Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Virus or Not? [Solved]

Started by moondog830 , Jul 23 2021 06:17 AM

This topic is locked

#16
DR M

Posted 02 August 2021 - 09:41 AM

The Grecian Geek

Malware Removal
4,096 posts

Hello.

1. After some deeper research, it seems that bl and ph hidden programs have to do with Adobe products which are installed in your computer. So, leave them there.

2. Something I noticed is that you are downloading things from torrent sites. This is a great risk for your computer's safety, since you never know what else you are downloading, malware or not. Plus, downloading for free books or anything else that you have to pay for them, is not legal or ethical accepted. Be careful, anyway.

3. Something else:

It seems that you didn't uninstall this yet:

VSO ConvertXToDVD

Please do the following to uninstall it:

In the Search area type appwiz.cpl, select the item and press Enter.
The Add/Remove Programs list will open. Locate the following program in the list:

VSO ConvertXToDVD

Select the above program and click Uninstall.
Restart the computer.

Are you still having issues with downloading? Please do not try it with torrent-related items.

#17
DR M

Posted 04 August 2021 - 01:23 AM

The Grecian Geek

Malware Removal
4,096 posts

Hello.

Are you still with me?

#18
moondog830

Posted 04 August 2021 - 06:38 AM

Member

Topic Starter
Member
804 posts

I am still with you, I have been babysitting grandkids ... 5 on monday, 6 yesterday and I have 4 today ... I know you're very busy and I apologize for making this take longer than it probably should.

I did 'finally' uninstall that VSO program ...

question ... I have 2 laptops connected to the internet in my house (which is satellite by hughesnet) ... this one is the one with the issue of not completing downloads (no matter what they are) and the other downloads things fine. Could this simply be because of my internet? This laptop is my newest one and the other is about 6 years old.

#19
DR M

Posted 04 August 2021 - 09:47 AM

The Grecian Geek

Malware Removal
4,096 posts

Hi, moondog830.

Having your grandkids with you definitely is a blessing.

I wonder if you tried to use another browser instead of Brave which is the default browser (based on your logs).

Please try to download something using Edge, Firefox and/or Chrome and let me know if the problem persists.

#20
moondog830

Posted 04 August 2021 - 10:54 AM

Member

Topic Starter
Member
804 posts

I also use Chrome, never use anything microsoft, gave up on firefox ... let me try a download in chrome

but I do use Brave on my older laptop and no problems

#21
DR M

Posted 04 August 2021 - 10:58 AM

The Grecian Geek

Malware Removal
4,096 posts

Yes, I understand. But give them a try here for investigation purposes.

#22
moondog830

Posted 06 August 2021 - 05:07 AM

Member

Topic Starter
Member
804 posts

okay, tried firefox and it downloads okay ... when I try to use Edge, I get ads that want me to use a product ... wanting me to install it. Not doing that ...

also, my Brave now seems to download ... haven't had a large file to try downloading yet ... but so far so good

#23
DR M

Posted 06 August 2021 - 05:15 AM

The Grecian Geek

Malware Removal
4,096 posts

when I try to use Edge, I get ads that want me to use a product ... wanting me to install it. Not doing that ...

Can you please take a screenshot and attach it for me please? I would like to check it.

#24
moondog830

Posted 06 August 2021 - 08:26 AM

Member

Topic Starter
Member
804 posts

Ah, sorry, no need ... I should have paid better attention. I play a game called world of tanks and use a specific mod (for assistant and tank skins etc...) and it comes from a site called Aslains.com ... it's deemed okay by World of Tanks, but mcaffee says its not a safe site. I simply needed to add an exception to Edge and it's fine

#25
DR M

Posted 06 August 2021 - 08:35 AM

The Grecian Geek

Malware Removal
4,096 posts

OK, thanks for the clarification.

If everything is fine regarding downloading issue, we can now move on, by upgrading your system. You are now running version 20H2 and the latest one is 21H1. In case you want to upgrade now, I would recommend an in-place upgrade. It will upgrade the operating system to the latest version, fixing any possible corruptions.

Go to this Microsoft page and under the title Create Windows 10 installation media press on Download tool now.
Save the tool on your Desktop and double click to run it.
On the License terms page, if you accept the license terms, select Accept.
On the What do you want to do page, select Upgrade this PC now, and then select Next.
Follow the instructions and select Keep personal files and apps, when you are asked to.
It might take a couple of hours, depending on your wifi speed connection, to install Windows 10. Your PC will restart a few times. Make sure you don’t turn off your PC.
After downloading and installing, the tool will walk you through how to set up Windows 10 on your PC.

Let me know if you will proceed with the above. Otherwise, if there isn't any issue now, I will give you the final instructions for removing the tools we used.

#26
moondog830

Posted 08 August 2021 - 11:06 AM

Member

Topic Starter
Member
804 posts

you say not to turn off the computer, but what if I need to swap sim cards in my wireless hotspot so that I'm not throttled? Can I do that as long as I don't turn off the computer?

OK, thanks for the clarification.

If everything is fine regarding downloading issue, we can now move on, by upgrading your system. You are now running version 20H2 and the latest one is 21H1. In case you want to upgrade now, I would recommend an in-place upgrade. It will upgrade the operating system to the latest version, fixing any possible corruptions.

Go to this Microsoft page and under the title Create Windows 10 installation media press on Download tool now.

Save the tool on your Desktop and double click to run it.

On the License terms page, if you accept the license terms, select Accept.

On the What do you want to do page, select Upgrade this PC now, and then select Next.

Follow the instructions and select Keep personal files and apps, when you are asked to.

It might take a couple of hours, depending on your wifi speed connection, to install Windows 10. Your PC will restart a few times. Make sure you don’t turn off your PC.

After downloading and installing, the tool will walk you through how to set up Windows 10 on your PC.

Let me know if you will proceed with the above. Otherwise, if there isn't any issue now, I will give you the final instructions for removing the tools we used.

#27
DR M

Posted 08 August 2021 - 11:16 AM

The Grecian Geek

Malware Removal
4,096 posts

you say not to turn off the computer, but what if I need to swap sim cards in my wireless hotspot so that I'm not throttled? Can I do that as long as I don't turn off the computer?

I don't see how this can affect the procedure, as far as you don't turn off the computer.

#28
moondog830

Posted 08 August 2021 - 08:46 PM

Member

Topic Starter
Member
804 posts

It is now done ... it took all day and my hotspot shut down on it's own so I found out that it would not hurt it. I am fully upgraded (for which I thank you for pointing this out, because I had no idea) ... time for bed

#29
DR M

Posted 09 August 2021 - 01:56 AM

The Grecian Geek

Malware Removal
4,096 posts

Hi, Mark.

1. Let me now see fresh FRST logs:

Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
Press Scan button and wait for a while.
The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
Please attach the content of these two logs in your next reply.

(To attach the files, click on the More Reply Options at the bottom right of the reply area, and then choose Attach File)

2. Another thing to try:

You said before that when you press the Windows logo key on your keyboard together with the letter R, nothing happens. Can you please try this now please?

3. How is the computer running now?

Have tried to download something else to see if the problem is resolved? Any other question/issue/concern?

