Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2019
Ran by kkory (11-12-2019 05:30:52)
Running from C:\Users\kkory\Downloads
Windows 10 Home Version 1909 18363.476 (X64) (2019-12-02 17:10:36)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3105727912-594040118-960013747-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3105727912-594040118-960013747-503 - Limited - Disabled)
Guest (S-1-5-21-3105727912-594040118-960013747-501 - Limited - Disabled)
kkory (S-1-5-21-3105727912-594040118-960013747-1007 - Administrator - Enabled) => C:\Users\kkory
volko (S-1-5-21-3105727912-594040118-960013747-1008 - Limited - Enabled) => C:\Users\volko
WDAGUtilityAccount (S-1-5-21-3105727912-594040118-960013747-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Security (Disabled - Up to date) {885D845F-AF19-0124-FECE-FFF49D00F440}
AV: McAfee VirusScan (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon MP495 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series) (Version:  - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.63 - Piriform)
ControlCenter2.0 v1.0.23 (HKLM-x32\...\{2F385B5D-5F23-4513-B3CE-9F5E4F4B882A}) (Version: 1.0.23 - Control Center)
ControlCenter2.0 v1.0.23 (HKLM-x32\...\{9DEBB85B-3979-4B50-BDF7-3D628D2205ED}) (Version: 1.0.23 - Control Center) Hidden
CyberLink PowerRecover (HKLM\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.7013 - CyberLink Corp.) Hidden
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.7013 - CyberLink Corp.)
ESET Security (HKLM\...\{6D46484B-0BE2-4060-9CD3-FA87ED960ED9}) (Version: 13.0.22.0 - ESET, spol. s r.o.)
FormatFactory 4.9.5.0 (HKLM-x32\...\FormatFactory) (Version: 4.9.5.0 - Free Time)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 78.0.3904.108 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.341 - Google LLC) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{55d73ea7-6354-42db-8831-02d048ae57f8}) (Version: 10.1.17541.8066 - Intel(R) Corporation) Hidden
Intel(R) HID Event Filter (HKLM-x32\...\3FB06EEC-013D-4366-9918-71B97DFB84EB) (Version: 2.2.1.364 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1808.12.0.1102 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 23.20.16.5017 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 16.0.2.1086 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.48.197.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{66129f84-d3f0-4884-ac54-369ae6fc2cf6}) (Version: 1.48.197.0 - Intel Corporation) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000050-0200-1033-84C8-B8D95FA3C8C3}) (Version: 20.50.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{8c595286-0f9e-42de-a0d4-969aba282637}) (Version: 20.50.0 - Intel Corporation)
Intel® Software Guard Extensions Platform Software (HKLM-x32\...\ARP_for_prd_SGX_1.9.100.41172) (Version: 1.9.100.41172 - Intel Corporation)
Life App Explorer (HKU\S-1-5-21-3105727912-594040118-960013747-1007\...\Host App Service) (Version: 0.273.2.684 - SweetLabs)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.12228.20332 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3105727912-594040118-960013747-1007\...\OneDriveSetup.exe) (Version: 19.192.0926.0012 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 71.0 (x64 en-GB) (HKLM\...\Mozilla Firefox 71.0 (x64 en-GB)) (Version: 71.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 70.0.1 - Mozilla)
NVIDIA 3D Vision Driver 389.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 389.27 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.13.1.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.13.1.30 - NVIDIA Corporation)
NVIDIA Graphics Driver 389.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 389.27 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.37.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.37.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.12228.20332 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.12228.20332 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.12228.20332 - Microsoft Corporation) Hidden
OpenOffice 4.1.7 (HKLM-x32\...\{E3E3C1D4-6886-4EDB-9F12-335641465055}) (Version: 4.17.9800 - Apache Software Foundation)
Pushbullet version 338 (HKLM-x32\...\{7578F204-49E7-4830-B051-14C23F408BFE}_is1) (Version: 338 - Pushbullet Inc)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.16299.21304 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.25.119.2018 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8433 - Realtek Semiconductor Corp.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SupportAPP (HKLM\...\{0000A0AB-3A12-1EF4-A21C-9ADE1843AB04}) (Version: 1.1 - )
Total Commander 64+32-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.22 - Ghisler Software GmbH)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.8 - VideoLAN)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0) (Version: 1.1.70.0 - LunarG, Inc.) Hidden
WebDiscover Browser 4.27.2 (HKLM\...\{fd13f4a2-b0d8-4cad-9ccf-d4128eaf25ff}_is1) (Version: 4.27.2 - WebDiscover Media) <==== ATTENTION
WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)

Packages:
=========
Amazon Alexa -> C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.7.54.0_x64__22t9g3sebte08 [2019-12-05] (AMZN Mobile LLC.) [Startup Task]
Dolby Audio Premium -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAudioPremium_2.1001.237.0_x64__rz1tebttyb220 [2018-05-15] (Dolby Laboratories)
Fresh Paint -> C:\Program Files\WindowsApps\Microsoft.FreshPaint_3.1.10383.1000_x86__8wekyb3d8bbwe [2019-12-02] (Microsoft Corporation)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.1725.0_x64__8j3eq9eme6ctt [2019-12-02] (INTEL CORP) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-12-02] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-12-02] (Microsoft Corporation) [MS Ad]
Microsoft Jigsaw -> C:\Program Files\WindowsApps\Microsoft.MicrosoftJigsaw_1.9.1907.2503_x86__8wekyb3d8bbwe [2019-12-02] (Microsoft Studios) [MS Ad]
Microsoft Mahjong -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMahjong_3.9.9231.0_x64__8wekyb3d8bbwe [2019-12-02] (Microsoft Studios) [MS Ad]
Microsoft Minesweeper -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMinesweeper_2.8.1911.0_x86__8wekyb3d8bbwe [2019-12-02] (Microsoft Studios) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.33.13094.0_x64__8wekyb3d8bbwe [2019-12-02] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.11052.0_x64__8wekyb3d8bbwe [2019-12-02] (Microsoft Studios) [MS Ad]
Microsoft Sudoku -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSudoku_1.7.10190.0_x86__8wekyb3d8bbwe [2019-12-02] (Microsoft Studios) [MS Ad]
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [2019-12-02] (Microsoft Corporation)
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.33.13253.0_x64__8wekyb3d8bbwe [2019-12-02] (Microsoft Corporation) [MS Ad]
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.1.137.0_x64__dt26b99r8h8gj [2019-12-02] (Realtek Semiconductor Corp)
Translator -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_5.6.0.0_x64__8wekyb3d8bbwe [2019-12-02] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2019-10-03] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers1: [FormatFactoryShell] -> {A3888923-CFD3-4A6B-89BF-08E6B95716E8} => C:\Program Files (x86)\FormatFactory\ShellEx64_106.dll [2019-09-25] (Free Time) [File not signed]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2019-10-03] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers4: [FormatFactoryShell] -> {A3888923-CFD3-4A6B-89BF-08E6B95716E8} => C:\Program Files (x86)\FormatFactory\ShellEx64_106.dll [2019-09-25] (Free Time) [File not signed]
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\cui_component.inf_amd64_0219cc1c7085a93f\igfxDTCM.dll [2018-04-29] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-04-18] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2019-10-03] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2019-12-05 19:55 - 2019-12-05 19:55 - 069550592 _____ () [File not signed] C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.7.54.0_x64__22t9g3sebte08\Alexa.dll
2019-12-05 19:55 - 2019-12-05 19:55 - 000948736 _____ () [File not signed] C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.7.54.0_x64__22t9g3sebte08\e_sqlite3.dll
2019-12-02 13:52 - 2019-12-02 13:52 - 000009216 _____ () [File not signed] C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.7.54.0_x64__22t9g3sebte08\ImagePipelineNative.dll
2019-12-05 19:55 - 2019-12-05 19:55 - 000104448 _____ () [File not signed] C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.7.54.0_x64__22t9g3sebte08\libpryon_lite.dll
2019-12-05 19:55 - 2019-12-05 19:55 - 000054272 _____ () [File not signed] C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.7.54.0_x64__22t9g3sebte08\Reaver.Components.dll
2019-12-05 19:55 - 2019-12-05 19:55 - 000027648 _____ () [File not signed] C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.7.54.0_x64__22t9g3sebte08\Reaver.Http.Curl.Shim.dll
2019-12-05 19:55 - 2019-12-05 19:55 - 000032768 _____ () [File not signed] C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.7.54.0_x64__22t9g3sebte08\Reaver.Intel.Shim.dll
2019-12-05 19:25 - 2012-06-14 17:18 - 000359936 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNMN6PPM.DLL
2019-12-05 19:55 - 2019-12-05 19:55 - 000098816 _____ (Facebook, Inc.) [File not signed] C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.7.54.0_x64__22t9g3sebte08\yoga.dll
2019-12-02 17:05 - 2018-04-18 00:25 - 000874880 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI64.dll
2019-12-02 17:05 - 2018-04-18 00:25 - 000339256 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\NvStereo\_nvstapisvr64.dll
2019-12-05 19:55 - 2019-12-05 19:55 - 002418688 _____ (The curl library, hxxps://curl.haxx.se/) [File not signed] C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.7.54.0_x64__22t9g3sebte08\libcurl.dll
2018-05-15 12:40 - 2016-10-11 13:52 - 002061824 _____ (TODO: <公司名稱>) [File not signed] C:\Program Files (x86)\Hotkey\audio10ec.dll
2018-05-15 12:40 - 2007-12-03 11:33 - 000204800 _____ (TODO: <公司名稱>) [File not signed] C:\Program Files (x86)\Hotkey\DataAddress.dll
2018-05-15 12:40 - 2016-10-11 20:01 - 002037248 _____ (TODO: <公司名稱>) [File not signed] C:\Program Files (x86)\Hotkey\powerlife.dll
2019-12-05 19:55 - 2019-12-05 19:55 - 000442368 _____ (Un4seen Developments) [File not signed] C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.7.54.0_x64__22t9g3sebte08\bass.dll
2019-12-05 19:55 - 2019-12-05 19:55 - 000108032 _____ (Un4seen Developments) [File not signed] C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.7.54.0_x64__22t9g3sebte08\bassmidi.dll
2019-12-05 19:55 - 2019-12-05 19:55 - 000041472 _____ (Un4seen Developments) [File not signed] C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.7.54.0_x64__22t9g3sebte08\bassmix.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-11 23:38 - 2018-04-11 23:36 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\iCLS\;C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-3105727912-594040118-960013747-1007\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\OEM\wallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{302FD0E4-A7D0-41C7-8E8D-465F516B8818}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe (Free Time Co., Ltd. -> Free Time Co., Ltd.)
FirewallRules: [{26385EA7-D7ED-4196-A1BF-D28123B69074}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe (暇光软件科技（上海）有限公司 -> Free Time Co., Ltd.)
FirewallRules: [{2B8DC37E-CB12-4AF4-B610-26DA980D031E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{947016BF-5B07-469B-BBEB-60805C9317DA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{10580E1F-3460-4685-A8E1-B54A9B04EC90}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{E2E7E1CF-DD4F-46FB-B1D1-A605B6B402F3}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> )
FirewallRules: [{F85C894C-6656-47A8-9C0C-7DCFBBD1F2B4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{97901FFE-E76A-4233-B731-7B2624E7F617}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{346F28D5-A10C-43F6-BB45-E4F0F6DB2813}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{26161BEE-861A-4333-8211-690ECCE5BE80}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{C2C67445-0E2D-4594-BC55-F68CB0D949D7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{A7D2AB1A-5A3A-46E2-A8BE-D6931715F38C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{8B855546-1355-4A88-A84C-5DED2C7D29B6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{2EE74B42-9357-4378-B0C1-6D071CC872F4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{A3B5702D-54A5-437E-A5F7-D13308772C0C}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{CEF5335B-7D79-421C-B435-D1767F40DDD3}C:\totalcmd\totalcmd.exe] => (Allow) C:\totalcmd\totalcmd.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [UDP Query User{21FE19C2-03AF-4908-BE0B-53385383DE89}C:\totalcmd\totalcmd.exe] => (Allow) C:\totalcmd\totalcmd.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [{5BB1A6D3-96E4-40B8-B185-3A6AE4BE765D}] => (Block) C:\totalcmd\totalcmd.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [{EE230E68-54A8-4707-B748-368E946CEC1C}] => (Block) C:\totalcmd\totalcmd.exe (Ghisler Software GmbH -> Ghisler Software GmbH)

==================== Restore Points =========================

02-12-2019 17:18:47 Windows Update
02-12-2019 17:51:29 afterupdates
05-12-2019 19:20:56 Language Pack Removal
11-12-2019 03:41:22 Windows Update

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (12/11/2019 03:52:27 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1020) (User: NT AUTHORITY)
Description: The required buffer size is greater than the buffer size passed to the Collect function of the "C:\Windows\System32\perfts.dll" Extensible Counter DLL for the "LSM" service. The given buffer size was 20232 and the required size was 35248.

Error: (12/11/2019 03:34:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AuxSwitch.exe, version: 1.0.0.1, time stamp: 0x580db540
Faulting module name: AuxSwitch.exe, version: 1.0.0.1, time stamp: 0x580db540
Exception code: 0xc0000409
Fault offset: 0x00020713
Faulting process ID: 0x2070
Faulting application start time: 0x01d5afd3ec849cb1
Faulting application path: C:\Program Files (x86)\Hotkey\AuxSwitch.exe
Faulting module path: C:\Program Files (x86)\Hotkey\AuxSwitch.exe
Report ID: fe488d1b-41fb-479d-bc61-3e10c4afb626
Faulting package full name: 
Faulting package-relative application ID:

Error: (12/11/2019 03:34:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: igfxext.exe, version: 6.15.10.5017, time stamp: 0x5aba5f2c
Faulting module name: igfxext.exe, version: 6.15.10.5017, time stamp: 0x5aba5f2c
Exception code: 0xc0000005
Fault offset: 0x000000000000e9b4
Faulting process ID: 0x1ea8
Faulting application start time: 0x01d5afd3ec8c7709
Faulting application path: C:\WINDOWS\System32\DriverStore\FileRepository\cui_component.inf_amd64_0219cc1c7085a93f\igfxext.exe
Faulting module path: C:\WINDOWS\System32\DriverStore\FileRepository\cui_component.inf_amd64_0219cc1c7085a93f\igfxext.exe
Report ID: 4e0d25b0-a581-4759-999e-ec8015621585
Faulting package full name: 
Faulting package-relative application ID:

Error: (12/11/2019 02:18:40 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.

