Featured Post

Avira Antivirus Pro - Review 2020 - PCMag India

Image
Avira Antivirus Pro - Review 2020 - PCMag IndiaAvira Antivirus Pro - Review 2020 - PCMag IndiaPosted: 11 Jun 2020 12:00 AM PDTEvery computer needs antivirus protection, and one way companies can support that aim is to provide free antivirus to the masses. But these companies can't survive unless some users shell out their hard-earned cash for paid antivirus utilities. Piling on pro-only tools and components is one way companies encourage upgrading to a paid antivirus. Avira Antivirus Pro adds several components not available to users of Avira Free Security, but they don't really add much value. The biggest reason to pay for it is if you want to use Avira in a commercial setting, which isn't allowed with the free version.Avira's pricing is undeniably on the high side, with a list price of $59.88 per year for one license, $71.88 for three, and $95.88 for five. Admittedly, it seems to be perpetually on sale; just now, the one-license price is discounted to $44.99. That…

PC possibly infected - Virus, Trojan, Spyware, and Malware Removal Help - BleepingComputer

PC possibly infected - Virus, Trojan, Spyware, and Malware Removal Help - BleepingComputer


PC possibly infected - Virus, Trojan, Spyware, and Malware Removal Help - BleepingComputer

Posted: 11 Apr 2020 05:01 AM PDT

Hi I would like some help on seeing if my PC is infected. I had ESET before it expired and it did quarantined some files which I think were google chrome adware, but I use Microsoft Edge now because I was paranoid of Google Chrome. I really don't know if there was anything else. My ESET license got expired so now I am very paranoid that I am at risk. FL studio was cracked on my pc a year ago and later removed and I'm pretty sure the key gen was not detected with how those things work. I'm not sure if there's anything else wrong with my PC because it still operates normally. The only problem I had was that my desktop turned black when I had a picture and I think there are some weird start up programs. My bank accounts and passwords should be safe(?) because I use diff passwords and 2FA on everything I can. I just hope to god my files on my pc are safe. I've been paranoid for months! I went through the preparation guide by backing up my drives and I also ran Farbar Recovery Scan Tool. This is my first pc and I hope someone can help me so I can stop being paranoid (I quit thc and nicotine for 2 weeks now yay)!

PS I can attached some quarantine logs if it helps. 

