Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

When I start up my PC it says that startupchecklibrary.dll is missing.


  • Please log in to reply

#1
PancakeOfSteel

PancakeOfSteel

    New Member

  • Member
  • Pip
  • 7 posts

I am prompted by "There was a problem starting startupchecklibrary.dll The specific module could not be found." as well as a code 0x80070424 when I try to download software from the Microsoft store or try to update my PC. When I try to open CMD, another console opens up for a split second and my command prompt is closed. Please help.

 

Attached Thumbnails

  • Startup.png

Attached Files


Edited by PancakeOfSteel, 14 July 2019 - 01:27 PM.

  • 0

Advertisements


#2
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 562 posts
Hi PancakeOfSteel, welcome to the Geeks to Go malware removal forum.

I am iMacg3 and will be helping you with your computer problems.

Please keep the following information in mind before we begin:
  • Back up any important data before we continue.
    • Back up any important data on your computer to external media. I will not knowingly suggest any steps that will damage your computer; however, malware infections are often unpredictable and it may be necessary to reformat and reinstall your operating system depending on the infection.
  • Do not run any fixes or tools on your system unless I request that you do so.
    • Running additional tools on your system can interfere with the clean-up process, or cause issues such as false positives.
  • Please read all instructions carefully, and complete them in the order listed.
    • Items that are especially important will be highlighted in bold or red.
  • If your computer seems to start working normally, please don't abandon the topic.
    • Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.
  • If you have pirated or illegal software on your computer, uninstall it now before proceeding.
    • Using pirated/cracked software is an easy way to infect your computer - almost as easy as intentionally downloading malware. Therefore, please remove any, if present, before we begin the clean-up.
  • If you don't respond to your topic in 4 days, it will be closed.
    • If your topic is closed and you still need assistance, send me or any Moderator a Private Message with a link to your topic.
  • If you have questions at any time during the cleanup, feel free to ask.
--------------------

Please give me some time to go over your logs and I will get back to you as soon as possible.
  • 0

#3
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 562 posts
Hi PancakeOfSteel,

Going over your logs I noticed that you have uTorrent Web installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent Web, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Settings icon > Apps.
If you wish to keep it, please do not use it until your computer is cleaned.

---------------------------------------------------
CKScanner

Download CKScanner by askey127 from here

Important : Save it to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
---------------------------------------------------
slmgr
  • Click the Start button, and type Command Prompt in the search box.
  • Right-click on "Command Prompt" in the search results and select Run as Administrator
  • At the command prompt, type slmgr -dli and press Enter
  • A window will open after a few seconds. Take a screenshot of the window.
  • Next, type type slmgr -xpr at the command prompt and press Enter
  • A window will open after a few seconds. Take a screenshot of the window.
  • Attach both screenshots in your reply.
---------------------------------------------------

In your next reply, please include:
  • CKFiles.txt
  • Screenshots from slmgr

  • 0

#4
PancakeOfSteel

PancakeOfSteel

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

I cannot open the Command prompt at all, as there is another prompt that opens up for a split second and closes the Command prompt I opened. Here is the CKFiles, though.

Many thanks.

 

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\asus\atk package\atk hotkey\atkmsgctrl.exe
c:\windows\winsxs\amd64_openssh-common-components-onecore_31bf3856ad364e35_10.0.17134.1_none_a227092418e9be66\ssh-keygen.exe
c:\windows\winsxs\amd64_openssh-common-components-onecore_31bf3856ad364e35_10.0.17134.81_none_b683e3bc89a9896c\ssh-keygen.exe
scanner sequence 3.CP.11.KOAPVZ
 ----- EOF ----- 

  • 0

#5
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 562 posts
Hi PancakeOfSteel,

Do you recognize this registry entry?
 

HKLM\...\Policies\Explorer: [HideSCAHealth] 1



---------------------------------------------------
Uninstall a Program
  • Press the Windows Key + R.
  • Type appwiz.cpl in the Run box and click OK.
  • The Add/Remove Programs list will open. Locate the following program(s) on the list:
    Web Companion 
  • Select the above program(s) and click Uninstall.
  • Restart the computer if prompted.
---------------------------------------------------
Uninstall a Chrome Extension
  • Open Google Chrome. Type chrome://extensions in the address bar and press Enter.
  • Click the trash can icon next to the following extension(s):
    Adaware Secure
    
  • A confirmation dialog will appear. Click Remove.
---------------------------------------------------
Farbar Recovery Scan Tool - Fix
  • Highlight the contents of the below code box and press Ctrl + C on your keyboard:
    Start::
    CreateRestorePoint:
    EmptyTemp:
    CloseProcesses:
    HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
    HKU\S-1-5-21-3589471471-3968619273-1564904599-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [7514200 2019-06-04] (LAVASOFT SOFTWARE CANADA INC -> Lavasoft)
    HKU\S-1-5-21-3589471471-3968619273-1564904599-1001\...\MountPoints2: {50974999-c377-11e8-902e-cc2f713c3939} - "G:\HiSuiteDownLoader.exe" 
    HKU\S-1-5-21-3589471471-3968619273-1564904599-1001\...\Winlogon: [Shell] %comspec% <==== ATTENTION
    HKU\S-1-5-21-3589471471-3968619273-1564904599-1001\...\Command Processor: @mode 20,5 & tasklist /FI "IMAGENAME eq SoundMixer.exe" 2>NUL | find /I /N "SoundMixer.exe">NUL && exit & if exist "C:\Users\ming2\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe" ( start /MIN "" "C:\Users\ming2\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe" & tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) else ( tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) <==== ATTENTION
    Task: {51AA5708-444E-4433-9E59-845FA6260DB5} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => rundll32.exe StartupCheckLibrary.dll,DllMainRunLibrary <==== ATTENTION
    Task: {AA4B18E6-C73D-4DA8-9B50-CD9D5322B38F} - System32\Tasks\Microsoft\Windows\WDI\SrvHost => rundll32.exe winscomrssrv.dll,SrvMainHost <==== ATTENTION
    HKU\S-1-5-21-3589471471-3968619273-1564904599-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10440__180225
    SearchScopes: HKU\S-1-5-21-3589471471-3968619273-1564904599-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-3589471471-3968619273-1564904599-1001 -> {993F5746-4C15-42BC-99C1-064A1764271B} URL = hxxps://securesearch.org?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3589471471-3968619273-1564904599-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://za.search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10440__180225__yaie&p={searchTerms}
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
    FF Homepage: Mozilla\Firefox\Profiles\crw27yce.default -> hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10440__180225
    FF NewTab: Mozilla\Firefox\Profiles\crw27yce.default -> hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10440__180225
    CHR HKLM\...\Chrome\Extension: [nladljmabboanhihfkjacnnkgjhnokhj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [nladljmabboanhihfkjacnnkgjhnokhj] - hxxps://clients2.google.com/service/update2/crx
    R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [28760 2019-06-04] (LAVASOFT SOFTWARE CANADA INC -> )
    S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [X]
    2019-02-19 21:50 - 2019-02-19 21:50 - 000000033 __RSH () C:\Program Files\8f82c851.log
    2019-02-19 21:50 - 2019-02-19 21:50 - 000000033 __RSH () C:\Program Files (x86)\8f82c851.log
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll -> No File
    ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll -> No File
    ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll -> No File
    ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll -> No File
    AlternateDataStreams: C:\Users\ming2\OneDrive\Documents\30May.docx:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [66]
    AlternateDataStreams: C:\Users\ming2\OneDrive\Documents\BitLord:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
    AlternateDataStreams: C:\Users\ming2\OneDrive\Documents\desktop.ini:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
    AlternateDataStreams: C:\Users\ming2\OneDrive\Documents\FeedbackHub:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [242]
    AlternateDataStreams: C:\Users\ming2\OneDrive\Documents\HiSuite:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
    AlternateDataStreams: C:\Users\ming2\OneDrive\Documents\IMG_20180705_0001.pdf:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [66]
    AlternateDataStreams: C:\Users\ming2\OneDrive\Documents\NEKO WORKs:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
    AlternateDataStreams: C:\Users\ming2\OneDrive\Documents\Sonic Studio:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [242]
    AlternateDataStreams: C:\Users\ming2\OneDrive\Documents\Subject Pronouns.docx:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [66]
    AlternateDataStreams: C:\Users\ming2\OneDrive\Documents\Target.docx:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [66]
    IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
    IE trusted site: HKU\S-1-5-21-3589471471-3968619273-1564904599-1001\...\webcompanion.com -> hxxp://webcompanion.com
    FirewallRules: [UDP Query User{0E8728C3-2F54-41BD-A45C-CC02AF7C478C}C:\program files\eagle dynamics\dcs world\bin\dcs_updater.exe] => (Allow) C:\program files\eagle dynamics\dcs world\bin\dcs_updater.exe No File
    FirewallRules: [TCP Query User{F6315357-E8DA-482A-9104-88ADF1BD0D46}C:\program files\eagle dynamics\dcs world\bin\dcs_updater.exe] => (Allow) C:\program files\eagle dynamics\dcs world\bin\dcs_updater.exe No File
    FirewallRules: [UDP Query User{C55F163B-5134-4F51-805A-C91028974F6E}D:\mr dj\borderlands 2 goty\binaries\win32\borderlands2.exe] => (Allow) D:\mr dj\borderlands 2 goty\binaries\win32\borderlands2.exe No File
    FirewallRules: [TCP Query User{B82A8C95-BC7F-46D7-B374-CA781BC865CB}D:\mr dj\borderlands 2 goty\binaries\win32\borderlands2.exe] => (Allow) D:\mr dj\borderlands 2 goty\binaries\win32\borderlands2.exe No File
    FirewallRules: [{13E6CAC0-DDA6-4514-89DC-6E5FC18611CB}] => (Allow) C:\Program Files\Unigine\Superposition Benchmark\bin\superposition.exe No File
    FirewallRules: [{84009250-907C-4A14-836D-3AB1E4FFC8FE}] => (Allow) C:\Program Files\Unigine\Superposition Benchmark\bin\superposition.exe No File
    FirewallRules: [{7A3A8EEB-B174-46D8-8130-4D1338882F0E}] => (Allow) C:\Program Files\Unigine\Superposition Benchmark\bin\launcher.exe No File
    FirewallRules: [{06660CDF-72D6-443C-AC19-83455485C272}] => (Allow) C:\Program Files\Unigine\Superposition Benchmark\bin\launcher.exe No File
    FirewallRules: [{EE09B5F9-FC86-45B5-B3AD-AA85F313F8C2}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe No File
    FirewallRules: [{31865CEB-B47C-433C-8636-1488907DD011}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe No File
    FirewallRules: [{C843B669-F203-4844-8798-A375DDE1B4E2}] => (Allow) C:\Program Files (x86)\Mr DJ\The Elder Scrolls V Skyrim Legendary Edition\SkyrimLauncher.exe No File
    FirewallRules: [{56749A80-AAF9-486B-ABCD-E73BD6423F44}] => (Allow) C:\Program Files (x86)\Mr DJ\The Elder Scrolls V Skyrim Legendary Edition\SkyrimLauncher.exe No File
    FirewallRules: [{A4CD322F-5C77-4D39-87AA-3EEA4AD8A9A4}] => (Allow) C:\Program Files\CyberLink\PowerDirector12\PDR10.EXE No File
    FirewallRules: [{C0234DFB-B07E-4D86-9E5A-0101D81504CA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe No File
    FirewallRules: [{D54C3B53-FCA8-4D39-87E5-832A36B03342}] => (Allow) C:\Program Files (x86)\BitLord\BitLord.exe No File
    FirewallRules: [{66EBFDCC-65DE-4494-BB3D-262AD9363E70}] => (Allow) C:\Program Files (x86)\BitLord\BitLord.exe No File
    FirewallRules: [{E8EC61F2-596F-4403-90AA-9EBB05C72BF2}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe No File
    FirewallRules: [{D8D99F69-79D5-46B8-9CAB-9FF1CB1D63F3}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe No File
    FirewallRules: [TCP Query User{6210528D-25F5-4C63-8DC9-961048E48505}D:\dcs world\bin\dcs_updater.exe] => (Allow) D:\dcs world\bin\dcs_updater.exe No File
    FirewallRules: [UDP Query User{E89FF2DC-A17A-4F16-BFB2-FC12B0023046}D:\dcs world\bin\dcs_updater.exe] => (Allow) D:\dcs world\bin\dcs_updater.exe No File
    FirewallRules: [TCP Query User{C7493074-35F5-4CB3-92BD-1D884FA36C0A}C:\users\ming2\onedrive\desktop\x64\slimerancher.exe] => (Allow) C:\users\ming2\onedrive\desktop\x64\slimerancher.exe No File
    FirewallRules: [UDP Query User{28A03C43-699D-402C-87AC-B285392FD0A6}C:\users\ming2\onedrive\desktop\x64\slimerancher.exe] => (Allow) C:\users\ming2\onedrive\desktop\x64\slimerancher.exe No File
    FirewallRules: [{D7FF6BFF-713E-4C42-BC56-718DDA41BC58}] => (Allow) D:\STM\bin\cef\cef.win7\steamwebhelper.exe No File
    FirewallRules: [{964AA79D-3C81-485E-8898-82A9CE6AE2F4}] => (Allow) D:\STM\bin\cef\cef.win7\steamwebhelper.exe No File
    FirewallRules: [TCP Query User{BA6CF46C-E386-4B82-BFC7-BDF6869C36A4}D:\subnautica.repack-kaos\subnautica.exe] => (Allow) D:\subnautica.repack-kaos\subnautica.exe No File
    FirewallRules: [UDP Query User{8598CEB1-6328-457E-B451-258B9C028E3A}D:\subnautica.repack-kaos\subnautica.exe] => (Allow) D:\subnautica.repack-kaos\subnautica.exe No File
    FirewallRules: [TCP Query User{A6AD5D45-4092-4BD5-BE08-EE02951F4EB4}D:\subnautica.below.zero.update.08.03.2019\subnautica.below.zero\subnauticazero.exe] => (Allow) D:\subnautica.below.zero.update.08.03.2019\subnautica.below.zero\subnauticazero.exe No File
    FirewallRules: [UDP Query User{9815F55C-FD9D-4161-8F77-A0CB06304AAE}D:\subnautica.below.zero.update.08.03.2019\subnautica.below.zero\subnauticazero.exe] => (Allow) D:\subnautica.below.zero.update.08.03.2019\subnautica.below.zero\subnauticazero.exe No File
    FirewallRules: [TCP Query User{704E49F9-9E92-463F-90D7-8925583EA80A}D:\farming simulator 19\x64\farmingsimulator2019game.exe] => (Block) D:\farming simulator 19\x64\farmingsimulator2019game.exe No File
    FirewallRules: [UDP Query User{8FB7A11A-B6E3-4937-807A-888D35D6C735}D:\farming simulator 19\x64\farmingsimulator2019game.exe] => (Block) D:\farming simulator 19\x64\farmingsimulator2019game.exe No File
    C:\Program Files (x86)\Lavasoft
    C:\Users\ming2\AppData\Roaming\Microsoft\SoundMixer
    VirusTotal: C:\Utilman.exe
    CMD: Bitsadmin /Reset /Allusers
    End::
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Double-click FRST.exe/FRST64.exe to run it.
  • Press the Fix button just once and wait.
  • Restart the computer if prompted.
  • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
  • Please copy and paste its contents into your reply.
---------------------------------------------------
AdwCleaner

Download AdwCleaner and save it to your desktop.
  • Right-click on the AdwCleaner icon and select Run as Administrator
  • Accept the EULA (I agree), then click on Scan.
  • When the scan is complete, click View Scan Log File. (Don't click the Clean and Repair button yet)
  • The scan log will open in Notepad.
  • Copy and paste its contents into your next reply.
  • Note: The log is also saved to C:\AdwCleaner\Logs\AdwCleaner[Sxx].txt
---------------------------------------------------

In your next reply, please include:
  • Fixlog.txt
  • AdwCleaner[Sxx].txt
  • Let me know how the computer is doing.