Error: (12/11/2019 02:18:40 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (12/11/2019 02:18:40 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.

Error: (12/11/2019 02:18:40 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (12/11/2019 02:18:27 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: ERAZER)
Description: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code 126).


System errors:
=============
Error: (12/10/2019 03:57:38 AM) (Source: DCOM) (EventID: 10029) (User: ERAZER)
Description: The activation of the CLSID {752073A1-23F2-4396-85F0-8FDB879ED0ED} timed out waiting for the service TrustedInstaller to stop.

Error: (12/10/2019 03:45:33 AM) (Source: DCOM) (EventID: 10010) (User: ERAZER)
Description: The server microsoft.windowscommunicationsapps_16005.12228.20276.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca did not register with DCOM within the required timeout.

Error: (12/09/2019 04:45:29 PM) (Source: DCOM) (EventID: 10010) (User: ERAZER)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (12/09/2019 04:45:29 PM) (Source: DCOM) (EventID: 10010) (User: ERAZER)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (12/09/2019 04:45:28 PM) (Source: DCOM) (EventID: 10010) (User: ERAZER)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (12/09/2019 04:45:28 PM) (Source: DCOM) (EventID: 10010) (User: ERAZER)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (12/09/2019 04:45:28 PM) (Source: DCOM) (EventID: 10010) (User: ERAZER)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (12/09/2019 04:45:28 PM) (Source: DCOM) (EventID: 10010) (User: ERAZER)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.


CodeIntegrity:
===================================

Date: 2019-12-11 05:28:47.290
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Program Files\ESET\ESET Security\ecmds.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-12-11 05:28:47.282
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Program Files\ESET\ESET Security\ecmds.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-12-11 05:28:47.269
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume6\Program Files\ESET\ESET Security\eamsi.dll that did not meet the Windows signing level requirements.

Date: 2019-12-11 02:21:10.380
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume6\Program Files\ESET\ESET Security\eamsi.dll that did not meet the Windows signing level requirements.

Date: 2019-12-11 02:21:10.378
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume6\Program Files\ESET\ESET Security\eamsi.dll that did not meet the Windows signing level requirements.

Date: 2019-12-11 02:21:10.372
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume6\Program Files\ESET\ESET Security\eamsi.dll that did not meet the Windows signing level requirements.

Date: 2019-12-11 02:19:40.329
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume6\Program Files\ESET\ESET Security\eamsi.dll that did not meet the Windows signing level requirements.

Date: 2019-12-11 02:19:39.106
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume6\Program Files\ESET\ESET Security\eamsi.dll that did not meet the Windows signing level requirements.

==================== Memory info =========================== 

BIOS: American Megatrends Inc. 1.07.06RGM3_00029 07/19/2018
Motherboard: MEDION N857EX1M
Processor: Intel(R) Core(TM) i7-8750H CPU @ 2.20GHz
Percentage of memory in use: 60%
Total physical RAM: 8039.17 MB
Available physical RAM: 3166.08 MB
Total Virtual: 17255.17 MB
Available Virtual: 11213.33 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:235.86 GB) (Free:146.6 GB) NTFS
Drive d: (Data) (Fixed) (Total:608.54 GB) (Free:608.28 GB) NTFS
Drive e: (Recover) (Fixed) (Total:30 GB) (Free:8.36 GB) NTFS
Drive v: (Ekaterina) (Fixed) (Total:292.97 GB) (Free:292.87 GB) NTFS

\\?\Volume{8b713f3e-387c-41a5-9241-f1d1307a7e7c}\ () (Fixed) (Total:0.53 GB) (Free:0.08 GB) NTFS
\\?\Volume{19296e25-2ee8-4718-8f47-e034656efa50}\ () (Fixed) (Total:0.98 GB) (Free:0.45 GB) NTFS
\\?\Volume{45b6ca81-8f35-417c-a8a9-c2d392409a18}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: DA9D6057)

Partition: GPT.

==========================================================
Disk: 1 (Size: 238.5 GB) (Disk ID: DA9D6048)

Partition: GPT.

==================== End of Addition.txt =======================