FRST log results:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-04-2020
Ran by Hung (administrator) on HUNG (Micro-Star International Co., Ltd MS-7B86) (11-04-2020 04:30:13)
Running from C:\Users\Hung\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads
Loaded Profiles: Hung (Available Profiles: Hung)
Platform: Windows 10 Pro Version 1903 18362.720 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0346729.inf_amd64_a4e838010b04088c\B346681\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0346729.inf_amd64_a4e838010b04088c\B346681\atiesrxx.exe
(AMD) [File not signed] C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe
(AMD) [File not signed] C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(CobianSoft, Luis Cobian) [File not signed] C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(Luis Cobian, CobianSoft) [File not signed] C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
(Luis Cobian, CobianSoft) [File not signed] C:\Program Files (x86)\Cobian Backup 11\Cobian.exe
(Mega Limited -> Mega Limited) C:\Users\Hung\AppData\Local\MEGAsync\MEGAsync.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_1.39.6001.0_x64__8wekyb3d8bbwe\GamingServices.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_1.39.6001.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.120.4062.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeDevTools.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SndVol.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\spaceman.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.18362.710_none_5f52d84058d0677f\TiWorker.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2003.8-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2003.8-0\NisSrv.exe
(Spotify AB -> Spotify Ltd) C:\Users\Hung\AppData\Roaming\Spotify\Spotify.exe
(Spotify AB -> Spotify Ltd) C:\Users\Hung\AppData\Roaming\Spotify\Spotify.exe
(Spotify AB -> Spotify Ltd) C:\Users\Hung\AppData\Roaming\Spotify\Spotify.exe
(Spotify AB -> Spotify Ltd) C:\Users\Hung\AppData\Roaming\Spotify\Spotify.exe
(Spotify AB -> Spotify Ltd) C:\Users\Hung\AppData\Roaming\Spotify\Spotify.exe
(Surfshark Ltd. -> Iain Patterson) C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe
(Surfshark Ltd. -> Surfshark) C:\Program Files (x86)\Surfshark\Surfshark.exe
(Surfshark Ltd. -> Surfshark) C:\Program Files (x86)\Surfshark\Surfshark.Service.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmdS.exe [183088 2019-12-13] (ESET, spol. s r.o. -> ESET)
HKU\S-1-5-21-3414523710-2269299248-687328276-1001\...\Run: [Discord] => C:\Users\Hung\AppData\Local\Discord\app-0.0.306\Discord.exe [90950968 2020-02-24] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-3414523710-2269299248-687328276-1001\...\Run: [Spotify] => C:\Users\Hung\AppData\Roaming\Spotify\Spotify.exe [22932200 2020-04-09] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-3414523710-2269299248-687328276-1001\...\Run: [Surfshark] => C:\Program Files (x86)\Surfshark\Surfshark.exe [3765200 2020-03-18] (Surfshark Ltd. -> Surfshark)
HKU\S-1-5-18\...\Run: [] => [X]
Startup: C:\Users\Hung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2020-03-08]
ShortcutTarget: MEGAsync.lnk -> C:\Users\Hung\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited -> Mega Limited)
GroupPolicy: Restriction ? <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {01F75594-AA24-4B27-A847-9DB629A00746} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: {07D225C4-AAA8-4AD9-A3D8-4C14A68220B8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {16B659CA-CB59-4C25-BFA6-7F94676735E8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {41707C1B-71C6-4FFE-8427-2121C5F499A1} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [468992 2019-09-10] (Advanced Micro Devices, Inc.) [File not signed]
Task: {4CA19139-2E60-45FF-A253-F72BC8D8ECD3} - \Adobe Flash Player PPAPI Notifier -> No File <==== ATTENTION
Task: {578ED41F-444A-4113-82DD-E1287D92FB4E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5B7EDC07-2838-4917-9FF0-027C3D98E983} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Hung\Downloads\esetonlinescanner_enu.exe
Task: {6062A1EB-7D0C-4B99-9032-C241017B66C7} - System32\Tasks\AMDInstallUEP => C:\Program Files\AMD\InstallUEP\AMDInstallUEP.exe
Task: {62824730-59EB-40BD-9202-58EB96AE507B} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61112 2019-09-10] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {86AEBD9B-0BA9-4C2F-9D39-F21B864EFD39} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Hung\Downloads\esetonlinescanner_enu.exe
Task: {86E53B9D-306A-4A77-8801-8B505898A900} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {88D58469-FB0D-402A-8DAE-1F6487584027} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {9BC13504-E018-4B82-9F27-D167BECF5CA2} - System32\Tasks\StartCNBM => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61112 2019-09-10] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {A52E03CB-16C9-464E-B912-10FF0D0AE117} - System32\Tasks\AMD ThankingURL => C:\Program Files\AMD\CIM\Bin64\Setup.exe [891576 2019-09-10] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {CA659592-54F2-443A-B42E-64D616DB15A0} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\BIN64\InstallManagerApp.exe [468992 2019-09-10] (Advanced Micro Devices, Inc.) [File not signed]
Task: {E62AB39E-2D23-4EF9-B3AC-145DB46B66F0} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [68280 2019-09-10] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {EE7E09B1-580D-4F0E-BEB7-9CA2A8128DDA} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1660520 2020-02-27] (Avast Software s.r.o. -> Avast Software)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{297f043b-a688-49ab-9844-290a6e85da74}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{4443b02a-f54a-4dda-8e11-8fa5d522fc04}: [NameServer] 162.252.172.57,149.154.159.92
Tcpip\..\Interfaces\{4443b02a-f54a-4dda-8e11-8fa5d522fc04}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Internet Explorer:
==================
Edge:
======
DownloadDir: B:\Downlaods
Edge Notifications: HKU\S-1-5-21-3414523710-2269299248-687328276-1001 -> hxxps://www.facebook.com; hxxps://www.youtube.com
FireFox:
========
FF DefaultProfile: 2gwlfzbp.default
FF ProfilePath: C:\Users\Hung\AppData\Roaming\Mozilla\Firefox\Profiles\2gwlfzbp.default [2020-03-13]
FF ProfilePath: C:\Users\Hung\AppData\Roaming\Mozilla\Firefox\Profiles\482uhftv.default-release [2020-04-05]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD External Events Utility; C:\WINDOWS\System32\DriverStore\FileRepository\c0346729.inf_amd64_a4e838010b04088c\B346681\atiesrxx.exe [508632 2019-09-12] (Advanced Micro Devices, Inc. -> AMD)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2020-01-10] (Apple Inc. -> Apple Inc.)
R2 AUEPLauncher; C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe [43008 2019-09-10] (AMD) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8567960 2020-03-24] (BattlEye Innovations e.K. -> )
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803440 2019-11-13] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2245488 2019-12-13] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [2245488 2019-12-13] (ESET, spol. s r.o. -> ESET)
R2 GamingServices; C:\Program Files\WindowsApps\Microsoft.GamingServices_1.39.6001.0_x64__8wekyb3d8bbwe\GamingServices.exe [21640 2020-03-12] (Microsoft Corporation -> Microsoft Corporation)
R2 GamingServicesNet; C:\Program Files\WindowsApps\Microsoft.GamingServices_1.39.6001.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe [21640 2020-03-12] (Microsoft Corporation -> Microsoft Corporation)
S4 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2019-04-16] (Even Balance, Inc. -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5929920 2020-03-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 Surfshark Service; C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe [436688 2020-02-17] (Surfshark Ltd. -> Iain Patterson)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\NisSrv.exe [3294680 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MsMpEng.exe [103168 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 amdgpio2; C:\WINDOWS\System32\drivers\amdgpio2.sys [45832 2019-10-01] (Advanced Micro Devices INC. -> Advanced Micro Devices, Inc)
R3 amdgpio3; C:\WINDOWS\System32\drivers\amdgpio3.sys [24424 2016-08-12] (AMD PMP-PE CB Code Signer v20160415 -> Advanced Micro Devices, Inc)
S3 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [58144 2017-05-16] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [101232 2017-06-16] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc. )