#30
moondog830

Posted 09 August 2021 - 10:40 AM

Member

Topic Starter
Member
804 posts

FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-08-2021

Ran by moond (administrator) on DESKTOP-906HTT3 (ASUSTeK COMPUTER INC. ASUS TUF Gaming A17 FA706IH_TUF706IH) (09-08-2021 12:34:56)

Running from C:\Users\moond\Desktop\Virus Checking

Loaded Profiles: moond

Platform: Windows 10 Home Version 21H1 19043.1110 (X64) Language: English (United States)

Default browser: Brave

Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

(Adobe Systems, Incorporated -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepositoryͧ465.inf_amd64_f448bc468601f23f\B367478\atiesrxx.exe

(ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSLinkRemote\AsusLinkRemote.exe

(ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSoftwareManager\AsusSoftwareManagerAgent.exe

(ASUSTeK Computer Inc. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\ASUSACCI\ArmouryCrateControlInterface.exe

(ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSLinkNear\AsusLinkNear.exe

(ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSLinkNear\AsusLinkNearExt.exe

(ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSOptimization\AsusOptimization.exe

(ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSOptimization\AsusOptimizationStartupTask.exe

(ASUSTek Computer Inc. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSOptimization\AsusOSD.exe

(ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSoftwareManager\AsusSoftwareManager.exe

(ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemAnalysis\AsusSystemAnalysis.exe

(ASUSTEK COMPUTER INCORPORATION -> ASUSTeK COMPUTER INC.) C:\Windows\System32\ASUSACCI\ArmouryCrateKeyControl.exe

(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswEngSrv.exe

(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe

(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe

(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe

(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe <5>

(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe

(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe <18>

(DTS, Inc. -> DTS Inc.) C:\Windows\System32\DTS\PC\APO4x\DtsApo4Service.exe

(HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe

(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe

(Microsoft Corporation -> Microsoft Corporation) C:\Users\moond\AppData\Local\Microsoft\OneDrive\OneDrive.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2106.14307.0_x64__8wekyb3d8bbwe\Cortana.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12105.1001.23.0_x64__8wekyb3d8bbwe\WinStore.App.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\GameBarPresenceWriter.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

(Microsoft Windows Hardware Compatibility Publisher -> ASUSTek COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemDiagnosis\AsusSystemDiagnosis.exe

(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe

(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvam.inf_amd64_21f432cacc7a9a01\Display.NvContainer\NVDisplay.Container.exe <2>

(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_7634c653537a72fc\RtkAudUService64.exe <2>

(Wargaming.net Limited -> Wargaming.net) C:\Games\World_of_Tanks_NA\win64\cef_browser_process.exe

(Wargaming.net Limited -> Wargaming.net) C:\Games\World_of_Tanks_NA\win64\WargamingErrorMonitor.exe

(Wargaming.net Limited -> Wargaming.net) C:\Games\World_of_Tanks_NA\win64\WorldOfTanks.exe

(Wargaming.net Limited -> Wargaming.net) C:\ProgramData\Wargaming.net\GameCenter\dlls\wgc_renderer_host.exe <3>

(Wargaming.net Limited -> Wargaming.net) C:\ProgramData\Wargaming.net\GameCenter\wargamingerrormonitor.exe

(Wargaming.net Limited -> Wargaming.net) C:\ProgramData\Wargaming.net\GameCenter\wgc.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [123672 2021-07-28] (Avast Software s.r.o. -> AVAST Software)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated -> Adobe Systems Incorporated)

HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]

HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated -> Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2011-09-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2904984 2011-09-05] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

HKU\S-1-5-21-1336835431-166869274-4150396170-1001\...\Run: [Wargaming.net Game Center] => C:\ProgramData\Wargaming.net\GameCenter\wgc.exe [2147264 2021-08-04] (Wargaming.net Limited -> Wargaming.net)

HKU\S-1-5-21-1336835431-166869274-4150396170-1001\...\Run: [Discord] => C:\Users\moond\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)

HKU\S-1-5-21-1336835431-166869274-4150396170-1001\...\RunOnce: [Application Restart #0] => C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe [2252744 2021-08-05] (Brave Software, Inc. -> Brave Software, Inc.)

HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [53656 2011-09-05] (Adobe Systems, Incorporated -> Adobe Systems Inc)

HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\92.1.27.111\Installer\chrmstp.exe [2021-08-07] (Brave Software, Inc. -> Brave Software, Inc.)

HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0610B03E-8B5C-4BFC-9CC4-414911CF7FFF} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [38504 2021-05-09] (HP Inc. -> HP Inc.)

Task: {0F463DBF-399F-421F-952F-3C84337F674B} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate

Task: {24DF75F9-42CE-42D1-AACD-784F10D2E9C0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-26] (Adobe Inc. -> Adobe Inc.)

Task: {37F38DEA-E744-4346-9A20-9E7598A99820} - System32\Tasks\Microsoft\Windows\PLA\074C0539-0999-4DA9-9D0D-3D016B62F4E9 => {FF679DA1-8FF2-4474-9C9E-52BBD409B557} C:\WINDOWS\system32\pla.dll [1493504 2019-12-07] (Microsoft Windows -> Microsoft Corporation)

Task: {572292CC-69ED-4020-A3B4-ADDDF757543E} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162384 2021-01-20] (Brave Software, Inc. -> BraveSoftware Inc.)

Task: {612BA602-6D05-4D29-8E84-8E75FB8AEE13} - System32\Tasks\RtkAudUService64_BG => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_7634c653537a72fc\RtkAudUService64.exe [1257832 2021-04-19] (Realtek Semiconductor Corp. -> Realtek Semiconductor)

Task: {7C95D745-B6E4-428A-A33A-68382EFF1395} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162384 2021-01-20] (Brave Software, Inc. -> BraveSoftware Inc.)

Task: {91421DF6-313B-411D-BB8B-AE80D16091F4} - System32\Tasks\ASUS Optimization 36D18D69AFC3 => C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSOptimization\AsusHotkeyExec.exe [233624 2021-07-11] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)

Task: {938B78C9-7412-4BE5-9B2E-D7CEF2427B7D} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4902680 2021-07-28] (Avast Software s.r.o. -> AVAST Software)

Task: {952B2BBC-A253-450C-A28B-1AF16FD339FC} - System32\Tasks\ASUS Update Checker 2.0 => C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSoftwareManager\AsusUpdateChecker.exe [771200 2021-07-11] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)

Task: {AB501AC0-2DBC-4983-BCB0-D5E2FE29F054} - System32\Tasks\Microsoft\Windows\PLA\AsusLinkNear => {FF679DA1-8FF2-4474-9C9E-52BBD409B557} C:\WINDOWS\system32\pla.dll [1493504 2019-12-07] (Microsoft Windows -> Microsoft Corporation)

Task: {AE7F71B1-E947-4BBA-A85E-3B789DB1C73E} - System32\Tasks\AsusSystemAnalysis_754F3273-0563-4F20-B12F-826510B07474 => C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemAnalysis\AsusSystemAnalysis.exe [2560144 2021-07-11] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)

Task: {B1878CD6-9F02-4923-B022-2894D26D5018} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1790184 2021-04-30] (Avast Software s.r.o. -> Avast Software)

Task: {E8A32AD5-5F51-4BC2-97A8-20CE78B57FD3} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [681400 2021-07-21] (Mozilla Corporation -> Mozilla Foundation)