  • 0

#6
PancakeOfSteel

PancakeOfSteel

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

Hello, iMacg3, here is the information you have requested.

 

   -The problem with startupchecklibrary.dll has been fixed

   -The problem with the Command prompt has been fixed

   -The problem with the error Code: 0x80070424 persists

 

 

Fixlog.txt:

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-07-2019 01
Ran by ming2 (15-07-2019 23:23:06) Run:1
Running from C:\Users\ming2\Downloads
Loaded Profiles: ming2 (Available Profiles: ming2 & Administrator)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3589471471-3968619273-1564904599-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [7514200 2019-06-04] (LAVASOFT SOFTWARE CANADA INC -> Lavasoft)
HKU\S-1-5-21-3589471471-3968619273-1564904599-1001\...\MountPoints2: {50974999-c377-11e8-902e-cc2f713c3939} - "G:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-3589471471-3968619273-1564904599-1001\...\Winlogon: [Shell] %comspec% <==== ATTENTION
HKU\S-1-5-21-3589471471-3968619273-1564904599-1001\...\Command Processor: @mode 20,5 & tasklist /FI "IMAGENAME eq SoundMixer.exe" 2>NUL | find /I /N "SoundMixer.exe">NUL && exit & if exist "C:\Users\ming2\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe" ( start /MIN "" "C:\Users\ming2\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe" & tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) else ( tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) <==== ATTENTION
Task: {51AA5708-444E-4433-9E59-845FA6260DB5} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => rundll32.exe StartupCheckLibrary.dll,DllMainRunLibrary <==== ATTENTION
Task: {AA4B18E6-C73D-4DA8-9B50-CD9D5322B38F} - System32\Tasks\Microsoft\Windows\WDI\SrvHost => rundll32.exe winscomrssrv.dll,SrvMainHost <==== ATTENTION
HKU\S-1-5-21-3589471471-3968619273-1564904599-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10440__180225
SearchScopes: HKU\S-1-5-21-3589471471-3968619273-1564904599-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3589471471-3968619273-1564904599-1001 -> {993F5746-4C15-42BC-99C1-064A1764271B} URL = hxxps://securesearch.org?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3589471471-3968619273-1564904599-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://za.search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10440__180225__yaie&p={searchTerms}
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
FF Homepage: Mozilla\Firefox\Profiles\crw27yce.default -> hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10440__180225
FF NewTab: Mozilla\Firefox\Profiles\crw27yce.default -> hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10440__180225
CHR HKLM\...\Chrome\Extension: [nladljmabboanhihfkjacnnkgjhnokhj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nladljmabboanhihfkjacnnkgjhnokhj] - hxxps://clients2.google.com/service/update2/crx
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [28760 2019-06-04] (LAVASOFT SOFTWARE CANADA INC -> )
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [X]
2019-02-19 21:50 - 2019-02-19 21:50 - 000000033 __RSH () C:\Program Files\8f82c851.log
2019-02-19 21:50 - 2019-02-19 21:50 - 000000033 __RSH () C:\Program Files (x86)\8f82c851.log
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll -> No File
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll -> No File
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll -> No File
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll -> No File
AlternateDataStreams: C:\Users\ming2\OneDrive\Documents\30May.docx:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [66]
AlternateDataStreams: C:\Users\ming2\OneDrive\Documents\BitLord:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\ming2\OneDrive\Documents\desktop.ini:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\ming2\OneDrive\Documents\FeedbackHub:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [242]
AlternateDataStreams: C:\Users\ming2\OneDrive\Documents\HiSuite:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\ming2\OneDrive\Documents\IMG_20180705_0001.pdf:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [66]
AlternateDataStreams: C:\Users\ming2\OneDrive\Documents\NEKO WORKs:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\ming2\OneDrive\Documents\Sonic Studio:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [242]
AlternateDataStreams: C:\Users\ming2\OneDrive\Documents\Subject Pronouns.docx:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [66]
AlternateDataStreams: C:\Users\ming2\OneDrive\Documents\Target.docx:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [66]
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-3589471471-3968619273-1564904599-1001\...\webcompanion.com -> hxxp://webcompanion.com
FirewallRules: [UDP Query User{0E8728C3-2F54-41BD-A45C-CC02AF7C478C}C:\program files\eagle dynamics\dcs world\bin\dcs_updater.exe] => (Allow) C:\program files\eagle dynamics\dcs world\bin\dcs_updater.exe No File
FirewallRules: [TCP Query User{F6315357-E8DA-482A-9104-88ADF1BD0D46}C:\program files\eagle dynamics\dcs world\bin\dcs_updater.exe] => (Allow) C:\program files\eagle dynamics\dcs world\bin\dcs_updater.exe No File
FirewallRules: [UDP Query User{C55F163B-5134-4F51-805A-C91028974F6E}D:\mr dj\borderlands 2 goty\binaries\win32\borderlands2.exe] => (Allow) D:\mr dj\borderlands 2 goty\binaries\win32\borderlands2.exe No File
FirewallRules: [TCP Query User{B82A8C95-BC7F-46D7-B374-CA781BC865CB}D:\mr dj\borderlands 2 goty\binaries\win32\borderlands2.exe] => (Allow) D:\mr dj\borderlands 2 goty\binaries\win32\borderlands2.exe No File
FirewallRules: [{13E6CAC0-DDA6-4514-89DC-6E5FC18611CB}] => (Allow) C:\Program Files\Unigine\Superposition Benchmark\bin\superposition.exe No File
FirewallRules: [{84009250-907C-4A14-836D-3AB1E4FFC8FE}] => (Allow) C:\Program Files\Unigine\Superposition Benchmark\bin\superposition.exe No File
FirewallRules: [{7A3A8EEB-B174-46D8-8130-4D1338882F0E}] => (Allow) C:\Program Files\Unigine\Superposition Benchmark\bin\launcher.exe No File
FirewallRules: [{06660CDF-72D6-443C-AC19-83455485C272}] => (Allow) C:\Program Files\Unigine\Superposition Benchmark\bin\launcher.exe No File
FirewallRules: [{EE09B5F9-FC86-45B5-B3AD-AA85F313F8C2}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe No File
FirewallRules: [{31865CEB-B47C-433C-8636-1488907DD011}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe No File
FirewallRules: [{C843B669-F203-4844-8798-A375DDE1B4E2}] => (Allow) C:\Program Files (x86)\Mr DJ\The Elder Scrolls V Skyrim Legendary Edition\SkyrimLauncher.exe No File
FirewallRules: [{56749A80-AAF9-486B-ABCD-E73BD6423F44}] => (Allow) C:\Program Files (x86)\Mr DJ\The Elder Scrolls V Skyrim Legendary Edition\SkyrimLauncher.exe No File
FirewallRules: [{A4CD322F-5C77-4D39-87AA-3EEA4AD8A9A4}] => (Allow) C:\Program Files\CyberLink\PowerDirector12\PDR10.EXE No File
FirewallRules: [{C0234DFB-B07E-4D86-9E5A-0101D81504CA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe No File
FirewallRules: [{D54C3B53-FCA8-4D39-87E5-832A36B03342}] => (Allow) C:\Program Files (x86)\BitLord\BitLord.exe No File
FirewallRules: [{66EBFDCC-65DE-4494-BB3D-262AD9363E70}] => (Allow) C:\Program Files (x86)\BitLord\BitLord.exe No File
FirewallRules: [{E8EC61F2-596F-4403-90AA-9EBB05C72BF2}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe No File
FirewallRules: [{D8D99F69-79D5-46B8-9CAB-9FF1CB1D63F3}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe No File
FirewallRules: [TCP Query User{6210528D-25F5-4C63-8DC9-961048E48505}D:\dcs world\bin\dcs_updater.exe] => (Allow) D:\dcs world\bin\dcs_updater.exe No File
FirewallRules: [UDP Query User{E89FF2DC-A17A-4F16-BFB2-FC12B0023046}D:\dcs world\bin\dcs_updater.exe] => (Allow) D:\dcs world\bin\dcs_updater.exe No File
FirewallRules: [TCP Query User{C7493074-35F5-4CB3-92BD-1D884FA36C0A}C:\users\ming2\onedrive\desktop\x64\slimerancher.exe] => (Allow) C:\users\ming2\onedrive\desktop\x64\slimerancher.exe No File
FirewallRules: [UDP Query User{28A03C43-699D-402C-87AC-B285392FD0A6}C:\users\ming2\onedrive\desktop\x64\slimerancher.exe] => (Allow) C:\users\ming2\onedrive\desktop\x64\slimerancher.exe No File
FirewallRules: [{D7FF6BFF-713E-4C42-BC56-718DDA41BC58}] => (Allow) D:\STM\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{964AA79D-3C81-485E-8898-82A9CE6AE2F4}] => (Allow) D:\STM\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [TCP Query User{BA6CF46C-E386-4B82-BFC7-BDF6869C36A4}D:\subnautica.repack-kaos\subnautica.exe] => (Allow) D:\subnautica.repack-kaos\subnautica.exe No File
FirewallRules: [UDP Query User{8598CEB1-6328-457E-B451-258B9C028E3A}D:\subnautica.repack-kaos\subnautica.exe] => (Allow) D:\subnautica.repack-kaos\subnautica.exe No File
FirewallRules: [TCP Query User{A6AD5D45-4092-4BD5-BE08-EE02951F4EB4}D:\subnautica.below.zero.update.08.03.2019\subnautica.below.zero\subnauticazero.exe] => (Allow) D:\subnautica.below.zero.update.08.03.2019\subnautica.below.zero\subnauticazero.exe No File
FirewallRules: [UDP Query User{9815F55C-FD9D-4161-8F77-A0CB06304AAE}D:\subnautica.below.zero.update.08.03.2019\subnautica.below.zero\subnauticazero.exe] => (Allow) D:\subnautica.below.zero.update.08.03.2019\subnautica.below.zero\subnauticazero.exe No File
FirewallRules: [TCP Query User{704E49F9-9E92-463F-90D7-8925583EA80A}D:\farming simulator 19\x64\farmingsimulator2019game.exe] => (Block) D:\farming simulator 19\x64\farmingsimulator2019game.exe No File
FirewallRules: [UDP Query User{8FB7A11A-B6E3-4937-807A-888D35D6C735}D:\farming simulator 19\x64\farmingsimulator2019game.exe] => (Block) D:\farming simulator 19\x64\farmingsimulator2019game.exe No File
C:\Program Files (x86)\Lavasoft
C:\Users\ming2\AppData\Roaming\Microsoft\SoundMixer
VirusTotal: C:\Utilman.exe
CMD: Bitsadmin /Reset /Allusers
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
"HKU\S-1-5-21-3589471471-3968619273-1564904599-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Web Companion" => removed successfully
HKU\S-1-5-21-3589471471-3968619273-1564904599-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{50974999-c377-11e8-902e-cc2f713c3939} => removed successfully
HKLM\Software\Classes\CLSID\{50974999-c377-11e8-902e-cc2f713c3939} => not found
"HKU\S-1-5-21-3589471471-3968619273-1564904599-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell" => removed successfully
"HKU\S-1-5-21-3589471471-3968619273-1564904599-1001\Software\Microsoft\Command Processor\\AutoRun" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{51AA5708-444E-4433-9E59-845FA6260DB5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{51AA5708-444E-4433-9E59-845FA6260DB5}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\StartupCheckLibrary" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AA4B18E6-C73D-4DA8-9B50-CD9D5322B38F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA4B18E6-C73D-4DA8-9B50-CD9D5322B38F}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\WDI\SrvHost => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WDI\SrvHost" => removed successfully
HKU\S-1-5-21-3589471471-3968619273-1564904599-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
"HKU\S-1-5-21-3589471471-3968619273-1564904599-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-3589471471-3968619273-1564904599-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{993F5746-4C15-42BC-99C1-064A1764271B} => removed successfully
HKLM\Software\Classes\CLSID\{993F5746-4C15-42BC-99C1-064A1764271B} => not found
HKU\S-1-5-21-3589471471-3968619273-1564904599-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353} => removed successfully
HKLM\Software\Classes\CLSID\{C0C3A6C6-03BC-4195-8FCB-AEA091301353} => not found
HKLM\Software\Classes\PROTOCOLS\Handler\sacore => removed successfully
HKLM\Software\Classes\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} => removed successfully
"Firefox homepage" => removed successfully
"Firefox newtab" => removed successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\nladljmabboanhihfkjacnnkgjhnokhj => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nladljmabboanhihfkjacnnkgjhnokhj => removed successfully
WCAssistantService => service not found.
HKLM\System\CurrentControlSet\Services\EasyAntiCheat => removed successfully
EasyAntiCheat => service removed successfully
C:\Program Files\8f82c851.log => moved successfully
C:\Program Files (x86)\8f82c851.log => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\avast => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00asw => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\avast => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
C:\Users\ming2\OneDrive\Documents\30May.docx => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata" ADS removed successfully
C:\Users\ming2\OneDrive\Documents\BitLord => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata" ADS removed successfully
C:\Users\ming2\OneDrive\Documents\desktop.ini => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata" ADS removed successfully
C:\Users\ming2\OneDrive\Documents\FeedbackHub => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata" ADS removed successfully
C:\Users\ming2\OneDrive\Documents\HiSuite => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata" ADS removed successfully
C:\Users\ming2\OneDrive\Documents\IMG_20180705_0001.pdf => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata" ADS removed successfully
C:\Users\ming2\OneDrive\Documents\NEKO WORKs => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata" ADS removed successfully
C:\Users\ming2\OneDrive\Documents\Sonic Studio => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata" ADS removed successfully
C:\Users\ming2\OneDrive\Documents\Subject Pronouns.docx => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata" ADS removed successfully
C:\Users\ming2\OneDrive\Documents\Target.docx => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata" ADS removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com => removed successfully
HKU\S-1-5-21-3589471471-3968619273-1564904599-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{0E8728C3-2F54-41BD-A45C-CC02AF7C478C}C:\program files\eagle dynamics\dcs world\bin\dcs_updater.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{F6315357-E8DA-482A-9104-88ADF1BD0D46}C:\program files\eagle dynamics\dcs world\bin\dcs_updater.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C55F163B-5134-4F51-805A-C91028974F6E}D:\mr dj\borderlands 2 goty\binaries\win32\borderlands2.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B82A8C95-BC7F-46D7-B374-CA781BC865CB}D:\mr dj\borderlands 2 goty\binaries\win32\borderlands2.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{13E6CAC0-DDA6-4514-89DC-6E5FC18611CB}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{84009250-907C-4A14-836D-3AB1E4FFC8FE}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7A3A8EEB-B174-46D8-8130-4D1338882F0E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{06660CDF-72D6-443C-AC19-83455485C272}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EE09B5F9-FC86-45B5-B3AD-AA85F313F8C2}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{31865CEB-B47C-433C-8636-1488907DD011}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C843B669-F203-4844-8798-A375DDE1B4E2}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{56749A80-AAF9-486B-ABCD-E73BD6423F44}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A4CD322F-5C77-4D39-87AA-3EEA4AD8A9A4}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C0234DFB-B07E-4D86-9E5A-0101D81504CA}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D54C3B53-FCA8-4D39-87E5-832A36B03342}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{66EBFDCC-65DE-4494-BB3D-262AD9363E70}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E8EC61F2-596F-4403-90AA-9EBB05C72BF2}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D8D99F69-79D5-46B8-9CAB-9FF1CB1D63F3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{6210528D-25F5-4C63-8DC9-961048E48505}D:\dcs world\bin\dcs_updater.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{E89FF2DC-A17A-4F16-BFB2-FC12B0023046}D:\dcs world\bin\dcs_updater.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{C7493074-35F5-4CB3-92BD-1D884FA36C0A}C:\users\ming2\onedrive\desktop\x64\slimerancher.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{28A03C43-699D-402C-87AC-B285392FD0A6}C:\users\ming2\onedrive\desktop\x64\slimerancher.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D7FF6BFF-713E-4C42-BC56-718DDA41BC58}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{964AA79D-3C81-485E-8898-82A9CE6AE2F4}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{BA6CF46C-E386-4B82-BFC7-BDF6869C36A4}D:\subnautica.repack-kaos\subnautica.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{8598CEB1-6328-457E-B451-258B9C028E3A}D:\subnautica.repack-kaos\subnautica.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{A6AD5D45-4092-4BD5-BE08-EE02951F4EB4}D:\subnautica.below.zero.update.08.03.2019\subnautica.below.zero\subnauticazero.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{9815F55C-FD9D-4161-8F77-A0CB06304AAE}D:\subnautica.below.zero.update.08.03.2019\subnautica.below.zero\subnauticazero.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{704E49F9-9E92-463F-90D7-8925583EA80A}D:\farming simulator 19\x64\farmingsimulator2019game.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{8FB7A11A-B6E3-4937-807A-888D35D6C735}D:\farming simulator 19\x64\farmingsimulator2019game.exe" => removed successfully
C:\Program Files (x86)\Lavasoft => moved successfully
C:\Users\ming2\AppData\Roaming\Microsoft\SoundMixer => moved successfully
VirusTotal: C:\Utilman.exe => https://www.virustot...sis/1561012696/
 