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0346729.inf_amd64_a4e838010b04088c\B346681\atikmdag.sys [60634840 2019-09-12] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0346729.inf_amd64_a4e838010b04088c\B346681\atikmpag.sys [598224 2019-09-12] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [102832 2019-05-31] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 AMDPCIDev; C:\WINDOWS\System32\drivers\AMDPCIDev.sys [31592 2018-04-26] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
R0 amdpsp; C:\WINDOWS\System32\DRIVERS\amdpsp.sys [243048 2017-06-16] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc. )
R2 AMDRyzenMasterDriver; C:\Program Files\AMD\Performance Profile Client\RyzenMaster\AMDRyzenMasterDriver.sys [70304 2017-11-16] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [108152 2019-07-23] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [135520 2019-07-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [149944 2019-11-05] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [103264 2019-11-05] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15800 2019-06-05] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [189512 2019-11-05] (ESET, spol. s r.o. -> ESET)
S4 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [50280 2019-02-27] (ESET, spol. s r.o. -> ESET)
S4 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [82472 2019-02-27] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [116696 2019-12-13] (ESET, spol. s r.o. -> ESET)
R3 gameflt; C:\WINDOWS\System32\DriverStore\FileRepository\gameflt.inf_amd64_1b1c9965dc1c6f0f\gameflt.sys [71000 2019-12-11] (Microsoft Windows -> Microsoft Corporation)
S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [23040 2020-01-10] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [662528 2019-03-18] (Microsoft Windows -> Realtek )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [213088 2018-01-12] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.(www.devguru.co.kr))
S3 SurfsharkSplitTunnelDriver; C:\Program Files (x86)\Surfshark\Resources\x64\SurfsharkSplitTunnelCalloutDriver.sys [39648 2020-02-17] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [36168 2020-01-13] (McAfee, Inc. -> The OpenVPN Project)
R3 tapsurfshark; C:\WINDOWS\System32\drivers\tapsurfshark.sys [38728 2019-05-22] (WDKTestCert Lenovo,131775874531219913 -> The OpenVPN Project)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2018-08-22] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
U5 vwifimp; C:\Windows\System32\Drivers\vwifimp.sys [50176 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [45960 2020-03-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [391392 2020-03-25] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [59104 2020-03-25] (Microsoft Windows -> Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [74552 2019-12-18] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
R3 Xvdd; C:\WINDOWS\System32\DriverStore\FileRepository\xvdd.inf_amd64_5ef00c58b02692b7\xvdd.sys [492376 2020-02-27] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ===================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-04-11 04:27 - 2020-04-11 04:30 - 000000000 ____D C:\FRST
2020-04-11 04:13 - 2020-04-11 04:18 - 000000000 ____D C:\Users\Hung\Documents\NEW BACKUP FOLDERS FK U
2020-04-11 04:13 - 2020-04-11 04:13 - 000000000 ____D C:\Users\Hung\Documents\BACKUPS FK U
2020-04-11 03:58 - 2020-04-11 03:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2020-04-11 03:58 - 2020-04-11 03:58 - 000000000 ____D C:\Program Files (x86)\Cobian Backup 11
2020-04-07 22:04 - 2020-04-07 22:04 - 000000812 _____ C:\Users\Public\Desktop\iMazing.lnk
2020-04-07 22:04 - 2020-04-07 22:04 - 000000812 _____ C:\ProgramData\Desktop\iMazing.lnk
2020-04-07 22:04 - 2020-04-07 22:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMazing
2020-04-07 19:43 - 2020-04-06 11:48 - 1007038068 _____ C:\Users\Hung\Downloads\FL.Studio.Producer.Edition.20.6.1.1513.rar
2020-04-07 19:43 - 2020-04-06 11:24 - 449680957 _____ C:\Users\Hung\Downloads\Tableau_Desktop_Professional_Edition_2020.1.2.rar
2020-04-07 19:43 - 2020-04-06 11:17 - 1710252769 _____ C:\Users\Hung\Downloads\autodesk-autocad-2021-x64-p2p.rar
2020-04-07 19:43 - 2020-04-06 11:07 - 1942937253 _____ C:\Users\Hung\Downloads\ableton-live-suite-v10-1-9-multilingual-p2p.rar
2020-04-07 19:34 - 2020-04-07 19:34 - 000001100 _____ C:\Users\Hung\Desktop\WinDirStat.lnk
2020-04-07 19:34 - 2020-04-07 19:34 - 000000000 ____D C:\Users\Hung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat
2020-04-07 19:34 - 2020-04-07 19:34 - 000000000 ____D C:\Program Files (x86)\WinDirStat
2020-04-06 11:08 - 2020-04-06 11:19 - 000000000 ____D C:\Users\Hung\Documents\MEGAsync Downloads
2020-03-31 23:21 - 2020-03-31 23:21 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime
2020-03-25 11:19 - 2020-03-25 11:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Surfshark
2020-03-24 18:32 - 2020-03-24 18:32 - 000000000 ____D C:\Users\Hung\AppData\Local\FPSAimTrainer
2020-03-24 17:32 - 2020-03-24 17:32 - 000000222 _____ C:\Users\Hung\Desktop\KovaaK 2.0 The Meta.url
2020-03-23 15:00 - 2020-03-23 15:00 - 000000000 ____D C:\Users\Hung\AppData\Local\Surfshark
2020-03-23 15:00 - 2020-03-23 15:00 - 000000000 ____D C:\Users\Hung\AppData\Local\IsolatedStorage
2020-03-22 01:43 - 2020-03-22 01:43 - 000031053 _____ C:\Users\Hung\Downloads\Academic Progress Report Spring 2020.pdf
2020-03-16 20:02 - 2020-03-16 20:04 - 000000000 ____D C:\Users\Hung\Documents\Ableton
2020-03-16 20:02 - 2020-03-16 20:02 - 000000000 ____D C:\Users\Hung\AppData\Roaming\Ableton
2020-03-16 20:02 - 2020-03-16 20:02 - 000000000 ____D C:\Users\Hung\AppData\Local\Ableton
2020-03-16 19:25 - 2020-03-16 19:25 - 000000398 __RSH C:\ProgramData\ntuser.pol
2020-03-13 16:23 - 2020-04-05 01:55 - 000000000 ____D C:\Users\Hung\AppData\LocalLow\Mozilla
2020-03-13 16:23 - 2020-03-13 16:23 - 000000000 ____D C:\Users\Hung\AppData\Roaming\Mozilla
2020-03-13 16:23 - 2020-03-13 16:23 - 000000000 ____D C:\Users\Hung\AppData\Local\Mozilla
2020-03-13 16:23 - 2020-03-13 16:23 - 000000000 ____D C:\ProgramData\Mozilla
2020-03-13 08:09 - 2020-03-13 08:09 - 025444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2020-03-13 08:09 - 2020-03-13 08:09 - 009930552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2020-03-13 08:09 - 2020-03-13 08:09 - 007604584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2020-03-13 08:09 - 2020-03-13 08:09 - 006520776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-03-13 08:09 - 2020-03-13 08:09 - 004563416 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2020-03-13 08:09 - 2020-03-13 08:09 - 001610240 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2020-03-13 08:09 - 2020-03-13 08:09 - 001398584 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2020-03-13 08:09 - 2020-03-13 08:09 - 001077048 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2020-03-13 08:09 - 2020-03-13 08:09 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2020-03-13 08:09 - 2020-03-13 08:09 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2020-03-13 08:09 - 2020-03-13 08:09 - 000561464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-04-11 04:24 - 2019-03-18 21:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-04-11 03:54 - 2019-02-17 19:41 - 000000000 ____D C:\Users\Hung\AppData\Roaming\Spotify
2020-04-11 03:40 - 2019-02-17 19:26 - 000000000 ____D C:\Users\Hung\AppData\Local\D3DSCache
2020-04-11 03:19 - 2019-08-29 01:15 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-04-10 19:10 - 2019-11-13 19:47 - 000003088 _____ C:\WINDOWS\system32\Tasks\AMDLinkUpdate
2020-04-10 19:10 - 2019-03-18 21:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-04-10 19:10 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-04-09 17:27 - 2019-02-17 19:41 - 000000000 ____D C:\Users\Hung\AppData\Local\Spotify
2020-04-07 22:52 - 2020-01-09 12:04 - 000000000 ____D C:\Users\Hung\AppData\Roaming\iMazing
2020-04-07 22:04 - 2020-01-09 12:04 - 000000000 ____D C:\Users\Hung\AppData\Local\DigiDNA
2020-04-07 21:35 - 2019-02-17 19:42 - 000000000 ____D C:\Users\Hung\AppData\Roaming\Apple Computer
2020-04-07 19:03 - 2019-11-02 21:03 - 000000000 ____D C:\Program Files\AMDProduct Verification Tool
2020-04-07 19:03 - 2019-02-17 19:40 - 000000000 ____D C:\Program Files (x86)\Steam
2020-04-07 00:37 - 2019-08-29 01:21 - 000840852 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-04-07 00:37 - 2019-03-18 21:50 - 000000000 ____D C:\WINDOWS\INF
2020-04-07 00:33 - 2019-08-29 01:22 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-04-07 00:32 - 2019-03-18 21:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-04-07 00:32 - 2019-02-17 19:41 - 000000000 ____D C:\Users\Hung\AppData\Roaming\Discord
2020-04-07 00:32 - 2019-02-17 19:02 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2020-04-05 17:45 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2020-04-04 23:28 - 2019-02-17 19:47 - 000000000 ____D C:\Users\Hung\AppData\Local\ElevatedDiagnostics