Task: {FA8D69C7-2FD2-4530-BC17-4169781B22A0} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [38504 2021-05-09] (HP Inc. -> HP Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{ff704ab9-ca65-41fd-bbea-1464328e86fb}: [DhcpNameServer] 192.168.1.1

Edge:

=======

Edge DefaultProfile: Default

Edge Profile: C:\Users\moond\AppData\Local\Microsoft\Edge\User Data\Default [2021-08-09]

FireFox:

========

FF DefaultProfile: 5r1le8jy.default

FF ProfilePath: C:\Users\moond\AppData\Roaming\Mozilla\Firefox\Profiles\5r1le8jy.default [2021-08-05]

FF ProfilePath: C:\Users\moond\AppData\Roaming\Mozilla\Firefox\Profiles\ha90f5gz.default-release [2021-08-06]

FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn

FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2021-04-19] [Legacy] [not signed]

FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)

FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2011-09-05] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-07-24] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:

=======

CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

Brave:

=======

BRA Profile: C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2021-08-09]

BRA Notifications: Default -> hxxps://services.hughesnet.com; hxxps://www.elcorreo.com

BRA NewTab: Default -> Not-active:"chrome-extension://dchlgjjknnfihkdbkknkhdkneiajdboe/newtab/index.html"

BRA DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}&t=brave

BRA DefaultSearchKeyword: Default ->

BRA DefaultSuggestURL: Default -> hxxps://ac.duckduckgo.com/ac/?q={searchTerms}&type=list

BRA Session Restore: Default -> is enabled.

BRA Extension: (Google Translate) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2021-03-03]

BRA Extension: (Sci-Fi Art New Tab) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\dchlgjjknnfihkdbkknkhdkneiajdboe [2021-02-02]

BRA Extension: (Adobe Acrobat) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-08-09]

BRA Extension: (Avast Passwords) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2021-01-20]

BRA Extension: (Capital One Shopping: Add to Chrome for Free) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2021-08-08]

BRA Extension: (Brave Local Data Files Updater) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2021-07-29]

BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2021-08-09]

BRA Extension: (Brave NTP sponsored images) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe [2021-08-09]

BRA Extension: (Brave SpeedReader Updater) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2021-07-01]

BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2021-08-08]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-26] (Adobe Inc. -> Adobe Inc.)

R2 ArmouryCrateControlInterface; C:\WINDOWS\System32\ASUSACCI\ArmouryCrateControlInterface.exe [889248 2020-12-17] (ASUSTeK Computer Inc. -> ASUSTeK COMPUTER INC.)

R2 ASUSLinkNear; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSLinkNear\AsusLinkNear.exe [1290880 2021-07-11] (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)

R2 ASUSLinkNearExt; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSLinkNear\AsusLinkNearExt.exe [142464 2021-07-11] (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)

R2 ASUSLinkRemote; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSLinkRemote\AsusLinkRemote.exe [793752 2021-07-11] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)

R2 ASUSOptimization; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSOptimization\AsusOptimization.exe [336528 2021-07-11] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)

R2 ASUSSoftwareManager; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSoftwareManager\AsusSoftwareManager.exe [945296 2021-07-11] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)

R2 ASUSSystemAnalysis; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemAnalysis\AsusSystemAnalysis.exe [2560144 2021-07-11] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)

R2 ASUSSystemDiagnosis; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemDiagnosis\AsusSystemDiagnosis.exe [885680 2021-07-11] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek COMPUTER INC.)

R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [8262736 2021-07-28] (Avast Software s.r.o. -> AVAST Software)

R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [627480 2021-07-28] (Avast Software s.r.o. -> AVAST Software)

R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [374552 2021-07-28] (Avast Software s.r.o. -> AVAST Software)

R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2021-05-20] (Avast Software s.r.o. -> AVAST Software)

S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162384 2021-01-20] (Brave Software, Inc. -> BraveSoftware Inc.)

S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162384 2021-01-20] (Brave Software, Inc. -> BraveSoftware Inc.)

R2 DtsApo4Service; C:\WINDOWS\System32\DTS\PC\APO4x\DtsApo4Service.exe [201376 2020-10-19] (DTS, Inc. -> DTS Inc.)

R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [288360 2021-05-09] (HP Inc. -> HP Inc.)

R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7477704 2021-08-02] (Malwarebytes Inc -> Malwarebytes)

S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]

S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2021-01-19] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2021-01-19] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvam.inf_amd64_21f432cacc7a9a01\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvam.inf_amd64_21f432cacc7a9a01\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ampa; C:\Windows\system32\ampa.sys [38320 2017-02-28] (CHENGDU AOMEI Tech Co., Ltd. -> )

S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)

R3 AsusPTPDrv; C:\WINDOWS\System32\drivers\AsusPTPFilter.sys [112336 2019-10-02] (ASUSTek Computer Inc. -> ASUSTek COMPUTER INC.)

R1 ASUSSAIO; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemAnalysis\ASUSSAIO.sys [39056 2021-07-11] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)

R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [35720 2021-07-28] (Avast Software s.r.o. -> AVAST Software)

R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [218976 2021-07-28] (Avast Software s.r.o. -> AVAST Software)

R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [367640 2021-07-28] (Avast Software s.r.o. -> AVAST Software)

R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [250392 2021-07-28] (Avast Software s.r.o. -> AVAST Software)

R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [99352 2021-07-28] (Avast Software s.r.o. -> AVAST Software)

R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [17344 2021-07-28] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)

R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [41352 2021-07-28] (Avast Software s.r.o. -> AVAST Software)

R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [184648 2021-07-28] (Avast Software s.r.o. -> AVAST Software)

R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [559816 2021-07-28] (Avast Software s.r.o. -> AVAST Software)

R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [108408 2021-07-28] (Avast Software s.r.o. -> AVAST Software)

R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [82904 2021-07-28] (Avast Software s.r.o. -> AVAST Software)

R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [851704 2021-07-28] (Avast Software s.r.o. -> AVAST Software)

R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [471920 2021-07-28] (Avast Software s.r.o. -> AVAST Software)

R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [215392 2021-07-28] (Avast Software s.r.o. -> AVAST Software)

R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [328568 2021-07-28] (Avast Software s.r.o. -> AVAST Software)

R1 ATKWMIACPIIO; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSOptimization\atkwmiacpi64.sys [44680 2021-07-11] (ASUSTek Computer Inc. -> ASUSTeK COMPUTER INC.)