========= Bitsadmin /Reset /Allusers =========
 
 
BITSADMIN version 3.0
BITS administration utility.
© Copyright Microsoft Corp.
 
Unable to cancel {9465DF48-E212-4822-9D69-F7808E30CE0C}.
0 out of 1 jobs canceled.
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 216964897 B
Java, Flash, Steam htmlcache => 110033439 B
Windows/system/drivers => 599478 B
Edge => 14344449 B
Chrome => 238893370 B
Firefox => 80091083 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 66922 B
LocalService => 0 B
NetworkService => 6110048 B
NetworkService => 0 B
ming2 => 12715304 B
Administrator => 23895 B
 
RecycleBin => 14179505890 B
EmptyTemp: => 13.8 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 23:24:22 ====

 

 

 

 

 

 

AdwCleaner[S00].txt:

 

 

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build:    04-04-2019
# Database: 2019-06-28.1 (Cloud)
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    07-15-2019
# Duration: 00:00:11
# OS:       Windows 10 Home Single Language
# Scanned:  27557
# Detected: 12
 
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
PUP.Optional.Legacy             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
PUP.Optional.ProductSetup.A     HKCU\Software\PRODUCTSETUP
PUP.Optional.SearchManager      HKCU\Software\ProductSetup\Uninstall\0S1P1T1C1R1MtT0P1C1F2X1L1Q1P1QtT1S2UtT0Y1T1M1F1F
PUP.Optional.WarThunder         HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\warthunder.com
PUP.Optional.WarThunder         HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\warthunder.com
PUP.Optional.WebCompanion       HKCU\Software\Lavasoft\Web Companion
PUP.Optional.WebCompanion       HKLM\SYSTEM\Setup\FirstBoot\Services\WCAssistantService
PUP.Optional.WebCompanion       HKLM\Software\Wow6432Node\Lavasoft\Web Companion
 
***** [ Chromium (and derivatives) ] *****
 
PUP.Optional.DefaultSearch.ShrtCln Adaware Secure Search
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs found.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries found.
 
***** [ Firefox URLs ] *****
 
PUP.Optional.Legacy             api.bing.com
PUP.Optional.Legacy             api.bing.com
PUP.Optional.Legacy             api.bing.com
 
 
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

  • 0

#7
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 562 posts
Hi PancakeOfSteel,

---------------------------------------------------
AdwCleaner - Clean
  • Double-click the AdwCleaner icon to run it.
  • Press the Scan button.
  • When the scan is complete, ensure that all the listed items are checked and click Clean and Repair.
  • Select Clean & Restart Now. AdwCleaner will restart the computer to complete the cleaning process.
  • After the restart, an AdwCleaner window will open. Select View Log File.
  • The scan log will open in Notepad.
  • Copy and paste its contents into your next reply.
  • Note: The log is also saved to C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt
---------------------------------------------------
ESET Online Scanner

Download ESET Online Scanner and save it to your desktop.
  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.
---------------------------------------------------

In your next reply, please include:
  • AdwCleaner[Cxx].txt
  • eset.txt

  • 0

#8
PancakeOfSteel

PancakeOfSteel

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

Hi again, iMacg3, here are the files:

 

AdwCleaner[C01].txt:

 

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build:    04-04-2019
# Database: 2019-07-15.1 (Cloud)
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    07-16-2019
# Duration: 00:00:01
# OS:       Windows 10 Home Single Language
# Cleaned:  9
# Failed:   3
 
 
***** [ Services ] *****
 
No malicious services cleaned.
 
***** [ Folders ] *****
 
No malicious folders cleaned.
 
***** [ Files ] *****
 
No malicious files cleaned.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks cleaned.
 
***** [ Registry ] *****
 
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\warthunder.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\warthunder.com
Deleted       HKCU\Software\Lavasoft\Web Companion
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted       HKCU\Software\PRODUCTSETUP
Deleted       HKCU\Software\ProductSetup\Uninstall\0S1P1T1C1R1MtT0P1C1F2X1L1Q1P1QtT1S2UtT0Y1T1M1F1F
Deleted       HKLM\SYSTEM\Setup\FirstBoot\Services\WCAssistantService
Deleted       HKLM\Software\Wow6432Node\Lavasoft\Web Companion
 
***** [ Chromium (and derivatives) ] *****
 
Deleted       Adaware Secure Search
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs cleaned.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries cleaned.
 
***** [ Firefox URLs ] *****
 
Not Deleted   api.bing.com
Not Deleted   api.bing.com
Not Deleted   api.bing.com
 
 
*************************
 
[+] Delete Tracing Keys
[+] Reset Winsock
 
*************************
 
AdwCleaner[S00].txt - [2355 octets] - [15/07/2019 23:30:46]
AdwCleaner[S01].txt - [2416 octets] - [16/07/2019 17:26:40]
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
 
 
 
 
 
 
 
eset.txt:
 
 
 
2019/07/16 18:49:36
Files scanned: 444942
Infected files: 6
Cleaned threats: 6
Total scan time 01:04:01
Scan status: Finished
 
 
C:\FRST\Quarantine\C\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll a variant of MSIL/WebCompanion.D potentially unwanted application cleaned by deleting
C:\FRST\Quarantine\C\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe a variant of MSIL/WebCompanion.D potentially unwanted application cleaned by deleting
C:\FRST\Quarantine\C\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe a variant of MSIL/WebCompanion.D potentially unwanted application cleaned by deleting
C:\FRST\Quarantine\C\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe a variant of MSIL/WebCompanion.C potentially unwanted application cleaned by deleting
C:\Program Files (x86)\ASUS\GameFirst IV\nfapi.dll a variant of Win32/NetFilter.A potentially unsafe application cleaned by deleting
C:\Windows\System32\winscomrssrv.dll Win64/Agent.NK trojan cleaned by deleting
 
Thanks again.

  • 0

#9
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 562 posts
Hi PancakeOfSteel,

Did you uncheck these items in AdwCleaner?

PUP.Optional.Legacy api.bing.com
PUP.Optional.Legacy api.bing.com
PUP.Optional.Legacy api.bing.com


---------------------------------------------------
FRST scan
  • Double-click FRST.exe/FRST64.exe to run it.
  • Press the Scan button.
  • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
  • Please copy and paste the logs in your next reply.
---------------------------------------------------

In your next reply, please include:
  • FRST.txt
  • Addition.txt

  • 0

#10
PancakeOfSteel

PancakeOfSteel

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

Hi, iMacg3, I did not uncheck any of the items you have stated. Here are the files, though.

 

