Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virus or Not? [Solved]


  • This topic is locked This topic is locked

#1
moondog830

moondog830

    Member

  • Member
  • PipPipPip
  • 775 posts

I have 1 SPECIFIC issue ... when I try to download files ... books, pdf's, images, anything ... everytime it begins to download and then stops somewhere in the middle and then I get the message ' failed, network error ' ... but I turn to my other computer or my wife's (all on the same internet) and am able to download with no problems at all. 

 

I'm not sure if this is a virus issue or what, but I decided since I haven't 'cleaned' this laptop since I bought it, that I would start here.

 

FRST

 

 

 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2021-04-19] [Legacy] [not signed]
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2011-09-05] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
 
Brave: 
=======
BRA Profile: C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2021-07-23]
BRA Notifications: Default -> hxxps://services.hughesnet.com; hxxps://www.elcorreo.com
BRA NewTab: Default ->  Not-active:"chrome-extension://dchlgjjknnfihkdbkknkhdkneiajdboe/newtab/index.html"
BRA DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}&t=brave
BRA DefaultSearchKeyword: Default -> :D
BRA DefaultSuggestURL: Default -> hxxps://ac.duckduckgo.com/ac/?q={searchTerms}&type=list
BRA Session Restore: Default -> is enabled.
BRA Extension: (Google Translate) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2021-03-03]
BRA Extension: (Sci-Fi Art New Tab) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\dchlgjjknnfihkdbkknkhdkneiajdboe [2021-02-02]
BRA Extension: (Avast Passwords) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2021-01-20]
BRA Extension: (Online coupon tool: Add to Chrome for free) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2021-07-18]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2021-01-29]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2021-07-23]
BRA Extension: (Brave NTP sponsored images) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe [2021-07-23]
BRA Extension: (Brave SpeedReader Updater) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2021-07-01]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2021-07-21]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ArmouryCrateControlInterface; C:\Windows\System32\ASUSACCI\ArmouryCrateControlInterface.exe [889248 2020-12-17] (ASUSTeK Computer Inc. -> ASUSTeK COMPUTER INC.)
R2 ASUSLinkNear; C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSLinkNear\AsusLinkNear.exe [1290880 2021-07-11] (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
R2 ASUSLinkNearExt; C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSLinkNear\AsusLinkNearExt.exe [142464 2021-07-11] (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
R2 ASUSLinkRemote; C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSLinkRemote\AsusLinkRemote.exe [793752 2021-07-11] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​)
R2 ASUSOptimization; C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSOptimization\AsusOptimization.exe [336528 2021-07-11] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 ASUSSoftwareManager; C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSoftwareManager\AsusSoftwareManager.exe [945296 2021-07-11] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 ASUSSystemAnalysis; C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemAnalysis\AsusSystemAnalysis.exe [2560144 2021-07-11] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 ASUSSystemDiagnosis; C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemDiagnosis\AsusSystemDiagnosis.exe [885680 2021-07-11] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek COMPUTER INC.)
R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [8249936 2021-06-25] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [625432 2021-06-25] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [373528 2021-06-25] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2021-05-20] (Avast Software s.r.o. -> AVAST Software)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162384 2021-01-20] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162384 2021-01-20] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 DtsApo4Service; C:\Windows\System32\DTS\PC\APO4x\DtsApo4Service.exe [201376 2020-10-19] (DTS, Inc. -> DTS Inc.)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [288360 2021-05-09] (HP Inc. -> HP Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2021-01-19] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2021-01-19] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nvam.inf_amd64_21f432cacc7a9a01\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nvam.inf_amd64_21f432cacc7a9a01\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ampa; C:\Windows\system32\ampa.sys [38320 2017-02-28] (CHENGDU AOMEI Tech Co., Ltd. -> )
S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R3 AsusPTPDrv; C:\Windows\System32\drivers\AsusPTPFilter.sys [112336 2019-10-02] (ASUSTek Computer Inc. -> ASUSTek COMPUTER INC.)
R1 ASUSSAIO; C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemAnalysis\ASUSSAIO.sys [39056 2021-07-11] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [35720 2021-06-25] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [216928 2021-06-25] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [366616 2021-06-25] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [250392 2021-06-25] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [99352 2021-06-25] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\Windows\System32\drivers\aswElam.sys [17328 2021-05-20] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [41352 2021-06-25] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [182600 2021-06-25] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\Windows\System32\drivers\aswNetHub.sys [524400 2021-06-25] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [107848 2021-06-25] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [82912 2021-06-25] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [851192 2021-06-25] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [471920 2021-06-25] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [215384 2021-06-25] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [327536 2021-06-25] (Avast Software s.r.o. -> AVAST Software)
R1 ATKWMIACPIIO; C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSOptimization\atkwmiacpi64.sys [44680 2021-07-11] (ASUSTek Computer Inc. -> ASUSTeK COMPUTER INC.)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 ddmdrv; C:\Windows\system32\ddmdrv.sys [35760 2016-12-27] (CHENGDU AOMEI Tech Co., Ltd. -> )
R3 HIDSwitch; C:\Windows\System32\drivers\AsRadioControl.sys [32696 2020-11-19] (ASUSTek Computer Inc. -> ASUS)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [48536 2021-01-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [429296 2021-01-19] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [70896 2021-01-19] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-07-23 07:58 - 2021-07-23 07:59 - 000000000 ____D C:\FRST
2021-07-23 07:57 - 2021-07-23 07:59 - 000000000 ____D C:\Users\moond\Desktop\Virus Checking
2021-07-23 07:43 - 2021-07-23 07:44 - 000000000 ____D C:\Users\moond\Desktop\downloaded stuff
2021-07-23 07:20 - 2021-07-23 07:20 - 000000118 ____H C:\Users\moond\Downloads\.~lock.Week#8 Data.xlsx#
2021-07-22 11:12 - 2020-12-07 15:30 - 007545438 _____ C:\Users\moond\Desktop\Hawg_FlagsLib.wotmod
2021-07-22 11:00 - 2020-08-04 16:04 - 102213533 _____ C:\Users\moond\Desktop\CWW-P.43-ter-Comprovato-Remodel.wotmod
2021-07-22 11:00 - 2019-12-29 18:12 - 000047374 _____ C:\Users\moond\Desktop\CWW-P.43-ter-Comprovato-Remodel-Icons.wotmod
2021-07-17 20:54 - 2021-07-17 20:54 - 001823280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2021-07-17 20:54 - 2021-07-17 20:54 - 000011357 _____ C:\Windows\system32\DrtmAuthTxt.wim
2021-07-17 20:54 - 2021-07-17 20:54 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsraLegacy.tlb
2021-07-17 20:54 - 2021-07-17 20:54 - 000007680 _____ (Microsoft Corporation) C:\Windows\system32\MsraLegacy.tlb
2021-07-17 20:54 - 2021-07-17 20:54 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rendezvousSession.tlb
2021-07-17 20:54 - 2021-07-17 20:54 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\rendezvousSession.tlb
2021-07-17 17:46 - 2021-07-17 17:46 - 199967261 _____ C:\Users\moond\Desktop\IoW_Great_Push_Battle_of_the_Somme_1916.pdf
2021-07-14 10:22 - 2021-07-14 10:22 - 001238072 _____ C:\Users\moond\Desktop\statement (1).pdf
2021-07-14 10:19 - 2021-07-14 10:19 - 001238364 _____ C:\Users\moond\Desktop\statement.pdf
2021-07-13 21:29 - 2021-07-13 21:29 - 000000342 _____ C:\Users\moond\Desktop\[EBS] Jack Webber - Destination Mars 2[ebooks-shares.org].torrent
2021-07-12 12:19 - 2021-07-12 12:20 - 044598853 _____ C:\Users\moond\Desktop\AGleamofBayonets.pdf
2021-07-08 09:39 - 2021-07-08 09:39 - 002371072 _____ C:\Windows\system32\rdpnano.dll
2021-07-08 09:39 - 2021-07-08 09:39 - 002260992 _____ C:\Windows\system32\TextInputMethodFormatter.dll
2021-07-08 09:39 - 2021-07-08 09:39 - 001393504 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2021-07-08 09:39 - 2021-07-08 09:39 - 001314128 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2021-07-08 09:39 - 2021-07-08 09:39 - 000570880 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2021-07-08 09:39 - 2021-07-08 09:39 - 000452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2021-07-08 09:39 - 2021-07-08 09:39 - 000097792 _____ C:\Windows\system32\Drivers\cimfs.sys
2021-07-08 09:39 - 2021-07-08 09:39 - 000084992 _____ (Microsoft Corporation) C:\Windows\system32\wscui.cpl
2021-07-08 09:39 - 2021-07-08 09:39 - 000067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscui.cpl
2021-07-08 09:39 - 2021-07-08 09:39 - 000060928 _____ C:\Windows\system32\runexehelper.exe
2021-07-08 07:28 - 2021-07-08 07:29 - 002010427 _____ C:\Users\moond\Desktop\shirt front idea.psd
2021-07-07 09:19 - 2021-07-07 10:11 - 000090769 _____ C:\Users\moond\Desktop\butterfly.jpeg
2021-07-06 16:24 - 2021-07-07 08:42 - 000350604 _____ C:\Users\moond\Desktop\stencil-style-new.zip
2021-07-06 16:04 - 2021-07-12 16:33 - 000000000 ____D C:\Users\moond\Desktop\sigs and avs
2021-07-06 11:24 - 2021-07-06 11:30 - 000000000 ____D C:\Users\moond\Desktop\Grandma's old pc
2021-07-06 11:08 - 2021-07-06 16:05 - 000000000 ____D C:\Users\moond\Desktop\Mark's Temp from Mom's gateway
2021-07-02 16:47 - 2021-07-02 16:47 - 152922777 _____ C:\Users\moond\Desktop\Aircraft_of_World_War_II.pdf
2021-07-02 08:55 - 2021-07-02 08:55 - 000000000 ____D C:\Users\moond\Desktop\downloaded books
2021-07-02 08:52 - 2021-07-02 08:52 - 000000000 ____D C:\Users\moond\Documents\Adobe
2021-07-01 07:33 - 2021-07-01 07:33 - 000454795 _____ C:\Users\moond\Desktop\butterfly work.psd
2021-07-01 07:32 - 2021-04-19 22:52 - 000018816 _____ C:\Windows\system32\RtEventLog.dll
2021-07-01 07:32 - 2021-04-19 22:42 - 045530813 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2021-06-26 08:24 - 2021-06-26 08:24 - 000046012 _____ C:\Users\moond\Desktop\ArmesMilitaria000-Index.odt
2021-06-26 07:25 - 2021-07-01 07:33 - 002271075 _____ C:\Users\moond\Desktop\butterflies.psd
2021-06-26 07:25 - 2021-06-26 07:25 - 001082811 _____ C:\Users\moond\Desktop\head work 2.psd
2021-06-26 07:25 - 2021-06-26 07:25 - 000954155 _____ C:\Users\moond\Desktop\head work 3.psd
2021-06-25 14:50 - 2021-06-25 14:49 - 000339736 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2021-06-25 14:50 - 2021-06-25 14:49 - 000215384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2021-06-23 12:30 - 2021-06-23 12:33 - 000000000 ____D C:\Users\moond\Desktop\memes
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-07-23 07:31 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-07-23 07:26 - 2021-01-20 23:30 - 000000000 ____D C:\Users\moond\Calibre Library
2021-07-23 07:09 - 2021-01-26 10:58 - 000003752 _____ C:\Windows\system32\Tasks\AsusSystemAnalysis_754F3273-0563-4F20-B12F-826510B07474
2021-07-23 07:02 - 2020-09-27 10:50 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-07-23 05:46 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-07-23 05:46 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\AppReadiness
2021-07-23 05:28 - 2021-05-04 12:07 - 000004166 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{F72DE0B7-2B4B-4E73-8B7D-3F2978127DCD}
2021-07-22 18:32 - 2021-01-20 11:04 - 000000000 ____D C:\Users\moond\AppData\Roaming\TS3Client
2021-07-22 11:59 - 2021-01-20 12:28 - 000000000 ____D C:\Users\moond\AppData\Roaming\vlc
2021-07-22 11:17 - 2021-03-21 08:02 - 000000000 ____D C:\Users\moond\AppData\Local\ElevatedDiagnostics
2021-07-21 15:30 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\LiveKernelReports
2021-07-21 14:10 - 2021-04-20 18:43 - 000000132 _____ C:\Users\moond\AppData\Roaming\Adobe PNG Format CS6 Prefs
2021-07-21 13:47 - 2021-01-20 11:28 - 000000000 ____D C:\Windows\system32\Tasks\Avast Software
2021-07-21 13:47 - 2021-01-20 10:07 - 000003366 _____ C:\Windows\system32\Tasks\BraveSoftwareUpdateTaskMachineUA
2021-07-21 13:47 - 2021-01-20 10:07 - 000003142 _____ C:\Windows\system32\Tasks\BraveSoftwareUpdateTaskMachineCore
2021-07-21 13:47 - 2021-01-19 17:44 - 000002858 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1336835431-166869274-4150396170-1001
2021-07-21 13:47 - 2021-01-19 17:42 - 000002452 _____ C:\Windows\system32\Tasks\RtkAudUService64_BG
2021-07-21 13:47 - 2021-01-19 17:39 - 000003116 _____ C:\Windows\system32\Tasks\ASUS Update Checker 2.0
2021-07-21 13:47 - 2021-01-19 17:39 - 000003042 _____ C:\Windows\system32\Tasks\ASUS Optimization 36D18D69AFC3
2021-07-21 13:47 - 2020-09-27 10:53 - 000003408 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-07-21 13:47 - 2020-09-27 10:53 - 000003184 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-07-21 13:47 - 2020-09-27 10:00 - 000002854 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1336835431-166869274-4150396170-500
2021-07-21 09:17 - 2020-09-27 10:53 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-07-21 09:16 - 2021-01-20 11:28 - 000004264 _____ C:\Windows\system32\Tasks\Avast Emergency Update
2021-07-18 13:53 - 2021-01-19 17:43 - 000000000 ____D C:\Users\moond\AppData\Local\D3DSCache
2021-07-18 07:52 - 2021-03-09 11:45 - 000000000 ____D C:\Users\moond\AppData\Roaming\discord
2021-07-18 07:12 - 2021-03-09 11:45 - 000000000 ____D C:\Users\moond\AppData\Local\Discord
2021-07-18 00:18 - 2020-09-27 10:06 - 000004460 _____ C:\Windows\system32\PerfStringBackup.INI
2021-07-18 00:12 - 2021-01-20 10:59 - 000000000 ____D C:\ProgramData\NVIDIA
2021-07-18 00:12 - 2021-01-19 17:44 - 000000000 ___RD C:\Users\moond\OneDrive
2021-07-18 00:12 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\ServiceState
2021-07-18 00:12 - 2019-12-07 05:13 - 000000000 ____D C:\Windows\INF
2021-07-18 00:11 - 2021-01-20 11:26 - 000000000 ____D C:\ProgramData\Avast Software
2021-07-18 00:11 - 2020-09-27 10:50 - 004982080 _____ C:\Windows\system32\FNTCACHE.DAT
2021-07-18 00:11 - 2020-09-27 10:50 - 000008192 ___SH C:\DumpStack.log.tmp
2021-07-18 00:11 - 2020-09-27 10:50 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-07-18 00:11 - 2019-12-07 05:03 - 000786432 _____ C:\Windows\system32\config\BBI
2021-07-18 00:10 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SystemResources
2021-07-18 00:10 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2021-07-18 00:10 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\bcastdvr
2021-07-18 00:10 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-07-17 20:55 - 2019-12-07 05:03 - 000000000 ____D C:\Windows\CbsTemp
2021-07-17 07:43 - 2021-01-20 10:08 - 000002364 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2021-07-15 15:49 - 2021-01-23 08:22 - 000000000 ____D C:\Windows\system32\MRT
2021-07-15 15:48 - 2021-01-23 08:22 - 133422552 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-07-09 17:41 - 2021-01-19 17:39 - 000000000 ____D C:\Users\moond
2021-07-09 14:17 - 2021-01-19 17:39 - 000002379 _____ C:\Users\moond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-07-08 09:46 - 2019-12-07 05:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2021-07-08 09:46 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2021-07-08 09:46 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
2021-07-08 09:46 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2021-07-08 09:46 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\setup
2021-07-08 09:46 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\oobe
2021-07-08 09:46 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\Dism
2021-07-08 09:46 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\Provisioning
2021-07-08 07:22 - 2021-04-19 21:32 - 000001456 _____ C:\Users\moond\AppData\Local\Adobe Save for Web 13.0 Prefs
2021-07-02 08:53 - 2021-04-20 16:34 - 000000000 ____D C:\Users\moond\Desktop\cup work
2021-07-02 08:52 - 2021-01-19 17:43 - 000000000 ____D C:\Users\moond\AppData\Roaming\Adobe
2021-06-28 08:23 - 2021-01-23 08:53 - 000000000 ____D C:\Users\moond\Desktop\Church Business
2021-06-26 07:26 - 2021-06-17 12:04 - 018062360 _____ C:\Users\moond\Desktop\head work.psd
2021-06-25 14:50 - 2019-12-07 05:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2021-06-25 14:49 - 2021-01-20 11:28 - 000851192 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2021-06-25 14:49 - 2021-01-20 11:28 - 000524400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetHub.sys
2021-06-25 14:49 - 2021-01-20 11:28 - 000471920 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2021-06-25 14:49 - 2021-01-20 11:28 - 000366616 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2021-06-25 14:49 - 2021-01-20 11:28 - 000327536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2021-06-25 14:49 - 2021-01-20 11:28 - 000250392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2021-06-25 14:49 - 2021-01-20 11:28 - 000216928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2021-06-25 14:49 - 2021-01-20 11:28 - 000182600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2021-06-25 14:49 - 2021-01-20 11:28 - 000107848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2021-06-25 14:49 - 2021-01-20 11:28 - 000099352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2021-06-25 14:49 - 2021-01-20 11:28 - 000082912 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2021-06-25 14:49 - 2021-01-20 11:28 - 000041352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2021-06-25 14:49 - 2021-01-20 11:28 - 000035720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
 