S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]

S3 ddmdrv; C:\Windows\system32\ddmdrv.sys [35760 2016-12-27] (CHENGDU AOMEI Tech Co., Ltd. -> )

R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [199128 2021-08-02] (Malwarebytes Inc -> Malwarebytes)

R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsRadioControl.sys [32696 2020-11-19] (ASUSTek Computer Inc. -> ASUS)

R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220752 2021-08-09] (Malwarebytes Inc -> Malwarebytes)

S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-08-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)

R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198888 2021-08-09] (Malwarebytes Inc -> Malwarebytes)

R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [69016 2021-08-09] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)

R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-08-09] (Malwarebytes Inc -> Malwarebytes)

R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [156880 2021-08-09] (Malwarebytes Inc -> Malwarebytes)

S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2021-01-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)

S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [429296 2021-01-19] (Microsoft Windows -> Microsoft Corporation)

S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2021-01-19] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-08-09 12:29 - 2021-08-09 12:29 - 000000000 ____D C:\Users\moond\AppData\LocalLow\IGDump

2021-08-09 12:12 - 2021-08-09 12:12 - 000198888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys

2021-08-09 12:12 - 2021-08-09 12:12 - 000156880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys

2021-08-09 12:12 - 2021-08-09 12:12 - 000069016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys

2021-08-09 08:49 - 2021-08-09 08:49 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb

2021-08-09 08:49 - 2021-08-09 08:49 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb

2021-08-09 08:49 - 2021-08-09 08:49 - 002371072 _____ C:\WINDOWS\system32\rdpnano.dll

2021-08-09 08:49 - 2021-08-09 08:49 - 001864192 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll

2021-08-09 08:49 - 2021-08-09 08:49 - 001687040 _____ C:\WINDOWS\system32\libcrypto.dll

2021-08-09 08:49 - 2021-08-09 08:49 - 001314128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi

2021-08-09 08:49 - 2021-08-09 08:49 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE

2021-08-09 08:49 - 2021-08-09 08:49 - 000700928 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll

2021-08-09 08:49 - 2021-08-09 08:49 - 000570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl

2021-08-09 08:49 - 2021-08-09 08:49 - 000468440 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll

2021-08-09 08:49 - 2021-08-09 08:49 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl

2021-08-09 08:49 - 2021-08-09 08:49 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv

2021-08-09 08:49 - 2021-08-09 08:49 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe

2021-08-09 08:49 - 2021-08-09 08:49 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl

2021-08-09 08:49 - 2021-08-09 08:49 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl

2021-08-09 08:49 - 2021-08-09 08:49 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe

2021-08-09 08:49 - 2021-08-09 08:49 - 000011357 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim

2021-08-09 08:49 - 2021-08-09 08:49 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsraLegacy.tlb

2021-08-09 08:49 - 2021-08-09 08:49 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsraLegacy.tlb

2021-08-09 08:49 - 2021-08-09 08:49 - 000006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rendezvousSession.tlb

2021-08-09 08:49 - 2021-08-09 08:49 - 000006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\rendezvousSession.tlb

2021-08-09 08:48 - 2021-08-09 08:48 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll

2021-08-09 08:48 - 2021-08-09 08:48 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll

2021-08-09 08:48 - 2021-08-09 08:48 - 001823280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi

2021-08-09 08:48 - 2021-08-09 08:48 - 001393504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi

2021-08-09 08:48 - 2021-08-09 08:48 - 000657464 _____ C:\WINDOWS\system32\WindowManagementAPI.dll

2021-08-09 08:48 - 2021-08-09 08:48 - 000563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv

2021-08-09 08:48 - 2021-08-09 08:48 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll

2021-08-09 08:48 - 2021-08-09 08:48 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe

2021-08-09 08:48 - 2021-08-09 08:48 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe

2021-08-09 08:48 - 2021-08-09 08:48 - 000097792 _____ C:\WINDOWS\system32\Drivers\cimfs.sys

2021-08-09 08:48 - 2021-08-09 08:48 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe

2021-08-09 02:05 - 2021-08-08 22:14 - 000000000 ____D C:\Windows.old

2021-08-08 22:39 - 2021-08-08 22:41 - 019444171 _____ C:\Users\moond\Downloads\Tapio Saarelainen - The White Sniper.pdf

2021-08-08 22:21 - 2021-08-08 22:21 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime

2021-08-08 22:20 - 2021-08-08 22:20 - 000000000 ____D C:\ProgramData\Microsoft OneDrive

2021-08-08 22:19 - 2021-08-08 22:19 - 000000020 ___SH C:\Users\moond\ntuser.ini

2021-08-08 22:16 - 2021-08-09 12:19 - 000795738 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2021-08-08 22:14 - 2021-08-09 12:19 - 000003752 _____ C:\WINDOWS\system32\Tasks\AsusSystemAnalysis_754F3273-0563-4F20-B12F-826510B07474

2021-08-08 22:14 - 2021-08-09 12:12 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT

2021-08-08 22:14 - 2021-08-09 11:44 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update

2021-08-08 22:14 - 2021-08-09 05:21 - 000004166 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{F72DE0B7-2B4B-4E73-8B7D-3F2978127DCD}

2021-08-08 22:14 - 2021-08-08 22:14 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task

2021-08-08 22:14 - 2021-08-08 22:14 - 000003408 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA

2021-08-08 22:14 - 2021-08-08 22:14 - 000003366 _____ C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineUA

2021-08-08 22:14 - 2021-08-08 22:14 - 000003184 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore

2021-08-08 22:14 - 2021-08-08 22:14 - 000003142 _____ C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineCore

2021-08-08 22:14 - 2021-08-08 22:14 - 000003116 _____ C:\WINDOWS\system32\Tasks\ASUS Update Checker 2.0

2021-08-08 22:14 - 2021-08-08 22:14 - 000003042 _____ C:\WINDOWS\system32\Tasks\ASUS Optimization 36D18D69AFC3

2021-08-08 22:14 - 2021-08-08 22:14 - 000002858 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1336835431-166869274-4150396170-1001

2021-08-08 22:14 - 2021-08-08 22:14 - 000002854 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1336835431-166869274-4150396170-500

2021-08-08 22:14 - 2021-08-08 22:14 - 000002452 _____ C:\WINDOWS\system32\Tasks\RtkAudUService64_BG

2021-08-08 22:14 - 2021-08-08 22:14 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla

2021-08-08 22:14 - 2021-08-08 22:14 - 000000000 ____D C:\WINDOWS\system32\Tasks\HP

2021-08-08 22:14 - 2021-08-08 22:14 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software

2021-08-08 22:14 - 2020-09-27 10:58 - 000003392 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-283516741-3080081594-3377497909-500

2021-08-08 22:13 - 2021-08-08 22:14 - 000007623 _____ C:\WINDOWS\diagwrn.xml

2021-08-08 22:13 - 2021-08-08 22:14 - 000007623 _____ C:\WINDOWS\diagerr.xml

2021-08-08 22:11 - 2021-08-09 00:27 - 000220752 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys

2021-08-08 22:08 - 2021-08-09 12:12 - 004991944 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2021-08-08 22:08 - 2021-08-09 12:05 - 000000000 ____D C:\WINDOWS\system32\SleepStudy

2021-08-08 22:00 - 2021-08-09 02:05 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate

2021-08-08 22:00 - 2021-08-08 22:19 - 000000000 ____D C:\Users\moond

2021-08-08 22:00 - 2019-12-07 05:10 - 000001105 _____ C:\Users\moond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

2021-08-08 21:59 - 2021-08-08 22:00 - 000000000 ____D C:\WINDOWS\ServiceProfiles

2021-08-08 21:55 - 2021-08-08 21:55 - 000008192 _____ C:\WINDOWS\system32\config\userdiff

2021-08-08 21:47 - 2015-03-21 20:43 - 000020403 _____ C:\Users\moond\Desktop\Modern Serif Eroded.pdf

2021-08-08 21:47 - 2015-03-21 19:49 - 000215772 _____ C:\Users\moond\Desktop\Modern Serif Eroded.ttf

2021-08-08 21:47 - 2014-05-29 13:47 - 000038428 _____ C:\Users\moond\Desktop\AARDV.TTF

2021-08-08 21:47 - 2011-11-08 15:57 - 000004468 _____ C:\Users\moond\Desktop\OFL_License.txt

2021-08-08 21:47 - 2011-11-08 15:55 - 000622848 _____ C:\Users\moond\Desktop\Zantroke-specimen.pdf

2021-08-08 21:47 - 2011-11-08 15:55 - 000282524 _____ C:\Users\moond\Desktop\Zantroke.otf

2021-08-08 21:47 - 2004-11-16 04:38 - 000016072 _____ C:\Users\moond\Desktop\CollegiateOutlineFLF.ttf

2021-08-08 21:47 - 2004-11-16 04:37 - 000010744 _____ C:\Users\moond\Desktop\CollegiateInsideFLF.ttf

2021-08-08 21:47 - 2004-11-16 04:36 - 000017904 _____ C:\Users\moond\Desktop\CollegiateBorderFLF.ttf

2021-08-08 21:47 - 2004-11-16 04:36 - 000011008 _____ C:\Users\moond\Desktop\CollegiateBlackFLF.ttf

2021-08-08 21:47 - 2004-11-16 04:35 - 000019272 _____ C:\Users\moond\Desktop\CollegiateFLF.ttf

2021-08-08 21:47 - 1994-06-05 04:05 - 000001441 _____ C:\Users\moond\Desktop\README.TXT

2021-08-08 16:52 - 2021-08-08 22:19 - 000000000 ___DC C:\WINDOWS\Panther

2021-08-08 14:35 - 2010-10-06 16:08 - 000464782 _____ C:\Users\moond\Desktop\Torn Paper Brushes.abr

2021-08-08 14:34 - 2021-08-08 14:35 - 000238197 _____ C:\Users\moond\Desktop\Torn_Paper_Brushes.zip

2021-08-08 09:37 - 2021-08-08 16:52 - 000000000 ____D C:\ESD

2021-08-08 09:36 - 2021-08-08 09:36 - 000000000 ___HD C:\$Windows.~WS

2021-08-06 23:58 - 2021-08-09 12:10 - 000000000 ____D C:\Users\moond\AppData\Roaming\qBittorrent

2021-08-06 23:58 - 2021-08-06 23:58 - 000000000 ____D C:\Users\moond\AppData\Local\qBittorrent

2021-08-05 17:42 - 2021-08-06 07:37 - 016406413 _____ C:\Users\moond\Downloads\OCBT057_Hungarian_vs_Soviet_Soldier.pdf

2021-08-05 09:25 - 2021-08-09 11:25 - 000000000 ____D C:\Users\moond\AppData\LocalLow\Mozilla

2021-08-05 09:25 - 2021-08-05 09:26 - 000000000 ____D C:\ProgramData\Mozilla

2021-08-05 09:25 - 2021-08-05 09:25 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk

2021-08-05 09:25 - 2021-08-05 09:25 - 000000993 _____ C:\Users\Public\Desktop\Firefox.lnk

2021-08-05 09:25 - 2021-08-05 09:25 - 000000000 ____D C:\Users\moond\AppData\Roaming\Mozilla

2021-08-05 09:25 - 2021-08-05 09:25 - 000000000 ____D C:\Users\moond\AppData\Local\Mozilla

2021-08-05 09:25 - 2021-08-05 09:25 - 000000000 ____D C:\Program Files\Mozilla Firefox

2021-08-05 09:25 - 2021-08-05 09:25 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2021-08-05 09:18 - 2021-08-05 09:19 - 000332992 _____ (Mozilla) C:\Users\moond\Desktop\Firefox Installer.exe

2021-08-02 09:27 - 2021-08-02 09:27 - 000000000 ___HD C:\$AV_ASW

2021-08-02 05:48 - 2021-08-09 00:27 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys

2021-08-02 05:48 - 2021-08-02 05:48 - 000199128 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys

2021-08-02 05:48 - 2021-08-02 05:48 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys

2021-08-02 05:48 - 2021-08-02 05:48 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk

2021-08-02 05:48 - 2021-08-02 05:48 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk

2021-08-02 05:48 - 2021-08-02 05:48 - 000000000 ____D C:\ProgramData\Malwarebytes

2021-07-28 11:43 - 2021-07-28 11:43 - 000339736 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe

2021-07-28 11:43 - 2021-07-28 11:43 - 000215392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys

2021-07-27 12:29 - 2021-07-27 12:29 - 000000000 ____D C:\Users\moond\AppData\Local\mbam

2021-07-27 11:33 - 2021-07-27 11:33 - 000000000 ____D C:\Program Files\Malwarebytes

2021-07-27 11:31 - 2021-07-27 11:32 - 000000000 ____D C:\Users\moond\Desktop\invitations

2021-07-27 11:29 - 2021-07-27 11:30 - 000000000 ____D C:\Users\moond\Desktop\mods for wot

2021-07-27 11:26 - 2021-07-27 11:31 - 000000000 ____D C:\Users\moond\Desktop\work for angie

2021-07-27 11:18 - 2021-07-27 11:18 - 000000000 ____D C:\AdwCleaner

2021-07-27 11:16 - 2021-07-27 11:14 - 008553680 _____ (Malwarebytes) C:\Users\moond\Desktop\AdwCleaner.exe

2021-07-27 11:16 - 2021-07-27 11:12 - 002092128 _____ (Malwarebytes) C:\Users\moond\Desktop\MBSetup.exe

2021-07-24 12:49 - 2021-07-24 12:50 - 000006397 _____ C:\Users\moond\Desktop\79-Tapio Saarelainen - The White Sniper(pdf)[ebooks-shares.org].torrent

2021-07-24 12:48 - 2021-07-24 12:48 - 000000748 _____ C:\Users\moond\Desktop\78-The Last Archide Complete Series(epub)[ebooks-shares.org].torrent

2021-07-24 12:26 - 2021-07-24 12:26 - 000017329 _____ C:\Users\moond\Desktop\LBC giving history 1-23-21.xlsx

2021-07-23 08:53 - 2021-07-29 12:05 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

2021-07-23 08:29 - 2021-08-09 02:05 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe

2021-07-23 07:58 - 2021-08-09 12:35 - 000000000 ____D C:\FRST

2021-07-23 07:57 - 2021-08-09 12:34 - 000000000 ____D C:\Users\moond\Desktop\Virus Checking

2021-07-23 07:20 - 2021-07-23 07:20 - 000000118 ____H C:\Users\moond\Downloads\.~lock.Week#8 Data.xlsx#

2021-07-13 21:29 - 2021-07-13 21:29 - 000000342 _____ C:\Users\moond\Desktop\[EBS] Jack Webber - Destination Mars 2[ebooks-shares.org].torrent

2021-07-12 12:19 - 2021-07-12 12:20 - 044598853 _____ C:\Users\moond\Desktop\AGleamofBayonets.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-08-09 12:25 - 2021-01-19 17:43 - 000000000 ____D C:\Users\moond\AppData\Local\D3DSCache

2021-08-09 12:25 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2021-08-09 12:19 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF

2021-08-09 12:15 - 2021-03-09 11:45 - 000000000 ____D C:\Users\moond\AppData\Roaming\discord

2021-08-09 12:13 - 2021-03-09 11:45 - 000000000 ____D C:\Users\moond\AppData\Local\Discord

2021-08-09 12:13 - 2021-01-20 10:59 - 000000000 ____D C:\ProgramData\NVIDIA

2021-08-09 12:13 - 2021-01-19 17:44 - 000000000 ___RD C:\Users\moond\OneDrive

2021-08-09 12:13 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel

2021-08-09 12:13 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness

2021-08-09 12:12 - 2021-01-20 11:26 - 000000000 ____D C:\ProgramData\Avast Software

2021-08-09 12:12 - 2020-09-27 10:50 - 000008192 ___SH C:\DumpStack.log.tmp

2021-08-09 12:11 - 2019-12-07 05:50 - 000000000 ____D C:\WINDOWS\system32\OpenSSH

2021-08-09 12:11 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\PrintDialog

2021-08-09 12:11 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata

2021-08-09 12:11 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup

2021-08-09 12:11 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe

2021-08-09 12:11 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV

2021-08-09 12:11 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT

2021-08-09 12:11 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE

2021-08-09 12:11 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism

2021-08-09 12:11 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemResources

2021-08-09 12:11 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata

2021-08-09 12:11 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns

2021-08-09 12:11 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform

2021-08-09 12:11 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\setup

2021-08-09 12:11 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\oobe

2021-08-09 12:11 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\migwiz

2021-08-09 12:11 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV

2021-08-09 12:11 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT

2021-08-09 12:11 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\et-EE

2021-08-09 12:11 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Dism

2021-08-09 12:11 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\Provisioning

2021-08-09 12:11 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions

2021-08-09 12:11 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\DiagTrack

2021-08-09 12:11 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\bcastdvr

2021-08-09 12:11 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Common Files\System

2021-08-09 12:11 - 2019-12-07 05:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI

2021-08-09 08:51 - 2019-12-07 05:52 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll

2021-08-09 08:51 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\servicing

2021-08-09 08:51 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp

2021-08-09 04:53 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\appcompat

2021-08-09 02:05 - 2021-04-19 07:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2

2021-08-09 02:05 - 2021-04-19 07:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6

2021-08-09 02:05 - 2021-04-12 19:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMEI Partition Assistant

2021-08-09 02:05 - 2021-03-09 11:45 - 000000000 ____D C:\Users\moond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc

2021-08-09 02:05 - 2021-02-08 18:37 - 000000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.8

2021-08-09 02:05 - 2021-01-21 17:55 - 000000000 ____D C:\Users\moond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR

2021-08-09 02:05 - 2021-01-21 17:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR

2021-08-09 02:05 - 2021-01-20 11:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management

2021-08-09 02:05 - 2021-01-20 11:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

2021-08-09 02:05 - 2021-01-19 17:54 - 000000000 ____D C:\Users\moond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wargaming.net

2021-08-09 02:05 - 2019-12-07 05:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template

2021-08-09 02:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase

2021-08-09 02:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated

2021-08-09 02:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\spool

2021-08-09 02:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\MsDtc

2021-08-09 02:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports

2021-08-09 02:05 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared

2021-08-08 22:51 - 2021-05-24 05:43 - 000000000 ____D C:\Users\moond\AppData\Local\Avast Software

2021-08-08 22:44 - 2021-01-20 12:28 - 000000000 ____D C:\Users\moond\AppData\Roaming\vlc

2021-08-08 22:19 - 2021-01-19 17:43 - 000000000 ___RD C:\Users\moond\3D Objects

2021-08-08 22:19 - 2020-09-27 10:54 - 000000000 __RHD C:\Users\Public\AccountPictures

2021-08-08 22:19 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps

2021-08-08 22:14 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Windows Defender

2021-08-08 22:14 - 2019-12-07 05:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM

2021-08-08 22:13 - 2021-01-20 10:08 - 000002364 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk

2021-08-08 22:12 - 2019-12-07 05:14 - 000000000 __RSD C:\WINDOWS\Media

2021-08-08 22:10 - 2021-01-19 17:42 - 000000000 ____D C:\WINDOWS\system32\ASUSACCI

2021-08-08 22:10 - 2021-01-19 17:41 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation

2021-08-08 22:10 - 2020-09-27 10:53 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk

2021-08-08 22:08 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ServiceState

2021-08-08 22:04 - 2019-12-07 05:18 - 000000000 ____D C:\WINDOWS\Setup

2021-08-08 22:02 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\USOPrivate

2021-08-08 22:01 - 2021-04-19 07:35 - 000000000 ____D C:\WINDOWS\system32\Macromed

2021-08-08 22:01 - 2021-04-19 07:30 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed

2021-08-08 22:01 - 2021-01-20 09:37 - 000000000 ____D C:\WINDOWS\Firmware

2021-08-08 22:01 - 2021-01-19 17:39 - 000000000 ____D C:\WINDOWS\system32\DTS

2021-08-08 22:01 - 2021-01-19 17:38 - 000000000 ____D C:\WINDOWS\system32\AMD

2021-08-08 22:00 - 2021-01-19 17:43 - 000000000 ____D C:\Users\moond\AppData\Local\Packages

2021-08-08 21:52 - 2021-04-20 18:43 - 000000132 _____ C:\Users\moond\AppData\Roaming\Adobe PNG Format CS6 Prefs

2021-08-07 11:29 - 2021-01-20 11:04 - 000000000 ____D C:\Users\moond\AppData\Roaming\TS3Client

2021-08-04 21:37 - 2021-04-19 21:32 - 000001456 _____ C:\Users\moond\AppData\Local\Adobe Save for Web 13.0 Prefs

2021-08-04 20:59 - 2021-02-22 16:22 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools

2021-08-02 16:36 - 2021-01-21 17:35 - 000099384 _____ C:\Users\moond\AppData\Roaming\inst.exe

2021-08-02 16:36 - 2021-01-21 17:35 - 000082816 _____ (VSO Software) C:\Users\moond\AppData\Roaming\pcouffin.sys

2021-08-02 16:36 - 2021-01-21 17:35 - 000007859 _____ C:\Users\moond\AppData\Roaming\pcouffin.cat

2021-08-02 16:36 - 2021-01-21 17:35 - 000000000 ____D C:\Users\moond\AppData\Roaming\Vso

2021-08-02 16:36 - 2021-01-21 17:35 - 000000000 ____D C:\Program Files (x86)\VSO

2021-07-29 07:27 - 2021-01-21 18:01 - 000000000 ____D C:\Users\moond\AppData\Local\CrashDumps

2021-07-28 11:43 - 2021-01-20 11:28 - 000851704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys

2021-07-28 11:43 - 2021-01-20 11:28 - 000559816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys

2021-07-28 11:43 - 2021-01-20 11:28 - 000471920 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys

2021-07-28 11:43 - 2021-01-20 11:28 - 000367640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys

2021-07-28 11:43 - 2021-01-20 11:28 - 000328568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys

2021-07-28 11:43 - 2021-01-20 11:28 - 000250392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys

2021-07-28 11:43 - 2021-01-20 11:28 - 000218976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys

2021-07-28 11:43 - 2021-01-20 11:28 - 000184648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys

2021-07-28 11:43 - 2021-01-20 11:28 - 000108408 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys

2021-07-28 11:43 - 2021-01-20 11:28 - 000099352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys

2021-07-28 11:43 - 2021-01-20 11:28 - 000082904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys

2021-07-28 11:43 - 2021-01-20 11:28 - 000041352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys

2021-07-28 11:43 - 2021-01-20 11:28 - 000035720 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys

2021-07-28 11:43 - 2021-01-20 11:28 - 000017344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys

2021-07-27 11:32 - 2021-07-06 16:04 - 000000000 ____D C:\Users\moond\Desktop\sigs and avs

2021-07-27 11:32 - 2021-07-02 08:55 - 000000000 ____D C:\Users\moond\Desktop\downloaded books

2021-07-27 11:28 - 2021-06-23 12:30 - 000000000 ____D C:\Users\moond\Desktop\memes

2021-07-24 11:24 - 2021-01-23 08:53 - 000000000 ____D C:\Users\moond\Desktop\Church Business

2021-07-23 09:08 - 2021-01-20 23:30 - 000000000 ____D C:\Users\moond\Calibre Library

2021-07-23 08:57 - 2021-04-19 21:26 - 000000000 ____D C:\Users\moond\AppData\LocalLow\Adobe

2021-07-23 08:57 - 2021-04-19 07:26 - 000000000 ____D C:\Users\moond\AppData\Local\Adobe

2021-07-23 08:57 - 2021-04-19 07:26 - 000000000 ____D C:\ProgramData\Adobe

2021-07-23 08:57 - 2021-01-19 17:43 - 000000000 ____D C:\Users\moond\AppData\Roaming\Adobe

2021-07-23 08:53 - 2021-04-19 07:30 - 000000000 ____D C:\Program Files (x86)\Adobe

2021-07-22 11:17 - 2021-03-21 08:02 - 000000000 ____D C:\Users\moond\AppData\Local\ElevatedDiagnostics

2021-07-16 09:45 - 2021-02-22 16:22 - 000740152 _____ (Microsoft Corporation) C:\WINDOWS\system32\sedplugins.dll

2021-07-16 09:45 - 2021-02-22 16:22 - 000486712 _____ (Microsoft Corporation) C:\WINDOWS\system32\QualityUpdateAssistant.dll

2021-07-15 15:49 - 2021-01-23 08:22 - 000000000 ____D C:\WINDOWS\system32\MRT

2021-07-15 15:48 - 2021-01-23 08:22 - 133422552 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories ========

2021-04-20 18:43 - 2021-08-08 21:52 - 000000132 _____ () C:\Users\moond\AppData\Roaming\Adobe PNG Format CS6 Prefs

2021-01-21 17:35 - 2021-08-02 16:36 - 000099384 _____ () C:\Users\moond\AppData\Roaming\inst.exe

2021-01-21 17:35 - 2021-08-02 16:36 - 000007859 _____ () C:\Users\moond\AppData\Roaming\pcouffin.cat

2021-01-21 17:35 - 2021-08-02 16:36 - 000001167 _____ () C:\Users\moond\AppData\Roaming\pcouffin.inf

2021-01-21 17:35 - 2021-08-02 16:36 - 000000055 _____ () C:\Users\moond\AppData\Roaming\pcouffin.log

2021-01-21 17:35 - 2021-08-02 16:36 - 000082816 _____ (VSO Software) C:\Users\moond\AppData\Roaming\pcouffin.sys

2021-04-19 21:32 - 2021-08-04 21:37 - 000001456 _____ () C:\Users\moond\AppData\Local\Adobe Save for Web 13.0 Prefs

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-08-2021

Ran by moond (09-08-2021 12:35:57)

Running from C:\Users\moond\Desktop\Virus Checking

Windows 10 Home Version 21H1 19043.1110 (X64) (2021-08-09 02:14:14)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1336835431-166869274-4150396170-500 - Administrator - Disabled)

DefaultAccount (S-1-5-21-1336835431-166869274-4150396170-503 - Limited - Disabled)

Guest (S-1-5-21-1336835431-166869274-4150396170-501 - Limited - Disabled)

moond (S-1-5-21-1336835431-166869274-4150396170-1001 - Administrator - Enabled) => C:\Users\moond

WDAGUtilityAccount (S-1-5-21-1336835431-166869274-4150396170-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}

AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.005.20060 - Adobe Systems Incorporated)

Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.1 - Adobe Systems)

Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)

AOMEI Partition Assistant 9.1 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version: - AOMEI International Network Limited.)

Aslain's WoT Modpack version 1.13.0.1.02 (HKLM-x32\...\Aslains_WoT_Modpack_Installer_is1) (Version: 1.13.0.1.02 - Aslain)

Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 21.6.2474 - Avast Software)

bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name)

Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 92.1.27.111 - Brave Software Inc)

calibre 64bit (HKLM\...\{6DB760DC-BEC5-4727-AA50-722D2881725E}) (Version: 5.9.0 - Kovid Goyal)

Discord (HKU\S-1-5-21-1336835431-166869274-4150396170-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)

Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.101.0 - Google LLC) Hidden

Malwarebytes version 4.4.4.126 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.4.126 - Malwarebytes)

Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 92.0.902.67 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-1336835431-166869274-4150396170-1001\...\OneDriveSetup.exe) (Version: 21.139.0711.0001 - Microsoft Corporation)

Microsoft Update Health Tools (HKLM\...\{852D8FE5-BC66-4061-B1C4-CADF51E5B27D}) (Version: 2.82.0.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24123 (HKLM-x32\...\{206898cc-4b41-4d98-ac28-9f9ae57f91fe}) (Version: 14.0.24123.0 - Microsoft Corporation)

Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 90.0.2 (x64 en-US)) (Version: 90.0.2 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 90.0.2 - Mozilla)

NVIDIA Graphics Driver 457.63 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 457.63 - NVIDIA Corporation)

OpenOffice 4.1.8 (HKLM-x32\...\{963FD672-F116-4AE3-AE25-84B576E610A7}) (Version: 4.18.9803 - Apache Software Foundation)

PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden

ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name)

TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.5.3 - TeamSpeak Systems GmbH)

VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)

Wargaming.net Game Center (HKU\S-1-5-21-1336835431-166869274-4150396170-1001\...\Wargaming.net Game Center) (Version: 21.5.0.5956 - Wargaming.net)

WinRAR 6.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.00.0 - win.rar GmbH)

World of Tanks NA (HKU\S-1-5-21-1336835431-166869274-4150396170-1001\...\WOT.NA.PRODUCTION) (Version: - Wargaming.net)

World_of_Warships (HKU\S-1-5-21-1336835431-166869274-4150396170-1001\...\WOWS.WW.PRODUCTION) (Version: - Wargaming.net)

Packages:

=========

AMD Radeon™ Settings Lite -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.59462344778C5_10.19.40016.0_x64__0a9344xs7nr4m [2021-01-19] (Advanced Micro Devices Inc.)

DTS:X Ultra -> C:\Program Files\WindowsApps\DTSInc.DTSXUltra_1.10.9.0_x64__t5j2fzbtdg37r [2021-07-01] (DTS, Inc.)

HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_129.1.234.0_x64__v10z8vjag6ke6 [2021-07-23] (HP Inc.)

Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-08-08] (Microsoft Corporation) [MS Ad]

Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-08-08] (Microsoft Corporation) [MS Ad]

Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.7290.0_x64__8wekyb3d8bbwe [2021-08-04] (Microsoft Studios) [MS Ad]

MyASUS -> C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_3.0.16.0_x64__qmba6cd70vzyy [2021-07-14] (ASUSTeK COMPUTER INC.)

NFO Viewer -> C:\Program Files\WindowsApps\5480BrunoGiordano.NFOViewer_1.0.1.1_neutral__xzarbek87fvdr [2021-01-21] (Bruno Giordano)

NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-08-08] (NVIDIA Corp.)

Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.26.249.0_x64__dt26b99r8h8gj [2021-06-20] (Realtek Semiconductor Corp)

Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.165.643.0_x86__zpdnekdrzrea0 [2021-08-08] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-07-28] (Avast Software s.r.o. -> AVAST Software)

ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-07-28] (Avast Software s.r.o. -> AVAST Software)

ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat Elements\ContextMenu64.dll [2011-09-05] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-07-28] (Avast Software s.r.o. -> AVAST Software)

ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)

ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)

ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-07-28] (Avast Software s.r.o. -> AVAST Software)

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-07-27] (Malwarebytes Corporation -> Malwarebytes)

ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvam.inf_amd64_21f432cacc7a9a01\nvshext.dll [2021-01-21] (NVIDIA Corporation -> NVIDIA Corporation)

ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat Elements\ContextMenu64.dll [2011-09-05] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-07-28] (Avast Software s.r.o. -> AVAST Software)

ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-07-27] (Malwarebytes Corporation -> Malwarebytes)

ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)

ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2021-08-02 11:05 - 2021-08-09 12:25 - 000167936 _____ () [File not signed] C:\Games\World_of_Tanks_NA\mods\temp\com.modxvm.xfw.native\native_64bit\_ctypes.pyd

2021-08-02 11:05 - 2021-08-09 12:25 - 000050688 _____ (Tsuda Kageyu) [File not signed] C:\Games\World_of_Tanks_NA\mods\temp\com.modxvm.xfw.native\native_64bit\MinHook.x64.dll

2021-08-02 11:05 - 2021-08-09 12:25 - 000207872 _____ (WoT libpython contributors) [File not signed] C:\Games\World_of_Tanks_NA\mods\temp\com.modxvm.xfw.native\native_64bit\python27.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 05:14 - 2019-12-07 05:12 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1336835431-166869274-4150396170-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg

DNS Servers: 192.168.1.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{814ED773-E2C2-4A9F-97AF-DD965634375D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.165.643.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{7E959678-41EC-487D-86AE-F5D27E1ED56B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.165.643.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{7622BD28-A56A-43C3-9A48-F7D4D0188649}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.165.643.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{E6927575-09B2-4C5E-ADDE-412A3A462593}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.165.643.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{DFB81D5D-CF4F-4AFF-92AC-B56705D0B38E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.165.643.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{3C3C59C3-C6AE-4E8B-9460-A1DCA0AE8821}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.165.643.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{EDA78A7E-4479-4E18-B053-6094E0DDFB84}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.165.643.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{4BF93C86-1706-4FE3-9A87-B83C691E8921}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.165.643.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [UDP Query User{482FC0C1-F375-4FA3-A68F-556051F318C8}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe => No File

FirewallRules: [TCP Query User{410746F1-D982-4433-B156-804FFF31F7CF}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe => No File

FirewallRules: [{05C46AAC-DAB6-4E2F-9844-FA76B72107C0}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)

FirewallRules: [{5BF3268B-32E5-4554-B5E5-2062E388F762}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

FirewallRules: [{07389121-9922-4541-9CA3-B87A77AD0EF6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

FirewallRules: [{A0D0E0AB-B2B0-4C02-8F3D-B6388A8AC7A9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{21AF1AAA-6EAE-46D3-9144-18F0DADBFF73}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{D524098E-69E4-4FD8-9463-854CE9ACF8F2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{74D9A269-086E-4191-B6BA-CE1854D4A85B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [UDP Query User{E9184F50-F763-444E-BC70-C3436CACDB4B}C:\games\world_of_tanks_na\win64\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_na\win64\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)

FirewallRules: [TCP Query User{4603173A-AC86-47AD-A700-35EC624C30B0}C:\games\world_of_tanks_na\win64\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_na\win64\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)

FirewallRules: [{49CC1B4E-E589-4DAB-BC08-23259290767A}] => (Allow) LPort=7935

FirewallRules: [{E9E8FDE0-F76A-459A-855B-D089568A476A}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe (Adobe Systems Incorporated -> )

FirewallRules: [{4BDADAE3-46A2-4717-BF20-EB5E416EA67E}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe (Adobe Systems Incorporated -> )

FirewallRules: [UDP Query User{11D864D6-894E-441C-971C-5C8CF290199F}C:\games\world_of_tanks_na\win64\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_na\win64\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)

FirewallRules: [TCP Query User{D7CC9ADE-2176-4C8A-A415-033ED4D76A09}C:\games\world_of_tanks_na\win64\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_na\win64\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)

FirewallRules: [UDP Query User{ECE68012-151A-4C66-BD1B-9BAA17D5FF04}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)

FirewallRules: [TCP Query User{21991367-46A6-4996-AB19-A332DA8FF6F9}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)

FirewallRules: [{C54EA5D1-C903-4A2C-8012-3992D21178FC}] => (Allow) C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSLinkNear\AsusLinkNear.exe (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)

FirewallRules: [{DD46A30A-F6E2-40A1-9E89-546F4B0B8EED}] => (Allow) C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSLinkRemote\AsusLinkRemoteAgent.exe (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)

FirewallRules: [{A189B7C5-8313-41CA-9763-5D6AD0A69F28}] => (Allow) C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSLinkRemote\AsusLinkRemoteAgent.exe (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)

==================== Restore Points =========================

09-08-2021 08:41:31 Windows Modules Installer

09-08-2021 08:42:07 Windows Modules Installer

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:

==================

Error: (08/09/2021 12:11:41 PM) (Source: VSS) (EventID: 13) (User: )

Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.

]

Error: (08/09/2021 08:42:04 AM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)

Description: Product: Microsoft Update Health Tools -- A later version of Microsoft Update Health Tools is already installed. Setup will now exit.

Error: (08/08/2021 10:10:27 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )

Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -1409.

System errors:

=============

Error: (08/08/2021 10:12:07 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The Function Discovery Resource Publication service terminated with the following error:

%%2147952449 = The requested address is not valid in its context.

Error: (08/08/2021 10:10:33 PM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: The Printer Extensions and Notifications service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (08/08/2021 10:10:24 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The Network List Service service terminated with the following error:

The device is not ready.

Error: (08/08/2021 10:05:53 PM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT AUTHORITY)

Description: F:\Device\HarddiskVolume83

CodeIntegrity:

===============

Date: 2021-08-09 12:14:25

Description:

Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2021-08-09 12:13:19

Description:

Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends Inc. FA706IH.316 03/12/2021

Motherboard: ASUSTeK COMPUTER INC. FA706IH

Processor: AMD Ryzen 7 4800H with Radeon Graphics

Percentage of memory in use: 28%

Total physical RAM: 32175.24 MB

Available physical RAM: 23101.66 MB

Total Virtual: 37039.24 MB

Available Virtual: 24535.63 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:953.17 GB) (Free:743.55 GB) NTFS

Drive d: () (Fixed) (Total:931.5 GB) (Free:733.35 GB) NTFS