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-07-2019 01
Ran by ming2 (administrator) on DESKTOP-KA7J4FM (ASUSTeK COMPUTER INC. G752VSK) (17-07-2019 20:48:46)
Running from C:\Users\ming2\Downloads
Loaded Profiles: ming2 (Available Profiles: ming2 & Administrator)
Platform: Windows 10 Home Single Language Version 1803 17134.407 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() [File not signed] C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\SS2Svc32.exe
() [File not signed] C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\x64\SS2Svc64.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.35.76.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\Video.UI.exe
(ASUS) [File not signed] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ROG MacroKey\AsListen.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ROG MacroKey\MacroSrv.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ROG Gaming Center\ROGGamingKey.exe
(ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(A-Volute -> ) C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\SS2UILauncher.exe
(BitTorrent Inc -> BitTorrent Inc.) C:\Users\ming2\AppData\Roaming\uTorrent Web\utweb.exe
(Borland Software Corporation) [File not signed] C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe
(Borland Software Corporation) [File not signed] C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe
(Canon Inc. -> ) C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(CyberLink Corp. -> ) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Gaijin Network LTD -> Gaijin Entertainment) C:\Users\ming2\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Huawei Technologies Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel® Extreme Tuning Utility -> Intel® Corporation) C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\XtuService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Users\ming2\Downloads\AdwCleaner.exe
(McAfee, Inc. -> Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.7.371.0\McCSPServiceHost.exe
(McAfee, LLC -> McAfee, Inc.) C:\Program Files\mcafee\WebAdvisor\browserhost.exe
(McAfee, LLC -> McAfee, Inc.) C:\Program Files\mcafee\WebAdvisor\servicehost.exe
(McAfee, LLC -> McAfee, Inc.) C:\Program Files\mcafee\WebAdvisor\uihost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\ming2\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.35.76.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.35.76.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.1001.12.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Hardware Compatibility Publisher -> ) C:\Windows\SysWOW64\UMonit64.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.17.3.50\NortonSecurity.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.17.3.50\NortonSecurity.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.17.3.50\nsWscSvc.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) D:\STM\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) D:\STM\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) D:\STM\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) D:\STM\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) D:\STM\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) D:\STM\Steam.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => %ProgramFiles%\Windows Defender\MSASCuiL.exe
HKLM\...\Run: [SS2UILauncher] => C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\SS2UILauncher.exe [1143312 2016-11-11] (A-Volute -> )
HKLM\...\Run: [AvastUI.exe] => "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1313408 2017-07-05] (Canon Inc. -> CANON INC.)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3589471471-3968619273-1564904599-1001\...\Run: [utweb] => C:\Users\ming2\AppData\Roaming\uTorrent Web\utweb.exe [5116600 2018-02-21] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-3589471471-3968619273-1564904599-1001\...\Run: [Dxtory Update Checker 2.0] => C:\Program Files (x86)\ExKode\Dxtory2.0\UpdateChecker.exe [93696 2010-10-17] (Dxtory Software) [File not signed]
HKU\S-1-5-21-3589471471-3968619273-1564904599-1001\...\Run: [Steam] => D:\STM\steam.exe [3148576 2019-06-18] (Valve -> Valve Corporation)
HKU\S-1-5-21-3589471471-3968619273-1564904599-1001\...\Run: [movavi_videoconverter_agent] => C:\Users\ming2\AppData\Roaming\Movavi Video Converter 19 Premium\ConverterAgent.exe
HKU\S-1-5-21-3589471471-3968619273-1564904599-1001\...\Run: [Gaijin.Net Updater] => C:\Users\ming2\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [2105416 2019-04-18] (Gaijin Network LTD -> Gaijin Entertainment)
HKU\S-1-5-21-3589471471-3968619273-1564904599-1001\...\Run: [Gaijin.Net Agent] => C:\Users\ming2\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [2105416 2019-04-18] (Gaijin Network LTD -> Gaijin Entertainment)
HKU\S-1-5-21-3589471471-3968619273-1564904599-1001\...\RunOnce: [Application Restart #3] => C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe [1049608 2017-07-03] (ASUSTek Computer Inc. -> ASUSTek Computer Inc)
HKU\S-1-5-21-3589471471-3968619273-1564904599-1001\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe [1049608 2017-07-03] (ASUSTek Computer Inc. -> ASUSTek Computer Inc)
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\system32\rtvcvfw64.dll [246272 2012-09-28] () [File not signed]
HKLM\...\Drivers32: [vidc.xtor] => C:\WINDOWS\system32\DxtoryCodec.dll [2606144 2015-08-10] (ExKode Co.Ltd. -> ExKode Co. Ltd.)
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [File not signed]
HKLM\...\Drivers32: [vidc.xtor] => C:\WINDOWS\System32\DxtoryCodec.dll [2606144 2015-08-10] (ExKode Co.Ltd. -> ExKode Co. Ltd.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.142\Installer\chrmstp.exe [2019-07-16] (Google LLC -> Google LLC)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {000BFF18-F5E8-4528-8F20-18ACF54384D8} - System32\Tasks\Norton Security with Backup\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.17.3.50\SymErr.exe [101392 2019-06-20] (Symantec Corporation -> Symantec Corporation)
Task: {006FA409-1DB1-4634-BB1B-590C6F22B25E} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2281944 2019-06-04] (AVAST Software s.r.o. -> AVAST Software)
Task: {06970E83-BF59-4DE2-8C08-FD7BC12EACF6} - System32\Tasks\SS2Svc32Run => C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\SS2Svc32.exe [2573312 2016-11-11] () [File not signed]
Task: {0704FF8C-C053-4D38-AF8D-FA762A2637FF} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [436160 2017-10-11] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2003E7BA-1A5E-4FF0-AD5A-C7305B05060E} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [655296 2017-10-11] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {22EFDDE5-50E8-41D3-9AC5-6D534DA88F66} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9037832 2016-10-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {24740FFA-9EE2-44CE-AE42-06D4BE3B1E97} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [468616 2018-12-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {27F5DF75-84CE-4DDF-B742-5C3E6C6DB942} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [1542080 2017-10-11] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {29992AC6-C3D2-4CEC-8924-7186C2F4112A} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\SplitmediaLabs\XSplit Gamecaster\XSplit.Gamecaster.exe [42190848 2016-06-13] (SplitmediaLabs Limited -> SplitmediaLabs)
Task: {2B6F9ECE-525C-48ED-B6D8-7F9B8E01B4D1} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [19786024 2016-08-24] (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
Task: {339A8D80-E4AF-476D-BCD0-6CC1AD948A1D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24222880 2018-11-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {37E0674B-9C13-4A84-A218-71F8D7330C81} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [122008 2015-09-23] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {427AC9FC-DDF5-4DB0-B637-C7B81D39BAA6} - System32\Tasks\UMonitor Task => C:\WINDOWS\SysWOW64\UMonit64.exe [62016 2017-08-03] (Microsoft Windows Hardware Compatibility Publisher -> )
Task: {46F6A6A1-EA3E-49A4-ABDF-9F7DC2482508} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [728000 2017-10-11] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {49A79EB6-1C62-42F8-B311-10A9120EFB24} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\ming2\Downloads\esetonlinescanner_enu.exe [7969304 2019-07-16] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {4A123D6D-E19E-441C-BCD8-AB908F31DF21} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.17.3.50\WSCStub.exe [2225296 2019-06-20] (Symantec Corporation -> Symantec Corporation)
Task: {4D9FBF95-45BA-4CE8-A1B0-A45D393E4240} - System32\Tasks\ASUS ROG Macro Key Listener => C:\Program Files (x86)\ASUS\ROG MacroKey\AsListen.exe [516000 2016-03-24] (ASUSTeK Computer Inc. -> ASUS)
Task: {4EC29BD8-2823-4652-872A-2614A12EE8EE} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [909112 2016-07-27] (Intel® Trusted Connect Service -> Intel® Corporation)
Task: {50C04686-FE40-4976-8CA5-B8A20E0B8DFC} - System32\Tasks\Norton Security with Backup\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.17.3.50\SymErr.exe [101392 2019-06-20] (Symantec Corporation -> Symantec Corporation)
Task: {547EA1C0-657C-4A6D-BA72-AC72A8D6BFA6} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => C:\Program Files (x86)\Intel\Thunderbolt Software\\Thunderbolt.exe [440544 2016-05-17] (Intel® Client Connectivity Division SW -> Intel Corporation)
Task: {554A65E9-CEAA-44B3-8C9C-7FD8F6CF5BFE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-02-04] (Google Inc -> Google Inc.)
Task: {5F818B96-0CA3-4B41-A403-D9597B6F6825} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe
Task: {6E28355A-06EE-4F95-A375-A0301606A8F5} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2298256 2018-12-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {71A63D57-8ECF-4F97-A86E-C856A6CA2235} - System32\Tasks\ROG Gaming Center => C:\Program Files (x86)\ASUS\ROG Gaming Center\ROGGamingKey.exe [3855544 2016-11-24] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {71C8CAA2-4682-4B93-8D27-244C4706DC04} - System32\Tasks\SS2UILauncherRun => C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\SS2UILauncher.exe [1143312 2016-11-11] (A-Volute -> )
Task: {73C05A41-FFC9-432F-9514-826E30DF3FA5} - System32\Tasks\ASUSTek Computer Inc\ASUS GIFTBOX => C:\Program Files (x86)\ASUS\Giftbox\asusgiftbox.exe [1049608 2017-07-03] (ASUSTek Computer Inc. -> ASUSTek Computer Inc)
Task: {77DF86BC-4AE9-49F4-AE40-0C5BCB620D50} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [655296 2017-10-11] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7EC889D9-D831-4A5B-9921-BB56FE03BE79} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [728000 2017-10-11] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7F4BAC96-BBA7-4A33-BB72-ED7AB5801442} - System32\Tasks\Norton Security with Backup\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.17.3.50\SymErr.exe [101392 2019-06-20] (Symantec Corporation -> Symantec Corporation)
Task: {800DAD31-7813-4565-90FD-2B4CEC66AA9A} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [55808 2016-10-13] (ASUS) [File not signed]
Task: {81D299C9-F5C8-486E-926A-B3689600D254} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => C:\Program Files (x86)\Intel\Thunderbolt Software\\tbtsvc.exe [1897184 2016-05-17] (Intel® Client Connectivity Division SW -> Intel Corporation)
Task: {895A6FC2-87F1-4955-B3A7-FF1FE1DB6768} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [468616 2018-12-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {89862666-77ED-472E-B5FE-243E1A3D1ACC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [468616 2018-12-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {8B30E3F8-3A5A-4A28-A2A8-11C25475FF31} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [143160 2019-03-12] (ASUSTek Computer Inc. -> ASUSTek Computer Inc.)
Task: {94F78AB9-59C2-4564-B9F4-7FA6684D60A0} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-3589471471-3968619273-1564904599-1001 => {201600D8-6EFF-48CE-B842-E14D37A0682D} C:\WINDOWS\System32\wpninprc.dll [22016 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
Task: {9A407403-2F30-4613-AEF5-2D6A3473727B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-02-04] (Google Inc -> Google Inc.)
Task: {9EDFA1BF-4EBB-4069-BFB9-A8C839FDCB1F} - System32\Tasks\SS2Svc64Run => C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\x64\SS2Svc64.exe [259072 2016-11-11] () [File not signed]
Task: {A087754D-9508-44DD-9499-1494BA5E928D} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [123200 2018-12-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {A0F57D1E-E66E-49AA-B582-58B4C2A3A052} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => sc.exe start ThunderboltService
Task: {A5424974-8C2E-40BC-B2B3-5398212984EC} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: {A9EBEFF5-91B7-42A1-9934-38C42B9A5DCE} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24222880 2018-11-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {B325E479-D54F-434F-9B87-641989D38F49} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => C:\Program Files (x86)\Intel\Thunderbolt Software\\Thunderbolt.exe [440544 2016-05-17] (Intel® Client Connectivity Division SW -> Intel Corporation)
Task: {B649DCDA-C465-4A6F-8791-5F9437BC7333} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [468616 2018-12-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {C930195F-41E6-484F-BCA4-F8C67C97B8CE} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1473032 2016-10-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {CB17402D-849B-488A-9FB2-54E15AC1849D} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [1579296 2016-11-09] (ASUSTeK Computer Inc. -> ASUSTek COMPUTER INC.) [File not signed]
Task: {D20A59B4-8332-49C4-AB5C-A870144BA674} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2298256 2018-12-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {D4C1438E-F72B-447D-BC74-BADF09DFCB63} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [123200 2018-12-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {E69966FF-247B-4B99-AA7F-D5ECEEC74821} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [960448 2017-10-11] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {ECA12F93-DC1C-4CF7-A256-13C17A955223} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-11] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F007EE4A-AC69-43F1-BF3F-2449CB92AC7A} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2225296 2019-06-20] (Symantec Corporation -> Symantec Corporation)
Task: {F4FBE679-26EF-4DCE-9292-018C6180722C} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\ming2\Downloads\esetonlinescanner_enu.exe [7969304 2019-07-16] (ESET, spol. s r.o. -> ESET spol. s r.o.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 10.0.0.2
Tcpip\..\Interfaces\{7e847706-107c-470a-a7d9-0507dd0c47a0}: [DhcpNameServer] 10.0.0.2
Tcpip\..\Interfaces\{b8e1759a-637a-4d42-87ef-26abff9e6ece}: [DhcpNameServer] 10.0.0.2
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3589471471-3968619273-1564904599-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus17win10.msn.com/?pc=ASTE
BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.17.3.50\coIEPlg.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2019-07-12] (McAfee, LLC -> McAfee, Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2018-12-08] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.17.3.50\coIEPlg.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-03-15] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2019-07-12] (McAfee, LLC -> McAfee, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-03-15] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.17.3.50\coIEPlg.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.17.3.50\coIEPlg.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-12-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-12-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-12-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-12-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-12-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-12-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-12-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-12-08] (Microsoft Corporation -> Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: crw27yce.default
FF ProfilePath: C:\Users\ming2\AppData\Roaming\Mozilla\Firefox\Profiles\crw27yce.default [2019-07-15]
FF NewTab: Mozilla\Firefox\Profiles\crw27yce.default -> hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10440__180225
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\ming2\AppData\Roaming\Mozilla\Firefox\Profiles\crw27yce.default\Extensions\[email protected] [2018-09-15] [UpdateUrl:hxxps://firefoxext.avcdn.net/firefoxext/avast/sp/update.json]
FF Extension: (Avast Online Security) - C:\Users\ming2\AppData\Roaming\Mozilla\Firefox\Profiles\crw27yce.default\Extensions\[email protected] [2018-07-20]
FF Extension: (Google Reverse Image Search) - C:\Users\ming2\AppData\Roaming\Mozilla\Firefox\Profiles\crw27yce.default\Extensions\{95322c08-05ff-4f3c-85fd-8ceb821988dd}.xpi [2018-09-15]
FF Extension: (Google Code Correction) - C:\Users\ming2\AppData\Roaming\Mozilla\Firefox\Profiles\crw27yce.default\features\{03601851-27e3-4939-9991-e20a31d73260}\[email protected] [2018-09-15] [Legacy]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2019-07-12]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-09-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2017-03-13] (CANON INC.) [File not signed]
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2011-10-18] (Google) [File not signed]
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-03-15] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-03-15] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2018-09-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-17] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-17] (Google Inc -> Google LLC)
 