==================== Files in the root of some directories ========
 
2021-04-20 18:43 - 2021-07-21 14:10 - 000000132 _____ () C:\Users\moond\AppData\Roaming\Adobe PNG Format CS6 Prefs
2021-01-21 17:35 - 2021-02-04 20:21 - 000099384 _____ () C:\Users\moond\AppData\Roaming\inst.exe
2021-01-21 17:35 - 2021-02-04 20:21 - 000007859 _____ () C:\Users\moond\AppData\Roaming\pcouffin.cat
2021-01-21 17:35 - 2021-02-04 20:21 - 000001167 _____ () C:\Users\moond\AppData\Roaming\pcouffin.inf
2021-01-21 17:35 - 2021-02-04 20:21 - 000000055 _____ () C:\Users\moond\AppData\Roaming\pcouffin.log
2021-01-21 17:35 - 2021-02-04 20:21 - 000082816 _____ (VSO Software) C:\Users\moond\AppData\Roaming\pcouffin.sys
2021-04-19 21:32 - 2021-07-08 07:22 - 000001456 _____ () C:\Users\moond\AppData\Local\Adobe Save for Web 13.0 Prefs
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
Addition
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-07-2021 01
Ran by moond (23-07-2021 08:00:27)
Running from C:\Users\moond\Desktop\Virus Checking
Windows 10 Home Version 20H2 19042.1110 (X64) (2020-09-27 14:02:04)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-1336835431-166869274-4150396170-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1336835431-166869274-4150396170-503 - Limited - Disabled)
Guest (S-1-5-21-1336835431-166869274-4150396170-501 - Limited - Disabled)
moond (S-1-5-21-1336835431-166869274-4150396170-1001 - Administrator - Enabled) => C:\Users\moond
WDAGUtilityAccount (S-1-5-21-1336835431-166869274-4150396170-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.1 - Adobe Systems)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
AOMEI Partition Assistant 9.1 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version:  - AOMEI International Network Limited.)
Aslain's WoT Modpack version 1.13.0.1.00 (HKLM-x32\...\Aslains_WoT_Modpack_Installer_is1) (Version: 1.13.0.1.00 - Aslain)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 21.5.2470 - Avast Software)
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 91.1.26.77 - Brave Software Inc)
calibre 64bit (HKLM\...\{6DB760DC-BEC5-4727-AA50-722D2881725E}) (Version: 5.9.0 - Kovid Goyal)
Discord (HKU\S-1-5-21-1336835431-166869274-4150396170-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.101.0 - Google LLC) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 91.0.864.71 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1336835431-166869274-4150396170-1001\...\OneDriveSetup.exe) (Version: 21.119.0613.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{E5A95BC5-81DF-4F0C-B910-B59DD012F037}) (Version: 2.81.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24123 (HKLM-x32\...\{206898cc-4b41-4d98-ac28-9f9ae57f91fe}) (Version: 14.0.24123.0 - Microsoft Corporation)
NVIDIA Graphics Driver 457.63 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 457.63 - NVIDIA Corporation)
OpenOffice 4.1.8 (HKLM-x32\...\{963FD672-F116-4AE3-AE25-84B576E610A7}) (Version: 4.18.9803 - Apache Software Foundation)
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.5.3 - TeamSpeak Systems GmbH)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)
VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.2.0.39 - VSO Software)
Wargaming.net Game Center (HKU\S-1-5-21-1336835431-166869274-4150396170-1001\...\Wargaming.net Game Center) (Version: 21.4.0.5527 - Wargaming.net)
WinRAR 6.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.00.0 - win.rar GmbH)
World of Tanks NA (HKU\S-1-5-21-1336835431-166869274-4150396170-1001\...\WOT.NA.PRODUCTION) (Version:  - Wargaming.net)
World_of_Warships (HKU\S-1-5-21-1336835431-166869274-4150396170-1001\...\WOWS.WW.PRODUCTION) (Version:  - Wargaming.net)
 
Packages:
=========
AMD Radeon™ Settings Lite -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.59462344778C5_10.19.40016.0_x64__0a9344xs7nr4m [2021-01-19] (Advanced Micro Devices Inc.)
DTS:X Ultra -> C:\Program Files\WindowsApps\DTSInc.DTSXUltra_1.10.9.0_x64__t5j2fzbtdg37r [2021-07-01] (DTS, Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_129.1.234.0_x64__v10z8vjag6ke6 [2021-07-23] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-01-19] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-01-19] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.6151.0_x64__8wekyb3d8bbwe [2021-06-20] (Microsoft Studios) [MS Ad]
MyASUS -> C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_3.0.16.0_x64__qmba6cd70vzyy [2021-07-14] (ASUSTeK COMPUTER INC.)
NFO Viewer -> C:\Program Files\WindowsApps\5480BrunoGiordano.NFOViewer_1.0.1.1_neutral__xzarbek87fvdr [2021-01-21] (Bruno Giordano)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-05-26] (NVIDIA Corp.)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.26.249.0_x64__dt26b99r8h8gj [2021-06-20] (Realtek Semiconductor Corp)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0 [2021-07-23] (Spotify AB) [Startup Task]
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-06-25] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-06-25] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2011-09-05] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-06-25] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-06-25] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvam.inf_amd64_21f432cacc7a9a01\nvshext.dll [2021-01-21] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2011-09-05] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-06-25] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2012-03-09 16:26 - 2012-03-09 16:26 - 000100352 _____ () [File not signed] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\zlib1.dll
2012-03-15 02:11 - 2013-01-02 23:39 - 002249352 _____ (Adobe Systems Incorporated -> Adobe Systems, Incorporated) [File not signed] C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\amtlib.dll
2012-03-15 02:40 - 2012-03-15 02:40 - 000041984 _____ (Adobe Systems, Incorporated) [File not signed] C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Required\Plug-Ins\Extensions\FastCore.8BX
2012-03-15 02:41 - 2012-03-15 02:41 - 000284672 _____ (Adobe Systems, Incorporated) [File not signed] C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Required\Plug-Ins\Extensions\MMXCore.8BX
2012-03-15 02:32 - 2012-03-15 02:32 - 000596480 _____ (Adobe Systems, Incorporated) [File not signed] C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Required\Plug-Ins\Extensions\MultiProcessor Support.8BX
2021-06-20 07:51 - 2021-06-20 07:52 - 000187392 _____ (Fortemedia) [File not signed] C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.26.249.0_x64__dt26b99r8h8gj\FMAPOCTL.dll
2012-03-15 02:06 - 2012-03-15 02:06 - 002923008 _____ (Intel Corporation) [File not signed] C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\libmmd.dll
2021-01-19 17:42 - 2021-01-19 17:42 - 000023040 _____ (Synaptics Incorporated.) [File not signed] C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.26.249.0_x64__dt26b99r8h8gj\SynAudSrvDll.dll
2012-03-09 16:26 - 2012-03-09 16:26 - 000249344 _____ (The cURL library, hxxp://curl.haxx.se/) [File not signed] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\libcurl.dll
2012-03-09 16:26 - 2012-03-09 16:26 - 001106944 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\LIBEAY32.dll
2012-03-09 16:26 - 2012-03-09 16:26 - 000237056 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\SSLEAY32.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
SearchScopes: HKU\S-1-5-21-1336835431-166869274-4150396170-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2019-12-07 05:14 - 2019-12-07 05:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1336835431-166869274-4150396170-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{21991367-46A6-4996-AB19-A332DA8FF6F9}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [UDP Query User{ECE68012-151A-4C66-BD1B-9BAA17D5FF04}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [TCP Query User{07A24EDE-913A-49E2-ADA8-905C2F840074}C:\programdata\wargaming.net\gamecenter\dlls\wgc_renderer.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\dlls\wgc_renderer.exe => No File
FirewallRules: [UDP Query User{207C7886-A052-47A1-B5FA-E21933F948D2}C:\programdata\wargaming.net\gamecenter\dlls\wgc_renderer.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\dlls\wgc_renderer.exe => No File
FirewallRules: [TCP Query User{D7CC9ADE-2176-4C8A-A415-033ED4D76A09}C:\games\world_of_tanks_na\win64\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_na\win64\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [UDP Query User{11D864D6-894E-441C-971C-5C8CF290199F}C:\games\world_of_tanks_na\win64\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_na\win64\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{4BDADAE3-46A2-4717-BF20-EB5E416EA67E}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe (Adobe Systems Incorporated -> )
FirewallRules: [{E9E8FDE0-F76A-459A-855B-D089568A476A}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe (Adobe Systems Incorporated -> )
FirewallRules: [{49CC1B4E-E589-4DAB-BC08-23259290767A}] => (Allow) LPort=7935
FirewallRules: [TCP Query User{9BDF0B1D-94E6-431B-97E0-3318C4D12F09}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe => No File
FirewallRules: [UDP Query User{E1C2A2DF-5A44-4890-BBA3-D77E49A2570D}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe => No File
FirewallRules: [TCP Query User{4603173A-AC86-47AD-A700-35EC624C30B0}C:\games\world_of_tanks_na\win64\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_na\win64\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [UDP Query User{E9184F50-F763-444E-BC70-C3436CACDB4B}C:\games\world_of_tanks_na\win64\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_na\win64\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{74D9A269-086E-4191-B6BA-CE1854D4A85B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D524098E-69E4-4FD8-9463-854CE9ACF8F2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{21AF1AAA-6EAE-46D3-9144-18F0DADBFF73}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A0D0E0AB-B2B0-4C02-8F3D-B6388A8AC7A9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A4EDD4B8-B8AF-44E9-9E30-FC58BA2F9118}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{3A40AA1A-9F21-436C-BF8F-AD67FC48032D}] => (Allow) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSLinkNear\AsusLinkNear.exe (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
FirewallRules: [{EB93E258-67B2-465F-A9E2-8220B0C70D55}] => (Allow) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSLinkRemote\AsusLinkRemoteAgent.exe (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​)
FirewallRules: [{5CB8B6CF-29BB-43BD-85A8-52E1FDF2C325}] => (Allow) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSLinkRemote\AsusLinkRemoteAgent.exe (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​)
FirewallRules: [{21265F1A-27D1-425A-B404-0E95ABD11E4E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{89BCFAE7-A2D7-4ABD-B82F-466D2E504B1E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B92F7B88-13AD-415B-BA9C-0A3B7E77E8D4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{52DF629F-AE4F-4813-B1A6-3E378F7F7045}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B7D967E2-AC99-4664-B5B5-58601360D422}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{BACA22A7-DEB6-4CA9-835F-8262C1D316A5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{0997998C-890B-484E-BE50-52B4A5F70476}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{840ED4D8-85AE-4319-927C-A7FE9BCEA148}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
 
==================== Restore Points =========================
 
15-07-2021 15:49:51 Windows Modules Installer
17-07-2021 20:51:12 Windows Modules Installer
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (07/23/2021 07:20:48 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program soffice.bin version 4.0.9803.500 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 4fbc
 
Start Time: 01d77efd573a5604
 
Termination Time: 16
 
Application Path: C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
 
Report Id: 0badca3b-1ef3-4553-b16d-44852cd0eab5
 
Faulting package full name: 
 
Faulting package-relative application ID: 
 
Hang type: Cross-process
 
Error: (07/22/2021 08:20:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AsusSystemAnalysis.exe, version: 2.1.8.0, time stamp: 0x60d8a223
Faulting module name: AsusWinIo64.dll, version: 1.0.14.0, time stamp: 0x60d8a243
Exception code: 0xc0000005
Fault offset: 0x000000000000c243
Faulting process id: 0x2638
Faulting application start time: 0x01d77f587a99fe93
Faulting application path: C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemAnalysis\AsusSystemAnalysis.exe
Faulting module path: C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemAnalysis\AsusWinIo64.dll
Report Id: 696ec5d5-4928-406e-b10c-b0a52356ed85
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/22/2021 08:15:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AsusSystemAnalysis.exe, version: 2.1.8.0, time stamp: 0x60d8a223
Faulting module name: AsusWinIo64.dll, version: 1.0.14.0, time stamp: 0x60d8a243
Exception code: 0xc0000005
Fault offset: 0x000000000000c243
Faulting process id: 0x47cc
Faulting application start time: 0x01d77f57c7c7e1b5
Faulting application path: C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemAnalysis\AsusSystemAnalysis.exe
Faulting module path: C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemAnalysis\AsusWinIo64.dll
Report Id: 5da0d332-4622-44b0-baf6-9d01c830ee39
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/22/2021 08:10:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AsusSystemAnalysis.exe, version: 2.1.8.0, time stamp: 0x60d8a223
Faulting module name: AsusWinIo64.dll, version: 1.0.14.0, time stamp: 0x60d8a243
Exception code: 0xc0000005
Fault offset: 0x000000000000c243
Faulting process id: 0x5214
Faulting application start time: 0x01d77f5714f63960
Faulting application path: C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemAnalysis\AsusSystemAnalysis.exe
Faulting module path: C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemAnalysis\AsusWinIo64.dll
Report Id: df8627ca-cd4b-4846-8964-3653f1d83458
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/22/2021 08:05:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AsusSystemAnalysis.exe, version: 2.1.8.0, time stamp: 0x60d8a223
Faulting module name: AsusWinIo64.dll, version: 1.0.14.0, time stamp: 0x60d8a243
Exception code: 0xc0000005
Fault offset: 0x000000000000c243
Faulting process id: 0x2110
Faulting application start time: 0x01d77f56621f712f
Faulting application path: C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemAnalysis\AsusSystemAnalysis.exe
Faulting module path: C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemAnalysis\AsusWinIo64.dll
Report Id: a316c619-ea26-4af0-8ec8-203f6d31bd71
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/22/2021 08:00:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AsusSystemAnalysis.exe, version: 2.1.8.0, time stamp: 0x60d8a223
Faulting module name: AsusWinIo64.dll, version: 1.0.14.0, time stamp: 0x60d8a243
Exception code: 0xc0000005
Fault offset: 0x000000000000c243
Faulting process id: 0x3c8c
Faulting application start time: 0x01d77f55af55721d
Faulting application path: C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemAnalysis\AsusSystemAnalysis.exe
Faulting module path: C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemAnalysis\AsusWinIo64.dll
Report Id: 6ae33a1c-7297-4fc3-be6f-ad85f89bf500
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/22/2021 07:55:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AsusSystemAnalysis.exe, version: 2.1.8.0, time stamp: 0x60d8a223
Faulting module name: AsusWinIo64.dll, version: 1.0.14.0, time stamp: 0x60d8a243
Exception code: 0xc0000005
Fault offset: 0x000000000000c243
Faulting process id: 0x5110
Faulting application start time: 0x01d77f54fc805943
Faulting application path: C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemAnalysis\AsusSystemAnalysis.exe
Faulting module path: C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemAnalysis\AsusWinIo64.dll
Report Id: 9fddda42-e6e5-4db3-a15c-b1a69660803a
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/22/2021 07:50:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AsusSystemAnalysis.exe, version: 2.1.8.0, time stamp: 0x60d8a223
Faulting module name: AsusWinIo64.dll, version: 1.0.14.0, time stamp: 0x60d8a243
Exception code: 0xc0000005
Fault offset: 0x000000000000c243
Faulting process id: 0x306c
Faulting application start time: 0x01d77f5449ae4198
Faulting application path: C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemAnalysis\AsusSystemAnalysis.exe
Faulting module path: C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemAnalysis\AsusWinIo64.dll
Report Id: 33e3c23e-7b47-4d8f-8387-572e6be49c12
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (07/23/2021 07:56:10 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume Z:.
 