2020-04-04 23:24 - 2020-02-14 11:38 - 000000000 ____D C:\Users\Hung\AppData\Local\Ubisoft Game Launcher
2020-04-02 03:12 - 2019-08-29 01:17 - 000000000 ____D C:\Users\Hung
2020-04-02 01:29 - 2019-02-17 19:08 - 000744808 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2020-03-31 02:16 - 2020-02-29 20:33 - 000000000 ____D C:\Program Files (x86)\Surfshark
2020-03-25 17:59 - 2020-02-29 20:32 - 000000000 ____D C:\Users\Hung\AppData\Roaming\Surfshark
2020-03-25 11:22 - 2019-02-18 10:15 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-03-25 11:19 - 2020-02-29 20:33 - 000001018 _____ C:\Users\Public\Desktop\Surfshark.lnk
2020-03-25 11:19 - 2020-02-29 20:33 - 000001018 _____ C:\ProgramData\Desktop\Surfshark.lnk
2020-03-24 17:32 - 2019-02-21 00:42 - 000000000 ____D C:\Users\Hung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2020-03-24 13:34 - 2019-03-18 21:37 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2020-03-18 03:14 - 2020-03-08 01:11 - 000000000 ____D C:\Users\Hung\AppData\Local\MEGAsync
2020-03-16 20:14 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\system32\NDF
2020-03-16 19:25 - 2019-02-20 21:34 - 000000000 ____D C:\Program Files\Common Files\Propellerhead Software
2020-03-16 19:25 - 2018-09-15 00:33 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2020-03-13 09:15 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-03-13 09:15 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-03-13 08:10 - 2019-03-18 21:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-03-12 03:07 - 2019-12-11 00:37 - 000052360 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameplatformservices.dll
2020-03-12 03:07 - 2019-11-02 21:09 - 001340856 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgameruntime.dll
2020-03-12 03:07 - 2019-11-02 21:09 - 000149432 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameconfighelper.dll
2020-03-12 03:07 - 2019-11-02 21:09 - 000088504 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingservicesproxy.dll
2020-03-12 03:07 - 2019-11-02 21:09 - 000031672 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamemodcontrol.exe
2020-03-12 00:05 - 2019-08-29 01:15 - 000267728 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-03-12 00:05 - 2019-02-17 19:04 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-03-12 00:05 - 2019-02-17 19:04 - 000000000 ___RD C:\Users\Hung\3D Objects
2020-03-12 00:04 - 2019-03-18 23:23 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2020-03-12 00:04 - 2019-03-18 21:52 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2020-03-12 00:04 - 2019-03-18 21:52 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2020-03-12 00:04 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2020-03-12 00:04 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2020-03-12 00:04 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\SystemResources
2020-03-12 00:04 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2020-03-12 00:04 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\system32\setup
2020-03-12 00:04 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\system32\oobe
2020-03-12 00:04 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\system32\Dism
2020-03-12 00:04 - 2019-03-18 21:52 - 000000000 ____D C:\Program Files\Windows Defender
2020-03-12 00:04 - 2019-03-18 21:37 - 000000000 ____D C:\WINDOWS\servicing
==================== Files in the root of some directories ========
2019-02-17 19:29 - 2019-10-28 17:38 - 000007608 _____ () C:\Users\Hung\AppData\Local\resmon.resmoncfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-04-2020
Ran by Hung (11-04-2020 04:31:30)
Running from C:\Users\Hung\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads
Windows 10 Pro Version 1903 18362.720 (X64) (2019-08-29 08:22:49)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-3414523710-2269299248-687328276-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3414523710-2269299248-687328276-503 - Limited - Disabled)
Guest (S-1-5-21-3414523710-2269299248-687328276-501 - Limited - Disabled)
Hung (S-1-5-21-3414523710-2269299248-687328276-1001 - Administrator - Enabled) => C:\Users\Hung
WDAGUtilityAccount (S-1-5-21-3414523710-2269299248-687328276-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Security (Disabled - Out of date) {885D845F-AF19-0124-FECE-FFF49D00F440}
AV: ESET Security (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Security (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 19.9.2 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{A7039CC9-4669-4799-92B1-C5CE346DBE3D}) (Version: 8.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{DA78A9DC-3599-4D81-A960-B679687A6C14}) (Version: 8.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{7D606B87-0AEB-4C27-ABCE-1138EE09777B}) (Version: 13.0.0.41 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Branding64 (HKLM\...\{EE2AFCE4-0238-4DE0-A140-1647021627C1}) (Version: 1.00.0001 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{E7AA1A02-575C-14C6-FBEF-4BE6D46A5B74}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{EB6C44F1-0F78-FE10-BC63-90BA50AB0CE9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B26D75B8-FAB7-6F8B-767F-BAF975383D91}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{36EDC500-E4C0-371C-9865-08450415C1E9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{4C2FB7FD-89FD-BA5C-585A-3811F326AD34}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{D74218A3-C503-57EF-AC9F-2220082E7ADE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{DA433FCF-90A1-19A5-65A7-FDF82DE4826D}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{949F125B-A6CC-5A5E-EEE7-4AC50305C1FA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{20D46801-147B-30AD-7C5A-AC4560A79096}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{22C39711-2747-D264-319A-1550BEEAAEC6}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{1DBACFDB-5E43-7882-36BD-53526D34BD22}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{A91FC4BF-C1EC-ADCA-79D1-F4F0671F1D60}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{ED75A775-03A7-F214-868D-497748707968}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{07BFBD5C-2F63-6828-1B61-B41A44113F3B}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{E6038D3E-5D87-8DF7-6D05-BE7532C3E73E}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DFAD9DAC-4768-C8BB-4E0E-5239605A9BEA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{FFBFBD1F-B160-A119-7C43-8584FA2E5665}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{4D1D5407-9B69-6422-629C-8518A26004A4}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{A8379BAB-59A9-C0A3-8BCC-4852EA403692}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{24DF617A-CD23-6E6A-126B-23630D2781CE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{83DDDFD8-AD42-72F9-E4F1-5456FDB304C9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version:  - )
Discord (HKU\S-1-5-21-3414523710-2269299248-687328276-1001\...\Discord) (Version: 0.0.306 - Discord Inc.)
ESET Security (HKLM\...\{F26B2665-502A-4214-B336-BB723CF74E38}) (Version: 13.0.24.0 - ESET, spol. s r.o.)
iMazing 2.11.4.0 (HKLM\...\iMazing_is1) (Version: 2.11.4.0 - DigiDNA)
League of Legends (HKU\S-1-5-21-3414523710-2269299248-687328276-1001\...\Riot Game league_of_legends.live) (Version:  - Riot Games, Inc)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Revo Uninstaller 2.0.6 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.6 - VS Revo Group, Ltd.)
Spotify (HKU\S-1-5-21-3414523710-2269299248-687328276-1001\...\Spotify) (Version: 1.1.30.658.gf13cde74 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Surfshark (HKLM-x32\...\{97BF3003-CFBB-472E-A316-EF81E56A680B}) (Version: 2.6.2000 - Surfshark) Hidden
Surfshark (HKLM-x32\...\Surfshark 2.6.2000) (Version: 2.6.2000 - Surfshark)
Surfshark TAP Driver Windows (HKLM-x32\...\{2F5D753E-329B-4BE7-BD58-360214A493CB}) (Version: 1.0 - Surfshark)
Uplay (HKLM-x32\...\Uplay) (Version: 102.0 - Ubisoft)
WinDirStat 1.1.2 (HKU\S-1-5-21-3414523710-2269299248-687328276-1001\...\WinDirStat) (Version:  - )
WinRAR 5.61 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH)
Packages:
=========
DirectX -> C:\Program Files\WindowsApps\Microsoft.DirectXRuntime_9.29.952.0_x64__8wekyb3d8bbwe [2019-11-02] (Microsoft Corporation)
DirectX -> C:\Program Files\WindowsApps\Microsoft.DirectXRuntime_9.29.952.0_x86__8wekyb3d8bbwe [2019-11-02] (Microsoft Corporation)
Gaming Services -> C:\Program Files\WindowsApps\Microsoft.GamingServices_1.39.6001.0_x64__8wekyb3d8bbwe [2020-03-12] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-17] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-17] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-12-07] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3414523710-2269299248-687328276-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Hung\AppData\Local\Microsoft\OneDrive\19.174.0902.0013\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3414523710-2269299248-687328276-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Hung\AppData\Local\Microsoft\OneDrive\19.174.0902.0013\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3414523710-2269299248-687328276-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Hung\AppData\Local\Microsoft\OneDrive\19.174.0902.0013\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Hung\AppData\Local\MEGAsync\ShellExtX64.dll [2020-03-18] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Hung\AppData\Local\MEGAsync\ShellExtX64.dll [2020-03-18] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Hung\AppData\Local\MEGAsync\ShellExtX64.dll [2020-03-18] (Mega Limited -> )
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Hung\AppData\Local\MEGAsync\ShellExtX64.dll [2020-03-18] (Mega Limited -> )
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Hung\AppData\Local\MEGAsync\ShellExtX64.dll [2020-03-18] (Mega Limited -> )
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Hung\AppData\Local\MEGAsync\ShellExtX64.dll [2020-03-18] (Mega Limited -> )
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2019-12-13] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Hung\AppData\Local\MEGAsync\ShellExtX64.dll [2020-03-18] (Mega Limited -> )
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2020-01-22] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2019-12-13] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Hung\AppData\Local\MEGAsync\ShellExtX64.dll [2020-03-18] (Mega Limited -> )
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Hung\AppData\Local\MEGAsync\ShellExtX64.dll [2020-03-18] (Mega Limited -> )
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Hung\AppData\Local\MEGAsync\ShellExtX64.dll [2020-03-18] (Mega Limited -> )
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2019-09-10] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2019-12-13] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2020-02-05 05:24 - 2020-02-05 05:24 - 000270848 _____ () [File not signed] C:\Program Files (x86)\Surfshark\Resources\x32\Surfshark.Firewall.dll
2019-01-08 12:54 - 2019-01-08 12:54 - 000017920 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2019-01-08 12:54 - 2019-01-08 12:54 - 003598336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2018-03-13 04:47 - 2018-03-13 04:47 - 000912896 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\aws-cpp-sdk-core.dll
2018-03-13 04:47 - 2018-03-13 04:47 - 003109888 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\aws-cpp-sdk-s3.dll
2015-02-19 01:13 - 2015-02-19 01:13 - 000817152 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\Device.dll
2015-02-19 01:13 - 2015-02-19 01:13 - 003650560 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\Platform.dll
2020-04-11 03:58 - 2013-03-07 23:07 - 000056320 _____ (Alphaleonis) [File not signed] C:\Program Files (x86)\Cobian Backup 11\AlphaVSS.Common.dll
2020-04-11 03:58 - 2013-03-07 23:07 - 000166400 _____ (Alphaleonis) [File not signed] C:\Program Files (x86)\Cobian Backup 11\AlphaVSS.Win2008.x64.dll
2020-04-11 03:58 - 2013-03-07 23:07 - 000009728 _____ (Luis Cobian) [File not signed] C:\Program Files (x86)\Cobian Backup 11\CobStringList.dll
2020-04-11 03:58 - 2013-03-07 23:27 - 002684928 _____ (Luis Cobian, CobianSoft) [File not signed] C:\Program Files (x86)\Cobian Backup 11\cbEngine.dll
2017-09-13 23:37 - 2017-09-13 23:37 - 000026112 _____ (The Qt Company Ltd) [File not signed] C:\Users\Hung\AppData\Local\MEGAsync\imageformats\qgif.dll
2017-09-13 23:42 - 2017-09-13 23:42 - 000033280 _____ (The Qt Company Ltd) [File not signed] C:\Users\Hung\AppData\Local\MEGAsync\imageformats\qicns.dll
2017-09-13 23:37 - 2017-09-13 23:37 - 000027648 _____ (The Qt Company Ltd) [File not signed] C:\Users\Hung\AppData\Local\MEGAsync\imageformats\qico.dll
2017-09-13 23:37 - 2017-09-13 23:37 - 000245760 _____ (The Qt Company Ltd) [File not signed] C:\Users\Hung\AppData\Local\MEGAsync\imageformats\qjpeg.dll
2017-09-13 23:42 - 2017-09-13 23:42 - 000021504 _____ (The Qt Company Ltd) [File not signed] C:\Users\Hung\AppData\Local\MEGAsync\imageformats\qsvg.dll
2017-09-13 23:42 - 2017-09-13 23:42 - 000020992 _____ (The Qt Company Ltd) [File not signed] C:\Users\Hung\AppData\Local\MEGAsync\imageformats\qtga.dll
2017-09-13 23:42 - 2017-09-13 23:42 - 000316416 _____ (The Qt Company Ltd) [File not signed] C:\Users\Hung\AppData\Local\MEGAsync\imageformats\qtiff.dll
2017-09-13 23:42 - 2017-09-13 23:42 - 000019968 _____ (The Qt Company Ltd) [File not signed] C:\Users\Hung\AppData\Local\MEGAsync\imageformats\qwbmp.dll
2017-09-13 23:42 - 2017-09-13 23:42 - 000322560 _____ (The Qt Company Ltd) [File not signed] C:\Users\Hung\AppData\Local\MEGAsync\imageformats\qwebp.dll
2017-09-13 23:37 - 2017-09-13 23:37 - 001010688 _____ (The Qt Company Ltd) [File not signed] C:\Users\Hung\AppData\Local\MEGAsync\platforms\qwindows.dll
2019-01-08 12:55 - 2019-01-08 12:55 - 001441280 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2019-09-10 17:47 - 2019-09-10 17:47 - 005999104 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2019-01-08 12:54 - 2019-01-08 12:54 - 006413824 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2019-01-08 12:54 - 2019-01-08 12:54 - 001141760 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2019-01-08 12:54 - 2019-01-08 12:54 - 000339968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2019-01-08 12:54 - 2019-01-08 12:54 - 004143104 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2019-01-08 12:54 - 2019-01-08 12:54 - 003840000 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2019-01-08 12:54 - 2019-01-08 12:54 - 000332800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2019-01-08 12:54 - 2019-01-08 12:54 - 000113152 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2019-01-08 12:54 - 2019-01-08 12:54 - 000349184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2019-01-08 12:54 - 2019-01-08 12:54 - 080959488 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2019-01-08 12:54 - 2019-01-08 12:54 - 005622272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2019-01-08 12:54 - 2019-01-08 12:54 - 000463360 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2019-01-08 12:54 - 2019-01-08 12:54 - 000190464 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2019-01-08 12:54 - 2019-01-08 12:54 - 002825216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2019-01-08 12:55 - 2019-01-08 12:55 - 000053760 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2019-01-08 12:55 - 2019-01-08 12:55 - 000059392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2019-01-08 12:55 - 2019-01-08 12:55 - 000017408 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2019-01-08 12:55 - 2019-01-08 12:55 - 000330752 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-01-08 12:55 - 2019-01-08 12:55 - 000137216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2019-01-08 12:55 - 2019-01-08 12:55 - 000090112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-01-08 12:55 - 2019-01-08 12:55 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\WINDOWS\tracing:? [16]
AlternateDataStreams: C:\Users\Hung\Application Data:19480092594194a127310869d618ccd6 [394]
AlternateDataStreams: C:\Users\Hung\ntuser.ini:NTV [12728]
AlternateDataStreams: C:\Users\Hung\AppData\Roaming:19480092594194a127310869d618ccd6 [394]
AlternateDataStreams: C:\Users\Hung\AppData\Local\Temp:$DATA​ [34]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [472]
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer trusted/restricted ==========
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2018-09-15 00:31 - 2020-03-04 04:47 - 000000822 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3414523710-2269299248-687328276-1001\Control Panel\Desktop\\Wallpaper -> B:\Downlaods\isk1sa03fz221.png
DNS Servers: 162.252.172.57 - 149.154.159.92
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-3414523710-2269299248-687328276-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-3414523710-2269299248-687328276-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3414523710-2269299248-687328276-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-3414523710-2269299248-687328276-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3414523710-2269299248-687328276-1001\...\StartupApproved\Run: => "EADM"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{D2FA4EBC-DB63-4DFA-9F0D-8FE744E0625D}] => (Block) C:\program files (x86)\hearthstone\hearthstone.exe No File
FirewallRules: [{1C620D1F-205F-41FB-9201-BB4F2533D1A1}] => (Block) C:\program files (x86)\hearthstone\hearthstone.exe No File
FirewallRules: [UDP Query User{898EF33A-46DB-4492-81B0-676544968B61}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe No File
FirewallRules: [TCP Query User{5A06D445-A559-4DF6-8905-62821B77ADF9}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe No File
FirewallRules: [UDP Query User{BE110B9C-1408-49B3-85E6-4573C60A95A5}C:\riot games\league of legends\game\league of legends.exe] => (Allow) C:\riot games\league of legends\game\league of legends.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [TCP Query User{62CADB47-AD36-46E1-9F68-80B99F5CB2E6}C:\riot games\league of legends\game\league of legends.exe] => (Allow) C:\riot games\league of legends\game\league of legends.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [UDP Query User{D05E9253-2764-4310-9DB6-BE258A4E7F94}C:\program files (x86)\heroes of the storm\versions\base75132\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base75132\heroesofthestorm_x64.exe No File
FirewallRules: [TCP Query User{959C462E-E86F-494D-854D-6F887B7E6C75}C:\program files (x86)\heroes of the storm\versions\base75132\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base75132\heroesofthestorm_x64.exe No File
FirewallRules: [{897761B1-657A-4BDF-9A03-8DDFFB1983B8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deceit\bin\win_x64\Deceit.exe No File
FirewallRules: [{B2E7A910-4F2D-4F10-96A7-BEF616E21903}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deceit\bin\win_x64\Deceit.exe No File
FirewallRules: [{FCBD8E57-C6AD-4EDC-9F05-3DB57BACD002}] => (Allow) C:\Riot Games\PBE\LeagueClient.exe No File
FirewallRules: [{BB15305C-5831-4E66-A1A8-E604A3A0BEDC}] => (Allow) C:\Riot Games\PBE\LeagueClient.exe No File
FirewallRules: [UDP Query User{D84DEEE9-8C26-4F20-8DA7-D02E83D5940A}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.200\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.200\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{CEA8901C-E0B7-456E-8E35-118EF74EA897}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.200\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.200\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{A1288CE0-E87F-46F7-8E58-37793D8F7A06}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.199\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.199\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{697E5CC2-6718-4BFF-BC3C-2423C42DCD86}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.199\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.199\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{31895957-76D3-41FF-B848-F6BDECE9B856}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.198\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.198\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{B04EFF96-64AE-4672-9082-C168E6A7E292}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.198\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.198\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{696C8869-630C-4C0A-8163-4670563BFD7F}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.197\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.197\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{90552EB8-C910-467E-AB02-085379AA9767}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.197\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.197\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{A54A182C-0A83-44D7-A47A-B38D8EFDF55E}C:\program files (x86)\origin games\battlefield 4\bf4.exe] => (Allow) C:\program files (x86)\origin games\battlefield 4\bf4.exe No File
FirewallRules: [TCP Query User{38598C81-0C06-45C0-8552-AF4EA1AE8705}C:\program files (x86)\origin games\battlefield 4\bf4.exe] => (Allow) C:\program files (x86)\origin games\battlefield 4\bf4.exe No File
FirewallRules: [{51BD655A-6791-4108-A36D-0836EA481FDE}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{BD83365C-8720-444D-986A-E62142D202F8}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{B067AF74-DA23-4AD6-8DFD-4856AD2F5779}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{14049924-419B-4232-9E24-29086A3D129B}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [UDP Query User{18D73439-5735-42E6-8784-142A34D5A962}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.196\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.196\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{59411A62-CEC6-4F8A-AD77-11679ACC22A8}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.196\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.196\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{B9C6B516-2ED1-4AF6-BB44-E37008FBB45E}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.195\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.195\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{C653309F-5C8A-468A-AA05-6F1ED3C873EA}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.195\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.195\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{A724C62D-C2C4-4A9C-BBDE-4EFE6D0CB341}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.194\deploy\leagueclient.exe] => (Block) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.194\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{410B4F34-2FEC-4283-A032-388B78E27B4B}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.194\deploy\leagueclient.exe] => (Block) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.194\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{A128E657-0843-4954-9E23-255885053D6C}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.193\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.193\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{F6D7F78B-1D47-48F8-BB73-B7A6194BBD88}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.193\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.193\deploy\leagueclient.exe No File
FirewallRules: [{7937D54C-1083-4DAC-B74E-976FF57FE8B6}] => (Block) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.192\deploy\leagueclient.exe No File
FirewallRules: [{48CCFBBA-8A60-4907-AB72-FDED9C174BB0}] => (Block) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.192\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{FF4E7450-EC1C-47B6-8CE0-ABDF5C769AFD}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.192\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.192\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{1F640A8B-5972-4469-978B-F2C5C9DE8527}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.192\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.192\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{D306D77B-CCEB-4D0C-9A98-B31741E2E55E}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.191\deploy\leagueclient.exe] => (Block) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.191\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{DADA0D6F-1CE9-4D48-B783-456F383184FB}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.191\deploy\leagueclient.exe] => (Block) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.191\deploy\leagueclient.exe No File
FirewallRules: [{BC2334BC-9894-4F61-830C-12A0FF706816}] => (Block) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.190\deploy\leagueclient.exe No File
FirewallRules: [{5E2F68BF-DB89-4E2B-BD26-B985D926F43D}] => (Block) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.190\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{66FA0938-8C2A-4A23-8DEA-60D0DFE51A8D}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.190\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.190\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{D2452E7F-21CB-4F90-9028-89FF4EC461EA}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.190\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.190\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{9A2240FF-2E0A-4984-BA9B-AD84DB734CFE}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.189\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.189\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{09F4AC2F-79A8-4773-8550-66B3B5C84718}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.189\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.189\deploy\leagueclient.exe No File
FirewallRules: [{634715EA-62C2-43DB-B9DE-E284290EF7F7}] => (Block) C:\program files (x86)\overwatch\overwatch.exe No File
FirewallRules: [{4E9A2AA1-FFDC-4CEE-BC0C-2DE4CAFFC460}] => (Block) C:\program files (x86)\overwatch\overwatch.exe No File
FirewallRules: [UDP Query User{B1911E0A-EC40-46CC-BF08-9F247E14F991}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe No File
FirewallRules: [TCP Query User{BF46FD6D-FC51-4E0F-A7B5-DB3B9D715E8C}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe No File
FirewallRules: [UDP Query User{11D8F62B-78FD-4E5D-AB75-E2C22CD7E1E0}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.188\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.188\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{DE2954E2-862B-478B-AF69-B4904BF81E41}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.188\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.188\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{E548318B-7F6C-4812-B012-04E7EC436FF7}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.187\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.187\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{EEDBC78E-7A49-42EF-B3EF-B0F5476BED83}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.187\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.187\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{DDDD5521-A423-452B-AF25-CC519EAAA230}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.186\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.186\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{1E03B9B6-375B-4882-A81D-48E5A7342A14}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.186\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.186\deploy\leagueclient.exe No File
FirewallRules: [{FF13E7A2-DCD4-4957-AD01-6248A5871038}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{BABA68A9-9E2B-43DC-8503-BB88556C7B17}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{47EB3748-D6B5-4D94-91CE-E7BAF3EA0089}] => (Block) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.184\deploy\leagueclient.exe No File
FirewallRules: [{44C57EC0-A1A2-4972-A389-F00DB639482D}] => (Block) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.184\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{2A46DD05-A015-4AF2-B164-AD4F0F2E0340}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.184\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.184\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{C5A0B951-C83C-4C9C-A6ED-FC43626E221A}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.184\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.184\deploy\leagueclient.exe No File
FirewallRules: [{2B94EBCC-CD1F-4230-B506-C4D89B3644F6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1B166643-0A11-45A5-A3E1-B80EBA4AFFAC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{276301E3-95F2-4128-84EF-46F4A5D067A8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3580D5E7-E7D5-493F-801D-355D00A98D00}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A29C09A0-2B81-4904-A35C-00FA3C5A21D7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{CC1F6DE2-7DD6-4D35-B9BD-AF5F2D80649B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{5EB163A2-62FE-4981-AFF6-0F1C8847B3DA}C:\users\hung\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\hung\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{E6F14224-8EBD-4A56-AC98-81DF3C667323}C:\users\hung\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\hung\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{D46DE029-D6E9-4176-862D-14102F2AE848}C:\program files (x86)\call of duty modern warfare beta\modernwarfare.exe] => (Allow) C:\program files (x86)\call of duty modern warfare beta\modernwarfare.exe No File
FirewallRules: [UDP Query User{F626B80A-CA18-48EA-903F-6F8999CFD08A}C:\program files (x86)\call of duty modern warfare beta\modernwarfare.exe] => (Allow) C:\program files (x86)\call of duty modern warfare beta\modernwarfare.exe No File
FirewallRules: [TCP Query User{87F00261-52FB-484D-AF32-6AA819F96873}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe No File
FirewallRules: [UDP Query User{EE6D4B55-2FA6-491D-B1B2-FD4DC97C9666}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe No File
FirewallRules: [{3BC841D4-58E5-429F-9B2A-D603F22B08BE}] => (Block) C:\program files (x86)\overwatch\_retail_\overwatch.exe No File
FirewallRules: [{6A2C2962-0031-4569-8098-3196C0D8FC1B}] => (Block) C:\program files (x86)\overwatch\_retail_\overwatch.exe No File
FirewallRules: [TCP Query User{203B6C02-1BDC-4D29-B277-21273ABE9E69}C:\users\hung\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\hung\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{F0C6D3D5-D428-4B72-9E41-62863C6CA4DB}C:\users\hung\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\hung\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{0A4062A8-8DA0-435B-A11D-FE52E65FA9C9}C:\riot games\league of legends\game\league of legends.exe] => (Allow) C:\riot games\league of legends\game\league of legends.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [UDP Query User{064E166F-7DD8-46BD-A271-570CD9025818}C:\riot games\league of legends\game\league of legends.exe] => (Allow) C:\riot games\league of legends\game\league of legends.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [TCP Query User{2B550E34-BDE7-431B-9548-40350F58EF39}C:\riot games\pbe\game\league of legends.exe] => (Allow) C:\riot games\pbe\game\league of legends.exe No File
FirewallRules: [UDP Query User{4564B000-39AB-4A74-864C-CE0C594C59F7}C:\riot games\pbe\game\league of legends.exe] => (Allow) C:\riot games\pbe\game\league of legends.exe No File
FirewallRules: [TCP Query User{3535AB90-92E5-493B-A5B8-1EF3DF4FF805}C:\users\hung\appdata\local\citra\nightly-mingw\citra-qt.exe] => (Allow) C:\users\hung\appdata\local\citra\nightly-mingw\citra-qt.exe No File
FirewallRules: [UDP Query User{58EE6466-F836-417D-B532-F9FA259601B7}C:\users\hung\appdata\local\citra\nightly-mingw\citra-qt.exe] => (Allow) C:\users\hung\appdata\local\citra\nightly-mingw\citra-qt.exe No File
FirewallRules: [{F1E7ADDF-E8C4-4EB8-BE99-929ED5FD4D5B}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1270D4EC-1EBF-4107-A20E-6A964CB1C5F7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{54EFC043-0D92-49E0-A0E8-76F417C524D9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1E270FC3-48D9-42CF-A093-73D71B0B3221}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F589AF7E-D212-4DDA-9A33-D2A0CA0D1EA0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9ECF4771-344D-45A5-B3C4-AE6AB2F7E25D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)
FirewallRules: [{E64DBBE2-AB2D-47FC-B2F9-AF40E1576419}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)
FirewallRules: [{87265F92-8C74-4A18-B84E-AC0253541BC4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix_Vulkan.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)
FirewallRules: [{306A8D96-CFB5-4CEE-8568-908382B165A1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix_Vulkan.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)
FirewallRules: [{AB9C178E-D801-42BC-8CFC-436E70389D99}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{8DE0D19E-BA40-42FE-A63B-32EA4CD34F2C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{2A3CA85D-FA32-4063-A23C-99809B10ABC7}] => (Allow) B:\SteamLibrary\steamapps\common\FPSAimTrainer\FPSAimTrainer.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{7982A1C3-A44C-42B1-877D-99A69A136BB6}] => (Allow) B:\SteamLibrary\steamapps\common\FPSAimTrainer\FPSAimTrainer.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [TCP Query User{56D0BB2A-B33C-4653-8FFE-7E6FD9661C0E}B:\steamlibrary\steamapps\common\fpsaimtrainer\fpsaimtrainer\binaries\win64\fpsaimtrainer-win64-shipping.exe] => (Allow) B:\steamlibrary\steamapps\common\fpsaimtrainer\fpsaimtrainer\binaries\win64\fpsaimtrainer-win64-shipping.exe () [File not signed]
FirewallRules: [UDP Query User{4A0097C8-67F3-4C5E-BD34-1DF617E120E1}B:\steamlibrary\steamapps\common\fpsaimtrainer\fpsaimtrainer\binaries\win64\fpsaimtrainer-win64-shipping.exe] => (Allow) B:\steamlibrary\steamapps\common\fpsaimtrainer\fpsaimtrainer\binaries\win64\fpsaimtrainer-win64-shipping.exe () [File not signed]
==================== Restore Points =========================
09-04-2020 00:34:14 Scheduled Checkpoint
==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================
Application errors:
==================
Error: (04/11/2020 04:30:01 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (27624,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (04/11/2020 04:18:14 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {281ddd87-6739-4283-9083-0fc8a74a840b}
Error: (04/11/2020 04:08:06 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (8248,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (04/11/2020 03:54:31 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (9488,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (04/11/2020 03:46:51 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (17500,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (04/11/2020 03:31:15 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (25516,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (04/10/2020 10:52:41 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (11124,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (04/10/2020 10:45:27 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (20976,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