Chrome: 
=======
CHR Profile: C:\Users\ming2\AppData\Local\Google\Chrome\User Data\Default [2019-07-17]
CHR Extension: (Slides) - C:\Users\ming2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-02-04]
CHR Extension: (Docs) - C:\Users\ming2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-02-04]
CHR Extension: (Google Drive) - C:\Users\ming2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-02-04]
CHR Extension: (MEGA) - C:\Users\ming2\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2019-07-14]
CHR Extension: (YouTube) - C:\Users\ming2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-02-04]
CHR Extension: (Sheets) - C:\Users\ming2\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-02-04]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\ming2\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2019-05-09]
CHR Extension: (Google Docs Offline) - C:\Users\ming2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-03]
CHR Extension: (Avast Online Security) - C:\Users\ming2\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-07-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ming2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-07]
CHR Extension: (Gmail) - C:\Users\ming2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-09]
CHR Extension: (Chrome Media Router) - C:\Users\ming2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-07-03]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AsHidService; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe [126648 2016-06-16] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
R2 ASUS Rog Macro Key; C:\Program Files (x86)\ASUS\ROG MacroKey\MacroSrv.exe [492344 2015-07-03] (ASUSTeK Computer Inc. -> ASUS)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9646240 2018-11-20] (Microsoft Corporation -> Microsoft Corporation)
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [190784 2018-08-23] (Huawei Technologies Co., Ltd. -> ) [File not signed]
S3 iaStorAfsService; C:\WINDOWS\IAStorAfsService\iaStorAfsService.exe [2397816 2017-04-04] (Intel Corporation - pGFX -> Intel Corporation)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [190208 2016-10-15] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [391744 2017-07-11] (Canon Inc. -> )
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-07-27] (Intel® Trusted Connect Service -> Intel® Corporation)
R2 InterBaseGuardian; C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe [32768 2001-11-29] (Borland Software Corporation) [File not signed]
R3 InterBaseServer; C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe [1769472 2001-11-29] (Borland Software Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [177440 2016-10-06] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [899264 2019-07-12] (McAfee, LLC -> McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.7.371.0\\McCSPServiceHost.exe [2140888 2017-12-14] (McAfee, Inc. -> McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-11-29] (Intel Corporation-Wireless Connectivity Solutions -> )
R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.17.3.50\NortonSecurity.exe [225608 2019-06-20] (Symantec Corporation -> Symantec Corporation)
R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.17.3.50\nsWscSvc.exe [933200 2019-06-20] (Symantec Corporation -> Symantec Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-11] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-11] (NVIDIA Corporation -> NVIDIA Corporation)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1046456 2017-09-24] (McAfee, Inc. -> Intel Security, Inc.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-15] (CyberLink Corp. -> )
S3 ROGGamingCenterService; C:\Program Files (x86)\ASUS\ROG Gaming Center\ROGGamingCenterService.exe [42680 2016-11-25] (ASUSTeK Computer Inc. -> ASUSTeK COMPUTER INC.)
S3 ThunderboltService; C:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [1897184 2016-05-17] (Intel® Client Connectivity Division SW -> Intel Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe [3880120 2018-12-11] (Microsoft Corporation -> Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\XtuService.exe [18232 2016-11-10] (Intel® Extreme Tuning Utility -> Intel® Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-11-29] (Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation)
S3 aswbIDSAgent; "C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe" [X]
S2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [X]
S3 AvastWscReporter; "C:\Program Files\AVAST Software\Avast\wsc_proxy.exe" /runassvc [X]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AiCharger; C:\WINDOWS\system32\DRIVERS\AiCharger.sys [29312 2016-08-24] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek Computer Inc.)
R3 AsusPTPDrv; C:\WINDOWS\System32\drivers\AsusPTPFilter.sys [107008 2016-09-01] (ASUSTeK Computer Inc. -> ASUS Corporation)
S3 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [201240 2018-12-03] (AVAST Software s.r.o. -> AVAST Software)
S3 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [230344 2018-12-03] (AVAST Software s.r.o. -> AVAST Software)
S3 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [201768 2018-12-03] (AVAST Software s.r.o. -> AVAST Software)
S3 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [346592 2018-12-03] (AVAST Software s.r.o. -> AVAST Software)
S3 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [59496 2018-12-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15360 2018-07-20] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [239840 2018-12-03] (AVAST Software s.r.o. -> AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46384 2018-12-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42288 2018-12-03] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [163208 2018-12-03] (AVAST Software s.r.o. -> AVAST Software)
S3 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111800 2018-12-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [87432 2018-12-03] (AVAST Software s.r.o. -> AVAST Software)
S3 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1028680 2018-12-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [469272 2018-12-03] (AVAST Software s.r.o. -> AVAST Software)
S3 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [208472 2018-12-03] (AVAST Software s.r.o. -> AVAST Software)
S3 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [380464 2018-12-03] (AVAST Software s.r.o. -> AVAST Software)
R1 ATKWMIACPIIO; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [20096 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek Computer Inc.)
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.17.1.50\Definitions\BASHDefs\20190709.001\BHDrvx64.sys [1935880 2019-06-25] (Symantec Corporation -> Symantec Corporation)
R1 ccSet_NGC; C:\WINDOWS\System32\drivers\NGCx64\1611030.032\ccSetx64.sys [192704 2019-06-20] (Symantec Corporation -> Symantec Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [515592 2019-06-15] (Symantec Corporation -> Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153096 2019-06-16] (Symantec Corporation -> Symantec Corporation)
S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18944 2017-07-26] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 GeneStor; C:\WINDOWS\system32\DRIVERS\GeneStor.sys [130920 2017-08-03] (Genesys Logic, Inc. -> GenesysLogic)
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsRadioControl.sys [31120 2016-12-19] (ASUSTeK Computer Inc. -> ASUS)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2018-08-23] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 iaStorAfs; C:\WINDOWS\System32\drivers\iaStorAfs.sys [69632 2017-03-28] (Intel® Rapid Storage Technology -> Intel Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [732416 2016-10-15] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.17.1.50\Definitions\IPSDefs\20190715.061\IDSvia64.sys [1441800 2019-07-02] (Symantec Corporation -> Symantec Corporation)
R2 iocbios2; C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [37064 2016-08-25] (Intel Corporation -> Intel Corporation)
R1 netfilter2; C:\WINDOWS\System32\drivers\netfilter2.sys [79504 2016-09-18] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider)
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7689728 2018-04-12] (Microsoft Windows -> Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvam.inf_amd64_45d4f41b93b9677a\nvlddmkm.sys [14461344 2017-06-14] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-10-11] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50624 2017-10-11] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-10-11] (NVIDIA Corporation -> NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2016-08-01] (Realtek Semiconductor Corp. -> Realtek )
R3 SRTSP; C:\WINDOWS\System32\drivers\NGCx64\1611030.032\SRTSP64.SYS [864776 2019-06-20] (Symantec Corporation -> Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\System32\drivers\NGCx64\1611030.032\SRTSPX64.SYS [49672 2019-06-20] (Symantec Corporation -> Symantec Corporation)
S3 sshid; C:\WINDOWS\System32\drivers\sshid.sys [45936 2017-08-15] (SteelSeries ApS -> SteelSeries ApS)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\1611030.032\SYMEFASI64.SYS [1998552 2019-06-20] (Symantec Corporation -> Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\1611030.032\SymELAM.sys [25744 2019-06-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [99848 2019-06-16] (Symantec Corporation -> Symantec Corporation)
S4 SymEvnt; C:\Program Files\Norton Security\NortonData\22.17.1.50\SymPlatform\SymEvnt.sys [712200 2019-06-26] (Symantec Corporation -> Symantec Corporation)
R1 SymIRON; C:\WINDOWS\System32\drivers\NGCx64\1611030.032\Ironx64.SYS [315912 2019-06-20] (Symantec Corporation -> Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\drivers\NGCx64\1611030.032\symnets.sys [573448 2019-06-20] (Symantec Corporation -> Symantec Corporation)
R3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [213216 2018-11-08] (Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [223000 2018-11-08] (Oracle Corporation -> Oracle Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46680 2018-12-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [330936 2018-12-11] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62136 2018-12-11] (Microsoft Windows -> Microsoft Corporation)
S3 wpCtrlDrv_NGC; C:\WINDOWS\System32\drivers\NGCx64\1611030.032\wpCtrlDrv.sys [1012120 2019-06-20] (Symantec Corporation -> Symantec Corporation)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [54352 2016-08-18] (Intel Corporation -> Intel Corporation)
U3 aswbdisk; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2099-09-08 08:07 - 2018-04-12 01:34 - 000098304 _____ (Microsoft Corporation) C:\Utilman.exe
2099-09-07 22:33 - 2117-09-07 23:42 - 000000000 ___DC C:\Users\Administrator\AppData\Local\CrashDumps
2099-09-07 22:33 - 2117-09-07 22:33 - 000000000 ___DC C:\Users\Administrator\AppData\Local\DBG
2099-09-07 22:29 - 2117-09-07 22:29 - 000000000 ___DC C:\Users\Administrator\AppData\Local\Comms
2099-09-07 22:17 - 2117-09-07 22:17 - 000000000 ___DC C:\Users\Administrator\AppData\Roaming\Sun
2099-09-07 22:17 - 2117-09-07 22:17 - 000000000 ___DC C:\Users\Administrator\AppData\LocalLow\Sun
2099-09-07 22:15 - 2117-09-07 23:41 - 000000182 ____C C:\Users\Administrator\AppData\Roaming\sp_data.sys
2099-09-07 22:14 - 2117-09-07 22:14 - 000000000 ___HD C:\Users\Administrator\MicrosoftEdgeBackups
2099-09-07 22:13 - 2117-09-07 22:13 - 000003306 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2099-09-07 22:13 - 2117-09-07 22:13 - 000000000 ___RD C:\Users\Administrator\OneDrive
2099-09-07 22:12 - 2117-09-07 22:30 - 000000000 ___DC C:\Users\Administrator\AppData\Local\Packages
2099-09-07 22:12 - 2117-09-07 22:14 - 000000000 ___DC C:\Users\Administrator\AppData\Local\NVIDIA Corporation
2099-09-07 22:12 - 2117-09-07 22:14 - 000000000 ____D C:\Users\Administrator
2099-09-07 22:12 - 2117-09-07 22:13 - 000002389 ____C C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2099-09-07 22:12 - 2117-09-07 22:12 - 000001417 ____C C:\Users\Administrator\Desktop\Microsoft Edge.lnk
2099-09-07 22:12 - 2117-09-07 22:12 - 000000020 ___SH C:\Users\Administrator\ntuser.ini
2099-09-07 22:12 - 2117-09-07 22:12 - 000000000 ___RD C:\Users\Administrator\3D Objects
2099-09-07 22:12 - 2117-09-07 22:12 - 000000000 ___DC C:\Users\Administrator\AppData\Roaming\Intel
2099-09-07 22:12 - 2117-09-07 22:12 - 000000000 ___DC C:\Users\Administrator\AppData\Roaming\Canon
2099-09-07 22:12 - 2117-09-07 22:12 - 000000000 ___DC C:\Users\Administrator\AppData\Roaming\Adobe
2099-09-07 22:12 - 2117-09-07 22:12 - 000000000 ___DC C:\Users\Administrator\AppData\Local\SS22.0.34
2099-09-07 22:12 - 2117-09-07 22:12 - 000000000 ___DC C:\Users\Administrator\AppData\Local\Publishers
2099-09-07 22:12 - 2117-09-07 22:12 - 000000000 ___DC C:\Users\Administrator\AppData\Local\NVIDIA
2099-09-07 22:12 - 2117-09-07 22:12 - 000000000 ___DC C:\Users\Administrator\AppData\Local\MicrosoftEdge
2099-09-07 22:12 - 2117-09-07 22:12 - 000000000 ___DC C:\Users\Administrator\AppData\Local\Google
2099-09-07 22:12 - 2117-09-07 22:12 - 000000000 ___DC C:\Users\Administrator\AppData\Local\Crashpad
2099-09-07 22:12 - 2117-09-07 22:12 - 000000000 ___DC C:\Users\Administrator\AppData\Local\ConnectedDevicesPlatform
2099-09-07 22:12 - 2117-09-07 22:12 - 000000000 ___DC C:\Users\Administrator\AppData\Local\ASUS GIFTBOX
2099-09-07 22:12 - 2117-09-07 22:12 - 000000000 ___DC C:\Users\Administrator\AppData\Local\ASUS
2019-07-16 19:28 - 2019-07-16 19:28 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2019-07-16 18:50 - 2019-07-16 18:50 - 000003812 _____ C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onLogOn
2019-07-16 18:50 - 2019-07-16 18:50 - 000003370 _____ C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onTime
2019-07-16 17:29 - 2019-07-16 17:29 - 007969304 _____ (ESET spol. s r.o.) C:\Users\ming2\Downloads\esetonlinescanner_enu.exe
2019-07-16 17:29 - 2019-07-16 17:29 - 000000771 ____C C:\Users\ming2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2019-07-16 17:29 - 2019-07-16 17:29 - 000000000 ___DC C:\Users\ming2\AppData\Local\ESET
2019-07-15 23:28 - 2019-07-16 17:27 - 000000000 ____D C:\AdwCleaner
2019-07-15 23:28 - 2019-07-15 23:28 - 007025360 _____ (Malwarebytes) C:\Users\ming2\Downloads\AdwCleaner.exe
2019-07-15 23:23 - 2019-07-15 23:24 - 000023757 _____ C:\Users\ming2\Downloads\Fixlog.txt
2019-07-15 23:22 - 2019-07-15 23:22 - 000000000 ____D C:\Users\ming2\Downloads\FRST-OlderVersion
2019-07-15 14:37 - 2019-07-15 14:37 - 000000447 _____ C:\Users\ming2\Downloads\ckfiles.txt
2019-07-15 14:28 - 2019-07-15 14:28 - 000468480 _____ () C:\Users\ming2\Downloads\CKScanner.exe
2019-07-14 21:40 - 2019-07-14 21:40 - 000061866 _____ C:\Users\ming2\Downloads\FRST (1).txt
2019-07-14 21:03 - 2019-07-14 21:04 - 000058887 _____ C:\Users\ming2\Downloads\Addition.txt
2019-07-14 21:02 - 2019-07-17 20:49 - 000048107 _____ C:\Users\ming2\Downloads\FRST.txt
2019-07-14 21:02 - 2019-07-17 20:48 - 000000000 ____D C:\FRST
2019-07-14 21:00 - 2019-07-15 23:22 - 002095104 _____ (Farbar) C:\Users\ming2\Downloads\FRST64.exe
2019-07-14 17:52 - 2019-07-14 19:25 - 000000000 ___HD C:\$WINDOWS.~BT
2019-07-12 21:29 - 2019-07-14 17:50 - 000000000 ___HD C:\$GetCurrent
2019-07-12 21:28 - 2019-07-14 18:01 - 000000000 ____D C:\Windows10Upgrade
2019-07-12 21:19 - 2019-07-12 21:19 - 000000000 ___DC C:\Users\ming2\AppData\Local\PackageStaging
2019-07-07 19:16 - 2019-07-17 03:11 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton Security with Backup
2019-07-07 19:11 - 2019-07-07 19:11 - 000003376 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2019-07-07 19:11 - 2019-07-07 19:11 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2019-07-03 16:20 - 2019-07-07 21:05 - 000000000 ____D C:\Program Files\Common Files\AV
2019-07-03 14:34 - 2019-07-04 00:45 - 000000000 ___HD C:\$SysReset
 
==================== One month (modified) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2099-09-07 22:30 - 2018-07-05 20:28 - 000000000 ____D C:\ProgramData\Packages
2099-09-07 22:12 - 2017-09-08 20:36 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-07-17 20:49 - 2018-09-29 01:39 - 000004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6C8E1341-1372-4261-A633-F6C028A0E18A}
2019-07-17 20:46 - 2019-06-15 18:01 - 000000000 ___DC C:\Users\ming2\AppData\Local\PlaceholderTileLogoFolder
2019-07-17 20:46 - 2018-09-29 01:33 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-07-17 20:46 - 2018-04-12 01:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-07-17 20:46 - 2018-02-04 16:26 - 000000182 ____C C:\Users\ming2\AppData\Roaming\sp_data.sys
2019-07-16 22:45 - 2018-02-04 20:18 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-07-16 22:45 - 2018-02-04 20:18 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-07-16 19:11 - 2018-04-12 01:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-07-16 18:56 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-07-16 18:56 - 2018-02-04 16:25 - 000000000 ___RD C:\Users\ming2\OneDrive
2019-07-16 17:35 - 2018-09-29 11:25 - 000761100 _____ C:\WINDOWS\system32\prfh0416.dat
2019-07-16 17:35 - 2018-09-29 11:25 - 000148248 _____ C:\WINDOWS\system32\prfc0416.dat
2019-07-16 17:35 - 2018-09-29 11:23 - 000775498 _____ C:\WINDOWS\system32\prfh0816.dat
2019-07-16 17:35 - 2018-09-29 11:23 - 000151752 _____ C:\WINDOWS\system32\prfc0816.dat
2019-07-16 17:35 - 2018-09-29 11:21 - 000789246 _____ C:\WINDOWS\system32\perfh00C.dat
2019-07-16 17:35 - 2018-09-29 11:21 - 000149092 _____ C:\WINDOWS\system32\perfc00C.dat
2019-07-16 17:35 - 2018-09-29 11:17 - 000785584 _____ C:\WINDOWS\system32\perfh00A.dat
2019-07-16 17:35 - 2018-09-29 11:17 - 000154772 _____ C:\WINDOWS\system32\perfc00A.dat
2019-07-16 17:35 - 2018-09-29 11:15 - 000703544 _____ C:\WINDOWS\system32\perfh01F.dat
2019-07-16 17:35 - 2018-09-29 11:15 - 000143920 _____ C:\WINDOWS\system32\perfc01F.dat
2019-07-16 17:35 - 2018-09-29 01:41 - 005349780 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-07-16 17:35 - 2018-04-12 01:36 - 000000000 ____D C:\WINDOWS\INF
2019-07-16 17:28 - 2017-09-08 20:42 - 000000000 ____D C:\ProgramData\NVIDIA
2019-07-16 17:27 - 2018-09-29 01:39 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-07-16 17:27 - 2018-04-11 23:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-07-15 23:26 - 2018-02-25 22:47 - 000000000 ___DC C:\Users\ming2\AppData\Local\CrashDumps
2019-07-15 23:24 - 2018-02-06 21:44 - 000000000 ___DC C:\Users\ming2\AppData\LocalLow\Temp
2019-07-15 14:25 - 2019-02-18 00:52 - 000000000 ___HD C:\OneDriveTemp
2019-07-14 19:33 - 2018-10-30 21:50 - 000000000 ____D C:\ivory
2019-07-14 19:30 - 2018-12-09 21:11 - 000000000 ___DC C:\Users\ming2\AppData\Roaming\uTorrent
2019-07-14 19:02 - 2019-03-07 00:22 - 000000000 ____D C:\WINDOWS\Panther
2019-07-14 19:02 - 2018-09-29 01:39 - 000001908 _____ C:\WINDOWS\diagwrn.xml
2019-07-14 19:02 - 2018-09-29 01:39 - 000001908 _____ C:\WINDOWS\diagerr.xml
2019-07-14 18:01 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\Registration
2019-07-14 17:55 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-07-14 17:52 - 2018-03-11 16:54 - 000000036 _____ C:\WINDOWS\progress.ini
2019-07-14 17:50 - 2018-03-09 23:52 - 000000733 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Update Assistant.lnk
2019-07-12 23:23 - 2018-04-11 23:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-07-12 21:19 - 2018-02-04 16:23 - 000000000 ___DC C:\Users\ming2\AppData\Local\Packages
2019-07-12 21:18 - 2018-10-30 22:05 - 000000000 ___DC C:\Users\ming2\AppData\Local\ElevatedDiagnostics
2019-07-12 20:59 - 2018-09-29 01:39 - 000003380 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3589471471-3968619273-1564904599-1001
2019-07-12 20:59 - 2018-09-29 01:34 - 000002369 ____C C:\Users\ming2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-07-07 21:01 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-07-07 19:24 - 2018-04-12 01:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-07-07 19:11 - 2019-06-16 18:23 - 000002410 _____ C:\Users\Public\Desktop\Norton Security.lnk
2019-07-07 19:11 - 2019-06-16 18:22 - 000000000 ____D C:\WINDOWS\system32\Drivers\NGCx64
2019-07-03 14:39 - 2018-03-16 16:00 - 000000000 ____D C:\ProgramData\CanonIJPLM
 
==================== Files in the root of some directories ================
 
2018-02-04 16:26 - 2019-07-17 20:46 - 000000182 ____C () C:\Users\ming2\AppData\Roaming\sp_data.sys
2018-02-08 07:07 - 2018-02-26 15:55 - 001065984 ____C () C:\Users\ming2\AppData\Local\file__0.localstorage
 
==================== SigCheck ===============================
 
(There is no automatic fix for files that do not pass verification.)
 

==================== End of FRST.txt ============================

 

 

 

 

 

 

Addition.txt:

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-07-2019 01
Ran by ming2 (17-07-2019 20:49:48)
Running from C:\Users\ming2\Downloads
Windows 10 Home Single Language Version 1803 17134.407 (X64) (2018-09-28 23:39:34)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3589471471-3968619273-1564904599-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-3589471471-3968619273-1564904599-503 - Limited - Disabled)
Guest (S-1-5-21-3589471471-3968619273-1564904599-501 - Limited - Disabled)
ming2 (S-1-5-21-3589471471-3968619273-1564904599-1001 - Administrator - Enabled) => C:\Users\ming2
WDAGUtilityAccount (S-1-5-21-3589471471-3968619273-1564904599-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Security (Disabled - Out of date) {A2708B76-6835-6565-CB96-694212954A75}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security (Disabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 381.67 - NVIDIA Corporation) Hidden
ASUS GIFTBOX (HKLM-x32\...\ASUS GIFTBOX) (Version: 7.5.24 - ASUSTek Computer Inc)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.6.8 - ASUSTeK COMPUTER INC.)
ASUS PTP Driver (HKLM-x32\...\{7618E419-9124-4E6C-9AF4-487A6DDEC1C5}) (Version: 11.0.13 - ASUS)
Asus Sonic Suite Plugins (HKLM-x32\...\{d555d60b-d333-4c38-ad0e-0f3049b81c41}) (Version: 2.0.34 - ASUSTeKcomputer.Inc)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.19.0004 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.8 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0050 - ASUS)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.8.2356 - AVAST Software)
BitLord 2.4 (HKLM-x32\...\BitLord) (Version: 2.4.6-332 - House of Life)
Borland Delphi 7 (HKLM-x32\...\{72263053-50D1-4598-9502-51ED64E54C51}) (Version: 7.0 - Borland Software Corporation)
Canon G3010 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_G3010_series) (Version: 1.00 - Canon Inc.)
Canon G3010 series On-screen Manual (HKLM-x32\...\Canon G3010 series On-screen Manual) (Version: 1.0.0 - Canon Inc.)
Canon IJ Printer Assistant Tool (HKLM-x32\...\Canon IJ Printer Assistant Tool) (Version: 1.05.1.51 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.4.0.16 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 5.5.0 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.6.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.6.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.8.5 - Canon Inc.)
CheckDevicesConfigurator (HKLM\...\{25EA28D9-7BD5-46E1-89A1-02147CF0A4A7}) (Version: 2.0.3401 - ASUSTeKcomputer.Inc) Hidden
Crossout Launcher 1.0.3.75 (HKLM-x32\...\CrossOutLauncher_is1) (Version:  - )
Crossout Launcher 1.0.3.91 (HKU\S-1-5-21-3589471471-3968619273-1564904599-1001\...\CrossOutLauncher_is1) (Version:  - )
CyberLink PhotoDirector 5 (HKLM\...\{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6515 - CyberLink Corp.) Hidden
CyberLink PhotoDirector 5 (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6515 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4010.0 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4010.0 - CyberLink Corp.)
DCS World (HKLM\...\DCS World_is1) (Version: 2.5 - Eagle Dynamics)
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.2.7 - ASUSTek COMPUTER INC.)
DJI driver version 2.02 (HKLM-x32\...\{EDFDE5EE-84C7-4936-804C-6563943E5754}_is1) (Version: 2.02 - DJI)
Dxtory version 2.0.142 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.142 - ExKode Co. Ltd.)
Fallout 3 (HKLM-x32\...\1454315831_is1) (Version: 1.7.0.3 - GOG.com)
GameFirst IV (HKLM-x32\...\{370651DD-8ABF-4807-9533-0869FDF79BFA}) (Version: 1.5.31 - ASUSTeK COMPUTER INC.) Hidden
GameFirst IV (HKLM-x32\...\GameFirst IV 1.5.31) (Version: 1.5.31 - ASUSTeK COMPUTER INC.)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.5.2.0.1001 - Genesys Logic)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 75.0.3770.142 - Google LLC)
Google Earth Plug-in (HKLM-x32\...\{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}) (Version: 6.1.0.5001 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Ground Station 4.0.11 (HKLM-x32\...\{47B0D79A-8369-463F-A111-A3C24E208B73}) (Version: 4.0.11 - DJI Product)
Hearts of Iron IV Waking the Tiger (HKLM-x32\...\Hearts of Iron IV Waking the Tiger_is1) (Version:  - )
Heaven Benchmark version 4.0 (HKLM-x32\...\Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 - Unigine Corp.)
HiSuite (HKLM-x32\...\Hi Suite) (Version: 8.0.1.303 - Huawei Technologies Co.,Ltd)
Installer (HKLM\...\{E9675998-9B12-4560-8E98-A6CCCDE0BE18}) (Version: 1.0.0 - Default Company Name)
Intel Security Software Manager (HKLM\...\Intel Security Software Manager) (Version: 1.1.107.0 - Intel Security)
Intel® Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1035 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1633.3 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{52DA40D6-6EF4-4B28-B501-FC538ECE638C}) (Version: 19.01.1627.3533 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{5853172b-5520-4089-9ef4-e26c594382b3}) (Version: 19.30.0 - Intel Corporation)
InterBase 6.5 (HKLM-x32\...\InterBase) (Version:  - )
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Katawa Shoujo (HKLM-x32\...\Katawa Shoujo) (Version:  - )
LauncherSetup (HKLM\...\{B9FCF2A8-67FE-444D-A26F-C656A9A08B54}) (Version: 2.0.3401 - ASUSTeKcomputer.Inc) Hidden
Mad Max (HKLM-x32\...\Mad Max_is1) (Version:  - )
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.0.78 - McAfee, LLC.)
Microsoft Office 365 - ar-sa (HKLM\...\O365HomePremRetail - ar-sa) (Version: 16.0.11029.20079 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.11029.20079 - Microsoft Corporation)
Microsoft Office 365 - es-es (HKLM\...\O365HomePremRetail - es-es) (Version: 16.0.11029.20079 - Microsoft Corporation)
Microsoft Office 365 - fr-fr (HKLM\...\O365HomePremRetail - fr-fr) (Version: 16.0.11029.20079 - Microsoft Corporation)
Microsoft Office 365 - pt-br (HKLM\...\O365HomePremRetail - pt-br) (Version: 16.0.11029.20079 - Microsoft Corporation)
Microsoft Office 365 - pt-pt (HKLM\...\O365HomePremRetail - pt-pt) (Version: 16.0.11029.20079 - Microsoft Corporation)
Microsoft Office 365 - tr-tr (HKLM\...\O365HomePremRetail - tr-tr) (Version: 16.0.11029.20079 - Microsoft Corporation)
Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.11029.20079 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3589471471-3968619273-1564904599-1001\...\OneDriveSetup.exe) (Version: 19.103.0527.0003 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x64 8.0.61000 (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{49e969a1-2990-464d-92b5-25f6f34573c6}) (Version: 12.0.40664.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{d2c8df0e-f15d-4426-9e51-f13f329f9cb4}) (Version: 12.0.40664.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26608 (HKLM-x32\...\{14b0e021-2fba-4fa5-ba97-e92df20267fa}) (Version: 14.15.26608.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26608 (HKLM-x32\...\{3442067b-bd8a-4af4-a129-9769e4e29a07}) (Version: 14.15.26608.1 - Microsoft Corporation)
Minecraft1.7.2 (HKLM-x32\...\Minecraft1.7.2) (Version:  - )
Movavi Video Converter 19 Premium (HKU\S-1-5-21-3589471471-3968619273-1564904599-1001\...\Movavi Video Converter 19 Premium) (Version: 19.2.0 - Movavi)
Mozilla Firefox 56.0 (x64 en-US) (HKLM\...\Mozilla Firefox 56.0 (x64 en-US)) (Version: 56.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0.1 - Mozilla)
NahimicSettingsConfigurator (HKLM\...\{B0C3F386-FAD9-48F8-AA7D-43BA6ABA891C}) (Version: 2.0.3401 - ASUSTeKcomputer.Inc) Hidden
NEKOPARA Vol  0 (HKLM-x32\...\NEKOPARA Vol  0_is1) (Version:  - )
Norton Security (HKLM-x32\...\NGC) (Version: 22.17.3.50 - Symantec Corporation)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.5.4 - Notepad++ Team)
NVIDIA GeForce Experience 3.10.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.10.0.95 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.26 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.11029.20079 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.11029.20079 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0401-1000-0000000FF1CE}) (Version: 16.0.11029.20079 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.11029.20079 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-040C-1000-0000000FF1CE}) (Version: 16.0.11029.20079 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0416-1000-0000000FF1CE}) (Version: 16.0.11029.20079 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-041F-1000-0000000FF1CE}) (Version: 16.0.11029.20079 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0816-1000-0000000FF1CE}) (Version: 16.0.11029.20079 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0C0A-1000-0000000FF1CE}) (Version: 16.0.11029.20079 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 5.2.22 (HKLM\...\{85307853-1C18-4D00-AA0B-B561502BD7C0}) (Version: 5.2.22 - Oracle Corporation)
ProductDaemonSetup (HKLM\...\{81C30475-7662-4753-9B8B-C1730C74730B}) (Version: 2.0.3401 - ASUSTeKcomputer.Inc) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7960 - Realtek Semiconductor Corp.)
RivaTuner Statistics Server 7.0.2 (HKLM-x32\...\RTSS) (Version: 7.0.2 - Unwinder)
ROG Gaming Center (HKLM-x32\...\{CC182DBF-FC67-4F79-9930-6A2682E60BDD}) (Version: 2.0.3 - ASUS)
ROG MacroKey (HKLM-x32\...\{1101D2B9-7E8C-4361-88D5-AB0A2EB705EC}) (Version: 1.0.6 - ASUS)
Rust (2112/6.09.2018) (HKLM\...\Rust (2112/6.09.2018)) (Version:  - )
SonicRadarSetup (HKLM\...\{65AFFD10-3043-4065-B9A2-9DD4C35AAD87}) (Version: 1.0.0.0 - ASUSTeKcomputer.Inc) Hidden
SonicStudioSetup (HKLM\...\{0111777E-C60C-493D-BE55-CF8B02764327}) (Version: 2.0.3401 - ASUSTeKcomputer.Inc) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Subnautica.REPACK-KaOs Uninstaller v3.0 (HKLM-x32\...\Subnautica.REPACK-KaOs_is1) (Version: 3.0 - KaOsKrew)
The Elder Scrolls V Skyrim Legendary Edition version 1.9.32.8 (HKLM-x32\...\The Elder Scrolls V Skyrim Legendary Edition_is1) (Version: 1.9.32.8 - Mr DJ)
Thunderbolt™ Software (HKLM-x32\...\{FBD934F4-FC23-4044-8392-3551DC8D972F}) (Version: 16.1.47.275 - Intel Corporation)
Unigine Superposition Benchmark 1.0 (HKLM\...\Superposition_is1) (Version: 1.0 - Unigine Corp.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9CBA860F-7437-4A75-941C-8EF559F2D145}) (Version: 2.52.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden
uTorrent Web (HKU\S-1-5-21-3589471471-3968619273-1564904599-1001\...\utweb) (Version: 0.12.0 - BitTorrent, Inc.)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
War Thunder Launcher 1.0.3.168 (HKU\S-1-5-21-3589471471-3968619273-1564904599-1001\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - Gaijin Entertainment)
West of Loathing (HKLM-x32\...\1154606028_is1) (Version: 1.0.3d - GOG.com)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22807 - Microsoft Corporation)
Windows Driver Package - ASUS (AsusPTPDrv) HIDClass  (08/15/2016 11.0.0.13) (HKLM\...\A2DEE012DC7578575962E3ACBE995AE145C87914) (Version: 08/15/2016 11.0.0.13 - ASUS)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.2.2 - ASUSTeK COMPUTER INC.)
WinRAR 5.61 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH)
XSplit Gamecaster (HKLM-x32\...\{9E8A3821-032E-4230-9C12-C14D3FC8685E}) (Version: 2.8.1605.2342 - SplitmediaLabs)
 
Packages:
=========
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_5.0.2.0_x86__kgqvnymyfvs32 [2018-12-10] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.127.300.0_x86__kgqvnymyfvs32 [2018-12-03] (king.com)
Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_2.7.0.1_neutral__6e5tt8cgb93ep [2018-03-18] (Canon Inc.)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11001.20116.0_x64__8wekyb3d8bbwe [2018-12-11] (Microsoft Corporation) [MS Ad]
March of Empires: War of Lords -> C:\Program Files\WindowsApps\A278AB0D.MarchofEmpires_3.7.0.7_x86__h6adky7gbf63m [2018-12-08] (Gameloft.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2018-09-26] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x86__8wekyb3d8bbwe [2018-09-26] (Microsoft Corporation) [MS Ad]
Microsoft People -> C:\Program Files\WindowsApps\Microsoft.People_10.1808.2473.0_x64__8wekyb3d8bbwe [2018-10-04] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.2.11280.0_x86__8wekyb3d8bbwe [2018-12-11] (Microsoft Studios) [MS Ad]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.8.24.0_x64__8wekyb3d8bbwe [2018-12-11] (Microsoft Studios)
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.26.12153.0_x64__8wekyb3d8bbwe [2018-09-03] (Microsoft Corporation) [MS Ad]
MyASUS-Service Center -> C:\Program Files\WindowsApps\B9ECED6F.MyASUS_3.3.11.0_x86__qmba6cd70vzyy [2018-05-04] (ASUSTeK COMPUTER INC.)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.89.355.0_x64__mcm4njqhnhss8 [2018-12-11] (Netflix, Inc.)
PDF Reader - View, Edit, Share -> C:\Program Files\WindowsApps\0D9A1B2D.PDFReaderUWP_1.8.1128.0_x64__jhretta7p24aw [2018-12-07] (Kdan Mobile Software Ltd.) [MS Ad]
Samsung Printer Experience -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungPrinterExperience_1.3.15.0_x64__3c1yjt4zspk6g [2018-02-07] (Samsung Electronics Co. Ltd.)
WPS Office -> C:\Program Files\WindowsApps\ZhuhaiKingsoftOfficeSoftw.WPSOffice_10.2.5831.0_x86__924xes6e8q1tw [2018-02-04] (ms-resource:Resources/PublisherDisplayName)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.17.3.50\buShell.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.17.3.50\buShell.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.17.3.50\buShell.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.17.3.50\buShell.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.17.3.50\buShell.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.17.3.50\buShell.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2018-01-01] (Notepad++ -> )
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.17.3.50\buShell.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.17.3.50\NavShExt.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.17.3.50\NavShExt.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-06-08] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.17.3.50\buShell.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.17.3.50\NavShExt.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-10-13 07:17 - 2016-10-13 07:17 - 000125440 _____ () [File not signed] C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2016-10-13 07:17 - 2016-10-13 07:17 - 000033280 _____ () [File not signed] C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2016-10-13 07:17 - 2016-10-13 07:17 - 000029184 _____ () [File not signed] C:\Program Files (x86)\ASUS\Splendid\VideoEnhance.dll
2016-11-11 00:18 - 2016-11-11 00:18 - 000086528 _____ () [File not signed] C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\sradarlauncher.dll
2016-11-11 00:18 - 2016-11-11 00:18 - 002573312 _____ () [File not signed] C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\SS2svc32.exe
2016-11-11 00:21 - 2016-11-11 00:21 - 000259072 _____ () [File not signed] C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\x64\SS2svc64.exe
2018-02-21 03:12 - 2018-02-21 03:12 - 001221120 _____ () [File not signed] C:\Users\ming2\AppData\Roaming\uTorrent Web\avcodec-57.dll
2018-02-21 03:12 - 2018-02-21 03:12 - 000796160 _____ () [File not signed] C:\Users\ming2\AppData\Roaming\uTorrent Web\avformat-57.dll
2018-02-21 03:12 - 2018-02-21 03:12 - 000446976 _____ () [File not signed] C:\Users\ming2\AppData\Roaming\uTorrent Web\avutil-55.dll
2018-02-21 03:12 - 2018-02-21 03:12 - 000146944 _____ () [File not signed] C:\Users\ming2\AppData\Roaming\uTorrent Web\swresample-2.dll
2016-10-13 07:17 - 2016-10-13 07:17 - 001676288 _____ (ASUS TeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\Splendid\ApplyLUT.dll
2016-10-13 07:17 - 2016-10-13 07:17 - 000178176 _____ (ASUS TeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\Splendid\GenLUT.dll
2016-10-13 07:17 - 2016-10-13 07:17 - 000055808 _____ (ASUS) [File not signed] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
2016-10-13 07:17 - 2016-10-13 07:17 - 000165888 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\Splendid\ColorU.dll
2018-08-08 10:09 - 2001-11-29 01:50 - 000032768 _____ (Borland Software Corporation) [File not signed] C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe
2018-08-08 10:09 - 2001-11-29 01:50 - 001769472 _____ (Borland Software Corporation) [File not signed] C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe
2018-03-18 14:39 - 2017-07-05 13:43 - 000561152 _____ (CANON INC. ) [File not signed] C:\Program Files (x86)\Canon\Quick Menu\CCL.dll
2018-03-16 15:59 - 2017-05-02 09:06 - 000123904 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJPLM\CNMPU.DLL
2018-03-18 14:39 - 2017-07-05 13:49 - 000593920 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\Quick Menu\CNQMMWRP.dll
2018-08-23 14:42 - 2018-08-23 14:42 - 000190784 _____ (Huawei Technologies Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
2017-09-08 21:04 - 2017-09-08 21:04 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\AppvIsvSubsystems64.dll
2017-09-08 21:04 - 2017-09-08 21:04 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\c2r64.dll
2018-02-21 03:12 - 2018-02-21 03:12 - 001272320 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Users\ming2\AppData\Roaming\uTorrent Web\LIBEAY32.dll
2018-02-21 03:12 - 2018-02-21 03:12 - 000278528 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Users\ming2\AppData\Roaming\uTorrent Web\SSLEAY32.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3589471471-3968619273-1564904599-1001\...\localhost -> localhost
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-03-18 23:03 - 2018-12-04 21:29 - 000000825 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
 
2018-07-20 11:45 - 2018-07-31 10:53 - 000000511 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
 
192.168.137.1 DESKTOP-KA7J4FM.mshome.net # 2023 7 0 30 8 53 30 210
192.168.137.12 RODINAMATZOVET.mshome.net # 2018 8 2 7 8 53 30 210
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Borland\Delphi7\Bin;C:\Program Files (x86)\Borland\Delphi7\Projects\Bpl\;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-3589471471-3968619273-1564904599-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ming2\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{c2194b8b-c9a4-4198-96a8-aecc1fe58b7f}.jpg
DNS Servers: 10.0.0.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
If an entry is included in the fixlist, it will be removed.
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{907EF30B-CABE-43AB-AC8C-7AAC3D134F6C}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E3F9906C-9EBE-4743-8D01-68FBDD9DD3A2}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{F42EEB18-9BD7-4BAA-918C-F993BB11BFEC}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{BF58E9F6-E1C1-4D8A-A737-3868125B7AFB}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{8628B7E7-8E5B-4951-9545-237A29047445}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{811288A7-5DA0-4FC4-8D73-F1403E9EF85E}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{9B678B49-2CC9-46D3-BA60-3A3418436E13}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{81FCEFA8-6AFD-4C09-80EC-6FB23D23D820}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{89817988-906D-42FA-87D5-381FD58C40EB}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{BA80EE48-EF47-42EE-ADC5-CDC5C9A86290}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{22940046-8BF5-4585-9B6A-2F7211F0825F}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{4FF5558E-D42F-4A9A-BBD7-74E1D4613B05}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{3ECC70D7-F93E-45F7-A563-D79F1549B754}D:\warthunder\win64\aces.exe] => (Allow) D:\warthunder\win64\aces.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [TCP Query User{157C066B-E9B7-42E3-8BB0-F9B2BEEE9EBC}D:\warthunder\win64\aces.exe] => (Allow) D:\warthunder\win64\aces.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [UDP Query User{AFAC1047-0B7D-4592-BAA7-C0F0D8EE73E3}D:\warthunder\launcher.exe] => (Allow) D:\warthunder\launcher.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [TCP Query User{81321D18-A8E8-4AF3-86E8-BEA7853069DC}D:\warthunder\launcher.exe] => (Allow) D:\warthunder\launcher.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [UDP Query User{5842D391-118E-4B58-90D3-8FE070DDC32D}C:\program files (x86)\dji product\ground station 4.0.11\release\groundstationver4.exe] => (Allow) C:\program files (x86)\dji product\ground station 4.0.11\release\groundstationver4.exe (大疆创新科技有限公司 -> ) [File not signed]
FirewallRules: [TCP Query User{3BDB112F-4AB1-4466-85B1-8FDD76BC8429}C:\program files (x86)\dji product\ground station 4.0.11\release\groundstationver4.exe] => (Allow) C:\program files (x86)\dji product\ground station 4.0.11\release\groundstationver4.exe (大疆创新科技有限公司 -> ) [File not signed]
FirewallRules: [{6A017BEA-7094-4499-80F5-9F7F2A374169}] => (Allow) C:\Users\ming2\AppData\Roaming\uTorrent Web\utweb.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{63FCC68F-B35D-47F3-AD3D-9F6BD6AE49CB}] => (Allow) C:\Users\ming2\AppData\Roaming\uTorrent Web\utweb.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{AE6A5BFC-4EAD-4B61-991D-7E9CFC00AA12}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{4E9B4BCF-5614-42F4-A7EA-2F1C8F7AFDBF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D9671DFE-A088-468E-9F37-CB3D484D8FC9}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation-Wireless Connectivity Solutions -> )
FirewallRules: [{3594CFEA-995F-4043-AA1A-3A2B23FE97FE}] => (Allow) C:\Program Files (x86)\ASUS\ROG Gaming Center\ROGGCAndroidService.exe (ASUSTeK Computer Inc. -> ASUSTeK COMPUTER INC.)
FirewallRules: [{0602CF54-0B86-4F98-AB92-DA64F1084053}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{CE792659-28F8-44E2-9AD2-B86B3D87688A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{733417E5-B3DB-49A2-9A0B-5F87204EEBC7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{13781CFC-026E-4D7C-A3D2-23D993C33E63}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{9D109623-346C-4146-94A1-5F287030DE68}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{91BEDDD1-C006-4FB3-B319-737A94FA92AB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{B3109EDD-2114-442F-98E4-13FACD8492D0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{2F20194D-1AA0-4485-ACDD-793D4A5F22C6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{8794EC28-7CA5-430C-980F-B87037C90D05}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{DA55D71D-126B-4624-B04F-3732509DBF74}] => (Allow) C:\Users\ming2\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{2C1D2DFF-3E76-4CA0-9CB6-93B234EB1101}] => (Allow) C:\Users\ming2\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{A83B9630-24A2-4C35-8DA6-5DDA3F5E782E}] => (Allow) C:\Users\ming2\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{7E047D02-3D88-43B3-A5BA-4CDE9AC484DD}] => (Allow) C:\Users\ming2\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{78A357D3-A5DB-404C-A4B0-CC6221889115}] => (Allow) C:\Users\ming2\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{0267A1E3-59BA-418D-909E-13F1CD66E8D3}] => (Allow) C:\Users\ming2\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{3994890C-93B1-4394-BBC1-E8CA6808EE03}] => (Allow) C:\Program Files\SE7EN\No Mans Sky\7launcher\tools\aria2\aria2c.exe (Rainsky Evgeny Valeryevich -> )
FirewallRules: [{E3B90B4E-C651-44E6-8169-113A084597C0}] => (Allow) C:\Program Files\SE7EN\No Mans Sky\7launcher\tools\aria2\aria2c.exe (Rainsky Evgeny Valeryevich -> )
FirewallRules: [{BA195E0A-5A5F-4232-A9DC-132578D4A113}] => (Allow) C:\Program Files\SE7EN\No Mans Sky\Run_NMS.exe (Rainsky Evgeny Valeryevich -> SE7EN Solutions)
FirewallRules: [{B2C32366-0869-4759-9272-D564DE2BE6C6}] => (Allow) C:\Program Files\SE7EN\No Mans Sky\Run_NMS.exe (Rainsky Evgeny Valeryevich -> SE7EN Solutions)
FirewallRules: [TCP Query User{0F5C6AA9-134E-4639-84EC-4511EF59E000}D:\crossout\launcher.exe] => (Allow) D:\crossout\launcher.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [UDP Query User{796D80B6-0C97-42B1-B334-AE628F6B1B94}D:\crossout\launcher.exe] => (Allow) D:\crossout\launcher.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [{1EBAEB4C-1B8C-4C20-B4AA-17F0DA4ABD2A}] => (Allow) D:\STM\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{24F6320D-41AF-4AF5-8933-161BF12A2569}] => (Allow) D:\STM\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{1AC9B28A-C6C9-4B20-ACBF-96179228D558}D:\bin\dcs.exe] => (Block) D:\bin\dcs.exe (The Fighter Collection -> Eagle Dynamics)
FirewallRules: [UDP Query User{CE3B7A36-1C8A-4C5B-9EA5-1A34DD1A25A8}D:\bin\dcs.exe] => (Block) D:\bin\dcs.exe (The Fighter Collection -> Eagle Dynamics)
FirewallRules: [{6CA942BE-FEB9-4AD0-9087-9EC0B22DDD69}] => (Allow) D:\STM\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{151FB6C2-CD14-4130-AB4F-DC8173046BAF}] => (Allow) D:\STM\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{52C89D19-E393-4729-B4B1-1356E740B30C}] => (Allow) D:\STM\steamapps\common\War Thunder\launcher.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [{69A2216F-BC9A-4F6B-878B-AD8F906B6430}] => (Allow) D:\STM\steamapps\common\War Thunder\launcher.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [TCP Query User{A2450993-B0F4-4B17-9F36-79687BF564E5}D:\stm\steamapps\common\war thunder\win64\aces.exe] => (Allow) D:\stm\steamapps\common\war thunder\win64\aces.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [UDP Query User{B4ABA80C-DAA9-445C-A726-EC96A24F8755}D:\stm\steamapps\common\war thunder\win64\aces.exe] => (Allow) D:\stm\steamapps\common\war thunder\win64\aces.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [{A8A464D2-41EC-4A18-96CD-C7A8F1CF5312}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/15/2019 11:26:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WinStore.App.exe, version: 11810.1001.12.0, time stamp: 0x5bdcde4a
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.17134.376, time stamp: 0x35659a8d
Exception code: 0xc000027b
Fault offset: 0x00000000006a56b2
Faulting process id: 0x3118
Faulting application start time: 0x01d53b53d90e0057
Faulting application path: C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.1001.12.0_x64__8wekyb3d8bbwe\WinStore.App.exe
Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll
Report Id: b3f07e05-cce5-4a27-8a0f-3784f77032d7
Faulting package full name: Microsoft.WindowsStore_11810.1001.12.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: App
 
Error: (07/15/2019 11:23:41 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x8007001f, A device attached to the system is not functioning.
.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (07/15/2019 11:23:06 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {b1e3ac5a-3eb0-4a95-a149-b881c3812c23}
 
Error: (07/14/2019 07:30:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: utorrentie.exe, version: 1.0.0.45283, time stamp: 0x5d0a9962
Faulting module name: SS2OSD.dll, version: 0.0.0.0, time stamp: 0x5824818b
Exception code: 0xc000041d
Fault offset: 0x00005c69
Faulting process id: 0x2d00
Faulting application start time: 0x01d53a69ce0abbcd
Faulting application path: C:\Users\ming2\AppData\Roaming\uTorrent\updates\3.5.5_45283\utorrentie.exe
Faulting module path: C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\SS2OSD.dll
Report Id: 7e058687-08b5-4560-a805-acdbd23b85b1
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/14/2019 07:25:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: utorrentie.exe, version: 1.0.0.45283, time stamp: 0x5d0a9962
Faulting module name: SS2OSD.dll, version: 0.0.0.0, time stamp: 0x5824818b
Exception code: 0xc000041d
Fault offset: 0x00005c69
Faulting process id: 0x38ec
Faulting application start time: 0x01d53a69242ac5e7
Faulting application path: C:\Users\ming2\AppData\Roaming\uTorrent\updates\3.5.5_45283\utorrentie.exe
Faulting module path: C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\SS2OSD.dll
Report Id: 4c545274-5653-4fec-b7ca-7825624501e6
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/14/2019 07:25:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: utorrentie.exe, version: 1.0.0.45283, time stamp: 0x5d0a9962
Faulting module name: SS2OSD.dll, version: 0.0.0.0, time stamp: 0x5824818b
Exception code: 0xc000041d
Fault offset: 0x00005c69
Faulting process id: 0x3548
Faulting application start time: 0x01d53a691e2d1248
Faulting application path: C:\Users\ming2\AppData\Roaming\uTorrent\updates\3.5.5_45283\utorrentie.exe
Faulting module path: C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\SS2OSD.dll
Report Id: dec1d6da-d74d-4b8c-b6fc-545eba6510dc
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/14/2019 06:42:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: utorrentie.exe, version: 1.0.0.45283, time stamp: 0x5d0a9962
Faulting module name: SS2OSD.dll, version: 0.0.0.0, time stamp: 0x5824818b
Exception code: 0xc000041d
Fault offset: 0x00005c69
Faulting process id: 0x45c4
Faulting application start time: 0x01d53a631664fff3
Faulting application path: C:\Users\ming2\AppData\Roaming\uTorrent\updates\3.5.5_45283\utorrentie.exe
Faulting module path: C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\SS2OSD.dll
Report Id: 05e33a05-2900-4438-ae18-4f1f7553552e
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/14/2019 05:42:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: utorrentie.exe, version: 1.0.0.45283, time stamp: 0x5d0a9962
Faulting module name: SS2OSD.dll, version: 0.0.0.0, time stamp: 0x5824818b
Exception code: 0xc000041d
Fault offset: 0x00005c69
Faulting process id: 0x444c
Faulting application start time: 0x01d53a5abbf944bb
Faulting application path: C:\Users\ming2\AppData\Roaming\uTorrent\updates\3.5.5_45283\utorrentie.exe
Faulting module path: C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\SS2OSD.dll
Report Id: 1ec658d8-acdf-4c85-a060-7c58ede385a3
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (07/17/2019 08:46:46 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-KA7J4FM)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 and APPID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 to the user DESKTOP-KA7J4FM\ming2 SID (S-1-5-21-3589471471-3968619273-1564904599-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/17/2019 03:23:23 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/16/2019 06:26:59 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-KA7J4FM)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-KA7J4FM\ming2 SID (S-1-5-21-3589471471-3968619273-1564904599-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/16/2019 05:47:56 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/16/2019 05:43:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (07/16/2019 05:43:07 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\ming2\AppData\Local\Temp\ehdrv.sys
 
Error: (07/16/2019 05:43:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (07/16/2019 05:43:06 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\ming2\AppData\Local\Temp\ehdrv.sys
 
 
Windows Defender:
===================================
Date: 2018-12-02 22:15:53.982
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {EC1693E1-E492-4C2F-8F10-4EE8DFBD560C}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-12-02 18:34:03.521
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {83D8F154-7359-4BCF-AFA4-18632285C05B}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-10-24 06:04:55.019
Description: 
Windows Defender Antivirus has detected a suspicious behavior.
Name: Informational:Behavior/ModifiedKernel
ID: 2291308795
Severity: Low
Category: Suspicious Behavior
Path Found: process:_0
Detection Origin: Unknown
Detection Type: Suspicious
Detection Source: Real-Time Protection
Status: Executing
Process Name: Unknown
Signature ID: 717259538435
Signature Version: AV: 1.279.236.0, AS: 1.279.236.0
Engine Version: 1.1.15400.4
Fidelity Label:  Medium
Target File Name:  c:\windows\\system32\ntoskrnl.exe
 
Date: 2018-10-22 02:08:53.331
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {F761CF7A-D0C9-40DA-B4DF-472BB9457427}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-10-22 02:07:59.981
Description: 
Windows Defender Antivirus has detected a suspicious behavior.
Name: Informational:Behavior/ModifiedKernel
ID: 2302377808
Severity: Low
Category: Suspicious Behavior
Path Found: process:_0
Detection Origin: Unknown
Detection Type: Suspicious
Detection Source: Real-Time Protection
Status: Executing
Process Name: Unknown
Signature ID: 717259538435
Signature Version: AV: 1.279.236.0, AS: 1.279.236.0
Engine Version: 1.1.15400.4
Fidelity Label:  Medium
Target File Name:  c:\windows\\system32\ntoskrnl.exe
 
Date: 2018-12-15 12:14:01.079
Description: 
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
Date: 2018-12-15 10:54:23.985
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.283.369.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.15500.2
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2018-12-15 10:54:23.985
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.283.369.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.15500.2
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2018-12-15 10:54:23.985
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.283.369.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.15500.2
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2018-12-15 10:54:23.976
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.283.369.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.15500.2
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
CodeIntegrity:
===================================
 
Date: 2019-07-16 17:48:30.000
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\x64\SS2OSD.dll that did not meet the Store signing level requirements.
 
Date: 2019-07-16 17:48:29.997
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\x64\SS2DevProps.dll that did not meet the Store signing level requirements.
 
Date: 2019-07-16 17:48:29.995
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\x64\SS2OSD.dll that did not meet the Store signing level requirements.
 
Date: 2019-07-16 17:48:29.991
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\x64\SS2DevProps.dll that did not meet the Store signing level requirements.
 
Date: 2019-07-16 17:48:29.724
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
Date: 2019-07-16 17:48:29.696
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
Date: 2019-07-16 17:48:29.592
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume4\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\x64\SS2OSD.dll that did not meet the Store signing level requirements.
 
Date: 2019-07-16 17:48:29.589
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume4\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\x64\SS2DevProps.dll that did not meet the Store signing level requirements.
 
==================== Memory info =========================== 
 
BIOS: American Megatrends Inc. G752VSK.304 11/17/2017
Motherboard: ASUSTeK COMPUTER INC. G752VSK
Processor: Intel® Core™ i7-7700HQ CPU @ 2.80GHz
Percentage of memory in use: 40%
Total physical RAM: 16340.46 MB
Available physical RAM: 9682.49 MB
Total Virtual: 18772.46 MB
Available Virtual: 10834.57 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:237.42 GB) (Free:163.66 GB) NTFS
Drive d: (DATA) (Fixed) (Total:931.51 GB) (Free:781.91 GB) NTFS
Drive e: (WIRELESS NVR KIT) (CDROM) (Total:0.07 GB) (Free:0 GB) CDFS
 
\\?\Volume{1995c5dd-fa55-43fc-9791-8fbb23fe8f37}\ (RECOVERY) (Fixed) (Total:0.78 GB) (Free:0.34 GB) NTFS
\\?\Volume{af1237ce-f1b1-42cb-adb7-d573dca5bfbd}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 9077E21C)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 238.5 GB) (Disk ID: 247699B9)
 
Partition: GPT.
 

==================== End of Addition.txt ============================

 

 

 

 

Thanks again. 


  • 0

#11
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 562 posts
Hi PancakeOfSteel,

Is the time on your computer set correctly?

---------------------------------------------------

Do you recognize this registry entry?
 

HKLM\...\Policies\Explorer: [HideSCAHealth] 1


---------------------------------------------------
Some remnants to clean up:

Farbar Recovery Scan Tool - Fix
  • Highlight the contents of the below code box and press Ctrl + C on your keyboard:
    Start::
    CreateRestorePoint:
    FF NewTab: Mozilla\Firefox\Profiles\crw27yce.default -> hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10440__180225
    EmptyTemp:
    End::
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Double-click FRST.exe/FRST64.exe to run it.
  • Press the Fix button just once and wait.
  • Restart the computer if prompted.
  • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
  • Please copy and paste its contents into your reply.
---------------------------------------------------

In your next reply, please include:
  • Answers to my questions.
  • Fixlog.txt

  • 0

#12
PancakeOfSteel

PancakeOfSteel

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

Hi, iMacg3,

I do not recognize the registry entry and the time on my PC is set correctly. Here is the file you asked for.

 

 

 

Fixlog.txt:

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-07-2019 01
Ran by ming2 (18-07-2019 19:28:23) Run:2
Running from C:\Users\ming2\Downloads
Loaded Profiles: ming2 (Available Profiles: ming2 & Administrator)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
FF NewTab: Mozilla\Firefox\Profiles\crw27yce.default -> hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10440__180225
EmptyTemp:
 
*****************
 
Restore point was successfully created.
"Firefox newtab" => removed successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9694610 B
Java, Flash, Steam htmlcache => 7100041 B
Windows/system/drivers => 2575184 B
Edge => 2142281 B
Chrome => 71744157 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 2720 B
LocalService => 0 B
NetworkService => 0 B
NetworkService => 0 B
ming2 => 254640 B
Administrator => 0 B
 
RecycleBin => 8006751301 B
EmptyTemp: => 7.6 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 19:29:13 ====
 
 
Thank you.

  • 0

#13
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 562 posts
Hi PancakeOfSteel,

This script will remove the registry entry:
  • Highlight the contents of the below code box and press Ctrl + C on your keyboard:
    Start::
    HKLM\...\Policies\Explorer: [HideSCAHealth] 1
    End::
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Double-click FRST.exe/FRST64.exe to run it.
  • Press the Fix button just once and wait.
  • Restart the computer if prompted.
  • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
  • Please copy and paste its contents into your reply.
---------------------------------------------------

Re-run a scan with AdwCleaner. If any threats are detected, please post the AdwCleaner[Sxx].txt log.

---------------------------------------------------

In your next reply, please include:
  • Fixlog.txt
  • AdwCleaner[Sxx].txt (if applicable)

  • 0

#14
PancakeOfSteel

PancakeOfSteel

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

Hi again, iMacg3, here are the files:

 

 

Fixlog.txt:

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-07-2019 01
Ran by ming2 (20-07-2019 18:18:37) Run:3
Running from C:\Users\ming2\OneDrive\Desktop
Loaded Profiles: ming2 (Available Profiles: ming2 & Administrator)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
 
*****************
 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth" => removed successfully
 
==== End of Fixlog 18:18:37 ====

 

 

 

 

 

AdwCleaner[S02].txt:

 

 

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build:    04-04-2019
# Database: 2019-07-15.1 (Cloud)
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    07-20-2019
# Duration: 00:00:07
# OS:       Windows 10 Home Single Language
# Scanned:  27411
# Detected: 3
 
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries found.
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs found.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries found.
 
***** [ Firefox URLs ] *****
 
PUP.Optional.Legacy             api.bing.com
PUP.Optional.Legacy             api.bing.com
PUP.Optional.Legacy             api.bing.com
 
 
AdwCleaner[S00].txt - [2355 octets] - [15/07/2019 23:30:46]
AdwCleaner[S01].txt - [2416 octets] - [16/07/2019 17:26:40]
AdwCleaner[C01].txt - [2376 octets] - [16/07/2019 17:27:04]
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S02].txt ##########
 
 
Thank you.

  • 0

#15
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 562 posts
Re-run AdwCleaner and click Scan. Ensure all listed threats are checked and click Clean and Repair.
Once complete, click View Log File and a log (AdwCleaner[Cxx].txt) will open in notepad. Please post its contents in your reply.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP