allow) d:\program files\txgameassistant\appmarket\GF186\TUpdate.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent) FirewallRules: [{4741CF36-B0FD-457D-B00B-9090E047BD91}] => (Allow) d:\program files\txgameassistant\appmarket\GameDownload.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent) FirewallRules: [{9F73FE48-AD47-4300-B389-BA09F6BA86D5}] => (Allow) d:\program files\txgameassistant\appmarket\QQExternal.exe (Tencent Technology(Shenzhen) Company Limited -> ) FirewallRules: [{9E879F1D-0483-496D-A8F3-CF828E4462D6}] => (Allow) d:\program files\txgameassistant\appmarket\bugreport.exe (Tencent Technology(Shenzhen) Company Limited -> 腾讯公司) FirewallRules: [{522C1C54-2138-4E6D-A1AE-416D46310078}] => (Allow) d:\program files\txgameassistant\appmarket\TInst.exe (Tencent Technology(Shenzhen) Company Limited -> ) FirewallRules: [{AA6A741B-AFE9-40E9-A266-CE295989D451}] => (Allow) d:\program files\txgameassistant\appmarket\AppMarket.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent) FirewallRules: [{BCB4CA02-247B-4733-B858-8770361B9DF0}] => (Allow) e:\games\txgameassistant\ui\TxGaDcc.exe No File FirewallRules: [{8AD92706-634E-404E-87FC-9D8DD61EAC75}] => (Allow) e:\games\txgameassistant\ui\bugreport.exe No File FirewallRules: [{7AD4EE32-8D90-4934-B495-BD5D12AEC29E}] => (Allow) e:\games\txgameassistant\ui\TInst.exe No File FirewallRules: [{E42F771E-F12D-4394-8EFE-2E31FCC28AE4}] => (Allow) e:\games\txgameassistant\ui\adb.exe No File FirewallRules: [{3CBCE643-9C22-4ED6-B82F-5C53F9BBD23F}] => (Allow) e:\games\txgameassistant\ui\AndroidEmulator.exe No File FirewallRules: [{3137AC8F-72A3-4177-9A61-C4DFC329E4B8}] => (Allow) C:\Users\Alex\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent) FirewallRules: [{56E1FD55-418C-4C64-8B2A-458E570847E6}] => (Allow) C:\Users\Alex\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent) FirewallRules: [{25CE14BE-EDAB-48DB-8581-048D10EEFD10}] => (Allow) C:\Users\Alex\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent) FirewallRules: [{FE27430A-4817-4A91-B1F8-71DB66FADBB6}] => (Allow) C:\Users\Alex\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent) FirewallRules: [{654377F1-94F4-43ED-9321-57CF691166E6}] => (Allow) e:\games\txgameassistant\appmarket\GF186\TUpdate.exe No File FirewallRules: [{5E369E1D-8B5D-486E-A38E-3561DBBA73A7}] => (Allow) e:\games\txgameassistant\appmarket\GameDownload.exe No File FirewallRules: [{8E445166-CCC9-4E46-81DC-8778725E3318}] => (Allow) e:\games\txgameassistant\appmarket\QQExternal.exe No File FirewallRules: [{E89379BB-0C5A-4AE8-B7E0-FB77AC96AB2F}] => (Allow) e:\games\txgameassistant\appmarket\bugreport.exe No File FirewallRules: [{CEDF9A67-A974-419E-A2FB-F7832228FB2C}] => (Allow) e:\games\txgameassistant\appmarket\TInst.exe No File FirewallRules: [{F1599F47-CA17-4441-95CF-30E7B288BBCC}] => (Allow) e:\games\txgameassistant\appmarket\AppMarket.exe No File FirewallRules: [{D0CCAC36-4564-4783-AF55-692C46802F5A}] => (Allow) D:\Games\Steam\bin\cef\cef.win7\steamwebhelper.exe No File FirewallRules: [{14D96340-9356-4D76-BCD0-2973CB6BAD03}] => (Allow) D:\Games\Steam\bin\cef\cef.win7\steamwebhelper.exe No File FirewallRules: [{EDF0B0EE-DBA9-48A6-B75B-B9E4560E083C}] => (Allow) D:\Games\Steam\Steam.exe No File FirewallRules: [{7719CAFD-4793-4DA6-90D9-D697BBD0928D}] => (Allow) D:\Games\Steam\Steam.exe No File FirewallRules: [{71E7D3D7-9EA8-4CA6-8D13-0E1D6673722F}] => (Allow) D:\Program Files (x86)\SteamLibrary\steamapps\common\Deceit\bin\win_x64\Deceit.exe No File FirewallRules: [{35E7BF1F-B4DB-43A1-BB32-CDC02A38F97B}] => (Allow) D:\Program Files (x86)\SteamLibrary\steamapps\common\Deceit\bin\win_x64\Deceit.exe No File FirewallRules: [{51726D9E-8F81-4B4B-A746-7983065BC0C8}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{25BA10AF-B5E2-49E6-8321-E9B268830FE9}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{B4D1EBD6-E8EB-44D4-86CA-39C8DA21B505}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe No File FirewallRules: [{AB81E5D9-4A3E-472A-A1E5-1667B6088DC5}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe No File FirewallRules: [{4CF9B394-93F6-46E8-9FC7-4C1A570482A4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{CB97AB2D-B46F-444F-9440-300ABC0C839C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{E58A2172-5AC4-4D6C-A2EB-0B3BAC567233}] => (Allow) C:\Program Files (x86)\Adguard\AdguardSvc.exe (Adguard Software Limited -> Adguard Software Ltd) FirewallRules: [{D332C7A4-7F8A-47DC-BE2F-EA0FB0729A16}] => (Allow) C:\Users\Alex\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{CF1A27CB-60FD-45D8-B251-2FBA6160B920}] => (Allow) C:\Users\Alex\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{17DBCFEB-90FD-40D3-8604-2A3A84A317AA}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> ) FirewallRules: [{E1979933-86EE-4CB0-A4E7-5A69CE183812}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe No File FirewallRules: [{553E4DA6-0E06-4A3B-A0FF-8490398E9FE5}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe No File FirewallRules: [{998C3280-346E-4280-ABE7-B63B6617579B}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe No File FirewallRules: [{03EE8B07-C2EE-4E45-9524-799739B2C20E}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe No File FirewallRules: [{9FB9C183-38B6-40DD-8A46-7A67BBB39F17}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{16048E09-6E6B-40B1-AF7E-1BE22C7AE6E8}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{935B2B93-36FC-4610-A272-DE7255CA0705}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe No File FirewallRules: [{A6B56197-67EA-496D-9BC5-3FE527854249}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe No File FirewallRules: [{8D9948AB-EA67-453B-ADBB-34FE2D165C5D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File FirewallRules: [{F8022175-726D-4012-8AD5-1426A046D619}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File ==================== Restore Points ========================= 29-10-2019 15:35:13 Windows Update 30-10-2019 09:35:51 Revo Uninstaller Pro's restore point - Adobe Photoshop CC 2019 30-10-2019 09:37:13 Revo Uninstaller Pro's restore point - Adobe Creative Cloud 30-10-2019 09:38:39 Revo Uninstaller Pro's restore point - CCleaner 30-10-2019 09:41:17 Revo Uninstaller Pro's restore point - Spotify 30-10-2019 09:42:28 Revo Uninstaller Pro's restore point - Adobe Acrobat DC 30-10-2019 09:42:47 Removed Adobe Acrobat DC. ==================== Faulty Device Manager Devices ============ Name: Unknown USB Device (Link in Compliance Mode) Description: Unknown USB Device (Link in Compliance Mode) Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: (Standard USB Host Controller) Service: Problem: : Windows has stopped this device because it has reported problems. (Code 43) Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. ==================== Event log errors: ======================== Application errors: ================== Error: (10/30/2019 09:51:07 AM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: ALEX-ASUS) Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code. Error: (10/30/2019 09:46:24 AM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] Error: (10/30/2019 09:42:28 AM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {2ff7c8b7-f571-40c1-9c50-d14d2a17ad4c} Error: (10/30/2019 09:41:17 AM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {2ff7c8b7-f571-40c1-9c50-d14d2a17ad4c} Error: (10/30/2019 09:38:39 AM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: ALEX-ASUS) Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code. Error: (10/30/2019 09:38:39 AM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {2ff7c8b7-f571-40c1-9c50-d14d2a17ad4c} Error: (10/30/2019 09:37:13 AM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {2ff7c8b7-f571-40c1-9c50-d14d2a17ad4c} Error: (10/30/2019 09:35:51 AM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {2ff7c8b7-f571-40c1-9c50-d14d2a17ad4c} System errors: ============= Error: (10/30/2019 09:44:05 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Adobe Genuine Monitor Service service terminated unexpectedly. It has done this 1 time(s). Error: (10/30/2019 09:44:04 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s). Error: (10/29/2019 11:17:02 PM) (Source: DCOM) (EventID: 10010) (User: ALEX-ASUS) Description: The server {1A1F4206-0688-4E7F-BE03-D82EC69DF9A5} did not register with DCOM within the required timeout. Error: (10/29/2019 10:53:11 PM) (Source: disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk2\DR2. Error: (10/29/2019 07:34:29 PM) (Source: disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk1\DR1. Error: (10/29/2019 03:39:27 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The FDResPub service terminated with the following error: %%2147952449 = The requested address is not valid in its context. Error: (10/29/2019 03:29:33 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Intel(R) PROSet/Wireless Zero Configuration Service service terminated with the following error: %%2147770990 Error: (10/29/2019 03:28:59 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The Device Activation Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. CodeIntegrity: =================================== Date: 2019-10-30 09:48:02.345 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements. Date: 2019-10-30 09:48:02.331 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements. Date: 2019-10-30 09:48:02.319 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements. Date: 2019-10-30 09:48:02.306 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements. Date: 2019-10-30 09:48:02.291 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements. Date: 2019-10-30 09:48:02.278 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements. Date: 2019-10-30 09:48:02.262 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements. Date: 2019-10-30 09:48:02.245 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== BIOS: American Megatrends Inc. X510UF.303 04/17/2019 Motherboard: ASUSTeK COMPUTER INC. X510UF Processor: Intel(R) Core(TM) i7-8550U CPU @ 1.80GHz Percentage of memory in use: 30% Total physical RAM: 16263 MB Available physical RAM: 11268.1 MB Total Virtual: 18695 MB Available Virtual: 13272.07 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:173.23 GB) (Free:94.58 GB) NTFS Drive d: (Local Disk) (Fixed) (Total:303.11 GB) (Free:166.11 GB) NTFS \\?\Volume{e9b623dc-f55c-4bba-a020-4a42ae37fea6}\ () (Fixed) (Total:0.49 GB) (Free:0.06 GB) NTFS \\?\Volume{02c80970-8e73-4501-9d3a-9ca8f75eb092}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Protective MBR) (Size: 476.9 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt =======================