The exact nature of the corruption is unknown.  The file system structures need to be scanned online.
 
Error: (07/23/2021 07:56:10 AM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT AUTHORITY)
Description: Z:\Device\HarddiskVolume163
 
Error: (07/23/2021 07:56:09 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume Z:.
 
The exact nature of the corruption is unknown.  The file system structures need to be scanned and fixed offline.
 
Error: (07/23/2021 07:29:23 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume Z:.
 
The exact nature of the corruption is unknown.  The file system structures need to be scanned online.
 
Error: (07/23/2021 07:29:23 AM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT AUTHORITY)
Description: Z:\Device\HarddiskVolume143
 
Error: (07/23/2021 05:26:57 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-906HTT3)
Description: The server {D0582E3B-3126-4CAA-9155-AC37C912A489} did not register with DCOM within the required timeout.
 
Error: (07/23/2021 05:25:01 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume Z:.
 
The exact nature of the corruption is unknown.  The file system structures need to be scanned online.
 
Error: (07/23/2021 05:25:01 AM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT AUTHORITY)
Description: Z:\Device\HarddiskVolume123
 
 
Windows Defender:
================
Date: 2021-01-19 17:39:11
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-01-19 17:32:18
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-01-19 17:09:40
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-01-19 18:45:56
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.303.25.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16400.2
Error code: 0x80240009
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
CodeIntegrity:
===============
Date: 2021-07-23 05:40:26
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.
 
Date: 2021-07-23 05:25:37
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.
 
 
==================== Memory info =========================== 
 
BIOS: American Megatrends Inc. FA706IH.316 03/12/2021
Motherboard: ASUSTeK COMPUTER INC. FA706IH
Processor: AMD Ryzen 7 4800H with Radeon Graphics 
Percentage of memory in use: 33%
Total physical RAM: 32175.24 MB
Available physical RAM: 21469.2 MB
Total Virtual: 37039.24 MB
Available Virtual: 22215.02 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:953.27 GB) (Free:749.89 GB) NTFS
Drive d: () (Fixed) (Total:931.5 GB) (Free:733.35 GB) NTFS
Drive g: (HP P600) (CDROM) (Total:0.05 GB) (Free:0 GB) CDFS
Drive z: (Lennee) (Fixed) (Total:952.84 GB) (Free:937.94 GB) NTFS
 
\\?\Volume{b03fb79a-5a13-4c8e-9bf6-b5ad784a4ea1}\ () (Fixed) (Total:0.49 GB) (Free:0.08 GB) NTFS
\\?\Volume{e9f0f7ff-9bc8-11eb-a249-d8c0a623d848}\ () (Fixed) (Total:0.93 GB) (Free:0.93 GB) FAT
\\?\Volume{c6c9306c-e9f4-4f2f-9892-c9f4cf92d8e0}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 04A1E3A2)
 
Partition: GPT.
 
==========================================================
Disk: 1 (Protective MBR) (Size: 953.9 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==========================================================
Disk: 2 (Size: 953.8 GB) (Disk ID: 701B06D1)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

  • 0

Advertisements


#2
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,150 posts

Hi, moondog830.

 

The FRST log is not completed. Can you please attach both, Addition and FRST, instead of copy and paste them here? Click on the More Reply Options at the right bottom corner of the reply area, and then Attach File. 


  • 0

#3
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,150 posts

Hi, moondog830.

 

Do you still need assistance?


  • 0

#4
moondog830

moondog830

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 775 posts

I apologize for not responding ... not getting emails ... I still need assistance ... 

Attached Files


  • 0

#5
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,150 posts

Thanks for the logs. However, it seems that the FRST tool didn't run correctly, that's why the first log is not completed.
 
To start with something (before I ask for fresh logs):
 
 

1. Unknown hidden programs
 
Are you aware of these unknown hidden programs?
 
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
 
 
2. Corrupted disk
 
According to the logs:

A corruption was discovered in the file system structure on volume Z:.
 
From what I see, drive z is named as Lennee. Is it an external drive or not?
 
Drive z: (Lennee) (Fixed) (Total:952.84 GB) (Free:937.94 GB) NTFS


3. Run AdwCleaner (Scan mode)

Download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Files tab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

 

4. Run Malwarebytes (Scan mode)

  • Download Malwarebytes and save it to your Desktop.
  • Once downloaded, close all programs and Windows on your computer.
  • Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
  • Follow the instructions to install the program.
  • When finished, double click the program's icon created on your Desktop.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Under the title Scan Options, all the options are checked.
    Under the title Windows Security Center (Premium only) the option is NOT checked.
    Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Threat Scan Summary window open.

If threats are not found, click View Report and proceed to the two last steps below.

If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.

  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

 

 

In your next reply, please post:

  • Your reply about the programs and Z drive
  • The AdwCleaner[S0*].txt
  • The Malwarebytes report

  • 0

#6
moondog830

moondog830

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 775 posts
1. Was not aware of the 'hidden' programs
 
2. Z is an external drive and it continually says it's in error and needs to be scanned and repaired each time.
 
3. Below are the 2 logs from AdwCleaner and 1 from Malwarebytes
 
 
# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build:    06-29-2021
# Database: 2021-06-29.1 (Local)
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    07-27-2021
# Duration: 00:00:04
# OS:       Windows 10 Home
# Scanned:  31979
# Detected: 0
 
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries found.
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs found.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries found.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs found.
 
***** [ Hosts File Entries ] *****
 
No malicious hosts file entries found.
 
***** [ Preinstalled Software ] *****
 
No Preinstalled Software found.
 
 
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
 
# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build:    06-29-2021
# Database: 2021-06-29.1 (Local)
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    07-27-2021
# Duration: 00:00:06
# OS:       Windows 10 Home
# Scanned:  31988
# Detected: 0
 
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries found.
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs found.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries found.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs found.
 
***** [ Hosts File Entries ] *****
 
No malicious hosts file entries found.
 
***** [ Preinstalled Software ] *****
 
No Preinstalled Software found.
 
 
AdwCleaner[S00].txt - [1406 octets] - [27/07/2021 11:18:22]
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########
 
 
 
 
 

MWB

 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 7/27/21
Scan Time: 12:38 PM
Log File: 1032c090-eef9-11eb-8884-3c7c3f59be6b.json
 
-Software Information-
Version: 4.4.3.125
Components Version: 1.0.1387
Update Package Version: 1.0.43612
License: Trial
 
-System Information-
OS: Windows 10 (Build 19042.1110)
CPU: x64
File System: NTFS
User: DESKTOP-906HTT3\moond
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 301972
Threats Detected: 3
Threats Quarantined: 0
Time Elapsed: 2 min, 7 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 3
Malware.Heuristic.1003, C:\$RECYCLE.BIN\S-1-5-21-1336835431-166869274-4150396170-1001\$RXI86CM.CRDOWNLOAD, No Action By User, 1000001, 0, 1.0.43612, 0000000000000000000003EB, dds, 01351530, 0D12F0AED1ACC58708449A14547C17E0, A61A2DB475DCA36B2EF645AEB5E75B36DB066FE36ED11FB04B73CDB2097CAB39
PUP.Optional.BundleInstaller, C:\$RECYCLE.BIN\S-1-5-21-1336835431-166869274-4150396170-1001\$RJI741X.EXE, No Action By User, 527, 875791, 1.0.43612, , ame, , 67EA1E6AF4EAE6007C595F50216E4357, C1EC45E575687AD3F37BD7C8679EEFBE94A90A6873CD4050D581FA97AF8ED9BC
Malware.AI.4166567913, C:\USERS\MOOND\DESKTOP\VSO CONVERTXTODVD V5 2 0 39 MULTILINGUAL INCL KEYGEN AND PATCH-TSZ\KEYGEN.EXE, No Action By User, 1000000, 0, 1.0.43612, DCD92DAC2249D7CBF858C7E9, dds, 01351530, 5FC43867A9F300AC1A436816A01CAC96, CB8C79A789C44223F13C5934E2F71A9111B9941E7FD8376339557703FFDF5254
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 
 
(end)

  • 0

#7
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,150 posts

Hi, Moondog830.
 
I'm sorry for the late reply. I had been away for a while.
 
 
1. Uninstall pirated programs
 
It seems that VSO ConvertXToDVD is not legally installed in the computer. Having pirated programs installed is the easiest way to get infected. Please uninstall this program, as well as any other program not legally activated. 
 
To do that:

  • Press the Windows Key + R.
  • Type appwiz.cpl in the Run box and click OK.
  • The Add/Remove Programs list will open. Locate the following program on the list:
VSO ConvertXToDVD
  • Select the above program and click Uninstall.
  • Restart the computer.

 

2. Run Malwarebytes (Clean mode)

  • Double click the program's icon on your Desktop, as you did before.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Under the title Scan Options, all the options are checked.
    Under the title Windows Security Center (Premium only) the option is NOT checked.
    Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Threat Scan Summary window open.
  • If threats are not found, click View Report and proceed to the two last steps below.
  • If threats are found, make sure that all threats are selected, and click on Quarantine/Remove selected.
  • You may need to restart the computer.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

 

3. Fresh FRST logs

  • Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply.

 

In your next reply please post:

  1. If the uninstall process went fine
  2. The Malwarebytes report
  3. The fresh FRST logs, Addition and FRST logs

 

P.S. We are going to take care of the Drive Z at the end. For now, please unplug it from the computer.


  • 0

#8
moondog830

moondog830

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 775 posts
When I hit the Windows Key + R ... Nothing happens ... there is no place to enter the text you wanted me to enter. I uninstalled that program (that my son put on) using the standard uninstall. 
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 7/30/21
Scan Time: 12:47 PM
Log File: ca24ab72-f155-11eb-b996-3c7c3f59be6b.json
 
-Software Information-
Version: 4.4.3.125
Components Version: 1.0.1387
Update Package Version: 1.0.43722
License: Trial
 
-System Information-
OS: Windows 10 (Build 19042.1110)
CPU: x64
File System: NTFS
User: DESKTOP-906HTT3\moond
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 300971
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 1 min, 51 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 
 
(end)
 
 
FRST
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 71.10.216.1 71.10.216.2 192.168.1.1
Tcpip\..\Interfaces\{ff704ab9-ca65-41fd-bbea-1464328e86fb}: [DhcpNameServer] 71.10.216.1 71.10.216.2 192.168.1.1
 
Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\moond\AppData\Local\Microsoft\Edge\User Data\Default [2021-07-30]
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2021-04-19] [Legacy] [not signed]
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2011-09-05] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-07-24] (Adobe Inc. -> Adobe Systems Inc.)
 
Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
 
Brave: 
=======
BRA Profile: C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2021-07-30]
BRA Notifications: Default -> hxxps://services.hughesnet.com; hxxps://www.elcorreo.com
BRA NewTab: Default ->  Not-active:"chrome-extension://dchlgjjknnfihkdbkknkhdkneiajdboe/newtab/index.html"
BRA DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}&t=brave
BRA DefaultSearchKeyword: Default -> :D
BRA DefaultSuggestURL: Default -> hxxps://ac.duckduckgo.com/ac/?q={searchTerms}&type=list
BRA Session Restore: Default -> is enabled.
BRA Extension: (Google Translate) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2021-03-03]
BRA Extension: (Sci-Fi Art New Tab) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\dchlgjjknnfihkdbkknkhdkneiajdboe [2021-02-02]
BRA Extension: (Adobe Acrobat) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-07-26]
BRA Extension: (Avast Passwords) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2021-01-20]
BRA Extension: (Online coupon tool: Add to Chrome for free) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2021-07-26]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2021-07-29]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2021-07-30]
BRA Extension: (Brave NTP sponsored images) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe [2021-07-30]
BRA Extension: (Brave SpeedReader Updater) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2021-07-01]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2021-07-29]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-26] (Adobe Inc. -> Adobe Inc.)
R2 ArmouryCrateControlInterface; C:\Windows\System32\ASUSACCI\ArmouryCrateControlInterface.exe [889248 2020-12-17] (ASUSTeK Computer Inc. -> ASUSTeK COMPUTER INC.)
R2 ASUSLinkNear; C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSLinkNear\AsusLinkNear.exe [1290880 2021-07-11] (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
R2 ASUSLinkNearExt; C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSLinkNear\AsusLinkNearExt.exe [142464 2021-07-11] (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
R2 ASUSLinkRemote; C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSLinkRemote\AsusLinkRemote.exe [793752 2021-07-11] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​)
R2 ASUSOptimization; C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSOptimization\AsusOptimization.exe [336528 2021-07-11] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 ASUSSoftwareManager; C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSoftwareManager\AsusSoftwareManager.exe [945296 2021-07-11] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 ASUSSystemAnalysis; C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemAnalysis\AsusSystemAnalysis.exe [2560144 2021-07-11] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 ASUSSystemDiagnosis; C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemDiagnosis\AsusSystemDiagnosis.exe [885680 2021-07-11] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek COMPUTER INC.)
R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [8249936 2021-06-25] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [625432 2021-06-25] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [373528 2021-06-25] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2021-05-20] (Avast Software s.r.o. -> AVAST Software)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162384 2021-01-20] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162384 2021-01-20] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 DtsApo4Service; C:\Windows\System32\DTS\PC\APO4x\DtsApo4Service.exe [201376 2020-10-19] (DTS, Inc. -> DTS Inc.)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [288360 2021-05-09] (HP Inc. -> HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7477704 2021-07-27] (Malwarebytes Inc -> Malwarebytes)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2021-01-19] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2021-01-19] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nvam.inf_amd64_21f432cacc7a9a01\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nvam.inf_amd64_21f432cacc7a9a01\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ampa; C:\Windows\system32\ampa.sys [38320 2017-02-28] (CHENGDU AOMEI Tech Co., Ltd. -> )
S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R3 AsusPTPDrv; C:\Windows\System32\drivers\AsusPTPFilter.sys [112336 2019-10-02] (ASUSTek Computer Inc. -> ASUSTek COMPUTER INC.)
R1 ASUSSAIO; C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemAnalysis\ASUSSAIO.sys [39056 2021-07-11] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [35720 2021-07-28] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [218976 2021-07-28] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [367640 2021-07-28] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [250392 2021-07-28] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [99352 2021-07-28] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\Windows\System32\drivers\aswElam.sys [17344 2021-07-28] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [41352 2021-07-28] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [184648 2021-07-28] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\Windows\System32\drivers\aswNetHub.sys [559816 2021-07-28] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [108408 2021-07-28] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [82904 2021-07-28] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [851704 2021-07-28] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [471920 2021-07-28] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [215384 2021-06-25] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [328568 2021-07-28] (Avast Software s.r.o. -> AVAST Software)
R1 ATKWMIACPIIO; C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSOptimization\atkwmiacpi64.sys [44680 2021-07-11] (ASUSTek Computer Inc. -> ASUSTeK COMPUTER INC.)
S3 ddmdrv; C:\Windows\system32\ddmdrv.sys [35760 2016-12-27] (CHENGDU AOMEI Tech Co., Ltd. -> )
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [199128 2021-07-27] (Malwarebytes Inc -> Malwarebytes)
R3 HIDSwitch; C:\Windows\System32\drivers\AsRadioControl.sys [32696 2020-11-19] (ASUSTek Computer Inc. -> ASUS)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [220752 2021-07-27] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [19912 2021-07-27] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [198888 2021-07-27] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [69016 2021-07-27] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992 2021-07-27] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [156880 2021-07-27] (Malwarebytes Inc -> Malwarebytes)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [48536 2021-01-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [429296 2021-01-19] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [70896 2021-01-19] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-07-30 12:56 - 2021-07-30 12:57 - 000012215 _____ C:\Users\moond\Desktop\FRST.txt
2021-07-30 12:55 - 2021-07-30 12:55 - 002300416 _____ (Farbar) C:\Users\moond\Desktop\FRST64.exe
2021-07-28 11:43 - 2021-07-28 11:43 - 000339736 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2021-07-28 11:43 - 2021-07-28 11:43 - 000215392 _____ (AVAST Software) C:\Windows\system32\Drivers\asw9324175dbd38b6cb.tmp
2021-07-27 12:30 - 2021-07-27 12:30 - 000198888 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2021-07-27 12:30 - 2021-07-27 12:30 - 000156880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2021-07-27 12:30 - 2021-07-27 12:30 - 000069016 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2021-07-27 12:29 - 2021-07-27 12:29 - 000000000 ____D C:\Users\moond\AppData\Local\mbam
2021-07-27 11:56 - 2021-07-27 11:56 - 000248992 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2021-07-27 11:56 - 2021-07-27 11:56 - 000220752 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2021-07-27 11:56 - 2021-07-27 11:56 - 000199128 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2021-07-27 11:56 - 2021-07-27 11:56 - 000019912 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2021-07-27 11:56 - 2021-07-27 11:56 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-07-27 11:56 - 2021-07-27 11:56 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-07-27 11:56 - 2021-07-27 11:56 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-07-27 11:33 - 2021-07-27 11:33 - 000000000 ____D C:\Program Files\Malwarebytes
2021-07-27 11:31 - 2021-07-27 11:32 - 000000000 ____D C:\Users\moond\Desktop\invitations
2021-07-27 11:29 - 2021-07-27 11:30 - 000000000 ____D C:\Users\moond\Desktop\mods for wot
2021-07-27 11:26 - 2021-07-27 11:31 - 000000000 ____D C:\Users\moond\Desktop\work for angie
2021-07-27 11:18 - 2021-07-27 11:18 - 000000000 ____D C:\AdwCleaner
2021-07-27 11:16 - 2021-07-27 11:14 - 008553680 _____ (Malwarebytes) C:\Users\moond\Desktop\AdwCleaner.exe
2021-07-27 11:16 - 2021-07-27 11:12 - 002092128 _____ (Malwarebytes) C:\Users\moond\Desktop\MBSetup.exe
2021-07-24 12:49 - 2021-07-24 12:50 - 000006397 _____ C:\Users\moond\Desktop\79-Tapio Saarelainen - The White Sniper(pdf)[ebooks-shares.org].torrent
2021-07-24 12:48 - 2021-07-24 12:48 - 000000748 _____ C:\Users\moond\Desktop\78-The Last Archide Complete Series(epub)[ebooks-shares.org].torrent
2021-07-24 12:26 - 2021-07-24 12:26 - 000017329 _____ C:\Users\moond\Desktop\LBC giving history 1-23-21.xlsx
2021-07-23 08:54 - 2021-07-23 08:54 - 000004562 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2021-07-23 08:53 - 2021-07-29 12:05 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-07-23 08:29 - 2021-07-23 08:29 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2021-07-23 07:58 - 2021-07-30 12:56 - 000000000 ____D C:\FRST
2021-07-23 07:57 - 2021-07-23 08:00 - 000000000 ____D C:\Users\moond\Desktop\Virus Checking
2021-07-23 07:20 - 2021-07-23 07:20 - 000000118 ____H C:\Users\moond\Downloads\.~lock.Week#8 Data.xlsx#
2021-07-17 20:54 - 2021-07-17 20:54 - 001823280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2021-07-17 20:54 - 2021-07-17 20:54 - 000011357 _____ C:\Windows\system32\DrtmAuthTxt.wim
2021-07-17 20:54 - 2021-07-17 20:54 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsraLegacy.tlb
2021-07-17 20:54 - 2021-07-17 20:54 - 000007680 _____ (Microsoft Corporation) C:\Windows\system32\MsraLegacy.tlb
2021-07-17 20:54 - 2021-07-17 20:54 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rendezvousSession.tlb
2021-07-17 20:54 - 2021-07-17 20:54 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\rendezvousSession.tlb
2021-07-13 21:29 - 2021-07-13 21:29 - 000000342 _____ C:\Users\moond\Desktop\[EBS] Jack Webber - Destination Mars 2[ebooks-shares.org].torrent
2021-07-12 12:19 - 2021-07-12 12:20 - 044598853 _____ C:\Users\moond\Desktop\AGleamofBayonets.pdf
2021-07-08 09:39 - 2021-07-08 09:39 - 002371072 _____ C:\Windows\system32\rdpnano.dll
2021-07-08 09:39 - 2021-07-08 09:39 - 002260992 _____ C:\Windows\system32\TextInputMethodFormatter.dll
2021-07-08 09:39 - 2021-07-08 09:39 - 001393504 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2021-07-08 09:39 - 2021-07-08 09:39 - 001314128 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2021-07-08 09:39 - 2021-07-08 09:39 - 000570880 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2021-07-08 09:39 - 2021-07-08 09:39 - 000452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2021-07-08 09:39 - 2021-07-08 09:39 - 000097792 _____ C:\Windows\system32\Drivers\cimfs.sys
2021-07-08 09:39 - 2021-07-08 09:39 - 000084992 _____ (Microsoft Corporation) C:\Windows\system32\wscui.cpl
2021-07-08 09:39 - 2021-07-08 09:39 - 000067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscui.cpl
2021-07-08 09:39 - 2021-07-08 09:39 - 000060928 _____ C:\Windows\system32\runexehelper.exe
2021-07-06 16:04 - 2021-07-27 11:32 - 000000000 ____D C:\Users\moond\Desktop\sigs and avs
2021-07-06 11:24 - 2021-07-06 11:30 - 000000000 ____D C:\Users\moond\Desktop\Grandma's old pc
2021-07-06 11:08 - 2021-07-06 16:05 - 000000000 ____D C:\Users\moond\Desktop\Mark's Temp from Mom's gateway
2021-07-02 08:55 - 2021-07-27 11:32 - 000000000 ____D C:\Users\moond\Desktop\downloaded books
2021-07-02 08:52 - 2021-07-02 08:52 - 000000000 ____D C:\Users\moond\Documents\Adobe
2021-07-01 07:32 - 2021-04-19 22:52 - 000018816 _____ C:\Windows\system32\RtEventLog.dll
2021-07-01 07:32 - 2021-04-19 22:42 - 045530813 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-07-30 12:47 - 2021-01-26 10:58 - 000003752 _____ C:\Windows\system32\Tasks\AsusSystemAnalysis_754F3273-0563-4F20-B12F-826510B07474
2021-07-30 12:43 - 2021-03-09 11:45 - 000000000 ____D C:\Users\moond\AppData\Roaming\discord
2021-07-30 12:42 - 2021-05-04 12:07 - 000004166 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{F72DE0B7-2B4B-4E73-8B7D-3F2978127DCD}
2021-07-30 12:42 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-07-30 12:42 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\AppReadiness
2021-07-30 12:39 - 2021-03-09 11:45 - 000000000 ____D C:\Users\moond\AppData\Local\Discord
2021-07-30 12:39 - 2021-01-19 17:44 - 000000000 ___RD C:\Users\moond\OneDrive
2021-07-30 12:38 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-07-29 22:11 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\LiveKernelReports
2021-07-29 22:10 - 2021-01-20 10:59 - 000000000 ____D C:\ProgramData\NVIDIA
2021-07-29 22:09 - 2021-01-20 11:04 - 000000000 ____D C:\Users\moond\AppData\Roaming\TS3Client
2021-07-29 19:11 - 2020-09-27 10:50 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-07-29 13:31 - 2021-04-19 21:32 - 000001456 _____ C:\Users\moond\AppData\Local\Adobe Save for Web 13.0 Prefs
2021-07-29 12:34 - 2020-09-27 10:06 - 000004460 _____ C:\Windows\system32\PerfStringBackup.INI
2021-07-29 12:32 - 2019-12-07 05:13 - 000000000 ____D C:\Windows\INF
2021-07-29 07:27 - 2021-01-21 18:01 - 000000000 ____D C:\Users\moond\AppData\Local\CrashDumps
2021-07-28 20:09 - 2021-04-20 18:43 - 000000132 _____ C:\Users\moond\AppData\Roaming\Adobe PNG Format CS6 Prefs
2021-07-28 11:43 - 2021-01-20 11:28 - 000851704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2021-07-28 11:43 - 2021-01-20 11:28 - 000559816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetHub.sys
2021-07-28 11:43 - 2021-01-20 11:28 - 000471920 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2021-07-28 11:43 - 2021-01-20 11:28 - 000367640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2021-07-28 11:43 - 2021-01-20 11:28 - 000328568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2021-07-28 11:43 - 2021-01-20 11:28 - 000250392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2021-07-28 11:43 - 2021-01-20 11:28 - 000218976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2021-07-28 11:43 - 2021-01-20 11:28 - 000184648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2021-07-28 11:43 - 2021-01-20 11:28 - 000108408 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2021-07-28 11:43 - 2021-01-20 11:28 - 000099352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2021-07-28 11:43 - 2021-01-20 11:28 - 000082904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2021-07-28 11:43 - 2021-01-20 11:28 - 000041352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2021-07-28 11:43 - 2021-01-20 11:28 - 000035720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
2021-07-28 11:43 - 2021-01-20 11:28 - 000017344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswElam.sys
2021-07-28 11:43 - 2021-01-20 11:28 - 000003990 _____ C:\Windows\system32\Tasks\Avast Emergency Update
2021-07-28 11:43 - 2019-12-07 05:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2021-07-27 21:39 - 2021-01-20 10:08 - 000002364 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2021-07-27 11:28 - 2021-06-23 12:30 - 000000000 ____D C:\Users\moond\Desktop\memes
2021-07-26 07:58 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\ServiceState
2021-07-26 06:52 - 2021-01-20 11:26 - 000000000 ____D C:\ProgramData\Avast Software
2021-07-26 06:52 - 2020-09-27 10:50 - 000008192 ___SH C:\DumpStack.log.tmp
2021-07-26 06:52 - 2020-09-27 10:50 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-07-26 06:52 - 2019-12-07 05:03 - 000786432 _____ C:\Windows\system32\config\BBI
2021-07-24 11:29 - 2020-09-27 10:53 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-07-24 11:24 - 2021-01-23 08:53 - 000000000 ____D C:\Users\moond\Desktop\Church Business
2021-07-23 09:44 - 2021-01-19 17:44 - 000003378 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1336835431-166869274-4150396170-1001
2021-07-23 09:44 - 2021-01-19 17:39 - 000002379 _____ C:\Users\moond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-07-23 09:08 - 2021-01-20 23:30 - 000000000 ____D C:\Users\moond\Calibre Library
2021-07-23 08:57 - 2021-04-19 21:26 - 000000000 ____D C:\Users\moond\AppData\LocalLow\Adobe
2021-07-23 08:57 - 2021-04-19 07:26 - 000000000 ____D C:\Users\moond\AppData\Local\Adobe
2021-07-23 08:57 - 2021-04-19 07:26 - 000000000 ____D C:\ProgramData\Adobe
2021-07-23 08:57 - 2021-01-19 17:43 - 000000000 ____D C:\Users\moond\AppData\Roaming\Adobe
2021-07-23 08:57 - 2021-01-19 17:43 - 000000000 ____D C:\Users\moond\AppData\Local\Packages
2021-07-23 08:56 - 2021-01-19 17:39 - 000000000 ____D C:\Users\moond
2021-07-23 08:53 - 2021-04-19 07:30 - 000000000 ____D C:\Program Files (x86)\Adobe
2021-07-22 11:59 - 2021-01-20 12:28 - 000000000 ____D C:\Users\moond\AppData\Roaming\vlc
2021-07-22 11:17 - 2021-03-21 08:02 - 000000000 ____D C:\Users\moond\AppData\Local\ElevatedDiagnostics
2021-07-21 13:47 - 2021-01-20 11:28 - 000000000 ____D C:\Windows\system32\Tasks\Avast Software
2021-07-21 13:47 - 2021-01-20 10:07 - 000003366 _____ C:\Windows\system32\Tasks\BraveSoftwareUpdateTaskMachineUA
2021-07-21 13:47 - 2021-01-20 10:07 - 000003142 _____ C:\Windows\system32\Tasks\BraveSoftwareUpdateTaskMachineCore
2021-07-21 13:47 - 2021-01-19 17:42 - 000002452 _____ C:\Windows\system32\Tasks\RtkAudUService64_BG
2021-07-21 13:47 - 2021-01-19 17:39 - 000003116 _____ C:\Windows\system32\Tasks\ASUS Update Checker 2.0
2021-07-21 13:47 - 2021-01-19 17:39 - 000003042 _____ C:\Windows\system32\Tasks\ASUS Optimization 36D18D69AFC3
2021-07-21 13:47 - 2020-09-27 10:53 - 000003408 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-07-21 13:47 - 2020-09-27 10:53 - 000003184 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-07-21 13:47 - 2020-09-27 10:00 - 000002854 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1336835431-166869274-4150396170-500
2021-07-18 13:53 - 2021-01-19 17:43 - 000000000 ____D C:\Users\moond\AppData\Local\D3DSCache
2021-07-18 00:11 - 2020-09-27 10:50 - 004982080 _____ C:\Windows\system32\FNTCACHE.DAT
2021-07-18 00:10 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SystemResources
2021-07-18 00:10 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2021-07-18 00:10 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\bcastdvr
2021-07-18 00:10 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-07-17 20:55 - 2019-12-07 05:03 - 000000000 ____D C:\Windows\CbsTemp
2021-07-15 15:49 - 2021-01-23 08:22 - 000000000 ____D C:\Windows\system32\MRT
2021-07-15 15:48 - 2021-01-23 08:22 - 133422552 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-07-08 09:46 - 2019-12-07 05:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2021-07-08 09:46 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2021-07-08 09:46 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
2021-07-08 09:46 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2021-07-08 09:46 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\setup
2021-07-08 09:46 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\oobe
2021-07-08 09:46 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\Dism
2021-07-08 09:46 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\Provisioning
2021-07-02 08:53 - 2021-04-20 16:34 - 000000000 ____D C:\Users\moond\Desktop\cup work
 
==================== Files in the root of some directories ========
 
2021-04-20 18:43 - 2021-07-28 20:09 - 000000132 _____ () C:\Users\moond\AppData\Roaming\Adobe PNG Format CS6 Prefs
2021-01-21 17:35 - 2021-02-04 20:21 - 000099384 _____ () C:\Users\moond\AppData\Roaming\inst.exe
2021-01-21 17:35 - 2021-02-04 20:21 - 000007859 _____ () C:\Users\moond\AppData\Roaming\pcouffin.cat
2021-01-21 17:35 - 2021-02-04 20:21 - 000001167 _____ () C:\Users\moond\AppData\Roaming\pcouffin.inf
2021-01-21 17:35 - 2021-02-04 20:21 - 000000055 _____ () C:\Users\moond\AppData\Roaming\pcouffin.log
2021-01-21 17:35 - 2021-02-04 20:21 - 000082816 _____ (VSO Software) C:\Users\moond\AppData\Roaming\pcouffin.sys
2021-04-19 21:32 - 2021-07-29 13:31 - 000001456 _____ () C:\Users\moond\AppData\Local\Adobe Save for Web 13.0 Prefs
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
Addition
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-07-2021 01
Ran by moond (30-07-2021 12:57:37)
Running from C:\Users\moond\Desktop
Windows 10 Home Version 20H2 19042.1110 (X64) (2020-09-27 14:02:04)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-1336835431-166869274-4150396170-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1336835431-166869274-4150396170-503 - Limited - Disabled)
Guest (S-1-5-21-1336835431-166869274-4150396170-501 - Limited - Disabled)
moond (S-1-5-21-1336835431-166869274-4150396170-1001 - Administrator - Enabled) => C:\Users\moond
WDAGUtilityAccount (S-1-5-21-1336835431-166869274-4150396170-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.005.20060 - Adobe Systems Incorporated)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.1 - Adobe Systems)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
AOMEI Partition Assistant 9.1 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version:  - AOMEI International Network Limited.)
Aslain's WoT Modpack version 1.13.0.1.00 (HKLM-x32\...\Aslains_WoT_Modpack_Installer_is1) (Version: 1.13.0.1.00 - Aslain)
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 92.1.27.109 - Brave Software Inc)
calibre 64bit (HKLM\...\{6DB760DC-BEC5-4727-AA50-722D2881725E}) (Version: 5.9.0 - Kovid Goyal)
Discord (HKU\S-1-5-21-1336835431-166869274-4150396170-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.101.0 - Google LLC) Hidden
Malwarebytes version 4.4.3.125 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.3.125 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 92.0.902.55 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1336835431-166869274-4150396170-1001\...\OneDriveSetup.exe) (Version: 21.129.0627.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{E5A95BC5-81DF-4F0C-B910-B59DD012F037}) (Version: 2.81.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24123 (HKLM-x32\...\{206898cc-4b41-4d98-ac28-9f9ae57f91fe}) (Version: 14.0.24123.0 - Microsoft Corporation)
NVIDIA Graphics Driver 457.63 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 457.63 - NVIDIA Corporation)
OpenOffice 4.1.8 (HKLM-x32\...\{963FD672-F116-4AE3-AE25-84B576E610A7}) (Version: 4.18.9803 - Apache Software Foundation)
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.5.3 - TeamSpeak Systems GmbH)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)
VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.2.0.39 - VSO Software)
Wargaming.net Game Center (HKU\S-1-5-21-1336835431-166869274-4150396170-1001\...\Wargaming.net Game Center) (Version: 21.4.0.5527 - Wargaming.net)
WinRAR 6.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.00.0 - win.rar GmbH)
World of Tanks NA (HKU\S-1-5-21-1336835431-166869274-4150396170-1001\...\WOT.NA.PRODUCTION) (Version:  - Wargaming.net)
World_of_Warships (HKU\S-1-5-21-1336835431-166869274-4150396170-1001\...\WOWS.WW.PRODUCTION) (Version:  - Wargaming.net)
 
Packages:
=========
AMD Radeon™ Settings Lite -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.59462344778C5_10.19.40016.0_x64__0a9344xs7nr4m [2021-01-19] (Advanced Micro Devices Inc.)
DTS:X Ultra -> C:\Program Files\WindowsApps\DTSInc.DTSXUltra_1.10.9.0_x64__t5j2fzbtdg37r [2021-07-01] (DTS, Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_129.1.234.0_x64__v10z8vjag6ke6 [2021-07-23] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-01-19] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-01-19] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.6151.0_x64__8wekyb3d8bbwe [2021-06-20] (Microsoft Studios) [MS Ad]
MyASUS -> C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_3.0.16.0_x64__qmba6cd70vzyy [2021-07-14] (ASUSTeK COMPUTER INC.)
NFO Viewer -> C:\Program Files\WindowsApps\5480BrunoGiordano.NFOViewer_1.0.1.1_neutral__xzarbek87fvdr [2021-01-21] (Bruno Giordano)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-05-26] (NVIDIA Corp.)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.26.249.0_x64__dt26b99r8h8gj [2021-06-20] (Realtek Semiconductor Corp)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0 [2021-07-23] (Spotify AB) [Startup Task]
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-06-25] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-06-25] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2011-09-05] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-06-25] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-06-25] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-07-27] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvam.inf_amd64_21f432cacc7a9a01\nvshext.dll [2021-01-21] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2011-09-05] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-06-25] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-07-27] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
SearchScopes: HKU\S-1-5-21-1336835431-166869274-4150396170-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2019-12-07 05:14 - 2019-12-07 05:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1336835431-166869274-4150396170-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 71.10.216.1 - 71.10.216.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{21991367-46A6-4996-AB19-A332DA8FF6F9}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [UDP Query User{ECE68012-151A-4C66-BD1B-9BAA17D5FF04}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [TCP Query User{07A24EDE-913A-49E2-ADA8-905C2F840074}C:\programdata\wargaming.net\gamecenter\dlls\wgc_renderer.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\dlls\wgc_renderer.exe => No File
FirewallRules: [UDP Query User{207C7886-A052-47A1-B5FA-E21933F948D2}C:\programdata\wargaming.net\gamecenter\dlls\wgc_renderer.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\dlls\wgc_renderer.exe => No File
FirewallRules: [TCP Query User{D7CC9ADE-2176-4C8A-A415-033ED4D76A09}C:\games\world_of_tanks_na\win64\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_na\win64\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [UDP Query User{11D864D6-894E-441C-971C-5C8CF290199F}C:\games\world_of_tanks_na\win64\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_na\win64\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{4BDADAE3-46A2-4717-BF20-EB5E416EA67E}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe (Adobe Systems Incorporated -> )
FirewallRules: [{E9E8FDE0-F76A-459A-855B-D089568A476A}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe (Adobe Systems Incorporated -> )
FirewallRules: [{49CC1B4E-E589-4DAB-BC08-23259290767A}] => (Allow) LPort=7935
FirewallRules: [TCP Query User{9BDF0B1D-94E6-431B-97E0-3318C4D12F09}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe => No File
FirewallRules: [UDP Query User{E1C2A2DF-5A44-4890-BBA3-D77E49A2570D}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe => No File
FirewallRules: [TCP Query User{4603173A-AC86-47AD-A700-35EC624C30B0}C:\games\world_of_tanks_na\win64\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_na\win64\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [UDP Query User{E9184F50-F763-444E-BC70-C3436CACDB4B}C:\games\world_of_tanks_na\win64\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_na\win64\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{74D9A269-086E-4191-B6BA-CE1854D4A85B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D524098E-69E4-4FD8-9463-854CE9ACF8F2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{21AF1AAA-6EAE-46D3-9144-18F0DADBFF73}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A0D0E0AB-B2B0-4C02-8F3D-B6388A8AC7A9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{21265F1A-27D1-425A-B404-0E95ABD11E4E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{89BCFAE7-A2D7-4ABD-B82F-466D2E504B1E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B92F7B88-13AD-415B-BA9C-0A3B7E77E8D4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{52DF629F-AE4F-4813-B1A6-3E378F7F7045}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B7D967E2-AC99-4664-B5B5-58601360D422}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{BACA22A7-DEB6-4CA9-835F-8262C1D316A5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{0997998C-890B-484E-BE50-52B4A5F70476}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{840ED4D8-85AE-4319-927C-A7FE9BCEA148}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{C1B180C6-48B2-4A79-8077-4F1FB307AC2D}] => (Allow) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSLinkNear\AsusLinkNear.exe (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
FirewallRules: [{C2568758-9494-4367-84F6-ED1AE2EE8754}] => (Allow) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSLinkRemote\AsusLinkRemoteAgent.exe (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​)
FirewallRules: [{AF9EA27B-6C5D-4C7A-B462-2AEFDC8C0677}] => (Allow) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSLinkRemote\AsusLinkRemoteAgent.exe (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​)
FirewallRules: [{10A40D7E-06D7-4F6A-867C-4B040CD12FA1}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
 
==================== Restore Points =========================
 
15-07-2021 15:49:51 Windows Modules Installer
17-07-2021 20:51:12 Windows Modules Installer
25-07-2021 17:09:29 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (07/29/2021 10:09:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AsusSystemAnalysis.exe, version: 2.1.8.0, time stamp: 0x60d8a223
Faulting module name: AsusWinIo64.dll, version: 1.0.14.0, time stamp: 0x60d8a243
Exception code: 0xc0000005
Fault offset: 0x000000000000c243
Faulting process id: 0x1be0
Faulting application start time: 0x01d784e7de82e8fa
Faulting application path: C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemAnalysis\AsusSystemAnalysis.exe
Faulting module path: C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemAnalysis\AsusWinIo64.dll
Report Id: cf7e23dd-e031-4fd5-994f-59ae35e3f0b2
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/29/2021 10:04:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AsusSystemAnalysis.exe, version: 2.1.8.0, time stamp: 0x60d8a223
Faulting module name: AsusWinIo64.dll, version: 1.0.14.0, time stamp: 0x60d8a243
Exception code: 0xc0000005
Fault offset: 0x000000000000c243
Faulting process id: 0xef0
Faulting application start time: 0x01d784e72bab656c
Faulting application path: C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemAnalysis\AsusSystemAnalysis.exe
Faulting module path: C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemAnalysis\AsusWinIo64.dll
Report Id: d246720a-a1f8-477d-bad2-1046b1da6a5f
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/29/2021 09:59:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AsusSystemAnalysis.exe, version: 2.1.8.0, time stamp: 0x60d8a223
Faulting module name: AsusWinIo64.dll, version: 1.0.14.0, time stamp: 0x60d8a243
Exception code: 0xc0000005
Fault offset: 0x000000000000c243
Faulting process id: 0x1978
Faulting application start time: 0x01d784e678c6276a
Faulting application path: C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemAnalysis\AsusSystemAnalysis.exe
Faulting module path: C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemAnalysis\AsusWinIo64.dll
Report Id: ae260cf1-a67c-4f40-a6ab-e15b9630834a
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/29/2021 09:54:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AsusSystemAnalysis.exe, version: 2.1.8.0, time stamp: 0x60d8a223
Faulting module name: AsusWinIo64.dll, version: 1.0.14.0, time stamp: 0x60d8a243
Exception code: 0xc0000005
Fault offset: 0x000000000000c243
Faulting process id: 0x1100
Faulting application start time: 0x01d784e5c5ee6548
Faulting application path: C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemAnalysis\AsusSystemAnalysis.exe
Faulting module path: C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemAnalysis\AsusWinIo64.dll
Report Id: 66223888-1515-4770-bded-c7b6ad3e96e1
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/29/2021 09:49:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AsusSystemAnalysis.exe, version: 2.1.8.0, time stamp: 0x60d8a223
Faulting module name: AsusWinIo64.dll, version: 1.0.14.0, time stamp: 0x60d8a243
Exception code: 0xc0000005
Fault offset: 0x000000000000c243
Faulting process id: 0x15c4
Faulting application start time: 0x01d784e5133a4876
Faulting application path: C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemAnalysis\AsusSystemAnalysis.exe
Faulting module path: C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemAnalysis\AsusWinIo64.dll
Report Id: 86948009-80f8-4a36-a39d-3bec4097e28a
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/29/2021 09:44:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AsusSystemAnalysis.exe, version: 2.1.8.0, time stamp: 0x60d8a223
Faulting module name: AsusWinIo64.dll, version: 1.0.14.0, time stamp: 0x60d8a243
Exception code: 0xc0000005
Fault offset: 0x000000000000c243
Faulting process id: 0x49d4
Faulting application start time: 0x01d784e4604c75d9
Faulting application path: C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemAnalysis\AsusSystemAnalysis.exe
Faulting module path: C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemAnalysis\AsusWinIo64.dll
Report Id: 7c2a65a0-ca99-464d-bf54-54072a7bf04a
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/29/2021 09:39:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AsusSystemAnalysis.exe, version: 2.1.8.0, time stamp: 0x60d8a223
Faulting module name: AsusWinIo64.dll, version: 1.0.14.0, time stamp: 0x60d8a243
Exception code: 0xc0000005
Fault offset: 0x000000000000c243
Faulting process id: 0x1928
Faulting application start time: 0x01d784e3ada04253
Faulting application path: C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemAnalysis\AsusSystemAnalysis.exe
Faulting module path: C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemAnalysis\AsusWinIo64.dll
Report Id: b5d57ad6-d804-4bd4-a1d8-84e88182039e
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/29/2021 09:34:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AsusSystemAnalysis.exe, version: 2.1.8.0, time stamp: 0x60d8a223
Faulting module name: AsusWinIo64.dll, version: 1.0.14.0, time stamp: 0x60d8a243
Exception code: 0xc0000005
Fault offset: 0x000000000000c243
Faulting process id: 0x39b8
Faulting application start time: 0x01d784e2faac52c5
Faulting application path: C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemAnalysis\AsusSystemAnalysis.exe
Faulting module path: C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemAnalysis\AsusWinIo64.dll
Report Id: 41e99156-0018-4395-9e04-18d191c5e277
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (07/30/2021 12:39:56 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ASUSSystemAnalysis service.
 
Error: (07/30/2021 12:39:26 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ASUSSystemAnalysis service.
 
Error: (07/30/2021 12:38:56 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ASUSSystemAnalysis service.
 
Error: (07/29/2021 10:13:21 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ASUSSystemAnalysis service.
 
Error: (07/29/2021 10:12:51 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ASUSSystemAnalysis service.
 
Error: (07/29/2021 10:12:14 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ASUSSystemAnalysis service.
 
Error: (07/29/2021 10:11:44 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ASUSSystemAnalysis service.
 
Error: (07/29/2021 10:11:14 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ASUSSystemAnalysis service.
 
 
Windows Defender:
================
Date: 2021-01-19 17:39:11
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-01-19 17:32:18
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-01-19 17:09:40
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-01-19 18:45:56
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.303.25.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16400.2
Error code: 0x80240009
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
CodeIntegrity:
===============
Date: 2021-07-28 11:39:58
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.
 
Date: 2021-07-27 12:37:25
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.
 