System errors:
=============
Error: (04/09/2020 11:28:10 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone.
Error: (04/07/2020 05:04:36 AM) (Source: volsnap) (EventID: 25) (User: )
Description: The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time.  Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
Error: (04/07/2020 12:32:41 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AMD User Experience Program Launcher service terminated unexpectedly.  It has done this 1 time(s).
Error: (04/06/2020 03:26:15 AM) (Source: volsnap) (EventID: 25) (User: )
Description: The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time.  Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
Error: (04/06/2020 03:26:02 AM) (Source: DCOM) (EventID: 10010) (User: HUNG)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
Error: (04/04/2020 06:37:03 AM) (Source: volsnap) (EventID: 35) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.
Error: (04/02/2020 01:19:17 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:54:10 AM on ‎4/‎2/‎2020 was unexpected.
Error: (03/31/2020 05:14:10 AM) (Source: volsnap) (EventID: 25) (User: )
Description: The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time.  Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.

Windows Defender:
===================================
Date: 2020-04-06 02:53:17.347
Description:
Controlled Folder Access blocked C:\Windows\System32\svchost.exe from making changes to memory.
Detection time: 2020-04-06T09:53:17.347Z
Path: \Device\HarddiskVolume4
Process Name: C:\Windows\System32\svchost.exe
Security intelligence Version: 1.313.861.0
Engine Version: 1.1.16900.4
Product Version: 4.18.2003.8
Date: 2020-04-06 02:41:42.227
Description:
Controlled Folder Access blocked C:\Windows\System32\svchost.exe from making changes to memory.
Detection time: 2020-04-06T09:41:42.227Z
Path: \Device\HarddiskVolume7
Process Name: C:\Windows\System32\svchost.exe
Security intelligence Version: 1.313.861.0
Engine Version: 1.1.16900.4
Product Version: 4.18.2003.8
Date: 2020-03-27 16:22:31.821
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {86A11C48-76EF-4FA3-8477-982ABCBB3C4D}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2020-03-08 11:27:16.293
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {22E08B66-E7DC-47F6-BFA6-1CC688A4AFED}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2020-03-24 13:34:38.274
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x80508023
Error description: The program could not find the malware and other potentially unwanted software on this device.
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
Date: 2020-03-11 18:56:06.534
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.311.918.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16800.2
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
CodeIntegrity:
===================================
Date: 2020-04-11 04:31:08.209
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.
Date: 2020-04-11 04:31:08.208
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.
Date: 2020-04-11 04:29:42.996
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2020-04-11 04:29:42.996
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2020-04-11 04:29:42.991
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2020-04-11 04:29:42.991
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2020-04-11 04:24:34.569
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.
Date: 2020-04-11 04:24:34.569
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.
==================== Memory info ===========================
BIOS: American Megatrends Inc. A.30 11/06/2018
Motherboard: Micro-Star International Co., Ltd B450-A PRO (MS-7B86)
Processor: AMD Ryzen 5 2600 Six-Core Processor
Percentage of memory in use: 48%
Total physical RAM: 16335.08 MB
Available physical RAM: 8456.35 MB
Total Virtual: 31230.02 MB
Available Virtual: 15220.85 MB
==================== Drives ================================
Drive b: (HHD) (Fixed) (Total:799.87 GB) (Free:428.65 GB) NTFS
Drive c: () (Fixed) (Total:465.16 GB) (Free:214.93 GB) NTFS
\\?\Volume{e4fec26a-ae83-403d-88e4-5e95e23c50af}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.07 GB) NTFS
\\?\Volume{20435e03-4f42-4569-a976-ea171e9dbcbf}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)
Partition: GPT.
==========================================================
Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 2.
==================== End of Addition.txt =======================

Edited by hungmao99, Today, 07:24 AM.

Comments

Popular Posts

System detected an overrun of a stack-based buffer in this application [FIX] - Windows Report

Valorant anti-cheat lead answers many questions on Reddit - Millenium US