 
==================== Memory info =========================== 
 
BIOS: American Megatrends Inc. FA706IH.316 03/12/2021
Motherboard: ASUSTeK COMPUTER INC. FA706IH
Processor: AMD Ryzen 7 4800H with Radeon Graphics 
Percentage of memory in use: 30%
Total physical RAM: 32175.24 MB
Available physical RAM: 22327.75 MB
Total Virtual: 37039.24 MB
Available Virtual: 25145.41 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:953.27 GB) (Free:751.09 GB) NTFS
Drive d: () (Fixed) (Total:931.5 GB) (Free:733.35 GB) NTFS
 
\\?\Volume{b03fb79a-5a13-4c8e-9bf6-b5ad784a4ea1}\ () (Fixed) (Total:0.49 GB) (Free:0.08 GB) NTFS
\\?\Volume{c6c9306c-e9f4-4f2f-9892-c9f4cf92d8e0}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 04A1E3A2)
 
Partition: GPT.
 
==========================================================
Disk: 1 (Protective MBR) (Size: 953.9 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt =======================r

  • 0

#9
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,150 posts

Hi, Moondog830.

 

It is the second time the FRST tool doesn't give us a complete result for the FRST.txt. The first half of the log is missing.

 

Before I'll give you a new set of instructions, please check if there is text above the title Internet (Whitelisted) in the log and let me know.


  • 0

#10
moondog830

moondog830

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 775 posts

I opened the old one and the latest one and there is NOTHING above the 'Whitelisted' 


  • 0

Advertisements


#11
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,150 posts

Thanks, moondog830.

 

Follow this path: C:\FRST\Logs

 

In the Logs folder, find the latest FRST.txt and check if there is text above Internet (Whitelisted) section.


  • 0

#12
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,150 posts

Something else:

 

I would ask you to stay a bit longer signed in to the Forum checking for any reply by me, if you can of course. This way we can resolve your computer's issues effectively and efficiently.


  • 0

#13
moondog830

moondog830

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 775 posts

tried the path you requested ... and the same thing ... nothing above the whitelisted


  • 0

#14
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,150 posts

Thanks for the confirmation. 
 
1. FRST fix


NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
SearchScopes: HKU\S-1-5-21-1336835431-166869274-4150396170-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FirewallRules: [TCP Query User{07A24EDE-913A-49E2-ADA8-905C2F840074}C:\programdata\wargaming.net\gamecenter\dlls\wgc_renderer.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\dlls\wgc_renderer.exe => No File
FirewallRules: [UDP Query User{207C7886-A052-47A1-B5FA-E21933F948D2}C:\programdata\wargaming.net\gamecenter\dlls\wgc_renderer.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\dlls\wgc_renderer.exe => No File
FirewallRules: [TCP Query User{9BDF0B1D-94E6-431B-97E0-3318C4D12F09}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe => No File
FirewallRules: [UDP Query User{E1C2A2DF-5A44-4890-BBA3-D77E49A2570D}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe => No File
EmptyTemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

 

2. Uninstall programs

  • Press the Windows Key + R.
  • Type appwiz.cpl in the Run box and click OK.
  • The Add/Remove Programs list will open. Locate the following programs in the list:
bl (Version: 1.0.0 - Your Company Name)
ph (Version: 1.0.0 - Your Company Name)
  • Select the above programs, one by one, and click Uninstall.
  • Restart the computer.

 

3. Fresh FRST logs

  • Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply.

 

In your next reply please post:

  1. The fixlog.txt
  2. If the uninstall procedure went fine
  3. The fresh FRST logs, Addition and FRST.

  • 0

#15
moondog830

moondog830

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 775 posts
I noticed in the fix something called qbtorrent, I saw that the other day and assumed it was something to do with 'torrents' and deleted it and looked on my programs list to make sure it wasn't installed. I THINK this is something my son put on the other day when I was at the church and my pc was at home. 
 
1. Fixlog
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 31-07-2021
Ran by moond (02-08-2021 09:30:36) Run:1
Running from C:\Users\moond\Desktop\Virus Checking
Loaded Profiles: moond
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
SearchScopes: HKU\S-1-5-21-1336835431-166869274-4150396170-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FirewallRules: [TCP Query User{07A24EDE-913A-49E2-ADA8-905C2F840074}C:\programdata\wargaming.net\gamecenter\dlls\wgc_renderer.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\dlls\wgc_renderer.exe => No File
FirewallRules: [UDP Query User{207C7886-A052-47A1-B5FA-E21933F948D2}C:\programdata\wargaming.net\gamecenter\dlls\wgc_renderer.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\dlls\wgc_renderer.exe => No File
FirewallRules: [TCP Query User{9BDF0B1D-94E6-431B-97E0-3318C4D12F09}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe => No File
FirewallRules: [UDP Query User{E1C2A2DF-5A44-4890-BBA3-D77E49A2570D}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe => No File
EmptyTemp:
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}\\SystemComponent" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{185F9795-9663-4F13-9EF9-307A282ADB5A}\\SystemComponent" => removed successfully
"HKU\S-1-5-21-1336835431-166869274-4150396170-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{07A24EDE-913A-49E2-ADA8-905C2F840074}C:\programdata\wargaming.net\gamecenter\dlls\wgc_renderer.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{207C7886-A052-47A1-B5FA-E21933F948D2}C:\programdata\wargaming.net\gamecenter\dlls\wgc_renderer.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{9BDF0B1D-94E6-431B-97E0-3318C4D12F09}C:\program files\qbittorrent\qbittorrent.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{E1C2A2DF-5A44-4890-BBA3-D77E49A2570D}C:\program files\qbittorrent\qbittorrent.exe" => removed successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 835648663 B
Java, Flash, Steam htmlcache => 343 B
Windows/system/drivers => 24203400 B
Edge => 0 B
Chrome => 0 B
Brave => 610903829 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 181596 B
NetworkService => 6098250 B
moond => 179103883 B
 
RecycleBin => 27220639 B
EmptyTemp: => 1.6 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 09:31:40 ====
 
2. uninstall - when I push the windows key + R nothing happens ... I get no place to type in what you want me to type.
 
 
3. FRST logs
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-07-2021
Ran by moond (administrator) on DESKTOP-906HTT3 (ASUSTeK COMPUTER INC. ASUS TUF Gaming A17 FA706IH_TUF706IH) (02-08-2021 09:40:32)
Running from C:\Users\moond\Desktop
Loaded Profiles: moond
Platform: Windows 10 Home Version 20H2 19042.1110 (X64) Language: English (United States)
Default browser: Brave
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Systems, Incorporated -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepositoryͧ465.inf_amd64_f448bc468601f23f\B367478\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepositoryͧ465.inf_amd64_f448bc468601f23f\B367478\atiesrxx.exe
(ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSLinkRemote\AsusLinkRemote.exe
(ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSoftwareManager\AsusSoftwareManagerAgent.exe
(ASUSTeK Computer Inc. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\ASUSACCI\ArmouryCrateControlInterface.exe
(ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSLinkNear\AsusLinkNear.exe
(ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSLinkNear\AsusLinkNearExt.exe
(ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSOptimization\AsusOptimization.exe
(ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSOptimization\AsusOptimizationStartupTask.exe
(ASUSTek Computer Inc. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSOptimization\AsusOSD.exe
(ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSoftwareManager\AsusSoftwareManager.exe
(ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemAnalysis\AsusSystemAnalysis.exe
(ASUSTEK COMPUTER INCORPORATION -> ASUSTeK COMPUTER INC.) C:\Windows\System32\ASUSACCI\ArmouryCrateKeyControl.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe <4>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe <21>
(DTS, Inc. -> DTS Inc.) C:\Windows\System32\DTS\PC\APO4x\DtsApo4Service.exe
(HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\moond\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12105.1001.23.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Windows Hardware Compatibility Publisher -> ASUSTek COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemDiagnosis\AsusSystemDiagnosis.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvam.inf_amd64_21f432cacc7a9a01\Display.NvContainer\NVDisplay.Container.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_7634c653537a72fc\RtkAudUService64.exe <2>
(Wargaming.net Limited -> Wargaming.net) C:\ProgramData\Wargaming.net\GameCenter\dlls\wgc_renderer_host.exe <3>
(Wargaming.net Limited -> Wargaming.net) C:\ProgramData\Wargaming.net\GameCenter\wargamingerrormonitor.exe
(Wargaming.net Limited -> Wargaming.net) C:\ProgramData\Wargaming.net\GameCenter\wgc.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [123672 2021-07-28] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2011-09-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2904984 2011-09-05] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKU\S-1-5-21-1336835431-166869274-4150396170-1001\...\Run: [Wargaming.net Game Center] => C:\ProgramData\Wargaming.net\GameCenter\wgc.exe [2147264 2021-06-30] (Wargaming.net Limited -> Wargaming.net)
HKU\S-1-5-21-1336835431-166869274-4150396170-1001\...\Run: [Discord] => C:\Users\moond\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-1336835431-166869274-4150396170-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1336835431-166869274-4150396170-1001\...\RunOnce: [Application Restart #0] => C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe [2252744 2021-07-27] (Brave Software, Inc. -> Brave Software, Inc.)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\Windows\system32\AdobePDF.dll [53656 2011-09-05] (Adobe Systems, Incorporated -> Adobe Systems Inc)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\92.1.27.109\Installer\chrmstp.exe [2021-07-27] (Brave Software, Inc. -> Brave Software, Inc.)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0610B03E-8B5C-4BFC-9CC4-414911CF7FFF} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [38504 2021-05-09] (HP Inc. -> HP Inc.)
Task: {24DF75F9-42CE-42D1-AACD-784F10D2E9C0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-26] (Adobe Inc. -> Adobe Inc.)
Task: {572292CC-69ED-4020-A3B4-ADDDF757543E} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162384 2021-01-20] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {612BA602-6D05-4D29-8E84-8E75FB8AEE13} - System32\Tasks\RtkAudUService64_BG => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_7634c653537a72fc\RtkAudUService64.exe [1257832 2021-04-19] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {7B7A2507-3A12-4D9D-8D2C-EB560191F109} - System32\Tasks\Microsoft\Windows\PLA\AsusLinkNear => {FF679DA1-8FF2-4474-9C9E-52BBD409B557} C:\Windows\system32\pla.dll [1493504 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {7C95D745-B6E4-428A-A33A-68382EFF1395} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162384 2021-01-20] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {8C0E19FB-86A7-4537-B79D-B7DF6D0ED54D} - System32\Tasks\Microsoft\Windows\PLA\074C0539-0999-4DA9-9D0D-3D016B62F4E9 => {FF679DA1-8FF2-4474-9C9E-52BBD409B557} C:\Windows\system32\pla.dll [1493504 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {91421DF6-313B-411D-BB8B-AE80D16091F4} - System32\Tasks\ASUS Optimization 36D18D69AFC3 => C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSOptimization\AsusHotkeyExec.exe [233624 2021-07-11] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
Task: {938B78C9-7412-4BE5-9B2E-D7CEF2427B7D} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4902680 2021-07-28] (Avast Software s.r.o. -> AVAST Software)
Task: {952B2BBC-A253-450C-A28B-1AF16FD339FC} - System32\Tasks\ASUS Update Checker 2.0 => C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSoftwareManager\AsusUpdateChecker.exe [771200 2021-07-11] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
Task: {AE7F71B1-E947-4BBA-A85E-3B789DB1C73E} - System32\Tasks\AsusSystemAnalysis_754F3273-0563-4F20-B12F-826510B07474 => C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemAnalysis\AsusSystemAnalysis.exe [2560144 2021-07-11] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
Task: {B1878CD6-9F02-4923-B022-2894D26D5018} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1790184 2021-04-30] (Avast Software s.r.o. -> Avast Software)
Task: {FA8D69C7-2FD2-4530-BC17-4169781B22A0} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [38504 2021-05-09] (HP Inc. -> HP Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{ff704ab9-ca65-41fd-bbea-1464328e86fb}: [DhcpNameServer] 192.168.0.1 192.168.0.1
 
Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\moond\AppData\Local\Microsoft\Edge\User Data\Default [2021-08-02]
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2021-04-19] [Legacy] [not signed]
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2011-09-05] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-07-24] (Adobe Inc. -> Adobe Systems Inc.)
 
Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
 
Brave: 
=======
BRA Profile: C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2021-08-02]
BRA Notifications: Default -> hxxps://services.hughesnet.com; hxxps://www.elcorreo.com
BRA NewTab: Default ->  Not-active:"chrome-extension://dchlgjjknnfihkdbkknkhdkneiajdboe/newtab/index.html"
BRA DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}&t=brave
BRA DefaultSearchKeyword: Default -> :D
BRA DefaultSuggestURL: Default -> hxxps://ac.duckduckgo.com/ac/?q={searchTerms}&type=list
BRA Session Restore: Default -> is enabled.
BRA Extension: (Google Translate) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2021-03-03]
BRA Extension: (Sci-Fi Art New Tab) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\dchlgjjknnfihkdbkknkhdkneiajdboe [2021-02-02]
BRA Extension: (Adobe Acrobat) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-07-26]
BRA Extension: (Avast Passwords) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2021-01-20]
BRA Extension: (Capital One Shopping: Add to Chrome for Free) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2021-08-02]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2021-07-29]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2021-08-02]
BRA Extension: (Brave NTP sponsored images) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe [2021-08-02]
BRA Extension: (Brave SpeedReader Updater) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2021-07-01]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2021-07-29]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-26] (Adobe Inc. -> Adobe Inc.)
R2 ArmouryCrateControlInterface; C:\Windows\System32\ASUSACCI\ArmouryCrateControlInterface.exe [889248 2020-12-17] (ASUSTeK Computer Inc. -> ASUSTeK COMPUTER INC.)
R2 ASUSLinkNear; C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSLinkNear\AsusLinkNear.exe [1290880 2021-07-11] (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
R2 ASUSLinkNearExt; C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSLinkNear\AsusLinkNearExt.exe [142464 2021-07-11] (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
R2 ASUSLinkRemote; C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSLinkRemote\AsusLinkRemote.exe [793752 2021-07-11] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​)
R2 ASUSOptimization; C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSOptimization\AsusOptimization.exe [336528 2021-07-11] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 ASUSSoftwareManager; C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSoftwareManager\AsusSoftwareManager.exe [945296 2021-07-11] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 ASUSSystemAnalysis; C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemAnalysis\AsusSystemAnalysis.exe [2560144 2021-07-11] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 ASUSSystemDiagnosis; C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemDiagnosis\AsusSystemDiagnosis.exe [885680 2021-07-11] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek COMPUTER INC.)
R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [8262736 2021-07-28] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [627480 2021-07-28] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [374552 2021-07-28] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2021-05-20] (Avast Software s.r.o. -> AVAST Software)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162384 2021-01-20] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162384 2021-01-20] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 DtsApo4Service; C:\Windows\System32\DTS\PC\APO4x\DtsApo4Service.exe [201376 2020-10-19] (DTS, Inc. -> DTS Inc.)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [288360 2021-05-09] (HP Inc. -> HP Inc.)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7477704 2021-08-02] (Malwarebytes Inc -> Malwarebytes)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2021-01-19] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2021-01-19] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nvam.inf_amd64_21f432cacc7a9a01\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nvam.inf_amd64_21f432cacc7a9a01\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ampa; C:\Windows\system32\ampa.sys [38320 2017-02-28] (CHENGDU AOMEI Tech Co., Ltd. -> )
S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R3 AsusPTPDrv; C:\Windows\System32\drivers\AsusPTPFilter.sys [112336 2019-10-02] (ASUSTek Computer Inc. -> ASUSTek COMPUTER INC.)
R1 ASUSSAIO; C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemAnalysis\ASUSSAIO.sys [39056 2021-07-11] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [35720 2021-07-28] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [218976 2021-07-28] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [367640 2021-07-28] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [250392 2021-07-28] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [99352 2021-07-28] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\Windows\System32\drivers\aswElam.sys [17344 2021-07-28] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [41352 2021-07-28] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [184648 2021-07-28] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\Windows\System32\drivers\aswNetHub.sys [559816 2021-07-28] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [108408 2021-07-28] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [82904 2021-07-28] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [851704 2021-07-28] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [471920 2021-07-28] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [215392 2021-07-28] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [328568 2021-07-28] (Avast Software s.r.o. -> AVAST Software)
R1 ATKWMIACPIIO; C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSOptimization\atkwmiacpi64.sys [44680 2021-07-11] (ASUSTek Computer Inc. -> ASUSTeK COMPUTER INC.)
S3 ddmdrv; C:\Windows\system32\ddmdrv.sys [35760 2016-12-27] (CHENGDU AOMEI Tech Co., Ltd. -> )
R3 HIDSwitch; C:\Windows\System32\drivers\AsRadioControl.sys [32696 2020-11-19] (ASUSTek Computer Inc. -> ASUS)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [19912 2021-08-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992 2021-08-02] (Malwarebytes Inc -> Malwarebytes)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [48536 2021-01-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [429296 2021-01-19] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [70896 2021-01-19] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-08-02 09:40 - 2021-08-02 09:40 - 000023001 _____ C:\Users\moond\Desktop\FRST.txt
2021-08-02 09:28 - 2021-08-02 09:29 - 000000000 ____D C:\Users\moond\Desktop\FRST-OlderVersion
2021-08-02 09:27 - 2021-08-02 09:28 - 002300416 _____ (Farbar) C:\Users\moond\Desktop\FRST64.exe
2021-08-02 09:27 - 2021-08-02 09:27 - 000000000 ___HD C:\$AV_ASW
2021-08-02 05:48 - 2021-08-02 05:48 - 000248992 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2021-08-02 05:48 - 2021-08-02 05:48 - 000199128 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2021-08-02 05:48 - 2021-08-02 05:48 - 000019912 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2021-08-02 05:48 - 2021-08-02 05:48 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-08-02 05:48 - 2021-08-02 05:48 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-08-02 05:48 - 2021-08-02 05:48 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-08-01 20:28 - 2021-08-01 20:29 - 002120496 _____ (Malwarebytes) C:\Users\moond\Downloads\MBSetup-119967.119967-consumer.exe
2021-08-01 16:29 - 2021-08-01 16:29 - 000012259 _____ C:\Users\moond\Downloads\S. H. Jucha - Silver Ships 10-20 [EPUB MOBI TXT][ebooks-shares.org].torrent
2021-08-01 16:29 - 2021-08-01 16:29 - 000005247 _____ C:\Users\moond\Downloads\S. H. Jucha - Pyreans 01-04 [EPUB MOBI TXT][ebooks-shares.org].torrent
2021-08-01 16:28 - 2021-08-01 16:29 - 000004012 _____ C:\Users\moond\Downloads\Richard Fox - The Exiled Fleet 1-4 [EPUB MOBI TXT][ebooks-shares.org].torrent
2021-08-01 16:28 - 2021-08-01 16:28 - 000002457 _____ C:\Users\moond\Downloads\Liane Merciel - Ithelas 1-2 [EPUB MOBI TXT][ebooks-shares.org].torrent
2021-08-01 16:27 - 2021-08-01 16:27 - 000008641 _____ C:\Users\moond\Downloads\Joel Shepherd - Spiral Wars 1-7 [EPUB MOBI TXT][ebooks-shares.org].torrent
2021-08-01 16:27 - 2021-08-01 16:27 - 000008505 _____ C:\Users\moond\Downloads\Joel Shepherd - Cassandra Kresnov 1-6 [EPUB MOBI TXT][ebooks-shares.org].torrent
2021-08-01 16:26 - 2021-08-01 16:26 - 000009188 _____ C:\Users\moond\Downloads\H. Beam Piper [EPUB MOBI TXT][ebooks-shares.org].torrent
2021-07-28 11:43 - 2021-07-28 11:43 - 000339736 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2021-07-28 11:43 - 2021-07-28 11:43 - 000215392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2021-07-27 12:29 - 2021-07-27 12:29 - 000000000 ____D C:\Users\moond\AppData\Local\mbam
2021-07-27 11:33 - 2021-07-27 11:33 - 000000000 ____D C:\Program Files\Malwarebytes
2021-07-27 11:31 - 2021-07-27 11:32 - 000000000 ____D C:\Users\moond\Desktop\invitations
2021-07-27 11:29 - 2021-07-27 11:30 - 000000000 ____D C:\Users\moond\Desktop\mods for wot
2021-07-27 11:26 - 2021-07-27 11:31 - 000000000 ____D C:\Users\moond\Desktop\work for angie
2021-07-27 11:18 - 2021-07-27 11:18 - 000000000 ____D C:\AdwCleaner
2021-07-27 11:16 - 2021-07-27 11:14 - 008553680 _____ (Malwarebytes) C:\Users\moond\Desktop\AdwCleaner.exe
2021-07-27 11:16 - 2021-07-27 11:12 - 002092128 _____ (Malwarebytes) C:\Users\moond\Desktop\MBSetup.exe
2021-07-24 12:49 - 2021-07-24 12:50 - 000006397 _____ C:\Users\moond\Desktop\79-Tapio Saarelainen - The White Sniper(pdf)[ebooks-shares.org].torrent
2021-07-24 12:48 - 2021-07-24 12:48 - 000000748 _____ C:\Users\moond\Desktop\78-The Last Archide Complete Series(epub)[ebooks-shares.org].torrent
2021-07-24 12:26 - 2021-07-24 12:26 - 000017329 _____ C:\Users\moond\Desktop\LBC giving history 1-23-21.xlsx
2021-07-23 08:54 - 2021-07-23 08:54 - 000004562 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2021-07-23 08:53 - 2021-07-29 12:05 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-07-23 08:29 - 2021-07-23 08:29 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2021-07-23 07:58 - 2021-08-02 09:40 - 000000000 ____D C:\FRST
2021-07-23 07:57 - 2021-08-02 09:31 - 000000000 ____D C:\Users\moond\Desktop\Virus Checking
2021-07-23 07:20 - 2021-07-23 07:20 - 000000118 ____H C:\Users\moond\Downloads\.~lock.Week#8 Data.xlsx#
2021-07-17 20:54 - 2021-07-17 20:54 - 001823280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2021-07-17 20:54 - 2021-07-17 20:54 - 000011357 _____ C:\Windows\system32\DrtmAuthTxt.wim
2021-07-17 20:54 - 2021-07-17 20:54 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsraLegacy.tlb
2021-07-17 20:54 - 2021-07-17 20:54 - 000007680 _____ (Microsoft Corporation) C:\Windows\system32\MsraLegacy.tlb
2021-07-17 20:54 - 2021-07-17 20:54 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rendezvousSession.tlb
2021-07-17 20:54 - 2021-07-17 20:54 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\rendezvousSession.tlb
2021-07-13 21:29 - 2021-07-13 21:29 - 000000342 _____ C:\Users\moond\Desktop\[EBS] Jack Webber - Destination Mars 2[ebooks-shares.org].torrent
2021-07-12 12:19 - 2021-07-12 12:20 - 044598853 _____ C:\Users\moond\Desktop\AGleamofBayonets.pdf
2021-07-08 09:39 - 2021-07-08 09:39 - 002371072 _____ C:\Windows\system32\rdpnano.dll
2021-07-08 09:39 - 2021-07-08 09:39 - 002260992 _____ C:\Windows\system32\TextInputMethodFormatter.dll
2021-07-08 09:39 - 2021-07-08 09:39 - 001393504 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2021-07-08 09:39 - 2021-07-08 09:39 - 001314128 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2021-07-08 09:39 - 2021-07-08 09:39 - 000570880 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2021-07-08 09:39 - 2021-07-08 09:39 - 000452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2021-07-08 09:39 - 2021-07-08 09:39 - 000097792 _____ C:\Windows\system32\Drivers\cimfs.sys
2021-07-08 09:39 - 2021-07-08 09:39 - 000084992 _____ (Microsoft Corporation) C:\Windows\system32\wscui.cpl
2021-07-08 09:39 - 2021-07-08 09:39 - 000067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscui.cpl
2021-07-08 09:39 - 2021-07-08 09:39 - 000060928 _____ C:\Windows\system32\runexehelper.exe
2021-07-06 16:04 - 2021-07-27 11:32 - 000000000 ____D C:\Users\moond\Desktop\sigs and avs
2021-07-06 11:24 - 2021-07-06 11:30 - 000000000 ____D C:\Users\moond\Desktop\Grandma's old pc
2021-07-06 11:08 - 2021-07-06 16:05 - 000000000 ____D C:\Users\moond\Desktop\Mark's Temp from Mom's gateway
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-08-02 09:39 - 2021-01-26 10:58 - 000003752 _____ C:\Windows\system32\Tasks\AsusSystemAnalysis_754F3273-0563-4F20-B12F-826510B07474
2021-08-02 09:39 - 2020-09-27 10:06 - 000004460 _____ C:\Windows\system32\PerfStringBackup.INI
2021-08-02 09:34 - 2021-03-09 11:45 - 000000000 ____D C:\Users\moond\AppData\Roaming\discord
2021-08-02 09:33 - 2021-03-09 11:45 - 000000000 ____D C:\Users\moond\AppData\Local\Discord
2021-08-02 09:33 - 2021-01-19 17:44 - 000000000 ___RD C:\Users\moond\OneDrive
2021-08-02 09:33 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-08-02 09:32 - 2021-01-20 11:26 - 000000000 ____D C:\ProgramData\Avast Software
2021-08-02 09:32 - 2021-01-20 10:59 - 000000000 ____D C:\ProgramData\NVIDIA
2021-08-02 09:32 - 2020-09-27 10:50 - 000008192 ___SH C:\DumpStack.log.tmp
2021-08-02 09:32 - 2020-09-27 10:50 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-08-02 09:32 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\ServiceState
2021-08-02 09:32 - 2019-12-07 05:03 - 000786432 _____ C:\Windows\system32\config\BBI
2021-08-02 09:17 - 2020-09-27 10:50 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-08-02 05:49 - 2021-05-04 12:07 - 000004166 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{F72DE0B7-2B4B-4E73-8B7D-3F2978127DCD}
2021-08-02 05:48 - 2019-12-07 05:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2021-08-02 05:47 - 2020-09-27 10:53 - 000003480 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-08-02 05:47 - 2020-09-27 10:53 - 000003356 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-07-31 18:24 - 2021-01-20 11:04 - 000000000 ____D C:\Users\moond\AppData\Roaming\TS3Client
2021-07-31 10:52 - 2021-04-20 18:43 - 000000132 _____ C:\Users\moond\AppData\Roaming\Adobe PNG Format CS6 Prefs
2021-07-31 09:31 - 2020-09-27 10:53 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-07-31 09:31 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-07-31 09:31 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\AppReadiness
2021-07-30 20:10 - 2021-01-20 11:28 - 000004264 _____ C:\Windows\system32\Tasks\Avast Emergency Update
2021-07-29 22:11 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\LiveKernelReports
2021-07-29 13:31 - 2021-04-19 21:32 - 000001456 _____ C:\Users\moond\AppData\Local\Adobe Save for Web 13.0 Prefs
2021-07-29 12:32 - 2019-12-07 05:13 - 000000000 ____D C:\Windows\INF
2021-07-29 07:27 - 2021-01-21 18:01 - 000000000 ____D C:\Users\moond\AppData\Local\CrashDumps
2021-07-28 11:43 - 2021-01-20 11:28 - 000851704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2021-07-28 11:43 - 2021-01-20 11:28 - 000559816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetHub.sys
2021-07-28 11:43 - 2021-01-20 11:28 - 000471920 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2021-07-28 11:43 - 2021-01-20 11:28 - 000367640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2021-07-28 11:43 - 2021-01-20 11:28 - 000328568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2021-07-28 11:43 - 2021-01-20 11:28 - 000250392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2021-07-28 11:43 - 2021-01-20 11:28 - 000218976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2021-07-28 11:43 - 2021-01-20 11:28 - 000184648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2021-07-28 11:43 - 2021-01-20 11:28 - 000108408 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2021-07-28 11:43 - 2021-01-20 11:28 - 000099352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2021-07-28 11:43 - 2021-01-20 11:28 - 000082904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2021-07-28 11:43 - 2021-01-20 11:28 - 000041352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2021-07-28 11:43 - 2021-01-20 11:28 - 000035720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
2021-07-28 11:43 - 2021-01-20 11:28 - 000017344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswElam.sys
2021-07-27 21:39 - 2021-01-20 10:08 - 000002364 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2021-07-27 11:32 - 2021-07-02 08:55 - 000000000 ____D C:\Users\moond\Desktop\downloaded books
2021-07-27 11:28 - 2021-06-23 12:30 - 000000000 ____D C:\Users\moond\Desktop\memes
2021-07-24 11:24 - 2021-01-23 08:53 - 000000000 ____D C:\Users\moond\Desktop\Church Business
2021-07-23 09:44 - 2021-01-19 17:44 - 000003378 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1336835431-166869274-4150396170-1001
2021-07-23 09:44 - 2021-01-19 17:39 - 000002379 _____ C:\Users\moond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-07-23 09:08 - 2021-01-20 23:30 - 000000000 ____D C:\Users\moond\Calibre Library
2021-07-23 08:57 - 2021-04-19 21:26 - 000000000 ____D C:\Users\moond\AppData\LocalLow\Adobe
2021-07-23 08:57 - 2021-04-19 07:26 - 000000000 ____D C:\Users\moond\AppData\Local\Adobe
2021-07-23 08:57 - 2021-04-19 07:26 - 000000000 ____D C:\ProgramData\Adobe
2021-07-23 08:57 - 2021-01-19 17:43 - 000000000 ____D C:\Users\moond\AppData\Roaming\Adobe
2021-07-23 08:57 - 2021-01-19 17:43 - 000000000 ____D C:\Users\moond\AppData\Local\Packages
2021-07-23 08:56 - 2021-01-19 17:39 - 000000000 ____D C:\Users\moond
2021-07-23 08:53 - 2021-04-19 07:30 - 000000000 ____D C:\Program Files (x86)\Adobe
2021-07-22 11:59 - 2021-01-20 12:28 - 000000000 ____D C:\Users\moond\AppData\Roaming\vlc
2021-07-22 11:17 - 2021-03-21 08:02 - 000000000 ____D C:\Users\moond\AppData\Local\ElevatedDiagnostics
2021-07-21 13:47 - 2021-01-20 11:28 - 000000000 ____D C:\Windows\system32\Tasks\Avast Software
2021-07-21 13:47 - 2021-01-20 10:07 - 000003366 _____ C:\Windows\system32\Tasks\BraveSoftwareUpdateTaskMachineUA
2021-07-21 13:47 - 2021-01-20 10:07 - 000003142 _____ C:\Windows\system32\Tasks\BraveSoftwareUpdateTaskMachineCore
2021-07-21 13:47 - 2021-01-19 17:42 - 000002452 _____ C:\Windows\system32\Tasks\RtkAudUService64_BG
2021-07-21 13:47 - 2021-01-19 17:39 - 000003116 _____ C:\Windows\system32\Tasks\ASUS Update Checker 2.0
2021-07-21 13:47 - 2021-01-19 17:39 - 000003042 _____ C:\Windows\system32\Tasks\ASUS Optimization 36D18D69AFC3
2021-07-21 13:47 - 2020-09-27 10:00 - 000002854 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1336835431-166869274-4150396170-500
2021-07-18 13:53 - 2021-01-19 17:43 - 000000000 ____D C:\Users\moond\AppData\Local\D3DSCache
2021-07-18 00:11 - 2020-09-27 10:50 - 004982080 _____ C:\Windows\system32\FNTCACHE.DAT
2021-07-18 00:10 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SystemResources
2021-07-18 00:10 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2021-07-18 00:10 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\bcastdvr
2021-07-18 00:10 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-07-17 20:55 - 2019-12-07 05:03 - 000000000 ____D C:\Windows\CbsTemp
2021-07-15 15:49 - 2021-01-23 08:22 - 000000000 ____D C:\Windows\system32\MRT
2021-07-15 15:48 - 2021-01-23 08:22 - 133422552 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-07-08 09:46 - 2019-12-07 05:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2021-07-08 09:46 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2021-07-08 09:46 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
2021-07-08 09:46 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2021-07-08 09:46 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\setup
2021-07-08 09:46 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\oobe
2021-07-08 09:46 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\Dism
2021-07-08 09:46 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\Provisioning
 
==================== Files in the root of some directories ========
 
2021-04-20 18:43 - 2021-07-31 10:52 - 000000132 _____ () C:\Users\moond\AppData\Roaming\Adobe PNG Format CS6 Prefs
2021-01-21 17:35 - 2021-02-04 20:21 - 000099384 _____ () C:\Users\moond\AppData\Roaming\inst.exe
2021-01-21 17:35 - 2021-02-04 20:21 - 000007859 _____ () C:\Users\moond\AppData\Roaming\pcouffin.cat
2021-01-21 17:35 - 2021-02-04 20:21 - 000001167 _____ () C:\Users\moond\AppData\Roaming\pcouffin.inf
2021-01-21 17:35 - 2021-02-04 20:21 - 000000055 _____ () C:\Users\moond\AppData\Roaming\pcouffin.log
2021-01-21 17:35 - 2021-02-04 20:21 - 000082816 _____ (VSO Software) C:\Users\moond\AppData\Roaming\pcouffin.sys
2021-04-19 21:32 - 2021-07-29 13:31 - 000001456 _____ () C:\Users\moond\AppData\Local\Adobe Save for Web 13.0 Prefs
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2021
Ran by moond (02-08-2021 09:41:30)
Running from C:\Users\moond\Desktop
Windows 10 Home Version 20H2 19042.1110 (X64) (2020-09-27 14:02:04)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-1336835431-166869274-4150396170-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1336835431-166869274-4150396170-503 - Limited - Disabled)
Guest (S-1-5-21-1336835431-166869274-4150396170-501 - Limited - Disabled)
moond (S-1-5-21-1336835431-166869274-4150396170-1001 - Administrator - Enabled) => C:\Users\moond
WDAGUtilityAccount (S-1-5-21-1336835431-166869274-4150396170-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.005.20060 - Adobe Systems Incorporated)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.1 - Adobe Systems)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
AOMEI Partition Assistant 9.1 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version:  - AOMEI International Network Limited.)
Aslain's WoT Modpack version 1.13.0.1.00 (HKLM-x32\...\Aslains_WoT_Modpack_Installer_is1) (Version: 1.13.0.1.00 - Aslain)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 21.6.2474 - Avast Software)
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 92.1.27.109 - Brave Software Inc)
calibre 64bit (HKLM\...\{6DB760DC-BEC5-4727-AA50-722D2881725E}) (Version: 5.9.0 - Kovid Goyal)
Discord (HKU\S-1-5-21-1336835431-166869274-4150396170-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.101.0 - Google LLC) Hidden
Malwarebytes version 4.4.4.126 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.4.126 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 92.0.902.62 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1336835431-166869274-4150396170-1001\...\OneDriveSetup.exe) (Version: 21.129.0627.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{E5A95BC5-81DF-4F0C-B910-B59DD012F037}) (Version: 2.81.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24123 (HKLM-x32\...\{206898cc-4b41-4d98-ac28-9f9ae57f91fe}) (Version: 14.0.24123.0 - Microsoft Corporation)
NVIDIA Graphics Driver 457.63 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 457.63 - NVIDIA Corporation)
OpenOffice 4.1.8 (HKLM-x32\...\{963FD672-F116-4AE3-AE25-84B576E610A7}) (Version: 4.18.9803 - Apache Software Foundation)
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.5.3 - TeamSpeak Systems GmbH)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)
VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.2.0.39 - VSO Software)
Wargaming.net Game Center (HKU\S-1-5-21-1336835431-166869274-4150396170-1001\...\Wargaming.net Game Center) (Version: 21.4.0.5527 - Wargaming.net)
WinRAR 6.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.00.0 - win.rar GmbH)
World of Tanks NA (HKU\S-1-5-21-1336835431-166869274-4150396170-1001\...\WOT.NA.PRODUCTION) (Version:  - Wargaming.net)
World_of_Warships (HKU\S-1-5-21-1336835431-166869274-4150396170-1001\...\WOWS.WW.PRODUCTION) (Version:  - Wargaming.net)
 
Packages:
=========
AMD Radeon™ Settings Lite -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.59462344778C5_10.19.40016.0_x64__0a9344xs7nr4m [2021-01-19] (Advanced Micro Devices Inc.)
DTS:X Ultra -> C:\Program Files\WindowsApps\DTSInc.DTSXUltra_1.10.9.0_x64__t5j2fzbtdg37r [2021-07-01] (DTS, Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_129.1.234.0_x64__v10z8vjag6ke6 [2021-07-23] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-01-19] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-01-19] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.6151.0_x64__8wekyb3d8bbwe [2021-06-20] (Microsoft Studios) [MS Ad]
MyASUS -> C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_3.0.16.0_x64__qmba6cd70vzyy [2021-07-14] (ASUSTeK COMPUTER INC.)
NFO Viewer -> C:\Program Files\WindowsApps\5480BrunoGiordano.NFOViewer_1.0.1.1_neutral__xzarbek87fvdr [2021-01-21] (Bruno Giordano)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-05-26] (NVIDIA Corp.)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.26.249.0_x64__dt26b99r8h8gj [2021-06-20] (Realtek Semiconductor Corp)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0 [2021-07-23] (Spotify AB) [Startup Task]
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-07-28] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-07-28] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2011-09-05] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-07-28] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-07-28] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-07-27] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvam.inf_amd64_21f432cacc7a9a01\nvshext.dll [2021-01-21] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2011-09-05] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-07-28] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-07-27] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2019-12-07 05:14 - 2019-12-07 05:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1336835431-166869274-4150396170-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{21991367-46A6-4996-AB19-A332DA8FF6F9}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [UDP Query User{ECE68012-151A-4C66-BD1B-9BAA17D5FF04}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [TCP Query User{D7CC9ADE-2176-4C8A-A415-033ED4D76A09}C:\games\world_of_tanks_na\win64\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_na\win64\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [UDP Query User{11D864D6-894E-441C-971C-5C8CF290199F}C:\games\world_of_tanks_na\win64\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_na\win64\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{4BDADAE3-46A2-4717-BF20-EB5E416EA67E}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe (Adobe Systems Incorporated -> )
FirewallRules: [{E9E8FDE0-F76A-459A-855B-D089568A476A}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe (Adobe Systems Incorporated -> )
FirewallRules: [{49CC1B4E-E589-4DAB-BC08-23259290767A}] => (Allow) LPort=7935
FirewallRules: [TCP Query User{4603173A-AC86-47AD-A700-35EC624C30B0}C:\games\world_of_tanks_na\win64\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_na\win64\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [UDP Query User{E9184F50-F763-444E-BC70-C3436CACDB4B}C:\games\world_of_tanks_na\win64\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_na\win64\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{74D9A269-086E-4191-B6BA-CE1854D4A85B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D524098E-69E4-4FD8-9463-854CE9ACF8F2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{21AF1AAA-6EAE-46D3-9144-18F0DADBFF73}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A0D0E0AB-B2B0-4C02-8F3D-B6388A8AC7A9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{21265F1A-27D1-425A-B404-0E95ABD11E4E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{89BCFAE7-A2D7-4ABD-B82F-466D2E504B1E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B92F7B88-13AD-415B-BA9C-0A3B7E77E8D4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{52DF629F-AE4F-4813-B1A6-3E378F7F7045}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B7D967E2-AC99-4664-B5B5-58601360D422}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{BACA22A7-DEB6-4CA9-835F-8262C1D316A5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{0997998C-890B-484E-BE50-52B4A5F70476}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{840ED4D8-85AE-4319-927C-A7FE9BCEA148}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{10A40D7E-06D7-4F6A-867C-4B040CD12FA1}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{916B0061-3A06-4659-8DA3-BBFEE81A8C11}] => (Allow) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSLinkNear\AsusLinkNear.exe (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
FirewallRules: [{8F85FB8B-AA58-42E2-A079-17DC2D8C7844}] => (Allow) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSLinkRemote\AsusLinkRemoteAgent.exe (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​)
FirewallRules: [{EC8B7662-1D42-4711-A068-4507E401003E}] => (Allow) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSLinkRemote\AsusLinkRemoteAgent.exe (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​)
 
==================== Restore Points =========================
 
17-07-2021 20:51:12 Windows Modules Installer
25-07-2021 17:09:29 Scheduled Checkpoint
01-08-2021 20:11:55 Scheduled Checkpoint
02-08-2021 09:30:37 Restore Point Created by FRST
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (08/02/2021 09:30:36 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {0c827561-0a15-4b25-b138-e3b2a17f61ea}
 
Error: (07/29/2021 10:09:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AsusSystemAnalysis.exe, version: 2.1.8.0, time stamp: 0x60d8a223
Faulting module name: AsusWinIo64.dll, version: 1.0.14.0, time stamp: 0x60d8a243
Exception code: 0xc0000005
Fault offset: 0x000000000000c243
Faulting process id: 0x1be0
Faulting application start time: 0x01d784e7de82e8fa
Faulting application path: C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemAnalysis\AsusSystemAnalysis.exe
Faulting module path: C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemAnalysis\AsusWinIo64.dll
Report Id: cf7e23dd-e031-4fd5-994f-59ae35e3f0b2
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/29/2021 10:04:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AsusSystemAnalysis.exe, version: 2.1.8.0, time stamp: 0x60d8a223
Faulting module name: AsusWinIo64.dll, version: 1.0.14.0, time stamp: 0x60d8a243
Exception code: 0xc0000005
Fault offset: 0x000000000000c243
Faulting process id: 0xef0
Faulting application start time: 0x01d784e72bab656c
Faulting application path: C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemAnalysis\AsusSystemAnalysis.exe
Faulting module path: C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemAnalysis\AsusWinIo64.dll
Report Id: d246720a-a1f8-477d-bad2-1046b1da6a5f
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/29/2021 09:59:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AsusSystemAnalysis.exe, version: 2.1.8.0, time stamp: 0x60d8a223
Faulting module name: AsusWinIo64.dll, version: 1.0.14.0, time stamp: 0x60d8a243
Exception code: 0xc0000005
Fault offset: 0x000000000000c243
Faulting process id: 0x1978
Faulting application start time: 0x01d784e678c6276a
Faulting application path: C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemAnalysis\AsusSystemAnalysis.exe
Faulting module path: C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemAnalysis\AsusWinIo64.dll
Report Id: ae260cf1-a67c-4f40-a6ab-e15b9630834a
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/29/2021 09:54:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AsusSystemAnalysis.exe, version: 2.1.8.0, time stamp: 0x60d8a223
Faulting module name: AsusWinIo64.dll, version: 1.0.14.0, time stamp: 0x60d8a243
Exception code: 0xc0000005
Fault offset: 0x000000000000c243
Faulting process id: 0x1100
Faulting application start time: 0x01d784e5c5ee6548
Faulting application path: C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemAnalysis\AsusSystemAnalysis.exe
Faulting module path: C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemAnalysis\AsusWinIo64.dll
Report Id: 66223888-1515-4770-bded-c7b6ad3e96e1
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/29/2021 09:49:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AsusSystemAnalysis.exe, version: 2.1.8.0, time stamp: 0x60d8a223
Faulting module name: AsusWinIo64.dll, version: 1.0.14.0, time stamp: 0x60d8a243
Exception code: 0xc0000005
Fault offset: 0x000000000000c243
Faulting process id: 0x15c4
Faulting application start time: 0x01d784e5133a4876
Faulting application path: C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemAnalysis\AsusSystemAnalysis.exe
Faulting module path: C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemAnalysis\AsusWinIo64.dll
Report Id: 86948009-80f8-4a36-a39d-3bec4097e28a
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/29/2021 09:44:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AsusSystemAnalysis.exe, version: 2.1.8.0, time stamp: 0x60d8a223
Faulting module name: AsusWinIo64.dll, version: 1.0.14.0, time stamp: 0x60d8a243
Exception code: 0xc0000005
Fault offset: 0x000000000000c243
Faulting process id: 0x49d4
Faulting application start time: 0x01d784e4604c75d9
Faulting application path: C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemAnalysis\AsusSystemAnalysis.exe
Faulting module path: C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemAnalysis\AsusWinIo64.dll
Report Id: 7c2a65a0-ca99-464d-bf54-54072a7bf04a
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/29/2021 09:39:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AsusSystemAnalysis.exe, version: 2.1.8.0, time stamp: 0x60d8a223
Faulting module name: AsusWinIo64.dll, version: 1.0.14.0, time stamp: 0x60d8a243
Exception code: 0xc0000005
Fault offset: 0x000000000000c243
Faulting process id: 0x1928
Faulting application start time: 0x01d784e3ada04253
Faulting application path: C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemAnalysis\AsusSystemAnalysis.exe
Faulting module path: C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemAnalysis\AsusWinIo64.dll
Report Id: b5d57ad6-d804-4bd4-a1d8-84e88182039e
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (08/02/2021 09:30:47 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WMI Performance Adapter service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (08/02/2021 09:30:47 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ASUS Link Near Extension service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/02/2021 09:30:47 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Print Scan Doctor Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (08/02/2021 09:30:47 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Realtek Bluetooth Device Manager Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/02/2021 09:30:47 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Realtek Audio Universal Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (08/02/2021 09:30:47 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (08/02/2021 09:30:47 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ASUS System Diagnosis service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/02/2021 09:30:47 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The ASUS Link Remote service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
 
Windows Defender:
================
Date: 2021-01-19 17:39:11
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-01-19 17:32:18
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-01-19 17:09:40
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-01-19 18:45:56
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.303.25.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16400.2
Error code: 0x80240009
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
CodeIntegrity:
===============
Date: 2021-08-02 09:34:43
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.
 
Date: 2021-08-02 09:34:07
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.
 
 
==================== Memory info =========================== 
 
BIOS: American Megatrends Inc. FA706IH.316 03/12/2021
Motherboard: ASUSTeK COMPUTER INC. FA706IH
Processor: AMD Ryzen 7 4800H with Radeon Graphics 
Percentage of memory in use: 16%
Total physical RAM: 32175.24 MB
Available physical RAM: 26921.96 MB
Total Virtual: 37039.24 MB
Available Virtual: 30438.79 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:953.27 GB) (Free:750.22 GB) NTFS
Drive d: () (Fixed) (Total:931.5 GB) (Free:733.35 GB) NTFS
Drive g: (HP P600) (CDROM) (Total:0.05 GB) (Free:0 GB) CDFS
Drive z: (Lennee) (Fixed) (Total:952.84 GB) (Free:938.06 GB) NTFS
 
\\?\Volume{b03fb79a-5a13-4c8e-9bf6-b5ad784a4ea1}\ () (Fixed) (Total:0.49 GB) (Free:0.08 GB) NTFS
\\?\Volume{e9f0f7ff-9bc8-11eb-a249-d8c0a623d848}\ () (Fixed) (Total:0.93 GB) (Free:0.93 GB) FAT
\\?\Volume{c6c9306c-e9f4-4f2f-9892-c9f4cf92d8e0}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 04A1E3A2)
 
Partition: GPT.
 
==========================================================
Disk: 1 (Protective MBR) (Size: 953.9 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==========================================================
Disk: 2 (Size: 953.8 GB) (Disk ID: 701B06D1)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP