Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

My first thought is that I'm infected [Solved]


  • This topic is locked This topic is locked

#1
moondog830

moondog830

    Member

  • Member
  • PipPipPip
  • 804 posts

I have a few programs running 'not quite' like they should. My first thought is always to ask for help with making sure I don't have any type of virus or malware or stuff like that. sooo here I am.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-10-2022
Ran by moond (administrator) on PAPASASUS (ASUSTeK COMPUTER INC. ASUS TUF Gaming A17 FA706IH_TUF706IH) (29-10-2022 07:31:30)
Running from C:\Users\moond\Desktop
Loaded Profiles: moond
Platform: Microsoft Windows 11 Home Version 21H2 22000.1098 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ASUSACCI\ArmouryCrateControlInterface.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\ASUSACCI\ArmouryCrateKeyControl.exe
(ASUSACCI\ArmouryCrateControlInterface.exe ->) (ASUSTEK COMPUTER INCORPORATION -> ASUSTeK COMPUTER INC.) C:\Windows\System32\ASUSACCI\ACCIMonitor.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe <4>
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe <24>
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
(C:\Games\World_of_Tanks_NA\win64\WorldOfTanks.exe ->) (Wargaming.net Limited -> Wargaming.net) C:\Games\World_of_Tanks_NA\win64\cef_browser_process.exe
(C:\Games\World_of_Tanks_NA\win64\WorldOfTanks.exe ->) (Wargaming.net Limited -> Wargaming.net) C:\Games\World_of_Tanks_NA\win64\WargamingErrorMonitor.exe
(C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe ->) (Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.133\BraveCrashHandler.exe
(C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe ->) (Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.133\BraveCrashHandler64.exe
(C:\Program Files\Avast Software\Avast\AvastSvc.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(C:\Program Files\WindowsApps\MicrosoftTeams_22273.905.1632.1008_x64__8wekyb3d8bbwe\msteams.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\106.0.1370.52\msedgewebview2.exe <6>
(C:\ProgramData\Wargaming.net\GameCenter\wgc.exe ->) (Wargaming.net Limited -> Wargaming.net) C:\ProgramData\Wargaming.net\GameCenter\dlls\wgc_renderer_host.exe <3>
(C:\ProgramData\Wargaming.net\GameCenter\wgc.exe ->) (Wargaming.net Limited -> Wargaming.net) C:\ProgramData\Wargaming.net\GameCenter\wargamingerrormonitor.exe
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe
(DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSOptimization\AsusOptimization.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSOptimization\AsusOptimizationStartupTask.exe
(DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSSoftwareManager\AsusSoftwareManager.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSSoftwareManager\AsusSoftwareManagerAgent.exe
(DriverStore\FileRepository\u0374997.inf_amd64_db9f85480b2603ac\B374840\atiesrxx.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0374997.inf_amd64_db9f85480b2603ac\B374840\atieclxx.exe
(explorer.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Cleanup\TuneupUI.exe <4>
(explorer.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Driver Updater\DriverUpdUI.exe <4>
(GameBarPresenceWriter.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSOptimization\AsusOSD.exe
(Nvidia Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(services.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0374997.inf_amd64_db9f85480b2603ac\B374840\atiesrxx.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSLinkRemote\AsusLinkRemote.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\ASUSACCI\ArmouryCrateControlInterface.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\AsusAppService\AsusAppService.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSLinkNear\AsusLinkNear.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSOptimization\AsusOptimization.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSSoftwareManager\AsusSoftwareManager.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSSwitch\AsusSwitch.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSSystemAnalysis\AsusSystemAnalysis.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSSystemDiagnosis\AsusSystemDiagnosis.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Cleanup\TuneupSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Driver Updater\DriverUpdSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\SecureLine VPN\VpnSvc.exe
(services.exe ->) (Canon Inc. -> ) C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(services.exe ->) (DTS, Inc. -> DTS Inc.) C:\Windows\System32\DTS\PC\APO4x\DtsApo4Service.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvamsig.inf_amd64_6d39aa2e4cd594f0\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_7634c653537a72fc\RtkAudUService64.exe <2>
(svchost.exe ->) (Adobe Systems Incorporated) C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(svchost.exe ->) (Adobe Systems Incorporated) C:\Program Files\WindowsApps\AdobeNotificationClient_3.0.1.1_x86__enpm4xejd91yc\AdobeNotificationClient.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2204.13303.0_x64__8wekyb3d8bbwe\Cortana.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22072.207.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\GameBarPresenceWriter.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\amd64\MoUsoCoreWorker.exe
(svchost.exe ->) (Realtek Semiconductor Corp) C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.26.249.0_x64__dt26b99r8h8gj\RtkUWP.exe
(Wargaming.net Limited -> Wargaming.net) C:\Games\World_of_Tanks_NA\win64\WorldOfTanks.exe
(Wargaming.net Limited -> Wargaming.net) C:\ProgramData\Wargaming.net\GameCenter\wgc.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [212184 2022-10-18] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [TuneupUI.exe] => C:\Program Files\Avast Software\Cleanup\TuneupUI.exe [4125408 2022-09-08] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [DriverUpdUI.exe] => C:\Program Files\Avast Software\Driver Updater\DriverUpdUI.exe [4573048 2022-10-18] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrotray.exe [6957520 2022-10-16] (Adobe Inc. -> Adobe Systems Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2011-09-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2904984 2011-09-05] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX2] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe [278440 2019-12-05] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [850208 2022-05-03] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-08-04] (Adobe Inc. -> )
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-1336835431-166869274-4150396170-1001\...\Run: [Wargaming.net Game Center] => C:\ProgramData\Wargaming.net\GameCenter\wgc.exe [2148528 2022-10-12] (Wargaming.net Limited -> Wargaming.net)
HKU\S-1-5-21-1336835431-166869274-4150396170-1001\...\Run: [Discord] => C:\Users\moond\AppData\Local\Discord\Update.exe [1512616 2022-02-17] (Discord Inc. -> GitHub)
HKU\S-1-5-21-1336835431-166869274-4150396170-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [7222736 2022-10-16] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-1336835431-166869274-4150396170-1001\...\Run: [MicrosoftEdgeAutoLaunch_F772645FA73EE81AB012C53C5294BF88] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3852232 2022-10-20] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\Canon TR4700 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDHL.DLL [543744 2021-07-11] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [203936 2022-04-07] (Adobe Inc. -> Adobe Systems Inc)
HKLM\...\Print\Monitors\Canon BJ FAX Language Monitor TR4700 series: C:\WINDOWS\system32\CNCALHL.DLL [266752 2021-03-24] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor TR4700 series: C:\WINDOWS\system32\CNMLMHL.DLL [989184 2021-07-11] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\HP C211 Status Monitor: C:\WINDOWS\system32\hpinkstsC211LM.dll [333496 2012-12-15] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP Deskjet 2540 series): C:\WINDOWS\system32\HPDiscoPMC211.dll [763912 2014-03-06] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe [2022-10-12] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\107.1.45.116\Installer\chrmstp.exe [2022-10-28] (Brave Software, Inc. -> Brave Software, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] -> 
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0610B03E-8B5C-4BFC-9CC4-414911CF7FFF} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [38504 2021-05-09] (HP Inc. -> HP Inc.)
Task: {136275DC-0C78-40D3-9F0B-E89147ECF19C} - System32\Tasks\Avast Software\Avast Cleanup Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-tu\icarus.exe [6803168 2022-09-06] (Avast Software s.r.o. -> Avast Software)
Task: {281CE78A-D24C-4FD8-A9B1-89A92694B01F} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\Explorer.exe /NoUACCheck
Task: {2B627E2B-E5B1-40C7-80FC-536C2F83C2F1} - System32\Tasks\EZCastLiteSchedule => C:\Program Files (x86)\EZCast Lite\EZCast Lite.exe [7510080 2021-07-19] (Actions Microelectronics Co., Ltd. -> Actions-Micro)
Task: {3051A071-F54B-4699-B7C8-531CCCC50C47} - System32\Tasks\Avast Software\Avast Driver Updater Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-du\icarus.exe [6803168 2022-10-17] (Avast Software s.r.o. -> Avast Software)
Task: {49E18F10-DEDC-44AF-9FCE-9B2038544374} - System32\Tasks\Avast Software\Avast SecureLine VPN Bug Report => C:\Program Files\Avast Software\SecureLine VPN\AvBugReport.exe [4690136 2022-10-04] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 11 --programpath "C:\Program Files\Avast Software\SecureLine VPN" --configpath "C:\ProgramData\Avast Software\SecureLine VPN" --path "C:\ProgramData\Avast Software\SecureLine VPN\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --logpath "C:\ProgramData\Avast Software\SecureLine VPN\log" --guid 552f9dc5-94ed-4d5e-b7b2-b93824f85ef3
Task: {572292CC-69ED-4020-A3B4-ADDDF757543E} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162384 2021-01-20] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {58AFADEC-8880-48FE-9D02-C438F829EDE3} - System32\Tasks\Avast Software\Avast Driver Updater BugReport => C:\Program Files\Avast Software\Driver Updater\AvBugReport.exe [4738936 2022-10-18] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 148 --programpath "C:\Program Files\Avast Software\Driver Updater\Setup\.." --configpath "C:\Program Files\Avast Software\Driver Updater\Setup" --path "C:\ProgramData\Avast Software\Driver Updater\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --guid 22df31ab-a58d-4fd4-b7d6-425383365b36
Task: {5CB86629-F44D-482B-B472-9C223FED4821} - System32\Tasks\Avast Software\Avast SecureLine VPN Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-vpn\icarus.exe [6694224 2022-09-29] (Avast Software s.r.o. -> Avast Software)
Task: {612BA602-6D05-4D29-8E84-8E75FB8AEE13} - System32\Tasks\RtkAudUService64_BG => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_7634c653537a72fc\RtkAudUService64.exe [1257832 2021-04-19] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {6C1D5EF9-B9D8-4C56-B8BF-75281C4E92E2} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646344 2022-03-30] (Nvidia Corporation -> NVIDIA Corporation)
Task: {72601914-7B37-461A-A594-8ED4C82CAC79} - System32\Tasks\Avast SecureLine VPN Update => C:\Program Files\Avast Software\SecureLine VPN\VpnUpdate.exe [1213144 2022-10-04] (Avast Software s.r.o. -> AVAST Software)
Task: {75FD80C8-8F07-45B7-A599-DD65719D5DF4} - System32\Tasks\GoogleUpdateTaskMachineCore{F46C9215-7F89-4CDF-AA01-E76EADE99F45} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2022-09-18] (Google LLC -> Google LLC)
Task: {79DC8831-5F63-43B3-8C6A-F047EB383E56} - System32\Tasks\Avast Software\Avast Cleanup BugReport => C:\Program Files\Avast Software\Cleanup\AvBugReport.exe [4737760 2022-09-08] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 62 --programpath "C:\Program Files\Avast Software\Cleanup\Setup\.." --configpath "C:\Program Files\Avast Software\Cleanup\Setup" --path "C:\ProgramData\Avast Software\Cleanup\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --guid 6eefc755-099d-4c91-835b-2025da40e7f6
Task: {7C95D745-B6E4-428A-A33A-68382EFF1395} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162384 2021-01-20] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {9497BCC4-4AD9-4C8D-945D-46C8E206A087} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1654272 2022-03-30] (Nvidia Corporation -> NVIDIA Corporation)
Task: {9520D177-3203-43DC-8D0A-30F8ABE2DCE7} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1654272 2022-03-30] (Nvidia Corporation -> NVIDIA Corporation)
Task: {991F9051-A545-4BAE-89CA-CADE87109017} - System32\Tasks\ASUS Update Checker 2.0 => C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSSoftwareManager\AsusUpdateChecker.exe [788104 2022-09-29] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
Task: {A0AD632A-6516-4157-A914-218093A47A16} - System32\Tasks\EZCastLiteRestartSchedule => C:\Program Files (x86)\EZCast Lite\EZCastLiteService.exe [464384 2021-07-19] () [File not signed]
Task: {A58B0594-DE85-48CB-892C-1C4695CD1F57} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906752 2022-03-30] (Nvidia Corporation -> NVIDIA Corporation)
Task: {A617CD82-80BF-44BA-B288-95EC1A9E1AC7} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1654272 2022-03-30] (Nvidia Corporation -> NVIDIA Corporation)
Task: {AE7F71B1-E947-4BBA-A85E-3B789DB1C73E} - System32\Tasks\AsusSystemAnalysis_754F3273-0563-4F20-B12F-826510B07474 => C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSSystemAnalysis\AsusSystemAnalysis.exe [3606640 2022-09-29] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
Task: {B1878CD6-9F02-4923-B022-2894D26D5018} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2250576 2022-05-24] (Avast Software s.r.o. -> Avast Software)
Task: {B6570F7E-D8F3-4749-9132-677A623C7A14} - System32\Tasks\ASUS Optimization 36D18D69AFC3 => C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSOptimization\AsusHotkey.exe [262768 2022-09-29] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
Task: {C1ACC763-D7C2-4772-A331-D841049599C3} - System32\Tasks\GoogleUpdateTaskMachineUA{D4557FAF-5905-4BF8-B1EC-1B1F7F78F0FC} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2022-09-18] (Google LLC -> Google LLC)
Task: {C3F28CE5-D114-4EB6-A86D-5DAC77B63ED6} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe (No File)
Task: {D41DC0E0-9A88-445B-9505-AEA1EAA0132B} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1003128 2022-03-01] (Nvidia Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {D5AC0049-CBDB-42A7-94E2-5A8AB41BC0CE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1552376 2022-09-26] (Adobe Inc. -> Adobe Inc.)
Task: {E63DDCD2-C243-420D-90FF-84F183FA5C78} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3342080 2022-03-30] (Nvidia Corporation -> NVIDIA Corporation)
Task: {EF51EAA1-D373-4B35-9299-AD3165607DFD} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4936920 2022-10-18] (Avast Software s.r.o. -> AVAST Software)
Task: {F6B05367-8DA6-476B-8116-0F0102EF14AE} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906752 2022-03-30] (Nvidia Corporation -> NVIDIA Corporation)
Task: {FA5CE3D5-2CC5-417F-BF4B-C352928CA15F} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1654272 2022-03-30] (Nvidia Corporation -> NVIDIA Corporation)
Task: {FA8D69C7-2FD2-4530-BC17-4169781B22A0} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [38504 2021-05-09] (HP Inc. -> HP Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{34cffc01-6eb7-4453-b095-06476a6f1e47}: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{60a98253-bdd0-4097-a412-ca32dc4c5f9b}: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{a922eb1e-d865-4821-8d4b-22e060248836}: [DhcpNameServer] 192.168.1.1
 
Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\moond\AppData\Local\Microsoft\Edge\User Data\Default [2022-10-29]
 
FireFox:
========
FF DefaultProfile: 5r1le8jy.default
FF ProfilePath: C:\Users\moond\AppData\Roaming\Mozilla\Firefox\Profiles\5r1le8jy.default [2022-03-28]
FF ProfilePath: C:\Users\moond\AppData\Roaming\Mozilla\Firefox\Profiles\ha90f5gz.default-release [2022-06-11]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2021-02-01]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2022-10-16] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2022-05-03] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2011-09-05] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2022-05-03] (Adobe Inc. -> Adobe Systems)
 
Chrome: 
=======
CHR Profile: C:\Users\moond\AppData\Local\Google\Chrome\User Data\Default [2022-10-05]
CHR HomePage: Default -> hxxp://home.myhughesnet.com/
CHR StartupUrls: Default -> "hxxp://myhughesnet.hughesnet.com/","hxxps://mail.google.com/mail/u/0/#inbox","hxxp://www.militaryzone.info/forum/index.php","hxxp://ebooks-shares.org/account-login.php?returnto=%2F","hxxps://www.willsub.com/index.asp?fuseaction=WillsubError.SessionTimeOut","hxxps://login.frontlineeducation.com/login?signin=6cd246aa1e5290bfed2e8d6dd28f886d&productId=ABSMGMT&clientId=ABSMGMT#/login","hxxps://rarbg.to/"
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> duckduckgo.com
CHR DefaultNewTabURL: Default -> hxxps://duckduckgo.com/chrome_newtab
CHR DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Session Restore: Default -> is enabled.
CHR Extension: (Safe Torrent Scanner) - C:\Users\moond\AppData\Local\Google\Chrome\User Data\Default\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb [2022-09-18]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\moond\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2022-09-18]
CHR Extension: (Avast Passwords) - C:\Users\moond\AppData\Local\Google\Chrome\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2022-09-18]
CHR Extension: (Readium) - C:\Users\moond\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl [2022-09-18]
CHR Extension: (Google Docs Offline) - C:\Users\moond\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-09-18]
CHR Extension: (Michigan Wolverines Small) - C:\Users\moond\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpjbpcfmjfmecnhojjemfbngbcoejccl [2022-09-18]
CHR Extension: (Capital One Shopping: Add to Chrome for Free) - C:\Users\moond\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2022-09-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\moond\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-09-18]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
 
Brave: 
=======
BRA DefaultProfile: Default
BRA Profile: C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2022-10-29]
BRA Notifications: Default -> hxxps://services.hughesnet.com; hxxps://www.elcorreo.com
BRA NewTab: Default ->  Not-active:"chrome-extension://dchlgjjknnfihkdbkknkhdkneiajdboe/newtab/index.html"
BRA DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}&t=brave
BRA DefaultSearchKeyword: Default -> :D
BRA DefaultSuggestURL: Default -> hxxps://ac.duckduckgo.com/ac/?q={searchTerms}&type=list
BRA Session Restore: Default -> is enabled.
BRA Extension: (Google Translate) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2022-03-10]
BRA Extension: (Sci-Fi Art New Tab) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\dchlgjjknnfihkdbkknkhdkneiajdboe [2021-09-10]
BRA Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2022-10-19]
BRA Extension: (Avast Passwords) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2021-01-20]
BRA Extension: (Capital One Shopping: Add to Chrome for Free) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2022-10-29]
BRA Profile: C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\Guest Profile [2022-04-23]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2022-10-28]
BRA Extension: (Brave NTP background images) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2022-08-12]
BRA Extension: (Wallet Data Files Updater) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\BraveWallet [2022-09-19]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2022-10-29]
BRA Extension: (Brave NTP sponsored images) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe [2022-10-29]
BRA Extension: (Brave SpeedReader Updater) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2022-03-10]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2022-10-25]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2022-09-26] (Adobe Inc. -> Adobe Inc.)
S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [919328 2022-05-03] (Adobe Inc. -> Adobe Inc.)
R2 ArmouryCrateControlInterface; C:\WINDOWS\System32\ASUSACCI\ArmouryCrateControlInterface.exe [1181296 2022-08-18] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 AsusAppService; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\AsusAppService\AsusAppService.exe [901240 2022-09-29] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 ASUSLinkNear; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSLinkNear\AsusLinkNear.exe [1179728 2022-09-29] (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
R2 ASUSLinkRemote; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSLinkRemote\AsusLinkRemote.exe [764560 2022-09-29] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​)
R2 ASUSOptimization; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSOptimization\AsusOptimization.exe [381536 2022-09-29] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 ASUSSoftwareManager; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSSoftwareManager\AsusSoftwareManager.exe [1082992 2022-09-29] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 ASUSSwitch; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSSwitch\AsusSwitch.exe [633968 2022-09-29] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 ASUSSystemAnalysis; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSSystemAnalysis\AsusSystemAnalysis.exe [3606640 2022-09-29] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 ASUSSystemDiagnosis; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSSystemDiagnosis\AsusSystemDiagnosis.exe [790128 2022-09-29] (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.)
R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [8539152 2022-10-18] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [592600 2022-10-18] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [592600 2022-10-18] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2021-05-20] (Avast Software s.r.o. -> AVAST Software)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162384 2021-01-20] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162384 2021-01-20] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 CleanupPSvc; C:\Program Files\Avast Software\Cleanup\TuneupSvc.exe [15464160 2022-09-08] (Avast Software s.r.o. -> AVAST Software)
S3 dcsvc; C:\WINDOWS\system32\dcsvc.dll [831488 2022-09-15] (Microsoft Windows -> Microsoft Corporation)
R2 DriverUpdSvc; C:\Program Files\Avast Software\Driver Updater\DriverUpdSvc.exe [7702904 2022-10-18] (Avast Software s.r.o. -> AVAST Software)
R2 DtsApo4Service; C:\WINDOWS\System32\DTS\PC\APO4x\DtsApo4Service.exe [223352 2021-11-15] (DTS, Inc. -> DTS Inc.)
S4 EZCastLiteService; C:\Program Files (x86)\EZCast Lite\EZCastLiteService.exe [464384 2021-07-19] () [File not signed]
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [288360 2021-05-09] (HP Inc. -> HP Inc.)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [445432 2021-04-19] (Canon Inc. -> )
R2 SecureLine; C:\Program Files\Avast Software\SecureLine VPN\VpnSvc.exe [9332952 2022-10-04] (Avast Software s.r.o. -> AVAST Software)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [2599312 2021-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [128376 2021-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 BraveElevationService; "C:\Program Files\BraveSoftware\Brave-Browser\Application\107.1.45.116\elevation_service.exe" [X]
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvamsig.inf_amd64_6d39aa2e4cd594f0\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvamsig.inf_amd64_6d39aa2e4cd594f0\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 amdfendrmgr; C:\WINDOWS\System32\drivers\amdfendrmgr.sys [33216 2021-12-02] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R3 amdwddmg; C:\WINDOWS\System32\DriverStore\FileRepository\u0374997.inf_amd64_db9f85480b2603ac\B374840\amdkmdag.sys [81589608 2021-12-20] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
S3 ampa; C:\Windows\system32\ampa.sys [38320 2017-02-28] (CHENGDU AOMEI Tech Co., Ltd. -> )
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R3 AsusPTPDrv; C:\WINDOWS\System32\DriverStore\FileRepository\asusptpfilter.inf_amd64_314b5cb6bf57f471\AsusPTPFilter.sys [116712 2021-12-02] (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.)
R3 AsusSAIO; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSSystemAnalysis\AsusSAIO.sys [46704 2022-09-29] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [42304 2022-10-18] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [238152 2022-10-18] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [390096 2022-10-18] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [306128 2022-10-18] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [105936 2022-10-18] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [25576 2022-10-13] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [48512 2022-10-18] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [276520 2022-10-18] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [564304 2022-10-18] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [114464 2022-10-18] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [90008 2022-10-18] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [862936 2022-10-18] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [672272 2022-10-18] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [221944 2022-10-18] (Avast Software s.r.o. -> AVAST Software)
S3 aswTap; C:\WINDOWS\System32\drivers\aswTap.sys [53904 2021-11-01] (AVAST Software s.r.o. -> The OpenVPN Project)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [327896 2022-10-18] (Avast Software s.r.o. -> AVAST Software)
S3 aswVpnRdr; C:\WINDOWS\System32\drivers\aswVpnRdr.sys [65944 2022-06-09] (Avast Software s.r.o. -> Avast Software)
R3 aswWintun; C:\WINDOWS\System32\drivers\aswWintun.sys [37104 2021-11-01] (Avast Software s.r.o. -> WireGuard LLC)
R1 ATKWMIACPIIO; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSOptimization\AsusWmiAcpi.sys [45240 2022-09-29] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [507904 2021-12-18] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [180224 2021-12-18] (Microsoft Corporation) [File not signed]
S3 BTHMODEM; C:\WINDOWS\System32\drivers\bthmodem.sys [98304 2021-06-05] (Microsoft Corporation) [File not signed]
S3 ddmdrv; C:\Windows\system32\ddmdrv.sys [35760 2016-12-27] (CHENGDU AOMEI Tech Co., Ltd. -> )
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [160376 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 extensionDriverBus; C:\WINDOWS\System32\drivers\extensionDriverBus.sys [71648 2021-07-19] (WDKTestCert DELL,131620322850133711 -> Actions Microelectronics Co., Ltd.)
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsRadioControl.sys [33424 2021-07-18] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48552 2022-03-17] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation)
S3 rtcx21; C:\WINDOWS\System32\DriverStore\FileRepository\rtcx21x64.inf_amd64_d2a498d51a4f7bec\rtcx21x64.sys [409000 2021-06-01] (Realtek Semiconductor Corp. -> Realtek)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167544 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [49560 2021-06-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [421112 2021-06-05] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [73960 2021-06-05] (Microsoft Windows -> Microsoft Corporation)
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
NETSVC: DcSvc -> C:\Windows\system32\dcsvc.dll (Microsoft Corporation)
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2022-10-29 07:31 - 2022-10-29 07:31 - 000042217 _____ C:\Users\moond\Desktop\FRST.txt
2022-10-29 07:30 - 2022-10-29 07:31 - 000000000 ____D C:\FRST
2022-10-29 07:30 - 2022-10-29 07:30 - 000000000 ____D C:\Users\moond\Desktop\FRST-OlderVersion
2022-10-29 07:29 - 2022-10-29 07:30 - 002374144 _____ (Farbar) C:\Users\moond\Desktop\FRST64.exe
2022-10-28 23:16 - 2022-10-28 23:16 - 000002061 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2022-10-28 11:22 - 2022-10-28 11:22 - 000047318 _____ C:\Users\moond\Desktop\Bear.svg
2022-10-26 06:39 - 2022-10-26 06:41 - 000000000 ____D C:\Users\moond\AppData\Local\PingPlotter 5
2022-10-26 06:39 - 2022-10-26 06:39 - 000000000 ____D C:\ProgramData\PingPlotter 5
2022-10-26 06:39 - 2022-10-26 06:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PingPlotter 5
2022-10-26 06:39 - 2022-10-26 06:39 - 000000000 ____D C:\Program Files (x86)\PingPlotter 5
2022-10-26 06:38 - 2022-10-26 06:38 - 000000000 ____D C:\Users\moond\AppData\Roaming\Downloaded Installations
2022-10-24 17:53 - 2022-10-24 19:40 - 088309491 _____ (Aslain ) C:\Users\moond\Downloads\Aslains_WoT_Modpack_Installer_v.1.18.1.1_05.exe
2022-10-24 12:49 - 2022-10-24 12:49 - 000000048 ____H C:\Program Files (x86)\shj1nedza4.dat
2022-10-22 09:26 - 2022-10-22 09:26 - 000347806 _____ C:\Users\moond\Downloads\Wargaming.net Premium Shop.html
2022-10-22 09:26 - 2022-10-22 09:26 - 000000000 ____D C:\Users\moond\Downloads\Wargaming.net Premium Shop_files
2022-10-18 21:05 - 2022-10-18 21:05 - 000007858 _____ C:\Users\moond\AppData\Local\recently-used.xbel
2022-10-18 20:21 - 2022-10-18 20:21 - 000000000 ____D C:\Users\moond\AppData\Local\gtk-3.0
2022-10-18 17:46 - 2022-10-18 17:46 - 000343538 _____ C:\Users\moond\Desktop\do it best work.psd
2022-10-18 15:36 - 2022-10-18 15:36 - 000270552 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2022-10-18 15:36 - 2022-10-18 15:36 - 000221944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2022-10-17 10:44 - 2022-10-18 21:04 - 000000000 ____D C:\Users\moond\.dbus-keyrings
2022-10-17 10:44 - 2022-10-18 20:50 - 000000000 ____D C:\Users\moond\AppData\Roaming\inkscape
2022-10-17 10:44 - 2022-10-17 10:44 - 000000000 ____D C:\Users\moond\AppData\Local\fontconfig
2022-10-17 10:32 - 2022-10-17 10:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape
2022-10-17 10:31 - 2022-10-17 10:32 - 000000000 ____D C:\Program Files\Inkscape
2022-10-16 08:55 - 2022-10-16 08:55 - 001188883 _____ C:\Users\moond\Desktop\Bear.ai
2022-10-15 20:32 - 2022-10-16 20:55 - 002085748 _____ C:\Users\moond\Desktop\Monthly Report Sheet.psd
2022-10-13 10:30 - 2022-10-13 10:30 - 000025576 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
2022-10-13 09:35 - 2022-10-13 09:35 - 000550216 _____ C:\Users\moond\Desktop\football helmet template.psd
2022-10-12 15:25 - 2022-10-12 15:25 - 000077824 _____ C:\WINDOWS\system32\runexehelper.exe
2022-10-12 15:25 - 2022-10-12 15:25 - 000015501 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-10-12 15:24 - 2022-10-12 15:24 - 000000000 ___HD C:\$WinREAgent
2022-10-12 13:48 - 2022-10-25 07:15 - 000000901 _____ C:\Users\moond\Desktop\Aslains WoT Logs Archiver.lnk
2022-10-12 12:23 - 2022-10-12 12:23 - 000001657 _____ C:\Users\moond\Desktop\World of Tanks NA.lnk
2022-10-12 07:30 - 2022-10-28 23:16 - 000002084 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller.lnk
2022-10-12 07:30 - 2022-10-28 23:16 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2022-10-10 13:15 - 2022-10-10 13:17 - 000000000 ____D C:\Users\moond\Desktop\WG Check
2022-10-07 14:51 - 2022-10-07 14:51 - 000000000 ____D C:\Users\moond\Downloads\Stevie Collier part collection [epub mobi txt]
2022-10-07 14:51 - 2022-10-07 14:51 - 000000000 ____D C:\Users\moond\Downloads\John Steakley - Armor
2022-10-07 14:41 - 2022-10-28 11:28 - 000000000 ____D C:\Users\moond\Downloads\Aaron Hodges [epub mobi txt]
2022-10-07 14:41 - 2022-10-07 14:41 - 000000000 ____D C:\Users\moond\Downloads\The.Greatest.Beer.Run.Ever.2022.WEBRip.x264-ION10
2022-10-07 14:41 - 2022-10-07 14:41 - 000000000 ____D C:\Users\moond\Downloads\John Walker 001 [epub mobi txt]
2022-10-07 14:40 - 2022-10-07 14:40 - 000000000 ____D C:\Users\moond\Downloads\The.Man.Who.Would.Be.King.1975.720p.BluRay.H264.AAC-RARBG
2022-09-30 12:46 - 2022-09-30 12:49 - 000081805 _____ C:\Users\moond\Desktop\flying G logo.psd
2022-09-30 09:45 - 2022-10-01 07:41 - 000016539 _____ C:\Users\moond\Desktop\5th and 6th Football.odt
2022-09-30 09:44 - 2022-10-01 07:41 - 000016189 _____ C:\Users\moond\Desktop\3rd and 4th Football.odt
2022-09-30 09:44 - 2022-10-01 07:40 - 000016502 _____ C:\Users\moond\Desktop\7th and 8th Football.odt
2022-09-29 11:02 - 2022-09-29 11:02 - 000315392 _____ C:\WINDOWS\system32\EsclScan.dll
2022-09-29 11:02 - 2022-09-29 11:02 - 000192512 _____ C:\WINDOWS\system32\EsclProtocol.dll
2022-09-29 11:01 - 2022-09-29 11:01 - 000335872 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2022-10-29 07:32 - 2021-12-18 06:39 - 000003542 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2022-10-29 07:32 - 2021-12-18 06:39 - 000002868 _____ C:\WINDOWS\system32\Tasks\[email protected]
2022-10-29 07:31 - 2021-06-05 08:10 - 000000000 ___HD C:\Program Files\WindowsApps
2022-10-29 07:31 - 2021-06-05 08:10 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-10-29 07:28 - 2021-01-20 10:26 - 000000000 ____D C:\Program Files (x86)\Google
2022-10-29 07:18 - 2021-06-05 08:10 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-10-29 06:29 - 2021-12-18 06:26 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-10-29 04:11 - 2021-06-05 08:10 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2022-10-29 04:11 - 2021-06-05 08:09 - 000000000 ____D C:\WINDOWS\INF
2022-10-29 04:11 - 2021-01-20 10:59 - 000000000 ____D C:\ProgramData\NVIDIA
2022-10-29 01:38 - 2021-12-18 06:39 - 000004166 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{F72DE0B7-2B4B-4E73-8B7D-3F2978127DCD}
2022-10-28 23:16 - 2021-06-05 08:10 - 000000000 ____D C:\WINDOWS\SystemTemp
2022-10-28 18:52 - 2022-07-19 21:02 - 000000000 ____D C:\Users\moond\AppData\Roaming\uTorrent
2022-10-28 18:41 - 2021-12-22 15:33 - 000000000 ____D C:\Users\moond\Desktop\torrts
2022-10-28 18:39 - 2021-05-17 06:37 - 000000000 ___RD C:\Users\moond\Desktop\books for checking
2022-10-28 18:38 - 2022-07-07 13:58 - 000000000 ____D C:\Users\moond\AppData\Local\BitTorrentHelper
2022-10-28 11:53 - 2021-01-20 10:08 - 000002364 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2022-10-28 06:19 - 2021-12-18 06:39 - 000003752 _____ C:\WINDOWS\system32\Tasks\AsusSystemAnalysis_754F3273-0563-4F20-B12F-826510B07474
2022-10-28 06:13 - 2022-04-18 20:56 - 000000000 ____D C:\Users\moond\AppData\Local\Discord
2022-10-28 06:13 - 2021-03-09 11:45 - 000000000 ____D C:\Users\moond\AppData\Roaming\discord
2022-10-28 06:13 - 2021-01-19 17:42 - 000000000 ____D C:\WINDOWS\system32\ASUSACCI
2022-10-27 17:59 - 2021-01-20 11:04 - 000000000 ____D C:\Users\moond\AppData\Roaming\TS3Client
2022-10-27 06:09 - 2021-01-19 17:43 - 000000000 ____D C:\Users\moond\AppData\Local\D3DSCache
2022-10-26 20:33 - 2021-01-20 23:30 - 000000000 ____D C:\Users\moond\AppData\Roaming\calibre
2022-10-26 19:55 - 2021-12-18 06:39 - 000004122 _____ C:\WINDOWS\system32\Tasks\ASUS Update Checker 2.0
2022-10-26 19:55 - 2021-12-18 06:39 - 000003756 _____ C:\WINDOWS\system32\Tasks\ASUS Optimization 36D18D69AFC3
2022-10-26 17:16 - 2021-01-20 12:28 - 000000000 ____D C:\Users\moond\AppData\Roaming\vlc
2022-10-26 12:45 - 2021-12-18 06:39 - 000003366 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1336835431-166869274-4150396170-1001
2022-10-26 12:45 - 2021-08-08 22:00 - 000002379 _____ C:\Users\moond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-10-26 09:49 - 2022-09-18 08:23 - 000003424 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA{D4557FAF-5905-4BF8-B1EC-1B1F7F78F0FC}
2022-10-26 09:49 - 2022-09-18 08:23 - 000003200 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore{F46C9215-7F89-4CDF-AA01-E76EADE99F45}
2022-10-26 09:49 - 2022-03-26 10:24 - 000002914 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-10-26 09:49 - 2022-03-26 10:23 - 000003398 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-10-26 09:49 - 2021-12-18 06:39 - 000003464 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-10-26 09:49 - 2021-12-18 06:39 - 000003240 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-10-26 09:49 - 2021-12-18 06:39 - 000003062 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1336835431-166869274-4150396170-1001
2022-10-26 09:49 - 2021-12-18 06:39 - 000002854 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1336835431-166869274-4150396170-500
2022-10-26 09:49 - 2021-12-18 06:39 - 000002588 _____ C:\WINDOWS\system32\Tasks\CreateExplorerShellUnelevatedTask
2022-10-26 09:49 - 2021-12-18 06:39 - 000002452 _____ C:\WINDOWS\system32\Tasks\RtkAudUService64_BG
2022-10-26 09:49 - 2021-12-18 06:39 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2022-10-25 20:06 - 2021-12-18 06:27 - 000000000 ____D C:\Users\moond
2022-10-25 19:15 - 2021-12-18 06:45 - 000803404 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-10-25 19:11 - 2021-12-18 06:39 - 000004028 _____ C:\WINDOWS\system32\Tasks\Avast SecureLine VPN Update
2022-10-25 19:11 - 2021-12-18 06:39 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-10-25 19:11 - 2020-09-27 10:50 - 000012288 ___SH C:\DumpStack.log.tmp
2022-10-25 16:29 - 2020-09-27 10:53 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-10-25 15:19 - 2021-07-27 11:29 - 000000000 ____D C:\Users\moond\Desktop\mods for wot
2022-10-25 15:19 - 2021-04-20 18:43 - 000000132 _____ C:\Users\moond\AppData\Roaming\Adobe PNG Format CS6 Prefs
2022-10-23 17:38 - 2021-12-18 06:39 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2022-10-22 07:08 - 2022-04-18 20:56 - 000002227 _____ C:\Users\moond\Desktop\Discord.lnk
2022-10-21 11:07 - 2022-02-19 19:17 - 000000000 ____D C:\Users\moond\Desktop\movies to watch
2022-10-21 11:01 - 2021-04-20 16:34 - 000000000 ____D C:\Users\moond\Desktop\cup work
2022-10-20 21:43 - 2022-09-19 20:13 - 000000000 ____D C:\WINDOWS\Minidump
2022-10-20 21:43 - 2021-01-21 18:01 - 000000000 ____D C:\Users\moond\AppData\Local\CrashDumps
2022-10-20 11:05 - 2021-04-19 21:32 - 000001456 _____ C:\Users\moond\AppData\Local\Adobe Save for Web 13.0 Prefs
2022-10-20 07:26 - 2021-06-23 12:30 - 000000000 ____D C:\Users\moond\Desktop\memes
2022-10-20 07:02 - 2021-01-19 17:43 - 000000000 ____D C:\Users\moond\AppData\Local\Packages
2022-10-19 14:21 - 2021-12-23 14:16 - 000000000 ____D C:\ProgramData\CanonIJPLM
2022-10-18 20:48 - 2022-09-22 06:42 - 000000000 ____D C:\Users\moond\Desktop\CDC Babysitting Stuff
2022-10-18 15:36 - 2021-06-05 08:10 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-10-18 15:36 - 2021-01-20 11:28 - 000862936 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2022-10-18 15:36 - 2021-01-20 11:28 - 000672272 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2022-10-18 15:36 - 2021-01-20 11:28 - 000564304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys
2022-10-18 15:36 - 2021-01-20 11:28 - 000390096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2022-10-18 15:36 - 2021-01-20 11:28 - 000327896 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2022-10-18 15:36 - 2021-01-20 11:28 - 000306128 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2022-10-18 15:36 - 2021-01-20 11:28 - 000276520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2022-10-18 15:36 - 2021-01-20 11:28 - 000238152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2022-10-18 15:36 - 2021-01-20 11:28 - 000114464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2022-10-18 15:36 - 2021-01-20 11:28 - 000105936 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2022-10-18 15:36 - 2021-01-20 11:28 - 000090008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2022-10-18 15:36 - 2021-01-20 11:28 - 000048512 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2022-10-18 15:36 - 2021-01-20 11:28 - 000042304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2022-10-17 10:25 - 2021-04-19 07:26 - 000000000 ____D C:\Users\moond\AppData\Local\Adobe
2022-10-17 06:10 - 2021-01-20 11:26 - 000000000 ____D C:\ProgramData\Avast Software
2022-10-17 06:09 - 2021-06-05 08:01 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2022-10-12 18:20 - 2021-06-05 08:10 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-10-12 18:20 - 2021-06-05 08:10 - 000000000 ____D C:\WINDOWS\SystemResources
2022-10-12 18:20 - 2021-06-05 08:10 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2022-10-12 18:20 - 2021-06-05 08:10 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-10-12 18:20 - 2021-06-05 08:10 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-10-12 18:20 - 2021-06-05 08:10 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-10-12 17:29 - 2022-09-18 08:23 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-10-12 15:31 - 2021-06-05 08:01 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-10-12 15:25 - 2021-12-18 06:26 - 003106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-10-12 13:58 - 2021-01-23 08:22 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-10-12 13:56 - 2021-01-23 08:22 - 147398024 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-10-12 13:47 - 2021-01-19 17:54 - 000000000 ____D C:\Games
2022-10-12 12:23 - 2021-01-19 17:54 - 000000000 ____D C:\Users\moond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wargaming.net
2022-09-29 11:55 - 2020-09-27 10:54 - 000000000 ____D C:\ProgramData\Packages
2022-09-29 11:24 - 2021-06-05 08:10 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-09-29 11:24 - 2021-06-05 08:10 - 000000000 ____D C:\WINDOWS\system32\appraiser
2022-09-29 11:24 - 2021-06-05 08:10 - 000000000 ____D C:\WINDOWS\Provisioning
2022-09-29 11:24 - 2021-06-05 08:10 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-09-29 11:24 - 2021-06-05 08:10 - 000000000 ____D C:\WINDOWS\BrowserCore
2022-09-29 10:56 - 2022-03-06 22:33 - 000000877 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
 
==================== Files in the root of some directories ========
 
2022-10-24 12:49 - 2022-10-24 12:49 - 000000048 ____H () C:\Program Files (x86)\shj1nedza4.dat
2022-05-03 09:51 - 2022-08-22 10:15 - 000000132 _____ () C:\Users\moond\AppData\Roaming\Adobe BMP Format CS6 Prefs
2021-04-20 18:43 - 2022-10-25 15:19 - 000000132 _____ () C:\Users\moond\AppData\Roaming\Adobe PNG Format CS6 Prefs
2021-01-21 17:35 - 2021-08-02 16:36 - 000099384 _____ () C:\Users\moond\AppData\Roaming\inst.exe
2021-01-21 17:35 - 2021-08-02 16:36 - 000007859 _____ () C:\Users\moond\AppData\Roaming\pcouffin.cat
2021-01-21 17:35 - 2021-08-02 16:36 - 000001167 _____ () C:\Users\moond\AppData\Roaming\pcouffin.inf
2021-01-21 17:35 - 2021-08-02 16:36 - 000000055 _____ () C:\Users\moond\AppData\Roaming\pcouffin.log
2021-01-21 17:35 - 2021-08-02 16:36 - 000082816 _____ (VSO Software) C:\Users\moond\AppData\Roaming\pcouffin.sys
2021-04-19 21:32 - 2022-10-20 11:05 - 000001456 _____ () C:\Users\moond\AppData\Local\Adobe Save for Web 13.0 Prefs
2022-05-03 11:49 - 2022-05-03 11:49 - 000000000 _____ () C:\Users\moond\AppData\Local\oobelibMkey.log
2022-10-18 21:05 - 2022-10-18 21:05 - 000007858 _____ () C:\Users\moond\AppData\Local\recently-used.xbel
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-10-2022
Ran by moond (29-10-2022 07:32:18)
Running from C:\Users\moond\Desktop
Microsoft Windows 11 Home Version 21H2 22000.1098 (X64) (2021-12-18 10:39:48)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-1336835431-166869274-4150396170-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1336835431-166869274-4150396170-503 - Limited - Disabled)
Guest (S-1-5-21-1336835431-166869274-4150396170-501 - Limited - Disabled)
moond (S-1-5-21-1336835431-166869274-4150396170-1001 - Administrator - Enabled) => C:\Users\moond
WDAGUtilityAccount (S-1-5-21-1336835431-166869274-4150396170-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-FFFF-7760-BC15014EA700}) (Version: 22.003.20263 - Adobe)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.1 - Adobe Systems)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.7.1.1 - Adobe Inc.)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601032}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AOMEI Partition Assistant 9.1 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version:  - AOMEI International Network Limited.)
Ashampoo Music Studio 5 v.5.0.6 (HKLM-x32\...\{91B33C97-5BBE-576E-893B-711D4D8298ED}_is1) (Version: 5.0.6 - Ashampoo GmbH & Co. KG)
Aslain's WoT Modpack version 1.18.1.1.05 (HKLM-x32\...\Aslains_WoT_Modpack_Installer_is1) (Version: 1.18.1.1.05 - Aslain)
Avast Cleanup Premium (HKLM\...\Avast Cleanup) (Version: 22.3.12193.8260 - Avast Software)
Avast Driver Updater (HKLM\...\Avast Driver Updater) (Version: 22.3.2812.10926 - Avast Software)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 22.10.6038 - Avast Software)
Avast SecureLine VPN (HKLM\...\Avast SecureLine) (Version: 5.21.6744.5326 - Avast Software)
Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1206.2 - AVAST Software) Hidden
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 107.1.45.116 - Brave Software Inc)
calibre 64bit (HKLM\...\{7FAA3B03-C3B1-4AF6-A543-7853C61FC971}) (Version: 5.42.0 - Kovid Goyal)
Canon IJ Network Scanner Selector EX2 (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX2) (Version: 2.0.15.2 - Canon Inc.)
Canon IJ Printer Assistant Tool (HKLM-x32\...\Canon IJ Printer Assistant Tool) (Version: 1.60.1.15 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.6.1.2 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 6.4.0 - Canon Inc.)
Canon TR4700 series Driver (HKLM\...\{1199FAD5-9546-44F3-81CF-FFDB8040B7BF}_Canon_TR4700_series) (Version: 1.01 - Canon Inc.)
Discord (HKU\S-1-5-21-1336835431-166869274-4150396170-1001\...\Discord) (Version: 1.0.9004 - Discord Inc.)
EZCast Lite (HKLM-x32\...\{64F1DC10-EEB2-47E4-A86E-F5E3E3A56BE8}) (Version: 1.3.1.193 - Actions-Micro)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 106.0.5249.119 - Google LLC)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.101.0 - Google LLC) Hidden
HP Deskjet 2540 series Help (HKLM-x32\...\{4539575D-C09D-4E71-B207-0F2D6BD74DA2}) (Version: 30.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
Inkscape (HKLM-x32\...\Inkscape) (Version: 1.2.1- - Inkscape)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 106.0.1370.52 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 106.0.1370.52 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1336835431-166869274-4150396170-1001\...\OneDriveSetup.exe) (Version: 22.207.1002.0003 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{6A2A8076-135F-4F55-BB02-DED67C8C6934}) (Version: 4.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 (HKLM-x32\...\{6913e92a-b64e-41c9-a5e6-cef39207fe89}) (Version: 14.25.28508.3 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 (HKLM-x32\...\{65e650ff-30be-469d-b63a-418d71ea1765}) (Version: 14.25.28508.3 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.25.28508 (HKLM\...\{7D0B74C2-C3F8-4AF1-940F-CD79AB4B2DCE}) (Version: 14.25.28508 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.25.28508 (HKLM\...\{EEA66967-97E2-4561-A999-5C22E3CDE428}) (Version: 14.25.28508 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 (HKLM-x32\...\{0FA68574-690B-4B00-89AA-B28946231449}) (Version: 14.25.28508 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 (HKLM-x32\...\{2BC3BD4D-FABA-4394-93C7-9AC82A263FE2}) (Version: 14.25.28508 - Microsoft Corporation) Hidden
Microsoft_VC80_CRT_x86 (HKLM-x32\...\{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (HKLM-x32\...\{08D2E121-7F6A-43EB-97FD-629B44903403}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (HKLM-x32\...\{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (HKLM-x32\...\{B6D38690-755E-4F40-A35A-23F8BC2B86AC}) (Version: 1.00.0000 - Adobe) Hidden
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 90.0.2 - Mozilla)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 8.4.5 - Notepad++ Team)
NVIDIA FrameView SDK 1.2.7521.31103277 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.2.7521.31103277 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.25.1.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.25.1.27 - NVIDIA Corporation)
NVIDIA Graphics Driver 512.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 512.15 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.39.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.39.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.1.8 (HKLM-x32\...\{963FD672-F116-4AE3-AE25-84B576E610A7}) (Version: 4.18.9803 - Apache Software Foundation)
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
PingPlotter 5 (HKLM-x32\...\{2744D183-39DE-4473-A4FD-B6D0961D0A12}) (Version: 5.23.3.8770 - Pingman Tools, LLC) Hidden
PingPlotter 5 (HKLM-x32\...\PingPlotter 5 5.23.3.8770) (Version: 5.23.3.8770 - Pingman Tools, LLC)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.3.3 - Krzysztof Kowalczyk)
SumatraPDF (HKU\S-1-5-21-1336835431-166869274-4150396170-1001\...\SumatraPDF) (Version: 3.4.6 - Krzysztof Kowalczyk)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.5.6 - TeamSpeak Systems GmbH)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.16 - VideoLAN)
Wargaming.net Game Center (HKU\S-1-5-21-1336835431-166869274-4150396170-1001\...\Wargaming.net Game Center) (Version: 22.4.1.367 - Wargaming.net)
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
WinRAR 6.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.11.0 - win.rar GmbH)
World of Tanks NA (HKU\S-1-5-21-1336835431-166869274-4150396170-1001\...\WOT.NA.PRODUCTION) (Version:  - Wargaming.net)
Xilisoft Photo Slideshow Maker (HKLM-x32\...\Xilisoft Photo Slideshow Maker) (Version: 1.0.2.20120228 - Xilisoft)
Your Software Deals 1.0.0 (HKLM-x32\...\Your Software Deals_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG) <==== ATTENTION
Zoom (HKU\S-1-5-21-1336835431-166869274-4150396170-1001\...\ZoomUMX) (Version: 5.10.7 (6120) - Zoom Video Communications, Inc.)
 
Packages:
=========
Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2022-05-03] (Adobe Systems Incorporated)
Adobe Acrobat DC -> C:\Program Files\Adobe\Acrobat DC [2022-10-28] (0)
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_3.0.1.1_x86__enpm4xejd91yc [2022-05-03] (Adobe Systems Incorporated)
AMD Radeon Software -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.20025.0_x64__0a9344xs7nr4m [2022-04-12] (Advanced Micro Devices Inc.) [Startup Task]
AMD Radeon™ Settings Lite -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.59462344778C5_10.19.40016.0_x64__0a9344xs7nr4m [2021-01-19] (Advanced Micro Devices Inc.)
Disney+ -> C:\Program Files\WindowsApps\Disney.37853FC22B2CE_1.40.5.0_x64__6rarf9sa4v8jt [2022-10-29] (Disney)
DTS:X Ultra -> C:\Program Files\WindowsApps\DTSInc.DTSXUltra_1.11.7.0_x64__t5j2fzbtdg37r [2022-09-29] (DTS, Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_139.2.289.0_x64__v10z8vjag6ke6 [2022-09-22] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-12-18] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-12-18] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.14.9130.0_x64__8wekyb3d8bbwe [2022-09-19] (Microsoft Studios) [MS Ad]
MyASUS -> C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_3.1.8.0_x64__qmba6cd70vzyy [2022-10-29] (ASUSTeK COMPUTER INC.)
NFO Viewer -> C:\Program Files\WindowsApps\5480BrunoGiordano.NFOViewer_1.0.1.1_neutral__xzarbek87fvdr [2021-01-21] (Bruno Giordano)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.963.0_x64__56jybvy8sckqj [2022-10-29] (NVIDIA Corp.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-11-16] (Microsoft Corporation)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.26.249.0_x64__dt26b99r8h8gj [2021-06-20] (Realtek Semiconductor Corp)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.195.893.0_x86__zpdnekdrzrea0 [2022-10-07] (Spotify AB) [Startup Task]
WinRAR -> C:\Program Files\WinRAR [2022-03-26] (0)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1336835431-166869274-4150396170-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-C4C0C3ED23F7} -> [Creative Cloud Files] => C:\Users\moond\Creative Cloud Files [2022-05-03 11:23]
CustomCLSID: HKU\S-1-5-21-1336835431-166869274-4150396170-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.)
CustomCLSID: HKU\S-1-5-21-1336835431-166869274-4150396170-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-04-27] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-04-27] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-04-27] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-10-18] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-10-18] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-04-27] (Adobe Inc. -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2022-10-16] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2022-09-02] (Notepad++ -> )
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-10-18] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} =>  -> No File
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-10-18] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\WINDOWS\System32\atiacm64.dll [2021-12-20] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvamsig.inf_amd64_6d39aa2e4cd594f0\nvshext.dll [2022-07-21] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-04-27] (Adobe Inc. -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2022-10-16] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-10-18] (Avast Software s.r.o. -> AVAST Software)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\moond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Readium.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=fepbnnnkkadjhjahcafoaglimekefifl
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Software Deals.lnk -> C:\ProgramData\Ashampoo\YourDeals.exe () -> hxxp://linktarget.ashampoo.com/linktarget/?target=marketplace&edition=eid=11001&utm_medium=desktop&x-pos=Metro
 
==================== Loaded Modules (Whitelisted) =============
 
2021-12-23 14:24 - 2019-10-11 16:45 - 000353280 _____ (CANON INC) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\scchmpm.dll
2021-12-23 14:24 - 2019-11-01 10:16 - 000219648 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\cnmpu2.dll
2021-12-23 14:24 - 2019-12-05 17:17 - 000008704 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNS2_ENU.DLL
2021-12-23 14:24 - 2019-12-05 17:17 - 000104448 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNS2_IMG.dll
2021-06-20 07:51 - 2021-06-20 07:52 - 000187392 _____ (Fortemedia) [File not signed] C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.26.249.0_x64__dt26b99r8h8gj\FMAPOCTL.dll
2021-01-19 17:42 - 2021-01-19 17:42 - 000023040 _____ (Synaptics Incorporated.) [File not signed] C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.26.249.0_x64__dt26b99r8h8gj\SynAudSrvDll.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
SearchScopes: HKU\S-1-5-21-1336835431-166869274-4150396170-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2022-04-07] (Adobe Inc. -> Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2022-04-07] (Adobe Inc. -> Adobe Systems Incorporated)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2022-04-07] (Adobe Inc. -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2022-04-07] (Adobe Inc. -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2022-04-07] (Adobe Inc. -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2022-04-07] (Adobe Inc. -> Adobe Systems Incorporated)
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2019-12-07 05:14 - 2019-12-07 05:12 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1336835431-166869274-4150396170-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\moond\Desktop\Trudee.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKU\S-1-5-21-1336835431-166869274-4150396170-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1336835431-166869274-4150396170-1001\...\StartupApproved\Run: => "Wargaming.net Game Center"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{53BF3144-3BF0-4849-91D5-4429270996EA}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{BF6290F0-33F0-46FE-A6E1-A9DAF2CADC65}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{4AA3F8DB-1172-4936-9E61-47B05D8E6FD8}] => (Allow) C:\Program Files\Avast Software\SecureLine VPN\Vpn.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{E054F679-1586-413B-8000-777CA3FC5013}] => (Allow) C:\Program Files\Avast Software\SecureLine VPN\Vpn.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{D79B5DC0-4F36-4164-A797-96992369F7B1}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe => No File
FirewallRules: [{9AA70D41-E119-4034-B9CD-238F25B4833C}] => (Allow) LPort=5357
FirewallRules: [{F6AAB8F0-3B4C-47D8-BAE3-498B6EB37AC8}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe => No File
FirewallRules: [{C2AC0EE6-E534-4F27-A58C-3960EB01D1AC}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe (Adobe Systems Incorporated -> )
FirewallRules: [{A0257489-0336-4128-8CE8-E1076E065B51}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe (Adobe Systems Incorporated -> )
FirewallRules: [{9E1E11F7-C378-48DD-AE86-F78CA52A72FA}] => (Allow) C:\Program Files (x86)\EZCast Lite\EZCast Lite.exe (Actions Microelectronics Co., Ltd. -> Actions-Micro)
FirewallRules: [{60813F62-E73A-47E0-8600-26A927ED664E}] => (Allow) C:\Program Files (x86)\EZCast Lite\EZCast Lite.exe (Actions Microelectronics Co., Ltd. -> Actions-Micro)
FirewallRules: [TCP Query User{D7CC9ADE-2176-4C8A-A415-033ED4D76A09}C:\games\world_of_tanks_na\win64\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_na\win64\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [UDP Query User{11D864D6-894E-441C-971C-5C8CF290199F}C:\games\world_of_tanks_na\win64\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_na\win64\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{49CC1B4E-E589-4DAB-BC08-23259290767A}] => (Allow) LPort=7935
FirewallRules: [{07389121-9922-4541-9CA3-B87A77AD0EF6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{5BF3268B-32E5-4554-B5E5-2062E388F762}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{683F32A2-511E-4686-A88E-113C2A472783}] => (Allow) C:\Users\moond\Desktop\WGCheck\WGCheck.exe => No File
FirewallRules: [{CDDF774D-9098-4FA8-8F64-E500E780C4B0}] => (Allow) C:\Users\moond\Desktop\WGCheck\WGCheck.exe => No File
FirewallRules: [{AA79C691-AF75-4607-A277-48CF523E2BAF}] => (Allow) C:\Program Files\Avast Software\Cleanup\TuneupUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{8E7EA040-EC93-4A62-8372-3BF07B71B045}] => (Allow) C:\Program Files\Avast Software\Cleanup\TuneupUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{562013C0-6706-4517-86D2-7FA97DC8AC74}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{F3F9B769-E3E1-44BD-94F0-71FE18A2B3B0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{A75C3A95-0A93-4DDC-8625-398796961ED6}] => (Allow) C:\Program Files\Avast Software\Driver Updater\DriverUpdUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{9215B50D-3B6B-4F46-8C3F-AFECC67B7337}] => (Allow) C:\Program Files\Avast Software\Driver Updater\DriverUpdUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{31612A1F-73D1-4530-8E1A-9DE64AC6E7CF}] => (Allow) C:\Users\moond\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{0A160528-E4BC-46C9-8C1D-651DAE26309C}] => (Allow) C:\Users\moond\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{A83613AB-7A6F-4D62-93E5-1C8F71FEB379}] => (Allow) C:\Users\moond\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{6D6CFF57-D6B2-4245-A79E-68D7A52ADA1C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{22320A54-9A5B-4D0F-8367-79DD288073B1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{2872B233-AE02-423D-9016-AC4980ED87A5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{B476AD5F-7711-40A5-9712-524520E8E3AA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{CB687E05-7A9B-483D-9F93-2EFE1953F5C6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.195.893.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{08A4B1EE-EE4A-4860-AB74-D8B5A2B67D51}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.195.893.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E151A950-D803-4CA2-938D-C1DF62BD842F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.195.893.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E8BE7189-C9E1-48D7-8219-49F8D4E7D739}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.195.893.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{1A9AF9D5-CF0B-4AE9-8852-49C7A970561A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.195.893.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F20C4615-E818-4090-A809-491707319E25}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.195.893.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{982E0495-1B1D-4F59-B022-AAD0B6413D5F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.195.893.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7C69318D-D1C6-40D2-808B-FFA1BD550E43}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.195.893.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{0271EA41-8A8B-46A5-93AF-99CF19954791}] => (Allow) C:\ProgramData\Wargaming.net\GameCenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{0024C8BB-5014-4F95-AC41-BB6C183EA3C7}] => (Allow) C:\ProgramData\Wargaming.net\GameCenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{E826158B-3AD3-4545-8C14-E57AAF054F5C}] => (Allow) C:\Games\World_of_Tanks_NA\WorldOfTanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{9DDAEA14-CB78-4CF2-B1FD-1F0913699C29}] => (Allow) C:\Games\World_of_Tanks_NA\WorldOfTanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{8820400B-D166-42A9-9CEE-FF4B40362863}] => (Allow) C:\Users\moond\Desktop\WG Check\WGCheck.exe (Wargaming.net Limited -> )
FirewallRules: [{4CEF79C2-03DA-4045-92A2-C47F99F8506C}] => (Allow) C:\Users\moond\Desktop\WG Check\WGCheck.exe (Wargaming.net Limited -> )
FirewallRules: [{C1FC89CE-62F5-485C-8B01-32E56263FA57}] => (Allow) C:\Games\World_of_Tanks_NA\win64\WorldOfTanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{B7C89872-5FB1-4FD4-83AF-D9C76A8967CF}] => (Allow) C:\Games\World_of_Tanks_NA\win64\WorldOfTanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{2D7617C9-4240-4227-B66E-AAD3D77CF08B}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{16BBCD71-C310-408B-9032-9F14E80377BF}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22273.905.1632.1008_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{340429C7-2C6B-4C5E-84A3-6672F57A0CFC}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22273.905.1632.1008_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C2012AAB-C348-49C9-A3F9-F78C42C1FB49}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\106.0.1370.52\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{574091EC-4483-47C9-B0A2-1013B152E3EE}] => (Allow) C:\Program Files (x86)\PingPlotter 5\PingPlotter.exe (Pingman Tools LLC -> )
FirewallRules: [{2C2BD3EA-F080-4D9F-AFBC-0222F62382EA}] => (Allow) C:\Program Files (x86)\PingPlotter 5\PingPlotter.exe (Pingman Tools LLC -> )
FirewallRules: [{34EA38BA-FB16-4F82-A861-C869DC608FAE}] => (Allow) C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSLinkRemote\AsusLinkRemoteAgent.exe (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​)
FirewallRules: [{C27CA2BE-0001-476B-9804-19CC71A508A4}] => (Allow) C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSLinkRemote\AsusLinkRemoteAgent.exe (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​)
FirewallRules: [{23D5AF0C-4DE6-435C-996F-AA16A0D6C1EB}] => (Allow) C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSLinkNear\AsusLinkNear.exe (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
FirewallRules: [{04D922C4-3D0C-47E4-9377-8CEF72D7EC7A}] => (Allow) C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSSwitch\AsusSwitchNet.exe (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
FirewallRules: [{3ABF76AE-042F-4F80-A4B8-A339F4ADEBBB}] => (Allow) C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSSwitch\AsusSwitchNetMDNS.exe (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
FirewallRules: [{BC30E022-447D-410A-B5BF-A81DEEB0FEFC}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{A694E00F-7FC0-4DD2-9C62-8C4B80A745E4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{970986FB-F095-427D-9EA6-25EDB3110A27}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{36A88AE8-476F-469E-A310-E574727ABE48}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E2DB19B5-A30A-4145-806B-A32A7605B407}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E8708589-2A79-46BF-83FF-4AAAC6C79CFA}] => (Allow) C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_3.1.8.0_x64__qmba6cd70vzyy\MyASUS\AsusMyASUS.exe (ASUSTeK COMPUTER INC.) [File not signed]
FirewallRules: [{DC6ABC7E-E2DA-4AF8-A5CA-B4D670C0F89E}] => (Allow) C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_3.1.8.0_x64__qmba6cd70vzyy\MyASUS\AsusMyASUS.exe (ASUSTeK COMPUTER INC.) [File not signed]
FirewallRules: [{EDE394AE-3B69-4788-8ADB-AAC952A44373}] => (Allow) C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_3.1.8.0_x64__qmba6cd70vzyy\MyASUS\AsusMyASUS.exe (ASUSTeK COMPUTER INC.) [File not signed]
FirewallRules: [{08C1FDF4-9A93-4430-A54A-683B74BAE7ED}] => (Allow) C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_3.1.8.0_x64__qmba6cd70vzyy\MyASUS\AsusMyASUS.exe (ASUSTeK COMPUTER INC.) [File not signed]
 
==================== Restore Points =========================
 
11-10-2022 08:11:51 Scheduled Checkpoint
12-10-2022 15:24:07 Windows Modules Installer
20-10-2022 07:43:57 Scheduled Checkpoint
26-10-2022 06:38:38 Installed PingPlotter 5
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (10/25/2022 08:06:05 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Windows\System32\svchost.exe, PID: 2208, ProfSvc PID: 2040.
 
Error: (10/25/2022 08:06:05 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Windows\System32\svchost.exe, PID: 2208, ProfSvc PID: 2040.
 
Error: (10/25/2022 08:06:05 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Program Files\Avast Software\Avast\aswToolsSvc.exe, PID: 5628, ProfSvc PID: 2040.
 
Error: (10/25/2022 08:06:05 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Program Files\Avast Software\Cleanup\TuneupSvc.exe, PID: 6092, ProfSvc PID: 2040.
 
Error: (10/20/2022 02:24:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.22000.1, time stamp: 0xfe3e559a
Faulting module name: ntdll.dll, version: 10.0.22000.918, time stamp: 0x57b668f2
Exception code: 0xc0000409
Fault offset: 0x00000000000aba78
Faulting process id: 0x1150
Faulting application start time: 0x01d8e4b13f9dbfaa
Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 09ba49b4-3ff8-4b02-bafc-57a834fe0041
Faulting package full name: Microsoft.MicrosoftOfficeHub_18.2209.1071.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: Microsoft.MicrosoftOfficeHub
 
Error: (10/17/2022 09:40:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program WorldOfTanks.exe version 1.18.1.1008 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: db8
 
Start Time: 01d8e292550f17ce
 
Termination Time: 10
 
Application Path: C:\Games\World_of_Tanks_NA\win64\WorldOfTanks.exe
 
Report Id: 8fbad060-0ddd-4945-ab99-24e065cad31e
 
Faulting package full name: 
 
Faulting package-relative application ID: 
 
Hang type: Unknown
 
Error: (10/13/2022 08:55:09 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Windows\System32\svchost.exe, PID: 5956, ProfSvc PID: 2052.
 
Error: (10/13/2022 08:55:09 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Windows\System32\svchost.exe, PID: 5956, ProfSvc PID: 2052.
 
 
System errors:
=============
Error: (10/29/2022 07:30:31 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9MSSGKG348SP-MicrosoftWindows.Client.WebExperience.
 
Error: (10/28/2022 06:14:15 AM) (Source: DCOM) (EventID: 10010) (User: PAPASASUS)
Description: The server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} did not register with DCOM within the required timeout.
 
Error: (10/28/2022 06:12:46 AM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{34CFFC01-6EB7-4453-B095-06476A6F1E47} because another computer on the network has the same name.  The server could not start.
 
Error: (10/27/2022 05:59:54 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{34CFFC01-6EB7-4453-B095-06476A6F1E47} because another computer on the network has the same name.  The server could not start.
 
Error: (10/27/2022 01:13:37 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{34CFFC01-6EB7-4453-B095-06476A6F1E47} because another computer on the network has the same name.  The server could not start.
 
Error: (10/27/2022 01:12:41 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{34CFFC01-6EB7-4453-B095-06476A6F1E47} because another computer on the network has the same name.  The server could not start.
 
Error: (10/27/2022 12:55:53 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{34CFFC01-6EB7-4453-B095-06476A6F1E47} because another computer on the network has the same name.  The server could not start.
 
Error: (10/27/2022 06:06:34 AM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{34CFFC01-6EB7-4453-B095-06476A6F1E47} because another computer on the network has the same name.  The server could not start.
 
 
CodeIntegrity:
===============
Date: 2022-10-29 06:58:56
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.
 
Date: 2022-10-29 00:13:10
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.
 
 
==================== Memory info =========================== 
 
BIOS: American Megatrends Inc. FA706IH.316 03/12/2021
Motherboard: ASUSTeK COMPUTER INC. FA706IH
Processor: AMD Ryzen 7 4800H with Radeon Graphics 
Percentage of memory in use: 26%
Total physical RAM: 32175.23 MB
Available physical RAM: 23533.31 MB
Total Virtual: 37039.23 MB
Available Virtual: 26448.41 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:953.17 GB) (Free:661.67 GB) (Model: SPCC M.2 PCIe SSD) NTFS
Drive d: () (Fixed) (Total:931.5 GB) (Free:733.35 GB) (Model: ST1000LM035-1RK172) NTFS
Drive g: (Little Bits) (Fixed) (Total:931.51 GB) (Free:501.29 GB) (Model: ST1000LM 035-1RK172 USB Device) NTFS
Drive h: (Mr Kitty) (Fixed) (Total:5588.9 GB) (Free:2602.18 GB) (Model: Seagate Backup+ Hub BK SCSI Disk Device) NTFS
 
\\?\Volume{c95b2622-04d3-4d17-86bc-c7ab187f9143}\ () (Fixed) (Total:0.58 GB) (Free:0.07 GB) NTFS
\\?\Volume{c6c9306c-e9f4-4f2f-9892-c9f4cf92d8e0}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 04A1E3A2)
 
Partition: GPT.
 
==========================================================
Disk: 1 (Protective MBR) (Size: 953.9 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: FA1B96AD)
 
Partition: GPT.
 
==========================================================
Disk: 4 (Size: 5589 GB) (Disk ID: 231C8987)
 
Partition: GPT.
 
==================== End of Addition.txt =======================
 
thanks in advance for your help in this matter

 


  • 0

Advertisements


#2
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,053 posts

Hi, moondog830.
 
Welcome back. :)
 

I have a few programs running 'not quite' like they should.

 
Can you please give us more information about this? What doesn't work as it should? 
 
 
For now:
 
1. FRST fix

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] -> 
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe (No File)
S3 BraveElevationService; "C:\Program Files\BraveSoftware\Brave-Browser\Application\107.1.45.116\elevation_service.exe" [X]
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
2022-10-28 18:52 - 2022-07-19 21:02 - 000000000 ____D C:\Users\moond\AppData\Roaming\uTorrent
2022-10-28 18:38 - 2022-07-07 13:58 - 000000000 ____D C:\Users\moond\AppData\Local\BitTorrentHelper
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} =>  -> No File
SearchScopes: HKU\S-1-5-21-1336835431-166869274-4150396170-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FirewallRules: [{D79B5DC0-4F36-4164-A797-96992369F7B1}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe => No File
FirewallRules: [{F6AAB8F0-3B4C-47D8-BAE3-498B6EB37AC8}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe => No File
FirewallRules: [{07389121-9922-4541-9CA3-B87A77AD0EF6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{5BF3268B-32E5-4554-B5E5-2062E388F762}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{683F32A2-511E-4686-A88E-113C2A472783}] => (Allow) C:\Users\moond\Desktop\WGCheck\WGCheck.exe => No File
FirewallRules: [{CDDF774D-9098-4FA8-8F64-E500E780C4B0}] => (Allow) C:\Users\moond\Desktop\WGCheck\WGCheck.exe => No File
FirewallRules: [{0A160528-E4BC-46C9-8C1D-651DAE26309C}] => (Allow) C:\Users\moond\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{A83613AB-7A6F-4D62-93E5-1C8F71FEB379}] => (Allow) C:\Users\moond\AppData\Roaming\Zoom\bin\airhost.exe => No File
CMD: netsh advfirewall reset
File: C:\WINDOWS\system32\runexehelper.exe
File: C:\Program Files (x86)\shj1nedza4.dat
Folder: C:\Users\moond\Desktop\torrts
VirusTotal: C:\WINDOWS\system32\runexehelper.exe;C:\Program Files (x86)\shj1nedza4.dat
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
EmptyTemp:
End::
  • Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Post the log in your next reply.

  • 0

#3
moondog830

moondog830

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 804 posts

a couple of the programs have to do with the one game I play anymore, World of Tanks ... The Operation Center wouldn't open. Brave, sometimes gives me problems. There are times when my son has accessed my computer and I've found he has installed utorrent. So I'm just worried when little things hiccup, that maybe he's allowed something in. I have installed everything that I could find that had anything to do with utorrent. I have also changed my passwords and especially the one that opens my laptop.

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-10-2022
Ran by moond (30-10-2022 07:30:27) Run:1
Running from C:\Users\moond\Desktop
Loaded Profiles: moond
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] -> 
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe (No File)
S3 BraveElevationService; "C:\Program Files\BraveSoftware\Brave-Browser\Application\107.1.45.116\elevation_service.exe" [X]
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
2022-10-28 18:52 - 2022-07-19 21:02 - 000000000 ____D C:\Users\moond\AppData\Roaming\uTorrent
2022-10-28 18:38 - 2022-07-07 13:58 - 000000000 ____D C:\Users\moond\AppData\Local\BitTorrentHelper
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} =>  -> No File
SearchScopes: HKU\S-1-5-21-1336835431-166869274-4150396170-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FirewallRules: [{D79B5DC0-4F36-4164-A797-96992369F7B1}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe => No File
FirewallRules: [{F6AAB8F0-3B4C-47D8-BAE3-498B6EB37AC8}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe => No File
FirewallRules: [{07389121-9922-4541-9CA3-B87A77AD0EF6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{5BF3268B-32E5-4554-B5E5-2062E388F762}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{683F32A2-511E-4686-A88E-113C2A472783}] => (Allow) C:\Users\moond\Desktop\WGCheck\WGCheck.exe => No File
FirewallRules: [{CDDF774D-9098-4FA8-8F64-E500E780C4B0}] => (Allow) C:\Users\moond\Desktop\WGCheck\WGCheck.exe => No File
FirewallRules: [{0A160528-E4BC-46C9-8C1D-651DAE26309C}] => (Allow) C:\Users\moond\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{A83613AB-7A6F-4D62-93E5-1C8F71FEB379}] => (Allow) C:\Users\moond\AppData\Roaming\Zoom\bin\airhost.exe => No File
CMD: netsh advfirewall reset
File: C:\WINDOWS\system32\runexehelper.exe
File: C:\Program Files (x86)\shj1nedza4.dat
Folder: C:\Users\moond\Desktop\torrts
VirusTotal: C:\WINDOWS\system32\runexehelper.exe;C:\Program Files (x86)\shj1nedza4.dat
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
EmptyTemp:
End::
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{C885AA15-1764-4293-B82A-0586ADD46B35} => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CCDFC0B8-01A3-4E74-A820-4F13F51D269E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCDFC0B8-01A3-4E74-A820-4F13F51D269E}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser" => removed successfully
HKLM\System\CurrentControlSet\Services\BraveElevationService => removed successfully
BraveElevationService => service removed successfully
HKLM\System\CurrentControlSet\Services\WinSetupMon => removed successfully
WinSetupMon => service removed successfully
C:\Users\moond\AppData\Roaming\uTorrent => moved successfully
C:\Users\moond\AppData\Local\BitTorrentHelper => moved successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\PDFCreator.ShellContextMenu => removed successfully
"HKU\S-1-5-21-1336835431-166869274-4150396170-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D79B5DC0-4F36-4164-A797-96992369F7B1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F6AAB8F0-3B4C-47D8-BAE3-498B6EB37AC8}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{07389121-9922-4541-9CA3-B87A77AD0EF6}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5BF3268B-32E5-4554-B5E5-2062E388F762}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{683F32A2-511E-4686-A88E-113C2A472783}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CDDF774D-9098-4FA8-8F64-E500E780C4B0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0A160528-E4BC-46C9-8C1D-651DAE26309C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A83613AB-7A6F-4D62-93E5-1C8F71FEB379}" => removed successfully
 
========= netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========================= File: C:\WINDOWS\system32\runexehelper.exe ========================
 
C:\WINDOWS\system32\runexehelper.exe
Catalog: C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-TroubleShooting-Package~31bf3856ad364e35~amd64~~10.0.22000.1098.cat
File is digitally signed
MD5: 9097ACA1BF25A7DB39B11AD776EEA68D
Creation and modification date: 2022-10-12 15:25 - 2022-10-12 15:25
Size: 000077824
Attributes: ----A
Company Name: Microsoft Windows -> 
Internal Name: 
Original Name: 
Product: 
Description: 
File Version: 
Product Version: 
Copyright: 
 
====== End of File: ======
 
 
========================= File: C:\Program Files (x86)\shj1nedza4.dat ========================
 
C:\Program Files (x86)\shj1nedza4.dat
File not signed
MD5: 201D8FE416AE28D7A800A9C381861851
Creation and modification date: 2022-10-24 12:49 - 2022-10-24 12:49
Size: 000000048
Attributes: ----H
Company Name: 
Internal Name: 
Original Name: 
Product: 
Description: 
File Version: 
Product Version: 
Copyright: 
VirusTotal: 0
 
====== End of File: ======
 
 
========================= Folder: C:\Users\moond\Desktop\torrts ========================
 
not found.
 
====== End of Folder: ======
 
VirusTotal: C:\WINDOWS\system32\runexehelper.exe => https://www.virustot...b32f-1665667453
VirusTotal: C:\Program Files (x86)\shj1nedza4.dat => https://www.virustot...b2aa-1667129443
 
========= DISM /Online /Cleanup-Image /RestoreHealth =========
 
 
Deployment Image Servicing and Management tool
Version: 10.0.22000.653
 
Image Version: 10.0.22000.1098
 
 
[==                         3.8%                           ] 
 
[==                         4.8%                           ] 
 
[===                        5.7%                           ] 
 
[===                        6.7%                           ] 
 
[====                       7.7%                           ] 
 
[=====                      8.7%                           ] 
 
[=====                      9.7%                           ] 
 
[======                     10.6%                          ] 
 
[======                     11.6%                          ] 
 
[=======                    12.6%                          ] 
 
[=======                    13.6%                          ] 
 
[========                   14.6%                          ] 
 
[=========                  15.5%                          ] 
 
[=========                  16.1%                          ] 
 
[=========                  16.7%                          ] 
 
[==========                 17.4%                          ] 
 
[==========                 17.7%                          ] 
 
[==========                 17.8%                          ] 
 
[==========                 18.4%                          ] 
 
[===========                19.4%                          ] 
 
[===========                20.4%                          ] 
 
[============               21.4%                          ] 
 
[============               22.3%                          ] 
 
[=============              23.3%                          ] 
 
[==============             24.3%                          ] 
 
[==============             25.3%                          ] 
 
[===============            26.3%                          ] 
 
[===============            27.2%                          ] 
 
[================           28.2%                          ] 
 
[================           29.2%                          ] 
 
[=================          29.4%                          ] 
 
[=================          29.6%                          ] 
 
[=================          30.5%                          ] 
 
[==================         31.2%                          ] 
 
[==================         32.2%                          ] 
 
[===================        33.1%                          ] 
 
[===================        33.3%                          ] 
 
[===================        34.3%                          ] 
 
[====================       34.6%                          ] 
 
[====================       34.9%                          ] 
 
[====================       35.3%                          ] 
 
[====================       35.5%                          ] 
 
[====================       35.6%                          ] 
 
[====================       35.8%                          ] 
 
[=====================      36.2%                          ] 
 
[=====================      36.5%                          ] 
 
[=====================      37.5%                          ] 
 
[======================     38.5%                          ] 
 
[======================     39.1%                          ] 
 
[=======================    40.1%                          ] 
 
[=======================    41.1%                          ] 
 
[========================   42.0%                          ] 
 
[========================   43.0%                          ] 
 
[=========================  43.5%                          ] 
 
[=========================  44.1%                          ] 
 
[=========================  44.3%                          ] 
 
[=========================  44.6%                          ] 
 
[========================== 45.2%                          ] 
 
[========================== 45.9%                          ] 
 
[========================== 46.1%                          ] 
 
[===========================46.8%                          ] 
 
[===========================47.2%                          ] 
 
[===========================48.2%                          ] 
 
[===========================49.2%                          ] 
 
[===========================50.2%                          ] 
 
[===========================51.2%                          ] 
 
[===========================52.2%                          ] 
 
[===========================52.5%                          ] 
 
[===========================52.5%                          ] 
 
[===========================52.7%                          ] 
 
[===========================52.8%                          ] 
 
[===========================52.8%                          ] 
 
[===========================53.0%                          ] 
 
[===========================53.1%                          ] 
 
[===========================53.1%                          ] 
 
[===========================53.2%                          ] 
 
[===========================53.3%                          ] 
 
[===========================53.4%                          ] 
 
[===========================53.4%                          ] 
 
[===========================53.5%                          ] 
 
[===========================53.5%                          ] 
 
[===========================53.6%                          ] 
 
[===========================53.7%                          ] 
 
[===========================53.7%                          ] 
 
[===========================53.7%                          ] 
 
[===========================53.8%                          ] 
 
[===========================53.9%                          ] 
 
[===========================54.0%                          ] 
 
[===========================54.0%                          ] 
 
[===========================54.0%                          ] 
 
[===========================54.3%                          ] 
 
[===========================54.4%                          ] 
 
[===========================54.5%                          ] 
 
[===========================54.6%                          ] 
 
[===========================54.7%                          ] 
 
[===========================54.8%                          ] 
 
[===========================55.7%                          ] 
 
[===========================56.7%                          ] 
 
[===========================57.7%=                         ] 
 
[===========================58.6%==                        ] 
 
[===========================59.6%==                        ] 
 
[===========================62.3%====                      ] 
 
[===========================84.9%=================         ] 
 
[==========================100.0%==========================] 
The restore operation completed successfully.
The operation completed successfully.
 
========= End of CMD: =========
 
 
========= SFC /scannow =========
 
 
Beginning system scan.  This process will take some time.
 
Beginning verification phase of system scan.
 
Verification 0% complete.
Verification 1% complete.
Verification 1% complete.
Verification 2% complete.
Verification 3% complete.
Verification 3% complete.
Verification 4% complete.
Verification 5% complete.
Verification 5% complete.
Verification 6% complete.
Verification 7% complete.
Verification 7% complete.
Verification 8% complete.
Verification 9% complete.
Verification 9% complete.
Verification 10% complete.
Verification 10% complete.
Verification 11% complete.
Verification 12% complete.
Verification 12% complete.
Verification 13% complete.
Verification 14% complete.
Verification 14% complete.
Verification 15% complete.
Verification 16% complete.
Verification 16% complete.
Verification 17% complete.
Verification 18% complete.
Verification 18% complete.
Verification 19% complete.
Verification 20% complete.
Verification 20% complete.
Verification 21% complete.
Verification 21% complete.
Verification 22% complete.
Verification 23% complete.
Verification 23% complete.
Verification 24% complete.
Verification 25% complete.
Verification 25% complete.
Verification 26% complete.
Verification 27% complete.
Verification 27% complete.
Verification 28% complete.
Verification 29% complete.
Verification 29% complete.
Verification 30% complete.
Verification 31% complete.
Verification 31% complete.
Verification 32% complete.
Verification 32% complete.
Verification 33% complete.
Verification 34% complete.
Verification 34% complete.
Verification 35% complete.
Verification 36% complete.
Verification 36% complete.
Verification 37% complete.
Verification 38% complete.
Verification 38% complete.
Verification 39% complete.
Verification 40% complete.
Verification 40% complete.
Verification 41% complete.
Verification 41% complete.
Verification 42% complete.
Verification 43% complete.
Verification 43% complete.
Verification 44% complete.
Verification 45% complete.
Verification 45% complete.
Verification 46% complete.
Verification 47% complete.
Verification 47% complete.
Verification 48% complete.
Verification 49% complete.
Verification 49% complete.
Verification 50% complete.
Verification 51% complete.
Verification 51% complete.
Verification 52% complete.
Verification 52% complete.
Verification 53% complete.
Verification 54% complete.
Verification 54% complete.
Verification 55% complete.
Verification 56% complete.
Verification 56% complete.
Verification 57% complete.
Verification 58% complete.
Verification 58% complete.
Verification 59% complete.
Verification 60% complete.
Verification 60% complete.
Verification 61% complete.
Verification 62% complete.
Verification 62% complete.
Verification 63% complete.
Verification 63% complete.
Verification 64% complete.
Verification 65% complete.
Verification 65% complete.
Verification 66% complete.
Verification 67% complete.
Verification 67% complete.
Verification 68% complete.
Verification 69% complete.
Verification 69% complete.
Verification 70% complete.
Verification 71% complete.
Verification 71% complete.
Verification 72% complete.
Verification 72% complete.
Verification 73% complete.
Verification 74% complete.
Verification 74% complete.
Verification 75% complete.
Verification 76% complete.
Verification 76% complete.
Verification 77% complete.
Verification 78% complete.
Verification 78% complete.
Verification 79% complete.
Verification 80% complete.
Verification 80% complete.
Verification 81% complete.
Verification 82% complete.
Verification 82% complete.
Verification 83% complete.
Verification 83% complete.
Verification 84% complete.
Verification 85% complete.
Verification 85% complete.
Verification 86% complete.
Verification 87% complete.
Verification 87% complete.
Verification 88% complete.
Verification 89% complete.
Verification 89% complete.
Verification 90% complete.
Verification 91% complete.
Verification 91% complete.
Verification 92% complete.
Verification 93% complete.
Verification 93% complete.
Verification 94% complete.
Verification 94% complete.
Verification 95% complete.
Verification 96% complete.
Verification 96% complete.
Verification 97% complete.
Verification 98% complete.
Verification 98% complete.
Verification 99% complete.
Verification 100% complete.
 
Windows Resource Protection found corrupt files and successfully repaired them.
For online repairs, details are included in the CBS log file located at
windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. For offline
repairs, details are included in the log file provided by the /OFFLOGFILE flag.
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 31851630 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 366035010 B
Windows/system/drivers => 425870 B
Edge => 0 B
Chrome => 1357582 B
Brave => 42738990 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 177284 B
NetworkService => 177284 B
moond => 1076726143 B
 
RecycleBin => 4898388 B
EmptyTemp: => 1.4 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 07:35:42 ====

  • 0

#4
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,053 posts

As you can see above, some corrupted files were found and got fixed.

 

Let's do some other checks:


1. Run AdwCleaner (scan only)

Download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Files tab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

 

2. Run Malwarebytes (scan only)

  • Download Malwarebytes and save it to your Desktop.
  • Once downloaded, close all programs and Windows on your computer.
  • Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
  • Follow the instructions to install the program.
  • When finished, double click the program's icon created on your Desktop.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Under the title Scan Options, all the options are checked.
    Under the title Windows Security Center (Premium only) the option is NOT checked.
    Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Threat Scan Summary window open.

If threats are not found, click View Report and proceed to the two last steps below.

If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.

  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

 

 

In your next reply, please post:

  • The AdwCleaner[S0*].txt
  • The Malwarebytes report

  • 0

#5
moondog830

moondog830

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 804 posts
# -------------------------------
# Malwarebytes AdwCleaner 8.3.2.0
# -------------------------------
# Build:    03-23-2022
# Database: 2022-10-10.1 (Cloud)
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    10-31-2022
# Duration: 00:00:07
# OS:       Windows 10 Home
# Scanned:  32100
# Detected: 2
 
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Your Software Deals_is1
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries found.
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs found.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries found.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs found.
 
***** [ Hosts File Entries ] *****
 
No malicious hosts file entries found.
 
***** [ Preinstalled Software ] *****
 
Preinstalled.HPSupportAssistant   Folder   C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK 
 
 
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
 
 
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 10/31/22
Scan Time: 6:10 AM
Log File: 2e3492c8-5904-11ed-aae0-d8c0a623d848.json
 
-Software Information-
Version: 4.5.16.217
Components Version: 1.0.1792
Update Package Version: 1.0.61722
License: Trial
 
-System Information-
OS: Windows 11 (Build 22000.1098)
CPU: x64
File System: NTFS
User: PapasAsus\moond
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 311677
Threats Detected: 1
Threats Quarantined: 0
Time Elapsed: 3 min, 1 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 1
PUP.Optional.BundleInstaller, C:\USERS\MOOND\DESKTOP\MODS FOR WOT\UTORRENT.EXE, No Action By User, 495, 1081967, 1.0.61722, , ame, , 68A70EF9D99E94926E7231E00E136890, F72EE83436CB1F82366BFAAFB14A4C0CB99826C02166FC0BD21FB6E7EB5190C6
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 
 
(end)

  • 0

#6
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,053 posts

OK, a few things are detected, let's clean.

 

1. AdwCleaner (Clean mode)

  • Double click AdwCleaner.exe on your Desktop, to run it as you did before.
  • Click Scan Now.
  • When the scan has finished a Scan Results window will open.
  • Please check all the boxes and then click Quarantine.
  • Click Next.
    • If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it.
    • Check any pre-installed software items you want to remove (this is your decision).
    • Click Quarantine.
  • A prompt to save your work will appear.
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear.
    • Click Restart Now.
  • Once your computer has restarted:
    • If it doesn't open automatically, please start AdwCleaner.
    • Click the Log Files tab.
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.

 

2. Run Malwarebytes (Clean mode)

  • Double click the program's icon on your Desktop, as you did before.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Under the title Scan Options, all the options are checked.
    Under the title Windows Security Center (Premium only) the option is unchecked.
    Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Thread Scan Summary window open.
  • If threats are not found, click View Report and proceed to the two last steps below.
  • If threats are found, make sure that all threats are selected, and click on Quarantine/Remove selected.
  • You may need to restart the computer.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

 

3. Fresh FRST logs

 

Please run FRST tool once again and attach fresh logs for me (Addition and FRST)

 

 

 

In your next reply, please post:

  • The AdwCleaner[C0*].txt
  • The Malwarebytes report
  • Fresh FRST logs, Addition and FRST
  • Feedback: How is the computer running now? Any remaining issue, question, concern? 

  • 0

#7
moondog830

moondog830

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 804 posts

Going to post the items you requested, but now I'm continually getting a pop-up that 'APPEARS' to be from McAffee that tells me I'm infected. It's associated with forsts.click. Other than this little hiccup, it seems to be running a lot smoother. I think I got the forsts.click by typing in a website wrong and clicking a button.

 

# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build:    08-30-2022
# Database: 2022-10-10.1 (Cloud)
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    10-31-2022
# Duration: 00:00:00
# OS:       Windows 11 (Build 22000.1098)
# Cleaned:  2
# Failed:   0
 
 
***** [ Services ] *****
 
No malicious services cleaned.
 
***** [ Folders ] *****
 
No malicious folders cleaned.
 
***** [ Files ] *****
 
No malicious files cleaned.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks cleaned.
 
***** [ Registry ] *****
 
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Your Software Deals_is1
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries cleaned.
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs cleaned.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries cleaned.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs cleaned.
 
***** [ Hosts File Entries ] *****
 
No malicious hosts file entries cleaned.
 
***** [ Preinstalled Software ] *****
 
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
 
 
*************************
 
[+] Delete Tracing Keys
[+] Reset Winsock
 
*************************
 
AdwCleaner[S00].txt - [1559 octets] - [31/10/2022 05:49:01]
AdwCleaner[S01].txt - [1634 octets] - [31/10/2022 11:56:46]
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 10/31/22
Scan Time: 6:10 AM
Log File: 2e3492c8-5904-11ed-aae0-d8c0a623d848.json
 
-Software Information-
Version: 4.5.16.217
Components Version: 1.0.1792
Update Package Version: 1.0.61722
License: Trial
 
-System Information-
OS: Windows 11 (Build 22000.1098)
CPU: x64
File System: NTFS
User: PapasAsus\moond
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 311677
Threats Detected: 1
Threats Quarantined: 0
Time Elapsed: 3 min, 1 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 1
PUP.Optional.BundleInstaller, C:\USERS\MOOND\DESKTOP\MODS FOR WOT\UTORRENT.EXE, No Action By User, 495, 1081967, 1.0.61722, , ame, , 68A70EF9D99E94926E7231E00E136890, F72EE83436CB1F82366BFAAFB14A4C0CB99826C02166FC0BD21FB6E7EB5190C6
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 
 
(end)
 
 
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(ASUSACCI\ArmouryCrateControlInterface.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\ASUSACCI\ArmouryCrateKeyControl.exe
(ASUSACCI\ArmouryCrateControlInterface.exe ->) (ASUSTEK COMPUTER INCORPORATION -> ASUSTeK COMPUTER INC.) C:\Windows\System32\ASUSACCI\ACCIMonitor.exe
(ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSOptimization\AsusOSD.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe <6>
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
(C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe ->) (Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.133\BraveCrashHandler.exe
(C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe ->) (Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.133\BraveCrashHandler64.exe
(C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe ->) (OpenJS Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe ->) (Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(C:\Program Files\Avast Software\Avast\AvastSvc.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(C:\Program Files\WindowsApps\MicrosoftTeams_22273.905.1632.1008_x64__8wekyb3d8bbwe\msteams.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\107.0.1418.24\msedgewebview2.exe <12>
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe
(Discord Inc. -> Discord Inc.) C:\Users\moond\AppData\Local\Discord\app-1.0.9007\Discord.exe <2>
(DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSOptimization\AsusOptimization.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSOptimization\AsusOptimizationStartupTask.exe
(DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSSoftwareManager\AsusSoftwareManager.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSSoftwareManager\AsusSoftwareManagerAgent.exe
(DriverStore\FileRepositoryʹ997.inf_amd64_db9f85480b2603ac\B374840\atiesrxx.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepositoryʹ997.inf_amd64_db9f85480b2603ac\B374840\atieclxx.exe
(explorer.exe ->) (Adobe Inc. -> Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat DC\Acrobat\acrotray.exe
(explorer.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(explorer.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Cleanup\TuneupUI.exe <3>
(explorer.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Driver Updater\DriverUpdUI.exe <4>
(explorer.exe ->) (Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe <14>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <5>
(Nvidia Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(services.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepositoryʹ997.inf_amd64_db9f85480b2603ac\B374840\atiesrxx.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSLinkRemote\AsusLinkRemote.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\ASUSACCI\ArmouryCrateControlInterface.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\AsusAppService\AsusAppService.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSLinkNear\AsusLinkNear.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSOptimization\AsusOptimization.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSSoftwareManager\AsusSoftwareManager.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSSwitch\AsusSwitch.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSSystemAnalysis\AsusSystemAnalysis.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSSystemDiagnosis\AsusSystemDiagnosis.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Cleanup\TuneupSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Driver Updater\DriverUpdSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\SecureLine VPN\VpnSvc.exe
(services.exe ->) (Canon Inc. -> ) C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(services.exe ->) (DTS, Inc. -> DTS Inc.) C:\Windows\System32\DTS\PC\APO4x\DtsApo4Service.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvamsig.inf_amd64_6d39aa2e4cd594f0\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_7634c653537a72fc\RtkAudUService64.exe <2>
(svchost.exe ->) (Adobe Systems Incorporated) C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(svchost.exe ->) (Adobe Systems Incorporated) C:\Program Files\WindowsApps\AdobeNotificationClient_3.0.1.1_x86__enpm4xejd91yc\AdobeNotificationClient.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2204.13303.0_x64__8wekyb3d8bbwe\Cortana.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22082.119.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_421.20070.715.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [212184 2022-10-18] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [TuneupUI.exe] => C:\Program Files\Avast Software\Cleanup\TuneupUI.exe [4125408 2022-09-08] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [DriverUpdUI.exe] => C:\Program Files\Avast Software\Driver Updater\DriverUpdUI.exe [4573048 2022-10-18] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrotray.exe [6957520 2022-10-16] (Adobe Inc. -> Adobe Systems Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2011-09-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2904984 2011-09-05] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX2] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe [278440 2019-12-05] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [850208 2022-05-03] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-08-04] (Adobe Inc. -> )
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-1336835431-166869274-4150396170-1001\...\Run: [Wargaming.net Game Center] => C:\ProgramData\Wargaming.net\GameCenter\wgc.exe [2148528 2022-10-12] (Wargaming.net Limited -> Wargaming.net)
HKU\S-1-5-21-1336835431-166869274-4150396170-1001\...\Run: [Discord] => C:\Users\moond\AppData\Local\Discord\Update.exe [1512616 2022-02-17] (Discord Inc. -> GitHub)
HKU\S-1-5-21-1336835431-166869274-4150396170-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [7222736 2022-10-16] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-1336835431-166869274-4150396170-1001\...\Run: [MicrosoftEdgeAutoLaunch_F772645FA73EE81AB012C53C5294BF88] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3891624 2022-10-29] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\Canon TR4700 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDHL.DLL [543744 2021-07-11] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [203936 2022-04-07] (Adobe Inc. -> Adobe Systems Inc)
HKLM\...\Print\Monitors\Canon BJ FAX Language Monitor TR4700 series: C:\WINDOWS\system32\CNCALHL.DLL [266752 2021-03-24] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor TR4700 series: C:\WINDOWS\system32\CNMLMHL.DLL [989184 2021-07-11] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\HP C211 Status Monitor: C:\WINDOWS\system32\hpinkstsC211LM.dll [333496 2012-12-15] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP Deskjet 2540 series): C:\WINDOWS\system32\HPDiscoPMC211.dll [763912 2014-03-06] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe [2022-10-12] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\107.1.45.116\Installer\chrmstp.exe [2022-10-28] (Brave Software, Inc. -> Brave Software, Inc.)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0610B03E-8B5C-4BFC-9CC4-414911CF7FFF} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [38504 2021-05-09] (HP Inc. -> HP Inc.)
Task: {136275DC-0C78-40D3-9F0B-E89147ECF19C} - System32\Tasks\Avast Software\Avast Cleanup Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-tu\icarus.exe [6803168 2022-09-06] (Avast Software s.r.o. -> Avast Software)
Task: {281CE78A-D24C-4FD8-A9B1-89A92694B01F} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\Explorer.exe /NoUACCheck
Task: {2B627E2B-E5B1-40C7-80FC-536C2F83C2F1} - System32\Tasks\EZCastLiteSchedule => C:\Program Files (x86)\EZCast Lite\EZCast Lite.exe [7510080 2021-07-19] (Actions Microelectronics Co., Ltd. -> Actions-Micro)
Task: {3051A071-F54B-4699-B7C8-531CCCC50C47} - System32\Tasks\Avast Software\Avast Driver Updater Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-du\icarus.exe [6803168 2022-10-17] (Avast Software s.r.o. -> Avast Software)
Task: {49E18F10-DEDC-44AF-9FCE-9B2038544374} - System32\Tasks\Avast Software\Avast SecureLine VPN Bug Report => C:\Program Files\Avast Software\SecureLine VPN\AvBugReport.exe [4690136 2022-10-04] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 11 --programpath "C:\Program Files\Avast Software\SecureLine VPN" --configpath "C:\ProgramData\Avast Software\SecureLine VPN" --path "C:\ProgramData\Avast Software\SecureLine VPN\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --logpath "C:\ProgramData\Avast Software\SecureLine VPN\log" --guid 552f9dc5-94ed-4d5e-b7b2-b93824f85ef3
Task: {572292CC-69ED-4020-A3B4-ADDDF757543E} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162384 2021-01-20] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {58AFADEC-8880-48FE-9D02-C438F829EDE3} - System32\Tasks\Avast Software\Avast Driver Updater BugReport => C:\Program Files\Avast Software\Driver Updater\AvBugReport.exe [4738936 2022-10-18] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 148 --programpath "C:\Program Files\Avast Software\Driver Updater\Setup\.." --configpath "C:\Program Files\Avast Software\Driver Updater\Setup" --path "C:\ProgramData\Avast Software\Driver Updater\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --guid 22df31ab-a58d-4fd4-b7d6-425383365b36
Task: {5CB86629-F44D-482B-B472-9C223FED4821} - System32\Tasks\Avast Software\Avast SecureLine VPN Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-vpn\icarus.exe [6694224 2022-09-29] (Avast Software s.r.o. -> Avast Software)
Task: {612BA602-6D05-4D29-8E84-8E75FB8AEE13} - System32\Tasks\RtkAudUService64_BG => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_7634c653537a72fc\RtkAudUService64.exe [1257832 2021-04-19] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {6C1D5EF9-B9D8-4C56-B8BF-75281C4E92E2} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646344 2022-03-30] (Nvidia Corporation -> NVIDIA Corporation)
Task: {75FD80C8-8F07-45B7-A599-DD65719D5DF4} - System32\Tasks\GoogleUpdateTaskMachineCore{F46C9215-7F89-4CDF-AA01-E76EADE99F45} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2022-09-18] (Google LLC -> Google LLC)
Task: {79DC8831-5F63-43B3-8C6A-F047EB383E56} - System32\Tasks\Avast Software\Avast Cleanup BugReport => C:\Program Files\Avast Software\Cleanup\AvBugReport.exe [4737760 2022-09-08] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 62 --programpath "C:\Program Files\Avast Software\Cleanup\Setup\.." --configpath "C:\Program Files\Avast Software\Cleanup\Setup" --path "C:\ProgramData\Avast Software\Cleanup\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --guid 6eefc755-099d-4c91-835b-2025da40e7f6
Task: {7C95D745-B6E4-428A-A33A-68382EFF1395} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162384 2021-01-20] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {9497BCC4-4AD9-4C8D-945D-46C8E206A087} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1654272 2022-03-30] (Nvidia Corporation -> NVIDIA Corporation)
Task: {9520D177-3203-43DC-8D0A-30F8ABE2DCE7} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1654272 2022-03-30] (Nvidia Corporation -> NVIDIA Corporation)
Task: {991F9051-A545-4BAE-89CA-CADE87109017} - System32\Tasks\ASUS Update Checker 2.0 => C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSSoftwareManager\AsusUpdateChecker.exe [788104 2022-09-29] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
Task: {A0AD632A-6516-4157-A914-218093A47A16} - System32\Tasks\EZCastLiteRestartSchedule => C:\Program Files (x86)\EZCast Lite\EZCastLiteService.exe [464384 2021-07-19] () [File not signed]
Task: {A58B0594-DE85-48CB-892C-1C4695CD1F57} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906752 2022-03-30] (Nvidia Corporation -> NVIDIA Corporation)
Task: {A617CD82-80BF-44BA-B288-95EC1A9E1AC7} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1654272 2022-03-30] (Nvidia Corporation -> NVIDIA Corporation)
Task: {AE7F71B1-E947-4BBA-A85E-3B789DB1C73E} - System32\Tasks\AsusSystemAnalysis_754F3273-0563-4F20-B12F-826510B07474 => C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSSystemAnalysis\AsusSystemAnalysis.exe [3606640 2022-09-29] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
Task: {B1878CD6-9F02-4923-B022-2894D26D5018} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2250576 2022-05-24] (Avast Software s.r.o. -> Avast Software)
Task: {B6570F7E-D8F3-4749-9132-677A623C7A14} - System32\Tasks\ASUS Optimization 36D18D69AFC3 => C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSOptimization\AsusHotkey.exe [262768 2022-09-29] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
Task: {C1ACC763-D7C2-4772-A331-D841049599C3} - System32\Tasks\GoogleUpdateTaskMachineUA{D4557FAF-5905-4BF8-B1EC-1B1F7F78F0FC} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2022-09-18] (Google LLC -> Google LLC)
Task: {C3F28CE5-D114-4EB6-A86D-5DAC77B63ED6} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {CE918670-87E1-46DD-A558-F311AD98D62C} - System32\Tasks\Avast SecureLine VPN Update => C:\Program Files\Avast Software\SecureLine VPN\VpnUpdate.exe [1213144 2022-10-04] (Avast Software s.r.o. -> AVAST Software)
Task: {D41DC0E0-9A88-445B-9505-AEA1EAA0132B} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1003128 2022-03-01] (Nvidia Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {D5AC0049-CBDB-42A7-94E2-5A8AB41BC0CE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1552376 2022-09-26] (Adobe Inc. -> Adobe Inc.)
Task: {E63DDCD2-C243-420D-90FF-84F183FA5C78} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3342080 2022-03-30] (Nvidia Corporation -> NVIDIA Corporation)
Task: {EF51EAA1-D373-4B35-9299-AD3165607DFD} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4936920 2022-10-18] (Avast Software s.r.o. -> AVAST Software)
Task: {F6B05367-8DA6-476B-8116-0F0102EF14AE} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906752 2022-03-30] (Nvidia Corporation -> NVIDIA Corporation)
Task: {FA5CE3D5-2CC5-417F-BF4B-C352928CA15F} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1654272 2022-03-30] (Nvidia Corporation -> NVIDIA Corporation)
Task: {FA8D69C7-2FD2-4530-BC17-4169781B22A0} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [38504 2021-05-09] (HP Inc. -> HP Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{34cffc01-6eb7-4453-b095-06476a6f1e47}: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{60a98253-bdd0-4097-a412-ca32dc4c5f9b}: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{a922eb1e-d865-4821-8d4b-22e060248836}: [DhcpNameServer] 192.168.1.1
 
Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\moond\AppData\Local\Microsoft\Edge\User Data\Default [2022-10-31]
 
FireFox:
========
FF DefaultProfile: 5r1le8jy.default
FF ProfilePath: C:\Users\moond\AppData\Roaming\Mozilla\Firefox\Profiles\5r1le8jy.default [2022-10-30]
FF ProfilePath: C:\Users\moond\AppData\Roaming\Mozilla\Firefox\Profiles\ha90f5gz.default-release [2022-10-30]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2021-02-01]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2022-10-16] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2022-05-03] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2011-09-05] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2022-05-03] (Adobe Inc. -> Adobe Systems)
 
Chrome: 
=======
CHR Profile: C:\Users\moond\AppData\Local\Google\Chrome\User Data\Default [2022-10-30]
CHR HomePage: Default -> hxxp://home.myhughesnet.com/
CHR StartupUrls: Default -> "hxxp://myhughesnet.hughesnet.com/","hxxps://mail.google.com/mail/u/0/#inbox","hxxp://www.militaryzone.info/forum/index.php","hxxp://ebooks-shares.org/account-login.php?returnto=%2F","hxxps://www.willsub.com/index.asp?fuseaction=WillsubError.SessionTimeOut","hxxps://login.frontlineeducation.com/login?signin=6cd246aa1e5290bfed2e8d6dd28f886d&productId=ABSMGMT&clientId=ABSMGMT#/login","hxxps://rarbg.to/"
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> duckduckgo.com
CHR DefaultNewTabURL: Default -> hxxps://duckduckgo.com/chrome_newtab
CHR DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Session Restore: Default -> is enabled.
CHR Extension: (Safe Torrent Scanner) - C:\Users\moond\AppData\Local\Google\Chrome\User Data\Default\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb [2022-09-18]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\moond\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2022-09-18]
CHR Extension: (Avast Passwords) - C:\Users\moond\AppData\Local\Google\Chrome\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2022-09-18]
CHR Extension: (Readium) - C:\Users\moond\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl [2022-09-18]
CHR Extension: (Google Docs Offline) - C:\Users\moond\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-09-18]
CHR Extension: (Michigan Wolverines Small) - C:\Users\moond\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpjbpcfmjfmecnhojjemfbngbcoejccl [2022-09-18]
CHR Extension: (Capital One Shopping: Add to Chrome for Free) - C:\Users\moond\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2022-09-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\moond\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-09-18]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
 
Brave: 
=======
BRA DefaultProfile: Default
BRA Profile: C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2022-10-31]
BRA Notifications: Default -> hxxps://services.hughesnet.com; hxxps://www.elcorreo.com
BRA NewTab: Default ->  Not-active:"chrome-extension://dchlgjjknnfihkdbkknkhdkneiajdboe/newtab/index.html"
BRA DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}&t=brave
BRA DefaultSearchKeyword: Default -> :D
BRA DefaultSuggestURL: Default -> hxxps://ac.duckduckgo.com/ac/?q={searchTerms}&type=list
BRA Session Restore: Default -> is enabled.
BRA Extension: (Google Translate) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2022-03-10]
BRA Extension: (Sci-Fi Art New Tab) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\dchlgjjknnfihkdbkknkhdkneiajdboe [2021-09-10]
BRA Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2022-10-19]
BRA Extension: (Avast Passwords) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2021-01-20]
BRA Extension: (Capital One Shopping: Add to Chrome for Free) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2022-10-30]
BRA Profile: C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\Guest Profile [2022-10-30]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2022-10-28]
BRA Extension: (Brave NTP background images) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2022-08-12]
BRA Extension: (Wallet Data Files Updater) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\BraveWallet [2022-09-19]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2022-10-31]
BRA Extension: (Brave NTP sponsored images) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe [2022-10-31]
BRA Extension: (Brave SpeedReader Updater) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2022-03-10]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2022-10-25]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2022-09-26] (Adobe Inc. -> Adobe Inc.)
S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [919328 2022-05-03] (Adobe Inc. -> Adobe Inc.)
R2 ArmouryCrateControlInterface; C:\WINDOWS\System32\ASUSACCI\ArmouryCrateControlInterface.exe [1181296 2022-08-18] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 AsusAppService; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\AsusAppService\AsusAppService.exe [901240 2022-09-29] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 ASUSLinkNear; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSLinkNear\AsusLinkNear.exe [1179728 2022-09-29] (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
R2 ASUSLinkRemote; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSLinkRemote\AsusLinkRemote.exe [764560 2022-09-29] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​)
R2 ASUSOptimization; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSOptimization\AsusOptimization.exe [381536 2022-09-29] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 ASUSSoftwareManager; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSSoftwareManager\AsusSoftwareManager.exe [1082992 2022-09-29] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 ASUSSwitch; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSSwitch\AsusSwitch.exe [633968 2022-09-29] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 ASUSSystemAnalysis; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSSystemAnalysis\AsusSystemAnalysis.exe [3606640 2022-09-29] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 ASUSSystemDiagnosis; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSSystemDiagnosis\AsusSystemDiagnosis.exe [790128 2022-09-29] (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.)
R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [8539152 2022-10-18] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [592600 2022-10-18] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [592600 2022-10-18] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2021-05-20] (Avast Software s.r.o. -> AVAST Software)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162384 2021-01-20] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162384 2021-01-20] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 CleanupPSvc; C:\Program Files\Avast Software\Cleanup\TuneupSvc.exe [15464160 2022-09-08] (Avast Software s.r.o. -> AVAST Software)
S3 dcsvc; C:\WINDOWS\system32\dcsvc.dll [831488 2022-09-15] (Microsoft Windows -> Microsoft Corporation)
R2 DriverUpdSvc; C:\Program Files\Avast Software\Driver Updater\DriverUpdSvc.exe [7702904 2022-10-18] (Avast Software s.r.o. -> AVAST Software)
R2 DtsApo4Service; C:\WINDOWS\System32\DTS\PC\APO4x\DtsApo4Service.exe [223352 2021-11-15] (DTS, Inc. -> DTS Inc.)
S4 EZCastLiteService; C:\Program Files (x86)\EZCast Lite\EZCastLiteService.exe [464384 2021-07-19] () [File not signed]
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [288360 2021-05-09] (HP Inc. -> HP Inc.)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [445432 2021-04-19] (Canon Inc. -> )
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8842536 2022-10-31] (Malwarebytes Inc. -> Malwarebytes)
R2 SecureLine; C:\Program Files\Avast Software\SecureLine VPN\VpnSvc.exe [9332952 2022-10-04] (Avast Software s.r.o. -> AVAST Software)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [2599312 2021-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [128376 2021-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvamsig.inf_amd64_6d39aa2e4cd594f0\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvamsig.inf_amd64_6d39aa2e4cd594f0\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 amdfendrmgr; C:\WINDOWS\System32\drivers\amdfendrmgr.sys [33216 2021-12-02] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R3 amdwddmg; C:\WINDOWS\System32\DriverStore\FileRepositoryʹ997.inf_amd64_db9f85480b2603ac\B374840\amdkmdag.sys [81589608 2021-12-20] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
S3 ampa; C:\Windows\system32\ampa.sys [38320 2017-02-28] (CHENGDU AOMEI Tech Co., Ltd. -> )
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R3 AsusPTPDrv; C:\WINDOWS\System32\DriverStore\FileRepository\asusptpfilter.inf_amd64_314b5cb6bf57f471\AsusPTPFilter.sys [116712 2021-12-02] (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.)
R3 AsusSAIO; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSSystemAnalysis\AsusSAIO.sys [46704 2022-09-29] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [42304 2022-10-18] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [238152 2022-10-18] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [390096 2022-10-18] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [306128 2022-10-18] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [105936 2022-10-18] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [25576 2022-10-13] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [48512 2022-10-18] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [276520 2022-10-18] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [564304 2022-10-18] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [114464 2022-10-18] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [90008 2022-10-18] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [862936 2022-10-18] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [672272 2022-10-18] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [221944 2022-10-18] (Avast Software s.r.o. -> AVAST Software)
S3 aswTap; C:\WINDOWS\System32\drivers\aswTap.sys [53904 2021-11-01] (AVAST Software s.r.o. -> The OpenVPN Project)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [327896 2022-10-18] (Avast Software s.r.o. -> AVAST Software)
S3 aswVpnRdr; C:\WINDOWS\System32\drivers\aswVpnRdr.sys [65944 2022-06-09] (Avast Software s.r.o. -> Avast Software)
R3 aswWintun; C:\WINDOWS\System32\drivers\aswWintun.sys [37104 2021-11-01] (Avast Software s.r.o. -> WireGuard LLC)
R1 ATKWMIACPIIO; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSOptimization\AsusWmiAcpi.sys [45240 2022-09-29] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
S3 ddmdrv; C:\Windows\system32\ddmdrv.sys [35760 2016-12-27] (CHENGDU AOMEI Tech Co., Ltd. -> )
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [160376 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2022-10-31] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 extensionDriverBus; C:\WINDOWS\System32\drivers\extensionDriverBus.sys [71648 2021-07-19] (WDKTestCert DELL,131620322850133711 -> Actions Microelectronics Co., Ltd.)
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsRadioControl.sys [33424 2021-07-18] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2022-10-31] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-10-31] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [193992 2022-10-31] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [75216 2022-10-31] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2022-10-31] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [181992 2022-10-31] (Malwarebytes Inc. -> Malwarebytes)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48552 2022-03-17] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation)
S3 rtcx21; C:\WINDOWS\System32\DriverStore\FileRepository\rtcx21x64.inf_amd64_d2a498d51a4f7bec\rtcx21x64.sys [409000 2021-06-01] (Realtek Semiconductor Corp. -> Realtek)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167544 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [49560 2021-06-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [421112 2021-06-05] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [73960 2021-06-05] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
NETSVC: DcSvc -> C:\Windows\system32\dcsvc.dll (Microsoft Corporation)
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2022-10-31 12:00 - 2022-10-31 12:00 - 000193992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2022-10-31 12:00 - 2022-10-31 12:00 - 000181992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2022-10-31 12:00 - 2022-10-31 12:00 - 000075216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2022-10-31 06:01 - 2022-10-31 12:06 - 000000000 ____D C:\Users\moond\AppData\LocalLow\IGDump
2022-10-31 06:01 - 2022-10-31 06:01 - 000239544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2022-10-31 06:01 - 2022-10-31 06:01 - 000223176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2022-10-31 06:01 - 2022-10-31 06:01 - 000158640 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2022-10-31 06:01 - 2022-10-31 06:01 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-10-31 06:01 - 2022-10-31 06:01 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2022-10-31 06:01 - 2022-10-31 06:00 - 000021480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2022-10-31 05:59 - 2022-10-31 05:59 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-10-31 05:58 - 2022-10-31 05:59 - 000000000 ____D C:\Program Files\Malwarebytes
2022-10-31 05:47 - 2022-10-31 11:58 - 000000000 ____D C:\AdwCleaner
2022-10-31 05:45 - 2022-10-31 12:11 - 000000000 ____D C:\Users\moond\Desktop\Virus Checking and Repair
2022-10-30 07:38 - 2022-10-30 07:38 - 005219760 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-10-29 07:30 - 2022-10-31 12:11 - 000000000 ____D C:\FRST
2022-10-29 07:30 - 2022-10-29 07:30 - 000000000 ____D C:\Users\moond\Desktop\FRST-OlderVersion
2022-10-28 23:16 - 2022-10-28 23:16 - 000002061 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2022-10-28 11:22 - 2022-10-28 11:22 - 000047318 _____ C:\Users\moond\Desktop\Bear.svg
2022-10-26 06:39 - 2022-10-26 06:41 - 000000000 ____D C:\Users\moond\AppData\Local\PingPlotter 5
2022-10-26 06:39 - 2022-10-26 06:39 - 000000000 ____D C:\ProgramData\PingPlotter 5
2022-10-26 06:39 - 2022-10-26 06:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PingPlotter 5
2022-10-26 06:39 - 2022-10-26 06:39 - 000000000 ____D C:\Program Files (x86)\PingPlotter 5
2022-10-26 06:38 - 2022-10-26 06:38 - 000000000 ____D C:\Users\moond\AppData\Roaming\Downloaded Installations
2022-10-24 17:53 - 2022-10-24 19:40 - 088309491 _____ (Aslain ) C:\Users\moond\Downloads\Aslains_WoT_Modpack_Installer_v.1.18.1.1_05.exe
2022-10-24 12:49 - 2022-10-24 12:49 - 000000048 ____H C:\Program Files (x86)\shj1nedza4.dat
2022-10-22 09:26 - 2022-10-22 09:26 - 000347806 _____ C:\Users\moond\Downloads\Wargaming.net Premium Shop.html
2022-10-22 09:26 - 2022-10-22 09:26 - 000000000 ____D C:\Users\moond\Downloads\Wargaming.net Premium Shop_files
2022-10-18 21:05 - 2022-10-18 21:05 - 000007858 _____ C:\Users\moond\AppData\Local\recently-used.xbel
2022-10-18 20:21 - 2022-10-18 20:21 - 000000000 ____D C:\Users\moond\AppData\Local\gtk-3.0
2022-10-18 17:46 - 2022-10-18 17:46 - 000343538 _____ C:\Users\moond\Desktop\do it best work.psd
2022-10-18 15:36 - 2022-10-18 15:36 - 000270552 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2022-10-18 15:36 - 2022-10-18 15:36 - 000221944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2022-10-17 10:44 - 2022-10-18 21:04 - 000000000 ____D C:\Users\moond\.dbus-keyrings
2022-10-17 10:44 - 2022-10-18 20:50 - 000000000 ____D C:\Users\moond\AppData\Roaming\inkscape
2022-10-17 10:44 - 2022-10-17 10:44 - 000000000 ____D C:\Users\moond\AppData\Local\fontconfig
2022-10-17 10:32 - 2022-10-17 10:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape
2022-10-17 10:31 - 2022-10-17 10:32 - 000000000 ____D C:\Program Files\Inkscape
2022-10-16 08:55 - 2022-10-16 08:55 - 001188883 _____ C:\Users\moond\Desktop\Bear.ai
2022-10-15 20:32 - 2022-10-16 20:55 - 002085748 _____ C:\Users\moond\Desktop\Monthly Report Sheet.psd
2022-10-13 10:30 - 2022-10-13 10:30 - 000025576 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
2022-10-13 09:35 - 2022-10-13 09:35 - 000550216 _____ C:\Users\moond\Desktop\football helmet template.psd
2022-10-12 15:25 - 2022-10-12 15:25 - 000077824 _____ C:\WINDOWS\system32\runexehelper.exe
2022-10-12 15:25 - 2022-10-12 15:25 - 000015501 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-10-12 15:24 - 2022-10-12 15:24 - 000000000 ___HD C:\$WinREAgent
2022-10-12 13:48 - 2022-10-25 07:15 - 000000901 _____ C:\Users\moond\Desktop\Aslains WoT Logs Archiver.lnk
2022-10-12 12:23 - 2022-10-12 12:23 - 000001657 _____ C:\Users\moond\Desktop\World of Tanks NA.lnk
2022-10-12 07:30 - 2022-10-28 23:16 - 000002084 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller.lnk
2022-10-12 07:30 - 2022-10-28 23:16 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2022-10-10 13:15 - 2022-10-10 13:17 - 000000000 ____D C:\Users\moond\Desktop\WG Check
2022-10-07 14:51 - 2022-10-07 14:51 - 000000000 ____D C:\Users\moond\Downloads\Stevie Collier part collection [epub mobi txt]
2022-10-07 14:51 - 2022-10-07 14:51 - 000000000 ____D C:\Users\moond\Downloads\John Steakley - Armor
2022-10-07 14:41 - 2022-10-28 11:28 - 000000000 ____D C:\Users\moond\Downloads\Aaron Hodges [epub mobi txt]
2022-10-07 14:41 - 2022-10-07 14:41 - 000000000 ____D C:\Users\moond\Downloads\The.Greatest.Beer.Run.Ever.2022.WEBRip.x264-ION10
2022-10-07 14:41 - 2022-10-07 14:41 - 000000000 ____D C:\Users\moond\Downloads\John Walker 001 [epub mobi txt]
2022-10-07 14:40 - 2022-10-07 14:40 - 000000000 ____D C:\Users\moond\Downloads\The.Man.Who.Would.Be.King.1975.720p.BluRay.H264.AAC-RARBG
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2022-10-31 12:07 - 2021-12-18 06:45 - 000803404 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-10-31 12:07 - 2021-12-18 06:39 - 000003752 _____ C:\WINDOWS\system32\Tasks\AsusSystemAnalysis_754F3273-0563-4F20-B12F-826510B07474
2022-10-31 12:07 - 2021-07-27 11:29 - 000000000 ____D C:\Users\moond\Desktop\mods for wot
2022-10-31 12:07 - 2021-06-05 08:09 - 000000000 ____D C:\WINDOWS\INF
2022-10-31 12:05 - 2021-12-18 06:39 - 000003542 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2022-10-31 12:02 - 2021-01-20 10:26 - 000000000 ____D C:\Program Files (x86)\Google
2022-10-31 12:00 - 2022-04-18 20:56 - 000000000 ____D C:\Users\moond\AppData\Local\Discord
2022-10-31 12:00 - 2021-12-18 06:39 - 000004028 _____ C:\WINDOWS\system32\Tasks\Avast SecureLine VPN Update
2022-10-31 12:00 - 2021-12-18 06:39 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-10-31 12:00 - 2021-06-05 08:10 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-10-31 12:00 - 2021-06-05 08:10 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-10-31 12:00 - 2021-03-09 11:45 - 000000000 ____D C:\Users\moond\AppData\Roaming\discord
2022-10-31 12:00 - 2021-01-20 11:26 - 000000000 ____D C:\ProgramData\Avast Software
2022-10-31 12:00 - 2021-01-20 10:59 - 000000000 ____D C:\ProgramData\NVIDIA
2022-10-31 12:00 - 2021-01-19 17:42 - 000000000 ____D C:\WINDOWS\system32\ASUSACCI
2022-10-31 12:00 - 2020-09-27 10:50 - 000012288 ___SH C:\DumpStack.log.tmp
2022-10-31 11:59 - 2021-06-05 08:01 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2022-10-31 11:58 - 2021-09-20 10:18 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2022-10-31 10:37 - 2021-12-18 06:26 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-10-31 06:43 - 2021-06-05 08:10 - 000000000 ___HD C:\Program Files\WindowsApps
2022-10-31 06:40 - 2021-05-17 06:37 - 000000000 ___RD C:\Users\moond\Desktop\books for checking
2022-10-31 06:28 - 2021-06-05 08:10 - 000000000 ____D C:\WINDOWS\SystemTemp
2022-10-31 06:27 - 2021-12-18 06:39 - 000002808 _____ C:\WINDOWS\system32\Tasks\[email protected]
2022-10-31 06:01 - 2021-06-05 08:10 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-10-31 06:01 - 2021-01-19 17:43 - 000000000 ____D C:\Users\moond\AppData\Local\D3DSCache
2022-10-31 05:49 - 2021-12-18 06:39 - 000004166 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{F72DE0B7-2B4B-4E73-8B7D-3F2978127DCD}
2022-10-31 05:44 - 2020-09-27 10:53 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-10-31 05:43 - 2021-12-18 06:39 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2022-10-30 07:32 - 2021-06-05 08:01 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-10-29 15:58 - 2021-01-20 23:30 - 000000000 ____D C:\Users\moond\Calibre Library
2022-10-29 15:57 - 2021-01-20 23:30 - 000000000 ____D C:\Users\moond\AppData\Roaming\calibre
2022-10-29 15:53 - 2021-12-18 06:27 - 000000000 ____D C:\Users\moond
2022-10-29 04:11 - 2021-06-05 08:10 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2022-10-28 18:41 - 2021-12-22 15:33 - 000000000 ____D C:\Users\moond\Desktop\downloaded things I keep
2022-10-28 11:53 - 2021-01-20 10:08 - 000002364 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2022-10-27 17:59 - 2021-01-20 11:04 - 000000000 ____D C:\Users\moond\AppData\Roaming\TS3Client
2022-10-26 19:55 - 2021-12-18 06:39 - 000004122 _____ C:\WINDOWS\system32\Tasks\ASUS Update Checker 2.0
2022-10-26 19:55 - 2021-12-18 06:39 - 000003756 _____ C:\WINDOWS\system32\Tasks\ASUS Optimization 36D18D69AFC3
2022-10-26 17:16 - 2021-01-20 12:28 - 000000000 ____D C:\Users\moond\AppData\Roaming\vlc
2022-10-26 12:45 - 2021-12-18 06:39 - 000003366 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1336835431-166869274-4150396170-1001
2022-10-26 12:45 - 2021-08-08 22:00 - 000002379 _____ C:\Users\moond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-10-26 09:49 - 2022-09-18 08:23 - 000003424 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA{D4557FAF-5905-4BF8-B1EC-1B1F7F78F0FC}
2022-10-26 09:49 - 2022-09-18 08:23 - 000003200 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore{F46C9215-7F89-4CDF-AA01-E76EADE99F45}
2022-10-26 09:49 - 2022-03-26 10:24 - 000002914 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-10-26 09:49 - 2022-03-26 10:23 - 000003398 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-10-26 09:49 - 2021-12-18 06:39 - 000003464 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-10-26 09:49 - 2021-12-18 06:39 - 000003240 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-10-26 09:49 - 2021-12-18 06:39 - 000003062 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1336835431-166869274-4150396170-1001
2022-10-26 09:49 - 2021-12-18 06:39 - 000002854 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1336835431-166869274-4150396170-500
2022-10-26 09:49 - 2021-12-18 06:39 - 000002588 _____ C:\WINDOWS\system32\Tasks\CreateExplorerShellUnelevatedTask
2022-10-26 09:49 - 2021-12-18 06:39 - 000002452 _____ C:\WINDOWS\system32\Tasks\RtkAudUService64_BG
2022-10-26 09:49 - 2021-12-18 06:39 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2022-10-25 15:19 - 2021-04-20 18:43 - 000000132 _____ C:\Users\moond\AppData\Roaming\Adobe PNG Format CS6 Prefs
2022-10-22 07:08 - 2022-04-18 20:56 - 000002227 _____ C:\Users\moond\Desktop\Discord.lnk
2022-10-21 11:07 - 2022-02-19 19:17 - 000000000 ____D C:\Users\moond\Desktop\movies to watch
2022-10-21 11:01 - 2021-04-20 16:34 - 000000000 ____D C:\Users\moond\Desktop\cup work
2022-10-20 21:43 - 2022-09-19 20:13 - 000000000 ____D C:\WINDOWS\Minidump
2022-10-20 21:43 - 2021-01-21 18:01 - 000000000 ____D C:\Users\moond\AppData\Local\CrashDumps
2022-10-20 11:05 - 2021-04-19 21:32 - 000001456 _____ C:\Users\moond\AppData\Local\Adobe Save for Web 13.0 Prefs
2022-10-20 07:26 - 2021-06-23 12:30 - 000000000 ____D C:\Users\moond\Desktop\memes
2022-10-20 07:02 - 2021-01-19 17:43 - 000000000 ____D C:\Users\moond\AppData\Local\Packages
2022-10-19 14:21 - 2021-12-23 14:16 - 000000000 ____D C:\ProgramData\CanonIJPLM
2022-10-18 20:48 - 2022-09-22 06:42 - 000000000 ____D C:\Users\moond\Desktop\CDC Babysitting Stuff
2022-10-18 15:36 - 2021-01-20 11:28 - 000862936 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2022-10-18 15:36 - 2021-01-20 11:28 - 000672272 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2022-10-18 15:36 - 2021-01-20 11:28 - 000564304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys
2022-10-18 15:36 - 2021-01-20 11:28 - 000390096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2022-10-18 15:36 - 2021-01-20 11:28 - 000327896 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2022-10-18 15:36 - 2021-01-20 11:28 - 000306128 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2022-10-18 15:36 - 2021-01-20 11:28 - 000276520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2022-10-18 15:36 - 2021-01-20 11:28 - 000238152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2022-10-18 15:36 - 2021-01-20 11:28 - 000114464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2022-10-18 15:36 - 2021-01-20 11:28 - 000105936 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2022-10-18 15:36 - 2021-01-20 11:28 - 000090008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2022-10-18 15:36 - 2021-01-20 11:28 - 000048512 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2022-10-18 15:36 - 2021-01-20 11:28 - 000042304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2022-10-17 10:25 - 2021-04-19 07:26 - 000000000 ____D C:\Users\moond\AppData\Local\Adobe
2022-10-12 18:20 - 2021-06-05 08:10 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-10-12 18:20 - 2021-06-05 08:10 - 000000000 ____D C:\WINDOWS\SystemResources
2022-10-12 18:20 - 2021-06-05 08:10 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2022-10-12 18:20 - 2021-06-05 08:10 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-10-12 18:20 - 2021-06-05 08:10 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-10-12 18:20 - 2021-06-05 08:10 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-10-12 17:29 - 2022-09-18 08:23 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-10-12 15:25 - 2021-12-18 06:26 - 003106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-10-12 13:58 - 2021-01-23 08:22 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-10-12 13:56 - 2021-01-23 08:22 - 147398024 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-10-12 13:47 - 2021-01-19 17:54 - 000000000 ____D C:\Games
2022-10-12 12:23 - 2021-01-19 17:54 - 000000000 ____D C:\Users\moond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wargaming.net
2022-10-01 07:41 - 2022-09-30 09:45 - 000016539 _____ C:\Users\moond\Desktop\5th and 6th Football.odt
2022-10-01 07:41 - 2022-09-30 09:44 - 000016189 _____ C:\Users\moond\Desktop\3rd and 4th Football.odt
2022-10-01 07:40 - 2022-09-30 09:44 - 000016502 _____ C:\Users\moond\Desktop\7th and 8th Football.odt
 
==================== Files in the root of some directories ========
 
2022-10-24 12:49 - 2022-10-24 12:49 - 000000048 ____H () C:\Program Files (x86)\shj1nedza4.dat
2022-05-03 09:51 - 2022-08-22 10:15 - 000000132 _____ () C:\Users\moond\AppData\Roaming\Adobe BMP Format CS6 Prefs
2021-04-20 18:43 - 2022-10-25 15:19 - 000000132 _____ () C:\Users\moond\AppData\Roaming\Adobe PNG Format CS6 Prefs
2021-01-21 17:35 - 2021-08-02 16:36 - 000099384 _____ () C:\Users\moond\AppData\Roaming\inst.exe
2021-01-21 17:35 - 2021-08-02 16:36 - 000007859 _____ () C:\Users\moond\AppData\Roaming\pcouffin.cat
2021-01-21 17:35 - 2021-08-02 16:36 - 000001167 _____ () C:\Users\moond\AppData\Roaming\pcouffin.inf
2021-01-21 17:35 - 2021-08-02 16:36 - 000000055 _____ () C:\Users\moond\AppData\Roaming\pcouffin.log
2021-01-21 17:35 - 2021-08-02 16:36 - 000082816 _____ (VSO Software) C:\Users\moond\AppData\Roaming\pcouffin.sys
2021-04-19 21:32 - 2022-10-20 11:05 - 000001456 _____ () C:\Users\moond\AppData\Local\Adobe Save for Web 13.0 Prefs
2022-05-03 11:49 - 2022-05-03 11:49 - 000000000 _____ () C:\Users\moond\AppData\Local\oobelibMkey.log
2022-10-18 21:05 - 2022-10-18 21:05 - 000007858 _____ () C:\Users\moond\AppData\Local\recently-used.xbel
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-10-2022 02
Ran by moond (31-10-2022 12:12:51)
Running from C:\Users\moond\Desktop\Virus Checking and Repair
Microsoft Windows 11 Home Version 21H2 22000.1098 (X64) (2021-12-18 10:39:48)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-1336835431-166869274-4150396170-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1336835431-166869274-4150396170-503 - Limited - Disabled)
Guest (S-1-5-21-1336835431-166869274-4150396170-501 - Limited - Disabled)
moond (S-1-5-21-1336835431-166869274-4150396170-1001 - Administrator - Enabled) => C:\Users\moond
WDAGUtilityAccount (S-1-5-21-1336835431-166869274-4150396170-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-FFFF-7760-BC15014EA700}) (Version: 22.003.20263 - Adobe)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.1 - Adobe Systems)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.7.1.1 - Adobe Inc.)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601032}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AOMEI Partition Assistant 9.1 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version:  - AOMEI International Network Limited.)
Ashampoo Music Studio 5 v.5.0.6 (HKLM-x32\...\{91B33C97-5BBE-576E-893B-711D4D8298ED}_is1) (Version: 5.0.6 - Ashampoo GmbH & Co. KG)
Aslain's WoT Modpack version 1.18.1.1.05 (HKLM-x32\...\Aslains_WoT_Modpack_Installer_is1) (Version: 1.18.1.1.05 - Aslain)
Avast Cleanup Premium (HKLM\...\Avast Cleanup) (Version: 22.3.12193.8260 - Avast Software)
Avast Driver Updater (HKLM\...\Avast Driver Updater) (Version: 22.3.2812.10926 - Avast Software)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 22.10.6038 - Avast Software)
Avast SecureLine VPN (HKLM\...\Avast SecureLine) (Version: 5.21.6744.5326 - Avast Software)
Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1206.2 - AVAST Software) Hidden
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 107.1.45.116 - Brave Software Inc)
calibre 64bit (HKLM\...\{7FAA3B03-C3B1-4AF6-A543-7853C61FC971}) (Version: 5.42.0 - Kovid Goyal)
Canon IJ Network Scanner Selector EX2 (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX2) (Version: 2.0.15.2 - Canon Inc.)
Canon IJ Printer Assistant Tool (HKLM-x32\...\Canon IJ Printer Assistant Tool) (Version: 1.60.1.15 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.6.1.2 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 6.4.0 - Canon Inc.)
Canon TR4700 series Driver (HKLM\...\{1199FAD5-9546-44F3-81CF-FFDB8040B7BF}_Canon_TR4700_series) (Version: 1.01 - Canon Inc.)
Discord (HKU\S-1-5-21-1336835431-166869274-4150396170-1001\...\Discord) (Version: 1.0.9004 - Discord Inc.)
EZCast Lite (HKLM-x32\...\{64F1DC10-EEB2-47E4-A86E-F5E3E3A56BE8}) (Version: 1.3.1.193 - Actions-Micro)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 106.0.5249.119 - Google LLC)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.101.0 - Google LLC) Hidden
HP Deskjet 2540 series Help (HKLM-x32\...\{4539575D-C09D-4E71-B207-0F2D6BD74DA2}) (Version: 30.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
Inkscape (HKLM-x32\...\Inkscape) (Version: 1.2.1- - Inkscape)
Malwarebytes version 4.5.16.217 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.16.217 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 107.0.1418.26 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 107.0.1418.24 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1336835431-166869274-4150396170-1001\...\OneDriveSetup.exe) (Version: 22.207.1002.0003 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{6A2A8076-135F-4F55-BB02-DED67C8C6934}) (Version: 4.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 (HKLM-x32\...\{6913e92a-b64e-41c9-a5e6-cef39207fe89}) (Version: 14.25.28508.3 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 (HKLM-x32\...\{65e650ff-30be-469d-b63a-418d71ea1765}) (Version: 14.25.28508.3 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.25.28508 (HKLM\...\{7D0B74C2-C3F8-4AF1-940F-CD79AB4B2DCE}) (Version: 14.25.28508 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.25.28508 (HKLM\...\{EEA66967-97E2-4561-A999-5C22E3CDE428}) (Version: 14.25.28508 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 (HKLM-x32\...\{0FA68574-690B-4B00-89AA-B28946231449}) (Version: 14.25.28508 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 (HKLM-x32\...\{2BC3BD4D-FABA-4394-93C7-9AC82A263FE2}) (Version: 14.25.28508 - Microsoft Corporation) Hidden
Microsoft_VC80_CRT_x86 (HKLM-x32\...\{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (HKLM-x32\...\{08D2E121-7F6A-43EB-97FD-629B44903403}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (HKLM-x32\...\{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (HKLM-x32\...\{B6D38690-755E-4F40-A35A-23F8BC2B86AC}) (Version: 1.00.0000 - Adobe) Hidden
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 90.0.2 - Mozilla)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 8.4.5 - Notepad++ Team)
NVIDIA FrameView SDK 1.2.7521.31103277 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.2.7521.31103277 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.25.1.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.25.1.27 - NVIDIA Corporation)
NVIDIA Graphics Driver 512.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 512.15 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.39.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.39.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.1.8 (HKLM-x32\...\{963FD672-F116-4AE3-AE25-84B576E610A7}) (Version: 4.18.9803 - Apache Software Foundation)
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
PingPlotter 5 (HKLM-x32\...\{2744D183-39DE-4473-A4FD-B6D0961D0A12}) (Version: 5.23.3.8770 - Pingman Tools, LLC) Hidden
PingPlotter 5 (HKLM-x32\...\PingPlotter 5 5.23.3.8770) (Version: 5.23.3.8770 - Pingman Tools, LLC)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.3.3 - Krzysztof Kowalczyk)
SumatraPDF (HKU\S-1-5-21-1336835431-166869274-4150396170-1001\...\SumatraPDF) (Version: 3.4.6 - Krzysztof Kowalczyk)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.5.6 - TeamSpeak Systems GmbH)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.16 - VideoLAN)
Wargaming.net Game Center (HKU\S-1-5-21-1336835431-166869274-4150396170-1001\...\Wargaming.net Game Center) (Version: 22.4.1.367 - Wargaming.net)
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
WinRAR 6.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.11.0 - win.rar GmbH)
World of Tanks NA (HKU\S-1-5-21-1336835431-166869274-4150396170-1001\...\WOT.NA.PRODUCTION) (Version:  - Wargaming.net)
Xilisoft Photo Slideshow Maker (HKLM-x32\...\Xilisoft Photo Slideshow Maker) (Version: 1.0.2.20120228 - Xilisoft)
Zoom (HKU\S-1-5-21-1336835431-166869274-4150396170-1001\...\ZoomUMX) (Version: 5.10.7 (6120) - Zoom Video Communications, Inc.)
 
Packages:
=========
Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2022-05-03] (Adobe Systems Incorporated)
Adobe Acrobat DC -> C:\Program Files\Adobe\Acrobat DC [2022-10-28] (0)
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_3.0.1.1_x86__enpm4xejd91yc [2022-05-03] (Adobe Systems Incorporated)
AMD Radeon Software -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.20025.0_x64__0a9344xs7nr4m [2022-04-12] (Advanced Micro Devices Inc.) [Startup Task]
AMD Radeon™ Settings Lite -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.59462344778C5_10.19.40016.0_x64__0a9344xs7nr4m [2021-01-19] (Advanced Micro Devices Inc.)
Disney+ -> C:\Program Files\WindowsApps\Disney.37853FC22B2CE_1.40.5.0_x64__6rarf9sa4v8jt [2022-10-29] (Disney)
DTS:X Ultra -> C:\Program Files\WindowsApps\DTSInc.DTSXUltra_1.11.7.0_x64__t5j2fzbtdg37r [2022-09-29] (DTS, Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_139.2.289.0_x64__v10z8vjag6ke6 [2022-09-22] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-12-18] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-12-18] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.14.9130.0_x64__8wekyb3d8bbwe [2022-09-19] (Microsoft Studios) [MS Ad]
MyASUS -> C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_3.1.8.0_x64__qmba6cd70vzyy [2022-10-29] (ASUSTeK COMPUTER INC.)
NFO Viewer -> C:\Program Files\WindowsApps\5480BrunoGiordano.NFOViewer_1.0.1.1_neutral__xzarbek87fvdr [2021-01-21] (Bruno Giordano)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.963.0_x64__56jybvy8sckqj [2022-10-29] (NVIDIA Corp.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-11-16] (Microsoft Corporation)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.26.249.0_x64__dt26b99r8h8gj [2021-06-20] (Realtek Semiconductor Corp)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.197.962.0_x86__zpdnekdrzrea0 [2022-10-29] (Spotify AB) [Startup Task]
WinRAR -> C:\Program Files\WinRAR [2022-03-26] (0)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1336835431-166869274-4150396170-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-C4C0C3ED23F7} -> [Creative Cloud Files] => C:\Users\moond\Creative Cloud Files [2022-05-03 11:23]
CustomCLSID: HKU\S-1-5-21-1336835431-166869274-4150396170-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.)
CustomCLSID: HKU\S-1-5-21-1336835431-166869274-4150396170-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-04-27] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-04-27] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-04-27] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-10-18] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-10-18] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-04-27] (Adobe Inc. -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2022-10-16] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2022-09-02] (Notepad++ -> )
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-10-18] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-10-18] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-10-31] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\WINDOWS\System32\atiacm64.dll [2021-12-20] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvamsig.inf_amd64_6d39aa2e4cd594f0\nvshext.dll [2022-07-21] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-04-27] (Adobe Inc. -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2022-10-16] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-10-18] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-10-31] (Malwarebytes Inc. -> Malwarebytes)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\moond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Readium.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=fepbnnnkkadjhjahcafoaglimekefifl
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Software Deals.lnk -> C:\ProgramData\Ashampoo\YourDeals.exe () -> hxxp://linktarget.ashampoo.com/linktarget/?target=marketplace&edition=eid=11001&utm_medium=desktop&x-pos=Metro
 
==================== Loaded Modules (Whitelisted) =============
 
2021-12-23 14:24 - 2019-10-11 16:45 - 000353280 _____ (CANON INC) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\scchmpm.dll
2021-12-23 14:24 - 2019-11-01 10:16 - 000219648 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\cnmpu2.dll
2021-12-23 14:24 - 2019-12-05 17:17 - 000008704 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNS2_ENU.DLL
2021-12-23 14:24 - 2019-12-05 17:17 - 000104448 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNS2_IMG.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2022-04-07] (Adobe Inc. -> Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2022-04-07] (Adobe Inc. -> Adobe Systems Incorporated)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2022-04-07] (Adobe Inc. -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2022-04-07] (Adobe Inc. -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2022-04-07] (Adobe Inc. -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2022-04-07] (Adobe Inc. -> Adobe Systems Incorporated)
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2019-12-07 05:14 - 2019-12-07 05:12 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1336835431-166869274-4150396170-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\moond\Desktop\Trudee.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKU\S-1-5-21-1336835431-166869274-4150396170-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1336835431-166869274-4150396170-1001\...\StartupApproved\Run: => "Wargaming.net Game Center"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{289555F1-1744-439E-AF05-397755CBC8F2}C:\games\world_of_tanks_na\win64\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_na\win64\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [UDP Query User{65BB0D6B-A257-41CA-ACFB-9EA3E76641FF}C:\games\world_of_tanks_na\win64\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_na\win64\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{B04B02CE-1A71-4E65-B235-3A8A1EA86730}] => (Allow) C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSSwitch\AsusSwitchNet.exe (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
FirewallRules: [{571EA5ED-ED47-4D29-82EE-E1656A78DFE9}] => (Allow) C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSLinkNear\AsusLinkNear.exe (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
FirewallRules: [{F53F8470-B1D4-423B-BC93-BCDDE61F106E}] => (Allow) C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSSwitch\AsusSwitchNetMDNS.exe (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
FirewallRules: [{2A1114DF-CB04-4C04-BD05-D5FAEC3EBF7B}] => (Allow) C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSLinkRemote\AsusLinkRemoteAgent.exe (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​)
FirewallRules: [{D035915F-60A8-477A-A973-AED237FCA382}] => (Allow) C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSLinkRemote\AsusLinkRemoteAgent.exe (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​)
 
==================== Restore Points =========================
 
31-10-2022 11:58:02 AdwCleaner_BeforeCleaning_31/10/2022_11:58:02
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (10/31/2022 11:59:41 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.
 
Error: (10/31/2022 11:59:41 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
 
Error: (10/31/2022 11:59:41 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
 
Error: (10/31/2022 11:59:41 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.
 
Error: (10/31/2022 11:59:41 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.
 
Error: (10/31/2022 11:59:41 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
 
Error: (10/31/2022 11:59:41 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
 
Error: (10/30/2022 07:40:01 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Program Files\Avast Software\Cleanup\TuneupSvc.exe, PID: 4984, ProfSvc PID: 2124.
 
 
System errors:
=============
Error: (10/31/2022 11:58:09 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avast SecureLine VPN service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (10/31/2022 11:58:09 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/31/2022 11:58:09 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA LocalSystem Container service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 6000 milliseconds: Restart the service.
 
Error: (10/31/2022 11:58:09 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The DtsApo4Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/31/2022 11:58:09 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The ASUS System Diagnosis service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (10/31/2022 11:58:09 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Realtek Audio Universal Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (10/31/2022 11:58:09 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The ASUS Link Remote service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (10/31/2022 11:58:09 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The ASUS System Analysis service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
 
CodeIntegrity:
===============
Date: 2022-10-31 12:02:13
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.
 
Date: 2022-10-31 12:01:16
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.
 
 
==================== Memory info =========================== 
 
BIOS: American Megatrends Inc. FA706IH.316 03/12/2021
Motherboard: ASUSTeK COMPUTER INC. FA706IH
Processor: AMD Ryzen 7 4800H with Radeon Graphics 
Percentage of memory in use: 21%
Total physical RAM: 32175.23 MB
Available physical RAM: 25376.8 MB
Total Virtual: 37039.23 MB
Available Virtual: 28129.43 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:953.17 GB) (Free:671.98 GB) (Model: SPCC M.2 PCIe SSD) NTFS
Drive d: () (Fixed) (Total:931.5 GB) (Free:733.35 GB) (Model: ST1000LM035-1RK172) NTFS
Drive g: (Little Bits) (Fixed) (Total:931.51 GB) (Free:501.29 GB) (Model: ST1000LM 035-1RK172 USB Device) NTFS
 
\\?\Volume{c95b2622-04d3-4d17-86bc-c7ab187f9143}\ () (Fixed) (Total:0.58 GB) (Free:0.07 GB) NTFS
\\?\Volume{c6c9306c-e9f4-4f2f-9892-c9f4cf92d8e0}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 04A1E3A2)
 
Partition: GPT.
 
==========================================================
Disk: 1 (Protective MBR) (Size: 953.9 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: FA1B96AD)
 
Partition: GPT.
 
==================== End of Addition.txt =======================
 

  • 0

#8
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,053 posts

Can you please remove the process here (Steps 1 and 2)?

 

http://www.geekstogo...d/#entry2666355


  • 0

#9
moondog830

moondog830

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 804 posts
# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build:    08-30-2022
# Database: 2022-10-10.1 (Cloud)
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    11-01-2022
# Duration: 00:00:10
# OS:       Windows 11 (Build 22000.1098)
# Scanned:  32103
# Detected: 0
 
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries found.
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs found.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries found.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs found.
 
***** [ Hosts File Entries ] *****
 
No malicious hosts file entries found.
 
***** [ Preinstalled Software ] *****
 
No Preinstalled Software found.
 
 
AdwCleaner[S00].txt - [1559 octets] - [31/10/2022 05:49:01]
AdwCleaner[S01].txt - [1634 octets] - [31/10/2022 11:56:46]
AdwCleaner[C01].txt - [1815 octets] - [31/10/2022 11:58:10]
AdwCleaner[S02].txt - [1603 octets] - [01/11/2022 11:46:36]
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S03].txt ##########
 
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 11/1/22
Scan Time: 5:20 PM
Log File: 14203c5c-5a2b-11ed-9224-d8c0a623d848.json
 
-Software Information-
Version: 4.5.16.217
Components Version: 1.0.1792
Update Package Version: 1.0.61776
License: Trial
 
-System Information-
OS: Windows 11 (Build 22000.1098)
CPU: x64
File System: NTFS
User: PapasAsus\moond
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 312392
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 2 min, 12 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 
 
(end)
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-10-2022 02
Ran by moond (administrator) on PAPASASUS (ASUSTeK COMPUTER INC. ASUS TUF Gaming A17 FA706IH_TUF706IH) (01-11-2022 17:29:17)
Running from C:\Users\moond\Desktop\Virus Checking and Repair
Loaded Profiles: moond
Platform: Microsoft Windows 11 Home Version 21H2 22000.1098 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(ASUSACCI\ArmouryCrateControlInterface.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\ASUSACCI\ArmouryCrateKeyControl.exe
(ASUSACCI\ArmouryCrateControlInterface.exe ->) (ASUSTEK COMPUTER INCORPORATION -> ASUSTeK COMPUTER INC.) C:\Windows\System32\ASUSACCI\ACCIMonitor.exe
(ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSOptimization\AsusOSD.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe <5>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Cleanup\TuneupUI.exe <4>
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
(C:\Games\World_of_Tanks_NA\win64\WorldOfTanks.exe ->) (Wargaming.net Limited -> Wargaming.net) C:\Games\World_of_Tanks_NA\win64\cef_browser_process.exe
(C:\Games\World_of_Tanks_NA\win64\WorldOfTanks.exe ->) (Wargaming.net Limited -> Wargaming.net) C:\Games\World_of_Tanks_NA\win64\WargamingErrorMonitor.exe
(C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe ->) (Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.133\BraveCrashHandler.exe
(C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe ->) (Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.133\BraveCrashHandler64.exe
(C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe ->) (OpenJS Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe ->) (Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe ->) (Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
(C:\Program Files\Avast Software\Avast\AvastSvc.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_421.20070.715.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\107.0.1418.26\msedgewebview2.exe <12>
(C:\ProgramData\Wargaming.net\GameCenter\wgc.exe ->) (Wargaming.net Limited -> Wargaming.net) C:\ProgramData\Wargaming.net\GameCenter\dlls\wgc_renderer_host.exe <3>
(C:\ProgramData\Wargaming.net\GameCenter\wgc.exe ->) (Wargaming.net Limited -> Wargaming.net) C:\ProgramData\Wargaming.net\GameCenter\wargamingerrormonitor.exe
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe
(DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSOptimization\AsusOptimization.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSOptimization\AsusOptimizationStartupTask.exe
(DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSSoftwareManager\AsusSoftwareManager.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSSoftwareManager\AsusSoftwareManagerAgent.exe
(DriverStore\FileRepositoryʹ997.inf_amd64_db9f85480b2603ac\B374840\atiesrxx.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepositoryʹ997.inf_amd64_db9f85480b2603ac\B374840\atieclxx.exe
(explorer.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(explorer.exe ->) (Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe
(explorer.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Driver Updater\DriverUpdUI.exe <4>
(explorer.exe ->) (Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe <27>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <7>
(Nvidia Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(services.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepositoryʹ997.inf_amd64_db9f85480b2603ac\B374840\atiesrxx.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSLinkRemote\AsusLinkRemote.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\ASUSACCI\ArmouryCrateControlInterface.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\AsusAppService\AsusAppService.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSLinkNear\AsusLinkNear.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSOptimization\AsusOptimization.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSSoftwareManager\AsusSoftwareManager.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSSwitch\AsusSwitch.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSSystemAnalysis\AsusSystemAnalysis.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSSystemDiagnosis\AsusSystemDiagnosis.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Cleanup\TuneupSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Driver Updater\DriverUpdSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\SecureLine VPN\VpnSvc.exe
(services.exe ->) (Canon Inc. -> ) C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(services.exe ->) (DTS, Inc. -> DTS Inc.) C:\Windows\System32\DTS\PC\APO4x\DtsApo4Service.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvamsig.inf_amd64_6d39aa2e4cd594f0\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_7634c653537a72fc\RtkAudUService64.exe <2>
(svchost.exe ->) (Adobe Systems Incorporated) C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(svchost.exe ->) (Adobe Systems Incorporated) C:\Program Files\WindowsApps\AdobeNotificationClient_3.0.1.1_x86__enpm4xejd91yc\AdobeNotificationClient.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2204.13303.0_x64__8wekyb3d8bbwe\Cortana.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22082.119.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\GameBarPresenceWriter.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_421.20070.715.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe
(Wargaming.net Limited -> Wargaming.net) C:\Games\World_of_Tanks_NA\win64\WorldOfTanks.exe
(Wargaming.net Limited -> Wargaming.net) C:\ProgramData\Wargaming.net\GameCenter\wgc.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [212184 2022-10-18] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [TuneupUI.exe] => C:\Program Files\Avast Software\Cleanup\TuneupUI.exe [4126616 2022-11-01] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [DriverUpdUI.exe] => C:\Program Files\Avast Software\Driver Updater\DriverUpdUI.exe [4573048 2022-10-18] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrotray.exe [6957520 2022-10-16] (Adobe Inc. -> Adobe Systems Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2011-09-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2904984 2011-09-05] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX2] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe [278440 2019-12-05] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [850208 2022-05-03] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-08-04] (Adobe Inc. -> )
HKLM\...\RunOnce: [msedge_cleanup_{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}] => C:\Program Files (x86)\Microsoft\EdgeWebView\Application\107.0.1418.26\Installer\setup.exe [3361688 2022-10-31] (Microsoft Corporation -> Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-1336835431-166869274-4150396170-1001\...\Run: [Wargaming.net Game Center] => C:\ProgramData\Wargaming.net\GameCenter\wgc.exe [2148528 2022-10-12] (Wargaming.net Limited -> Wargaming.net)
HKU\S-1-5-21-1336835431-166869274-4150396170-1001\...\Run: [Discord] => C:\Users\moond\AppData\Local\Discord\Update.exe [1512616 2022-02-17] (Discord Inc. -> GitHub)
HKU\S-1-5-21-1336835431-166869274-4150396170-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [7222736 2022-10-16] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-1336835431-166869274-4150396170-1001\...\Run: [MicrosoftEdgeAutoLaunch_F772645FA73EE81AB012C53C5294BF88] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3891624 2022-10-29] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\Canon TR4700 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDHL.DLL [543744 2021-07-11] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [203936 2022-04-07] (Adobe Inc. -> Adobe Systems Inc)
HKLM\...\Print\Monitors\Canon BJ FAX Language Monitor TR4700 series: C:\WINDOWS\system32\CNCALHL.DLL [266752 2021-03-24] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor TR4700 series: C:\WINDOWS\system32\CNMLMHL.DLL [989184 2021-07-11] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\HP C211 Status Monitor: C:\WINDOWS\system32\hpinkstsC211LM.dll [333496 2012-12-15] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP Deskjet 2540 series): C:\WINDOWS\system32\HPDiscoPMC211.dll [763912 2014-03-06] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\107.0.5304.87\Installer\chrmstp.exe [2022-11-01] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\107.1.45.116\Installer\chrmstp.exe [2022-10-28] (Brave Software, Inc. -> Brave Software, Inc.)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0610B03E-8B5C-4BFC-9CC4-414911CF7FFF} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [38504 2021-05-09] (HP Inc. -> HP Inc.)
Task: {136275DC-0C78-40D3-9F0B-E89147ECF19C} - System32\Tasks\Avast Software\Avast Cleanup Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-tu\icarus.exe [6803168 2022-10-31] (Avast Software s.r.o. -> Avast Software)
Task: {281CE78A-D24C-4FD8-A9B1-89A92694B01F} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\Explorer.exe /NoUACCheck
Task: {2B627E2B-E5B1-40C7-80FC-536C2F83C2F1} - System32\Tasks\EZCastLiteSchedule => C:\Program Files (x86)\EZCast Lite\EZCast Lite.exe [7510080 2021-07-19] (Actions Microelectronics Co., Ltd. -> Actions-Micro)
Task: {3051A071-F54B-4699-B7C8-531CCCC50C47} - System32\Tasks\Avast Software\Avast Driver Updater Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-du\icarus.exe [6803168 2022-10-17] (Avast Software s.r.o. -> Avast Software)
Task: {49E18F10-DEDC-44AF-9FCE-9B2038544374} - System32\Tasks\Avast Software\Avast SecureLine VPN Bug Report => C:\Program Files\Avast Software\SecureLine VPN\AvBugReport.exe [4690136 2022-10-04] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 11 --programpath "C:\Program Files\Avast Software\SecureLine VPN" --configpath "C:\ProgramData\Avast Software\SecureLine VPN" --path "C:\ProgramData\Avast Software\SecureLine VPN\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --logpath "C:\ProgramData\Avast Software\SecureLine VPN\log" --guid 552f9dc5-94ed-4d5e-b7b2-b93824f85ef3
Task: {572292CC-69ED-4020-A3B4-ADDDF757543E} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162384 2021-01-20] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {58AFADEC-8880-48FE-9D02-C438F829EDE3} - System32\Tasks\Avast Software\Avast Driver Updater BugReport => C:\Program Files\Avast Software\Driver Updater\AvBugReport.exe [4738936 2022-10-18] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 148 --programpath "C:\Program Files\Avast Software\Driver Updater\Setup\.." --configpath "C:\Program Files\Avast Software\Driver Updater\Setup" --path "C:\ProgramData\Avast Software\Driver Updater\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --guid 22df31ab-a58d-4fd4-b7d6-425383365b36
Task: {5CB86629-F44D-482B-B472-9C223FED4821} - System32\Tasks\Avast Software\Avast SecureLine VPN Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-vpn\icarus.exe [6694224 2022-09-29] (Avast Software s.r.o. -> Avast Software)
Task: {612BA602-6D05-4D29-8E84-8E75FB8AEE13} - System32\Tasks\RtkAudUService64_BG => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_7634c653537a72fc\RtkAudUService64.exe [1257832 2021-04-19] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {6C1D5EF9-B9D8-4C56-B8BF-75281C4E92E2} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646344 2022-03-30] (Nvidia Corporation -> NVIDIA Corporation)
Task: {75FD80C8-8F07-45B7-A599-DD65719D5DF4} - System32\Tasks\GoogleUpdateTaskMachineCore{F46C9215-7F89-4CDF-AA01-E76EADE99F45} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2022-09-18] (Google LLC -> Google LLC)
Task: {79DC8831-5F63-43B3-8C6A-F047EB383E56} - System32\Tasks\Avast Software\Avast Cleanup BugReport => C:\Program Files\Avast Software\Cleanup\AvBugReport.exe [4738968 2022-11-01] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 62 --programpath "C:\Program Files\Avast Software\Cleanup\Setup\.." --configpath "C:\Program Files\Avast Software\Cleanup\Setup" --path "C:\ProgramData\Avast Software\Cleanup\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --guid 6eefc755-099d-4c91-835b-2025da40e7f6
Task: {7C95D745-B6E4-428A-A33A-68382EFF1395} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162384 2021-01-20] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {9497BCC4-4AD9-4C8D-945D-46C8E206A087} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1654272 2022-03-30] (Nvidia Corporation -> NVIDIA Corporation)
Task: {9520D177-3203-43DC-8D0A-30F8ABE2DCE7} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1654272 2022-03-30] (Nvidia Corporation -> NVIDIA Corporation)
Task: {991F9051-A545-4BAE-89CA-CADE87109017} - System32\Tasks\ASUS Update Checker 2.0 => C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSSoftwareManager\AsusUpdateChecker.exe [788104 2022-09-29] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
Task: {A0AD632A-6516-4157-A914-218093A47A16} - System32\Tasks\EZCastLiteRestartSchedule => C:\Program Files (x86)\EZCast Lite\EZCastLiteService.exe [464384 2021-07-19] () [File not signed]
Task: {A58B0594-DE85-48CB-892C-1C4695CD1F57} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906752 2022-03-30] (Nvidia Corporation -> NVIDIA Corporation)
Task: {A617CD82-80BF-44BA-B288-95EC1A9E1AC7} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1654272 2022-03-30] (Nvidia Corporation -> NVIDIA Corporation)
Task: {AE7F71B1-E947-4BBA-A85E-3B789DB1C73E} - System32\Tasks\AsusSystemAnalysis_754F3273-0563-4F20-B12F-826510B07474 => C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSSystemAnalysis\AsusSystemAnalysis.exe [3606640 2022-09-29] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
Task: {B1878CD6-9F02-4923-B022-2894D26D5018} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2250576 2022-05-24] (Avast Software s.r.o. -> Avast Software)
Task: {B6570F7E-D8F3-4749-9132-677A623C7A14} - System32\Tasks\ASUS Optimization 36D18D69AFC3 => C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSOptimization\AsusHotkey.exe [262768 2022-09-29] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
Task: {C1ACC763-D7C2-4772-A331-D841049599C3} - System32\Tasks\GoogleUpdateTaskMachineUA{D4557FAF-5905-4BF8-B1EC-1B1F7F78F0FC} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2022-09-18] (Google LLC -> Google LLC)
Task: {C3F28CE5-D114-4EB6-A86D-5DAC77B63ED6} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {CE918670-87E1-46DD-A558-F311AD98D62C} - System32\Tasks\Avast SecureLine VPN Update => C:\Program Files\Avast Software\SecureLine VPN\VpnUpdate.exe [1213144 2022-10-04] (Avast Software s.r.o. -> AVAST Software)
Task: {D41DC0E0-9A88-445B-9505-AEA1EAA0132B} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1003128 2022-03-01] (Nvidia Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {D5AC0049-CBDB-42A7-94E2-5A8AB41BC0CE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1552376 2022-09-26] (Adobe Inc. -> Adobe Inc.)
Task: {E63DDCD2-C243-420D-90FF-84F183FA5C78} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3342080 2022-03-30] (Nvidia Corporation -> NVIDIA Corporation)
Task: {EF51EAA1-D373-4B35-9299-AD3165607DFD} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4936920 2022-10-18] (Avast Software s.r.o. -> AVAST Software)
Task: {F6B05367-8DA6-476B-8116-0F0102EF14AE} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906752 2022-03-30] (Nvidia Corporation -> NVIDIA Corporation)
Task: {FA5CE3D5-2CC5-417F-BF4B-C352928CA15F} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1654272 2022-03-30] (Nvidia Corporation -> NVIDIA Corporation)
Task: {FA8D69C7-2FD2-4530-BC17-4169781B22A0} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [38504 2021-05-09] (HP Inc. -> HP Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{34cffc01-6eb7-4453-b095-06476a6f1e47}: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{60a98253-bdd0-4097-a412-ca32dc4c5f9b}: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{a922eb1e-d865-4821-8d4b-22e060248836}: [DhcpNameServer] 192.168.1.1
 
Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\moond\AppData\Local\Microsoft\Edge\User Data\Default [2022-11-01]
Edge Notifications: Default -> hxxps://forsts.click
 
FireFox:
========
FF DefaultProfile: 5r1le8jy.default
FF ProfilePath: C:\Users\moond\AppData\Roaming\Mozilla\Firefox\Profiles\5r1le8jy.default [2022-10-30]
FF ProfilePath: C:\Users\moond\AppData\Roaming\Mozilla\Firefox\Profiles\ha90f5gz.default-release [2022-10-30]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2021-02-01]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2022-10-16] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2022-05-03] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2011-09-05] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2022-05-03] (Adobe Inc. -> Adobe Systems)
 
Chrome: 
=======
CHR Profile: C:\Users\moond\AppData\Local\Google\Chrome\User Data\Default [2022-10-30]
CHR HomePage: Default -> hxxp://home.myhughesnet.com/
CHR StartupUrls: Default -> "hxxp://myhughesnet.hughesnet.com/","hxxps://mail.google.com/mail/u/0/#inbox","hxxp://www.militaryzone.info/forum/index.php","hxxp://ebooks-shares.org/account-login.php?returnto=%2F","hxxps://www.willsub.com/index.asp?fuseaction=WillsubError.SessionTimeOut","hxxps://login.frontlineeducation.com/login?signin=6cd246aa1e5290bfed2e8d6dd28f886d&productId=ABSMGMT&clientId=ABSMGMT#/login","hxxps://rarbg.to/"
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> duckduckgo.com
CHR DefaultNewTabURL: Default -> hxxps://duckduckgo.com/chrome_newtab
CHR DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Session Restore: Default -> is enabled.
CHR Extension: (Safe Torrent Scanner) - C:\Users\moond\AppData\Local\Google\Chrome\User Data\Default\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb [2022-09-18]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\moond\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2022-09-18]
CHR Extension: (Avast Passwords) - C:\Users\moond\AppData\Local\Google\Chrome\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2022-09-18]
CHR Extension: (Readium) - C:\Users\moond\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl [2022-09-18]
CHR Extension: (Google Docs Offline) - C:\Users\moond\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-09-18]
CHR Extension: (Michigan Wolverines Small) - C:\Users\moond\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpjbpcfmjfmecnhojjemfbngbcoejccl [2022-09-18]
CHR Extension: (Capital One Shopping: Add to Chrome for Free) - C:\Users\moond\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2022-09-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\moond\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-09-18]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
 
Brave: 
=======
BRA DefaultProfile: Default
BRA Profile: C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2022-11-01]
BRA Notifications: Default -> hxxps://services.hughesnet.com; hxxps://www.elcorreo.com
BRA NewTab: Default ->  Not-active:"chrome-extension://dchlgjjknnfihkdbkknkhdkneiajdboe/newtab/index.html"
BRA DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}&t=brave
BRA DefaultSearchKeyword: Default -> :D
BRA DefaultSuggestURL: Default -> hxxps://ac.duckduckgo.com/ac/?q={searchTerms}&type=list
BRA Session Restore: Default -> is enabled.
BRA Extension: (Google Translate) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2022-03-10]
BRA Extension: (Sci-Fi Art New Tab) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\dchlgjjknnfihkdbkknkhdkneiajdboe [2021-09-10]
BRA Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2022-10-19]
BRA Extension: (Avast Passwords) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2021-01-20]
BRA Extension: (Capital One Shopping: Add to Chrome for Free) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2022-10-30]
BRA Profile: C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\Guest Profile [2022-10-30]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2022-10-31]
BRA Extension: (Brave NTP background images) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2022-08-12]
BRA Extension: (Wallet Data Files Updater) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\BraveWallet [2022-09-19]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2022-10-31]
BRA Extension: (Brave NTP sponsored images) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe [2022-11-01]
BRA Extension: (Brave SpeedReader Updater) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2022-03-10]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\moond\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2022-10-25]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2022-09-26] (Adobe Inc. -> Adobe Inc.)
S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [919328 2022-05-03] (Adobe Inc. -> Adobe Inc.)
R2 ArmouryCrateControlInterface; C:\WINDOWS\System32\ASUSACCI\ArmouryCrateControlInterface.exe [1181296 2022-08-18] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 AsusAppService; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\AsusAppService\AsusAppService.exe [901240 2022-09-29] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 ASUSLinkNear; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSLinkNear\AsusLinkNear.exe [1179728 2022-09-29] (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
R2 ASUSLinkRemote; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSLinkRemote\AsusLinkRemote.exe [764560 2022-09-29] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​)
R2 ASUSOptimization; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSOptimization\AsusOptimization.exe [381536 2022-09-29] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 ASUSSoftwareManager; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSSoftwareManager\AsusSoftwareManager.exe [1082992 2022-09-29] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 ASUSSwitch; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSSwitch\AsusSwitch.exe [633968 2022-09-29] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 ASUSSystemAnalysis; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSSystemAnalysis\AsusSystemAnalysis.exe [3606640 2022-09-29] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 ASUSSystemDiagnosis; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSSystemDiagnosis\AsusSystemDiagnosis.exe [790128 2022-09-29] (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.)
R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [8539152 2022-10-18] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [592600 2022-10-18] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [592600 2022-10-18] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2021-05-20] (Avast Software s.r.o. -> AVAST Software)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162384 2021-01-20] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162384 2021-01-20] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 CleanupPSvc; C:\Program Files\Avast Software\Cleanup\TuneupSvc.exe [15471512 2022-11-01] (Avast Software s.r.o. -> AVAST Software)
S3 dcsvc; C:\WINDOWS\system32\dcsvc.dll [831488 2022-09-15] (Microsoft Windows -> Microsoft Corporation)
R2 DriverUpdSvc; C:\Program Files\Avast Software\Driver Updater\DriverUpdSvc.exe [7702904 2022-10-18] (Avast Software s.r.o. -> AVAST Software)
R2 DtsApo4Service; C:\WINDOWS\System32\DTS\PC\APO4x\DtsApo4Service.exe [223352 2021-11-15] (DTS, Inc. -> DTS Inc.)
S4 EZCastLiteService; C:\Program Files (x86)\EZCast Lite\EZCastLiteService.exe [464384 2021-07-19] () [File not signed]
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [288360 2021-05-09] (HP Inc. -> HP Inc.)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [445432 2021-04-19] (Canon Inc. -> )
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8842536 2022-10-31] (Malwarebytes Inc. -> Malwarebytes)
R2 SecureLine; C:\Program Files\Avast Software\SecureLine VPN\VpnSvc.exe [9332952 2022-10-04] (Avast Software s.r.o. -> AVAST Software)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [2599312 2021-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [128376 2021-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvamsig.inf_amd64_6d39aa2e4cd594f0\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvamsig.inf_amd64_6d39aa2e4cd594f0\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 amdfendrmgr; C:\WINDOWS\System32\drivers\amdfendrmgr.sys [33216 2021-12-02] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R3 amdwddmg; C:\WINDOWS\System32\DriverStore\FileRepositoryʹ997.inf_amd64_db9f85480b2603ac\B374840\amdkmdag.sys [81589608 2021-12-20] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
S3 ampa; C:\Windows\system32\ampa.sys [38320 2017-02-28] (CHENGDU AOMEI Tech Co., Ltd. -> )
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R3 AsusPTPDrv; C:\WINDOWS\System32\DriverStore\FileRepository\asusptpfilter.inf_amd64_314b5cb6bf57f471\AsusPTPFilter.sys [116712 2021-12-02] (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.)
R3 AsusSAIO; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSSystemAnalysis\AsusSAIO.sys [46704 2022-09-29] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [42304 2022-10-18] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [238152 2022-10-18] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [390096 2022-10-18] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [306128 2022-10-18] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [105936 2022-10-18] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [25576 2022-10-13] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [48512 2022-10-18] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [276520 2022-10-18] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [564304 2022-10-18] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [114464 2022-10-18] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [90008 2022-10-18] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [862936 2022-10-18] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [672272 2022-10-18] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [221944 2022-10-18] (Avast Software s.r.o. -> AVAST Software)
S3 aswTap; C:\WINDOWS\System32\drivers\aswTap.sys [53904 2021-11-01] (AVAST Software s.r.o. -> The OpenVPN Project)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [327896 2022-10-18] (Avast Software s.r.o. -> AVAST Software)
S3 aswVpnRdr; C:\WINDOWS\System32\drivers\aswVpnRdr.sys [65944 2022-06-09] (Avast Software s.r.o. -> Avast Software)
R3 aswWintun; C:\WINDOWS\System32\drivers\aswWintun.sys [37104 2021-11-01] (Avast Software s.r.o. -> WireGuard LLC)
R1 ATKWMIACPIIO; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSOptimization\AsusWmiAcpi.sys [45240 2022-09-29] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
S3 ddmdrv; C:\Windows\system32\ddmdrv.sys [35760 2016-12-27] (CHENGDU AOMEI Tech Co., Ltd. -> )
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [160376 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2022-10-31] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 extensionDriverBus; C:\WINDOWS\System32\drivers\extensionDriverBus.sys [71648 2021-07-19] (WDKTestCert DELL,131620322850133711 -> Actions Microelectronics Co., Ltd.)
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsRadioControl.sys [33424 2021-07-18] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2022-10-31] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-10-31] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [193992 2022-10-31] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [75216 2022-10-31] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2022-10-31] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [181992 2022-10-31] (Malwarebytes Inc. -> Malwarebytes)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48552 2022-03-17] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation)
S3 rtcx21; C:\WINDOWS\System32\DriverStore\FileRepository\rtcx21x64.inf_amd64_d2a498d51a4f7bec\rtcx21x64.sys [409000 2021-06-01] (Realtek Semiconductor Corp. -> Realtek)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167544 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [49560 2021-06-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [421112 2021-06-05] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [73960 2021-06-05] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
NETSVC: DcSvc -> C:\Windows\system32\dcsvc.dll (Microsoft Corporation)
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2022-10-31 12:00 - 2022-10-31 12:00 - 000193992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2022-10-31 12:00 - 2022-10-31 12:00 - 000181992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2022-10-31 12:00 - 2022-10-31 12:00 - 000075216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2022-10-31 06:01 - 2022-11-01 17:23 - 000000000 ____D C:\Users\moond\AppData\LocalLow\IGDump
2022-10-31 06:01 - 2022-10-31 06:01 - 000239544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2022-10-31 06:01 - 2022-10-31 06:01 - 000223176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2022-10-31 06:01 - 2022-10-31 06:01 - 000158640 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2022-10-31 06:01 - 2022-10-31 06:01 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-10-31 06:01 - 2022-10-31 06:01 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2022-10-31 06:01 - 2022-10-31 06:00 - 000021480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2022-10-31 05:59 - 2022-10-31 05:59 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-10-31 05:58 - 2022-10-31 05:59 - 000000000 ____D C:\Program Files\Malwarebytes
2022-10-31 05:47 - 2022-10-31 11:58 - 000000000 ____D C:\AdwCleaner
2022-10-31 05:45 - 2022-10-31 12:12 - 000000000 ____D C:\Users\moond\Desktop\Virus Checking and Repair
2022-10-30 07:38 - 2022-10-30 07:38 - 005219760 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-10-29 07:30 - 2022-11-01 17:29 - 000000000 ____D C:\FRST
2022-10-29 07:30 - 2022-10-29 07:30 - 000000000 ____D C:\Users\moond\Desktop\FRST-OlderVersion
2022-10-28 23:16 - 2022-10-28 23:16 - 000002061 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2022-10-28 11:22 - 2022-10-28 11:22 - 000047318 _____ C:\Users\moond\Desktop\Bear.svg
2022-10-26 06:39 - 2022-10-26 06:41 - 000000000 ____D C:\Users\moond\AppData\Local\PingPlotter 5
2022-10-26 06:39 - 2022-10-26 06:39 - 000000000 ____D C:\ProgramData\PingPlotter 5
2022-10-26 06:39 - 2022-10-26 06:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PingPlotter 5
2022-10-26 06:39 - 2022-10-26 06:39 - 000000000 ____D C:\Program Files (x86)\PingPlotter 5
2022-10-26 06:38 - 2022-10-26 06:38 - 000000000 ____D C:\Users\moond\AppData\Roaming\Downloaded Installations
2022-10-24 17:53 - 2022-10-24 19:40 - 088309491 _____ (Aslain ) C:\Users\moond\Downloads\Aslains_WoT_Modpack_Installer_v.1.18.1.1_05.exe
2022-10-24 12:49 - 2022-10-24 12:49 - 000000048 ____H C:\Program Files (x86)\shj1nedza4.dat
2022-10-22 09:26 - 2022-10-22 09:26 - 000347806 _____ C:\Users\moond\Downloads\Wargaming.net Premium Shop.html
2022-10-22 09:26 - 2022-10-22 09:26 - 000000000 ____D C:\Users\moond\Downloads\Wargaming.net Premium Shop_files
2022-10-18 21:05 - 2022-10-18 21:05 - 000007858 _____ C:\Users\moond\AppData\Local\recently-used.xbel
2022-10-18 20:21 - 2022-10-18 20:21 - 000000000 ____D C:\Users\moond\AppData\Local\gtk-3.0
2022-10-18 17:46 - 2022-10-18 17:46 - 000343538 _____ C:\Users\moond\Desktop\do it best work.psd
2022-10-18 15:36 - 2022-10-18 15:36 - 000270552 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2022-10-18 15:36 - 2022-10-18 15:36 - 000221944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2022-10-17 10:44 - 2022-10-18 21:04 - 000000000 ____D C:\Users\moond\.dbus-keyrings
2022-10-17 10:44 - 2022-10-18 20:50 - 000000000 ____D C:\Users\moond\AppData\Roaming\inkscape
2022-10-17 10:44 - 2022-10-17 10:44 - 000000000 ____D C:\Users\moond\AppData\Local\fontconfig
2022-10-17 10:32 - 2022-10-17 10:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape
2022-10-17 10:31 - 2022-10-17 10:32 - 000000000 ____D C:\Program Files\Inkscape
2022-10-16 08:55 - 2022-10-16 08:55 - 001188883 _____ C:\Users\moond\Desktop\Bear.ai
2022-10-15 20:32 - 2022-10-16 20:55 - 002085748 _____ C:\Users\moond\Desktop\Monthly Report Sheet.psd
2022-10-13 10:30 - 2022-10-13 10:30 - 000025576 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
2022-10-13 09:35 - 2022-10-13 09:35 - 000550216 _____ C:\Users\moond\Desktop\football helmet template.psd
2022-10-12 15:25 - 2022-10-12 15:25 - 000077824 _____ C:\WINDOWS\system32\runexehelper.exe
2022-10-12 15:25 - 2022-10-12 15:25 - 000015501 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-10-12 15:24 - 2022-10-12 15:24 - 000000000 ___HD C:\$WinREAgent
2022-10-12 13:48 - 2022-10-25 07:15 - 000000901 _____ C:\Users\moond\Desktop\Aslains WoT Logs Archiver.lnk
2022-10-12 12:23 - 2022-10-12 12:23 - 000001657 _____ C:\Users\moond\Desktop\World of Tanks NA.lnk
2022-10-12 07:30 - 2022-10-28 23:16 - 000002084 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller.lnk
2022-10-12 07:30 - 2022-10-28 23:16 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2022-10-10 13:15 - 2022-10-10 13:17 - 000000000 ____D C:\Users\moond\Desktop\WG Check
2022-10-07 14:51 - 2022-10-07 14:51 - 000000000 ____D C:\Users\moond\Downloads\Stevie Collier part collection [epub mobi txt]
2022-10-07 14:51 - 2022-10-07 14:51 - 000000000 ____D C:\Users\moond\Downloads\John Steakley - Armor
2022-10-07 14:41 - 2022-10-28 11:28 - 000000000 ____D C:\Users\moond\Downloads\Aaron Hodges [epub mobi txt]
2022-10-07 14:41 - 2022-10-07 14:41 - 000000000 ____D C:\Users\moond\Downloads\The.Greatest.Beer.Run.Ever.2022.WEBRip.x264-ION10
2022-10-07 14:41 - 2022-10-07 14:41 - 000000000 ____D C:\Users\moond\Downloads\John Walker 001 [epub mobi txt]
2022-10-07 14:40 - 2022-10-07 14:40 - 000000000 ____D C:\Users\moond\Downloads\The.Man.Who.Would.Be.King.1975.720p.BluRay.H264.AAC-RARBG
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2022-11-01 17:28 - 2021-01-20 10:26 - 000000000 ____D C:\Program Files (x86)\Google
2022-11-01 16:37 - 2021-12-18 06:26 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-11-01 16:08 - 2021-12-18 06:39 - 000004166 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{F72DE0B7-2B4B-4E73-8B7D-3F2978127DCD}
2022-11-01 15:21 - 2021-04-20 18:43 - 000000132 _____ C:\Users\moond\AppData\Roaming\Adobe PNG Format CS6 Prefs
2022-11-01 15:21 - 2021-04-20 16:34 - 000000000 ____D C:\Users\moond\Desktop\cup work
2022-11-01 13:30 - 2022-09-18 08:23 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-11-01 12:25 - 2021-01-20 10:59 - 000000000 ____D C:\ProgramData\NVIDIA
2022-11-01 11:32 - 2021-06-05 08:10 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-11-01 06:51 - 2021-06-05 08:10 - 000000000 ____D C:\WINDOWS\SystemTemp
2022-11-01 06:51 - 2021-01-19 17:43 - 000000000 ____D C:\Users\moond\AppData\Local\D3DSCache
2022-11-01 06:20 - 2021-06-05 08:10 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-11-01 03:44 - 2021-06-05 08:10 - 000000000 ___HD C:\Program Files\WindowsApps
2022-11-01 00:54 - 2021-12-18 06:39 - 000003752 _____ C:\WINDOWS\system32\Tasks\AsusSystemAnalysis_754F3273-0563-4F20-B12F-826510B07474
2022-10-31 12:07 - 2021-12-18 06:45 - 000803404 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-10-31 12:07 - 2021-07-27 11:29 - 000000000 ____D C:\Users\moond\Desktop\mods for wot
2022-10-31 12:07 - 2021-06-05 08:09 - 000000000 ____D C:\WINDOWS\INF
2022-10-31 12:05 - 2021-12-18 06:39 - 000003542 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2022-10-31 12:00 - 2022-04-18 20:56 - 000000000 ____D C:\Users\moond\AppData\Local\Discord
2022-10-31 12:00 - 2021-12-18 06:39 - 000004028 _____ C:\WINDOWS\system32\Tasks\Avast SecureLine VPN Update
2022-10-31 12:00 - 2021-12-18 06:39 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-10-31 12:00 - 2021-03-09 11:45 - 000000000 ____D C:\Users\moond\AppData\Roaming\discord
2022-10-31 12:00 - 2021-01-20 11:26 - 000000000 ____D C:\ProgramData\Avast Software
2022-10-31 12:00 - 2021-01-19 17:42 - 000000000 ____D C:\WINDOWS\system32\ASUSACCI
2022-10-31 12:00 - 2020-09-27 10:50 - 000012288 ___SH C:\DumpStack.log.tmp
2022-10-31 11:59 - 2021-06-05 08:01 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2022-10-31 11:58 - 2021-09-20 10:18 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2022-10-31 06:40 - 2021-05-17 06:37 - 000000000 ___RD C:\Users\moond\Desktop\books for checking
2022-10-31 06:27 - 2021-12-18 06:39 - 000002808 _____ C:\WINDOWS\system32\Tasks\[email protected]
2022-10-31 06:01 - 2021-06-05 08:10 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-10-31 05:44 - 2020-09-27 10:53 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-10-31 05:43 - 2021-12-18 06:39 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2022-10-30 07:32 - 2021-06-05 08:01 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-10-29 15:58 - 2021-01-20 23:30 - 000000000 ____D C:\Users\moond\Calibre Library
2022-10-29 15:57 - 2021-01-20 23:30 - 000000000 ____D C:\Users\moond\AppData\Roaming\calibre
2022-10-29 15:53 - 2021-12-18 06:27 - 000000000 ____D C:\Users\moond
2022-10-29 04:11 - 2021-06-05 08:10 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2022-10-28 18:41 - 2021-12-22 15:33 - 000000000 ____D C:\Users\moond\Desktop\downloaded things I keep
2022-10-28 11:53 - 2021-01-20 10:08 - 000002364 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2022-10-27 17:59 - 2021-01-20 11:04 - 000000000 ____D C:\Users\moond\AppData\Roaming\TS3Client
2022-10-26 19:55 - 2021-12-18 06:39 - 000004122 _____ C:\WINDOWS\system32\Tasks\ASUS Update Checker 2.0
2022-10-26 19:55 - 2021-12-18 06:39 - 000003756 _____ C:\WINDOWS\system32\Tasks\ASUS Optimization 36D18D69AFC3
2022-10-26 17:16 - 2021-01-20 12:28 - 000000000 ____D C:\Users\moond\AppData\Roaming\vlc
2022-10-26 12:45 - 2021-12-18 06:39 - 000003366 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1336835431-166869274-4150396170-1001
2022-10-26 12:45 - 2021-08-08 22:00 - 000002379 _____ C:\Users\moond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-10-26 09:49 - 2022-09-18 08:23 - 000003424 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA{D4557FAF-5905-4BF8-B1EC-1B1F7F78F0FC}
2022-10-26 09:49 - 2022-09-18 08:23 - 000003200 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore{F46C9215-7F89-4CDF-AA01-E76EADE99F45}
2022-10-26 09:49 - 2022-03-26 10:24 - 000002914 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-10-26 09:49 - 2022-03-26 10:23 - 000003398 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-10-26 09:49 - 2021-12-18 06:39 - 000003464 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-10-26 09:49 - 2021-12-18 06:39 - 000003240 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-10-26 09:49 - 2021-12-18 06:39 - 000003062 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1336835431-166869274-4150396170-1001
2022-10-26 09:49 - 2021-12-18 06:39 - 000002854 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1336835431-166869274-4150396170-500
2022-10-26 09:49 - 2021-12-18 06:39 - 000002588 _____ C:\WINDOWS\system32\Tasks\CreateExplorerShellUnelevatedTask
2022-10-26 09:49 - 2021-12-18 06:39 - 000002452 _____ C:\WINDOWS\system32\Tasks\RtkAudUService64_BG
2022-10-26 09:49 - 2021-12-18 06:39 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2022-10-22 07:08 - 2022-04-18 20:56 - 000002227 _____ C:\Users\moond\Desktop\Discord.lnk
2022-10-21 11:07 - 2022-02-19 19:17 - 000000000 ____D C:\Users\moond\Desktop\movies to watch
2022-10-20 21:43 - 2022-09-19 20:13 - 000000000 ____D C:\WINDOWS\Minidump
2022-10-20 21:43 - 2021-01-21 18:01 - 000000000 ____D C:\Users\moond\AppData\Local\CrashDumps
2022-10-20 11:05 - 2021-04-19 21:32 - 000001456 _____ C:\Users\moond\AppData\Local\Adobe Save for Web 13.0 Prefs
2022-10-20 07:26 - 2021-06-23 12:30 - 000000000 ____D C:\Users\moond\Desktop\memes
2022-10-20 07:02 - 2021-01-19 17:43 - 000000000 ____D C:\Users\moond\AppData\Local\Packages
2022-10-19 14:21 - 2021-12-23 14:16 - 000000000 ____D C:\ProgramData\CanonIJPLM
2022-10-18 20:48 - 2022-09-22 06:42 - 000000000 ____D C:\Users\moond\Desktop\CDC Babysitting Stuff
2022-10-18 15:36 - 2021-01-20 11:28 - 000862936 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2022-10-18 15:36 - 2021-01-20 11:28 - 000672272 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2022-10-18 15:36 - 2021-01-20 11:28 - 000564304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys
2022-10-18 15:36 - 2021-01-20 11:28 - 000390096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2022-10-18 15:36 - 2021-01-20 11:28 - 000327896 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2022-10-18 15:36 - 2021-01-20 11:28 - 000306128 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2022-10-18 15:36 - 2021-01-20 11:28 - 000276520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2022-10-18 15:36 - 2021-01-20 11:28 - 000238152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2022-10-18 15:36 - 2021-01-20 11:28 - 000114464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2022-10-18 15:36 - 2021-01-20 11:28 - 000105936 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2022-10-18 15:36 - 2021-01-20 11:28 - 000090008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2022-10-18 15:36 - 2021-01-20 11:28 - 000048512 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2022-10-18 15:36 - 2021-01-20 11:28 - 000042304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2022-10-17 10:25 - 2021-04-19 07:26 - 000000000 ____D C:\Users\moond\AppData\Local\Adobe
2022-10-12 18:20 - 2021-06-05 08:10 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-10-12 18:20 - 2021-06-05 08:10 - 000000000 ____D C:\WINDOWS\SystemResources
2022-10-12 18:20 - 2021-06-05 08:10 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2022-10-12 18:20 - 2021-06-05 08:10 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-10-12 18:20 - 2021-06-05 08:10 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-10-12 18:20 - 2021-06-05 08:10 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-10-12 15:25 - 2021-12-18 06:26 - 003106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-10-12 13:58 - 2021-01-23 08:22 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-10-12 13:56 - 2021-01-23 08:22 - 147398024 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-10-12 13:47 - 2021-01-19 17:54 - 000000000 ____D C:\Games
2022-10-12 12:23 - 2021-01-19 17:54 - 000000000 ____D C:\Users\moond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wargaming.net
 
==================== Files in the root of some directories ========
 
2022-10-24 12:49 - 2022-10-24 12:49 - 000000048 ____H () C:\Program Files (x86)\shj1nedza4.dat
2022-05-03 09:51 - 2022-08-22 10:15 - 000000132 _____ () C:\Users\moond\AppData\Roaming\Adobe BMP Format CS6 Prefs
2021-04-20 18:43 - 2022-11-01 15:21 - 000000132 _____ () C:\Users\moond\AppData\Roaming\Adobe PNG Format CS6 Prefs
2021-01-21 17:35 - 2021-08-02 16:36 - 000099384 _____ () C:\Users\moond\AppData\Roaming\inst.exe
2021-01-21 17:35 - 2021-08-02 16:36 - 000007859 _____ () C:\Users\moond\AppData\Roaming\pcouffin.cat
2021-01-21 17:35 - 2021-08-02 16:36 - 000001167 _____ () C:\Users\moond\AppData\Roaming\pcouffin.inf
2021-01-21 17:35 - 2021-08-02 16:36 - 000000055 _____ () C:\Users\moond\AppData\Roaming\pcouffin.log
2021-01-21 17:35 - 2021-08-02 16:36 - 000082816 _____ (VSO Software) C:\Users\moond\AppData\Roaming\pcouffin.sys
2021-04-19 21:32 - 2022-10-20 11:05 - 000001456 _____ () C:\Users\moond\AppData\Local\Adobe Save for Web 13.0 Prefs
2022-05-03 11:49 - 2022-05-03 11:49 - 000000000 _____ () C:\Users\moond\AppData\Local\oobelibMkey.log
2022-10-18 21:05 - 2022-10-18 21:05 - 000007858 _____ () C:\Users\moond\AppData\Local\recently-used.xbel
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-10-2022 02
Ran by moond (01-11-2022 17:30:03)
Running from C:\Users\moond\Desktop\Virus Checking and Repair
Microsoft Windows 11 Home Version 21H2 22000.1098 (X64) (2021-12-18 10:39:48)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-1336835431-166869274-4150396170-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1336835431-166869274-4150396170-503 - Limited - Disabled)
Guest (S-1-5-21-1336835431-166869274-4150396170-501 - Limited - Disabled)
moond (S-1-5-21-1336835431-166869274-4150396170-1001 - Administrator - Enabled) => C:\Users\moond
WDAGUtilityAccount (S-1-5-21-1336835431-166869274-4150396170-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-FFFF-7760-BC15014EA700}) (Version: 22.003.20263 - Adobe)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.1 - Adobe Systems)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.7.1.1 - Adobe Inc.)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601032}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AOMEI Partition Assistant 9.1 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version:  - AOMEI International Network Limited.)
Ashampoo Music Studio 5 v.5.0.6 (HKLM-x32\...\{91B33C97-5BBE-576E-893B-711D4D8298ED}_is1) (Version: 5.0.6 - Ashampoo GmbH & Co. KG)
Aslain's WoT Modpack version 1.18.1.1.05 (HKLM-x32\...\Aslains_WoT_Modpack_Installer_is1) (Version: 1.18.1.1.05 - Aslain)
Avast Cleanup Premium (HKLM\...\Avast Cleanup) (Version: 22.3.12404.8972 - Avast Software)
Avast Driver Updater (HKLM\...\Avast Driver Updater) (Version: 22.3.2812.10926 - Avast Software)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 22.10.6038 - Avast Software)
Avast SecureLine VPN (HKLM\...\Avast SecureLine) (Version: 5.21.6744.5326 - Avast Software)
Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1206.2 - AVAST Software) Hidden
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 107.1.45.116 - Brave Software Inc)
calibre 64bit (HKLM\...\{7FAA3B03-C3B1-4AF6-A543-7853C61FC971}) (Version: 5.42.0 - Kovid Goyal)
Canon IJ Network Scanner Selector EX2 (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX2) (Version: 2.0.15.2 - Canon Inc.)
Canon IJ Printer Assistant Tool (HKLM-x32\...\Canon IJ Printer Assistant Tool) (Version: 1.60.1.15 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.6.1.2 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 6.4.0 - Canon Inc.)
Canon TR4700 series Driver (HKLM\...\{1199FAD5-9546-44F3-81CF-FFDB8040B7BF}_Canon_TR4700_series) (Version: 1.01 - Canon Inc.)
Discord (HKU\S-1-5-21-1336835431-166869274-4150396170-1001\...\Discord) (Version: 1.0.9004 - Discord Inc.)
EZCast Lite (HKLM-x32\...\{64F1DC10-EEB2-47E4-A86E-F5E3E3A56BE8}) (Version: 1.3.1.193 - Actions-Micro)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 107.0.5304.87 - Google LLC)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.101.0 - Google LLC) Hidden
HP Deskjet 2540 series Help (HKLM-x32\...\{4539575D-C09D-4E71-B207-0F2D6BD74DA2}) (Version: 30.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
Inkscape (HKLM-x32\...\Inkscape) (Version: 1.2.1- - Inkscape)
Malwarebytes version 4.5.16.217 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.16.217 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 107.0.1418.26 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 107.0.1418.26 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1336835431-166869274-4150396170-1001\...\OneDriveSetup.exe) (Version: 22.207.1002.0003 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{6A2A8076-135F-4F55-BB02-DED67C8C6934}) (Version: 4.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 (HKLM-x32\...\{6913e92a-b64e-41c9-a5e6-cef39207fe89}) (Version: 14.25.28508.3 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 (HKLM-x32\...\{65e650ff-30be-469d-b63a-418d71ea1765}) (Version: 14.25.28508.3 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.25.28508 (HKLM\...\{7D0B74C2-C3F8-4AF1-940F-CD79AB4B2DCE}) (Version: 14.25.28508 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.25.28508 (HKLM\...\{EEA66967-97E2-4561-A999-5C22E3CDE428}) (Version: 14.25.28508 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 (HKLM-x32\...\{0FA68574-690B-4B00-89AA-B28946231449}) (Version: 14.25.28508 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 (HKLM-x32\...\{2BC3BD4D-FABA-4394-93C7-9AC82A263FE2}) (Version: 14.25.28508 - Microsoft Corporation) Hidden
Microsoft_VC80_CRT_x86 (HKLM-x32\...\{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (HKLM-x32\...\{08D2E121-7F6A-43EB-97FD-629B44903403}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (HKLM-x32\...\{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (HKLM-x32\...\{B6D38690-755E-4F40-A35A-23F8BC2B86AC}) (Version: 1.00.0000 - Adobe) Hidden
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 90.0.2 - Mozilla)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 8.4.5 - Notepad++ Team)
NVIDIA FrameView SDK 1.2.7521.31103277 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.2.7521.31103277 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.25.1.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.25.1.27 - NVIDIA Corporation)
NVIDIA Graphics Driver 512.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 512.15 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.39.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.39.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.1.8 (HKLM-x32\...\{963FD672-F116-4AE3-AE25-84B576E610A7}) (Version: 4.18.9803 - Apache Software Foundation)
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
PingPlotter 5 (HKLM-x32\...\{2744D183-39DE-4473-A4FD-B6D0961D0A12}) (Version: 5.23.3.8770 - Pingman Tools, LLC) Hidden
PingPlotter 5 (HKLM-x32\...\PingPlotter 5 5.23.3.8770) (Version: 5.23.3.8770 - Pingman Tools, LLC)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.3.3 - Krzysztof Kowalczyk)
SumatraPDF (HKU\S-1-5-21-1336835431-166869274-4150396170-1001\...\SumatraPDF) (Version: 3.4.6 - Krzysztof Kowalczyk)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.5.6 - TeamSpeak Systems GmbH)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.16 - VideoLAN)
Wargaming.net Game Center (HKU\S-1-5-21-1336835431-166869274-4150396170-1001\...\Wargaming.net Game Center) (Version: 22.4.1.367 - Wargaming.net)
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
WinRAR 6.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.11.0 - win.rar GmbH)
World of Tanks NA (HKU\S-1-5-21-1336835431-166869274-4150396170-1001\...\WOT.NA.PRODUCTION) (Version:  - Wargaming.net)
Xilisoft Photo Slideshow Maker (HKLM-x32\...\Xilisoft Photo Slideshow Maker) (Version: 1.0.2.20120228 - Xilisoft)
Zoom (HKU\S-1-5-21-1336835431-166869274-4150396170-1001\...\ZoomUMX) (Version: 5.10.7 (6120) - Zoom Video Communications, Inc.)
 
Packages:
=========
Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2022-05-03] (Adobe Systems Incorporated)
Adobe Acrobat DC -> C:\Program Files\Adobe\Acrobat DC [2022-10-28] (0)
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_3.0.1.1_x86__enpm4xejd91yc [2022-05-03] (Adobe Systems Incorporated)
AMD Radeon Software -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.20025.0_x64__0a9344xs7nr4m [2022-04-12] (Advanced Micro Devices Inc.) [Startup Task]
AMD Radeon™ Settings Lite -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.59462344778C5_10.19.40016.0_x64__0a9344xs7nr4m [2021-01-19] (Advanced Micro Devices Inc.)
Disney+ -> C:\Program Files\WindowsApps\Disney.37853FC22B2CE_1.40.5.0_x64__6rarf9sa4v8jt [2022-10-29] (Disney)
DTS:X Ultra -> C:\Program Files\WindowsApps\DTSInc.DTSXUltra_1.11.7.0_x64__t5j2fzbtdg37r [2022-09-29] (DTS, Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_139.2.289.0_x64__v10z8vjag6ke6 [2022-09-22] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-12-18] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-12-18] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.14.9130.0_x64__8wekyb3d8bbwe [2022-09-19] (Microsoft Studios) [MS Ad]
MyASUS -> C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_3.1.8.0_x64__qmba6cd70vzyy [2022-10-29] (ASUSTeK COMPUTER INC.)
NFO Viewer -> C:\Program Files\WindowsApps\5480BrunoGiordano.NFOViewer_1.0.1.1_neutral__xzarbek87fvdr [2021-01-21] (Bruno Giordano)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.963.0_x64__56jybvy8sckqj [2022-10-29] (NVIDIA Corp.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-11-16] (Microsoft Corporation)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.26.249.0_x64__dt26b99r8h8gj [2021-06-20] (Realtek Semiconductor Corp)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.197.962.0_x86__zpdnekdrzrea0 [2022-10-29] (Spotify AB) [Startup Task]
WinRAR -> C:\Program Files\WinRAR [2022-03-26] (0)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1336835431-166869274-4150396170-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-C4C0C3ED23F7} -> [Creative Cloud Files] => C:\Users\moond\Creative Cloud Files [2022-05-03 11:23]
CustomCLSID: HKU\S-1-5-21-1336835431-166869274-4150396170-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.)
CustomCLSID: HKU\S-1-5-21-1336835431-166869274-4150396170-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-04-27] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-04-27] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-04-27] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-10-18] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-10-18] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-04-27] (Adobe Inc. -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2022-10-16] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2022-09-02] (Notepad++ -> )
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-10-18] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-10-18] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-10-31] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\WINDOWS\System32\atiacm64.dll [2021-12-20] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvamsig.inf_amd64_6d39aa2e4cd594f0\nvshext.dll [2022-07-21] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-04-27] (Adobe Inc. -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2022-10-16] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-10-18] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-10-31] (Malwarebytes Inc. -> Malwarebytes)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\moond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Readium.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=fepbnnnkkadjhjahcafoaglimekefifl
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Software Deals.lnk -> C:\ProgramData\Ashampoo\YourDeals.exe () -> hxxp://linktarget.ashampoo.com/linktarget/?target=marketplace&edition=eid=11001&utm_medium=desktop&x-pos=Metro
 
==================== Loaded Modules (Whitelisted) =============
 
2022-10-25 07:38 - 2022-10-31 13:42 - 000211456 _____ () [File not signed] C:\Games\World_of_Tanks_NA\mods\temp\com.modxvm.xfw.crashfix\x86_64\xfw_crashfix.pyd
2022-10-25 07:38 - 2022-10-31 13:42 - 000233984 _____ () [File not signed] C:\Games\World_of_Tanks_NA\mods\temp\com.modxvm.xfw.filewatcher\x86_64\xfw_filewatcher.pyd
2022-10-25 07:38 - 2022-10-31 13:42 - 000251392 _____ () [File not signed] C:\Games\World_of_Tanks_NA\mods\temp\com.modxvm.xfw.fonts\x86_64\xfw_fonts.pyd
2022-10-25 07:38 - 2022-10-31 13:42 - 000207360 _____ () [File not signed] C:\Games\World_of_Tanks_NA\mods\temp\com.modxvm.xfw.hidpi\x86_64\xfw_hidpi.pyd
2022-10-25 07:38 - 2022-10-31 13:42 - 000207360 _____ () [File not signed] C:\Games\World_of_Tanks_NA\mods\temp\com.modxvm.xfw.multilaunch\x86_64\xfw_multilaunch.pyd
2022-10-25 07:38 - 2022-10-31 13:42 - 000133120 _____ () [File not signed] C:\Games\World_of_Tanks_NA\mods\temp\com.modxvm.xfw.native.hooks\x86_64\xfw_native_hooks.dll
2022-10-25 07:38 - 2022-10-31 13:42 - 000212992 _____ () [File not signed] C:\Games\World_of_Tanks_NA\mods\temp\com.modxvm.xfw.native\x86_64\xfw_native.pyd
2022-10-25 07:38 - 2022-10-31 13:42 - 000207872 _____ () [File not signed] C:\Games\World_of_Tanks_NA\mods\temp\com.modxvm.xfw.ping\x86_64\xfw_ping.pyd
2022-10-25 07:38 - 2022-10-31 13:42 - 000329216 _____ () [File not signed] C:\Games\World_of_Tanks_NA\mods\temp\com.modxvm.xfw.wwise\x86_64\xfw_wwise.pyd
2012-03-09 16:26 - 2012-03-09 16:26 - 000100352 _____ () [File not signed] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\zlib1.dll
2012-03-15 02:11 - 2013-01-02 23:39 - 002249352 _____ (Adobe Systems Incorporated -> Adobe Systems, Incorporated) [File not signed] C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\amtlib.dll
2012-03-15 02:40 - 2012-03-15 02:40 - 000041984 _____ (Adobe Systems, Incorporated) [File not signed] [File is in use] C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Required\Plug-Ins\Extensions\FastCore.8BX
2012-03-15 02:41 - 2012-03-15 02:41 - 000284672 _____ (Adobe Systems, Incorporated) [File not signed] [File is in use] C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Required\Plug-Ins\Extensions\MMXCore.8BX
2012-03-15 02:32 - 2012-03-15 02:32 - 000596480 _____ (Adobe Systems, Incorporated) [File not signed] [File is in use] C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Required\Plug-Ins\Extensions\MultiProcessor Support.8BX
2021-12-23 14:24 - 2019-10-11 16:45 - 000353280 _____ (CANON INC) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\scchmpm.dll
2021-12-23 14:24 - 2019-11-01 10:16 - 000219648 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\cnmpu2.dll
2021-12-23 14:24 - 2019-12-05 17:17 - 000008704 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNS2_ENU.DLL
2021-12-23 14:24 - 2019-12-05 17:17 - 000104448 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNS2_IMG.dll
2012-03-15 02:06 - 2012-03-15 02:06 - 002923008 _____ (Intel Corporation) [File not signed] C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\libmmd.dll
2012-03-09 16:26 - 2012-03-09 16:26 - 000249344 _____ (The cURL library, hxxp://curl.haxx.se/) [File not signed] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\libcurl.dll
2012-03-09 16:26 - 2012-03-09 16:26 - 001106944 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\LIBEAY32.dll
2012-03-09 16:26 - 2012-03-09 16:26 - 000237056 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\SSLEAY32.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2022-04-07] (Adobe Inc. -> Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2022-04-07] (Adobe Inc. -> Adobe Systems Incorporated)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2022-04-07] (Adobe Inc. -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2022-04-07] (Adobe Inc. -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2022-04-07] (Adobe Inc. -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2022-04-07] (Adobe Inc. -> Adobe Systems Incorporated)
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2019-12-07 05:14 - 2019-12-07 05:12 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1336835431-166869274-4150396170-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\moond\Desktop\Trudee.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKU\S-1-5-21-1336835431-166869274-4150396170-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1336835431-166869274-4150396170-1001\...\StartupApproved\Run: => "Wargaming.net Game Center"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{289555F1-1744-439E-AF05-397755CBC8F2}C:\games\world_of_tanks_na\win64\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_na\win64\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [UDP Query User{65BB0D6B-A257-41CA-ACFB-9EA3E76641FF}C:\games\world_of_tanks_na\win64\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_na\win64\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{B04B02CE-1A71-4E65-B235-3A8A1EA86730}] => (Allow) C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSSwitch\AsusSwitchNet.exe (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
FirewallRules: [{571EA5ED-ED47-4D29-82EE-E1656A78DFE9}] => (Allow) C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSLinkNear\AsusLinkNear.exe (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
FirewallRules: [{F53F8470-B1D4-423B-BC93-BCDDE61F106E}] => (Allow) C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSSwitch\AsusSwitchNetMDNS.exe (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
FirewallRules: [{2A1114DF-CB04-4C04-BD05-D5FAEC3EBF7B}] => (Allow) C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSLinkRemote\AsusLinkRemoteAgent.exe (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​)
FirewallRules: [{D035915F-60A8-477A-A973-AED237FCA382}] => (Allow) C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_60af290ae625a8bf\ASUSLinkRemote\AsusLinkRemoteAgent.exe (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​)
FirewallRules: [TCP Query User{3CB0E6F2-3AD9-4939-9019-47B8A90E45D6}C:\program files\bravesoftware\brave-browser\application\brave.exe] => (Allow) C:\program files\bravesoftware\brave-browser\application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [UDP Query User{54646FAD-200D-47DD-8698-5744CD6A6EB6}C:\program files\bravesoftware\brave-browser\application\brave.exe] => (Allow) C:\program files\bravesoftware\brave-browser\application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{AB0106B3-53CD-4942-B368-5FB7128D83BE}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\107.0.1418.26\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{068150F1-9634-421F-ABD5-2ADF9323F533}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22273.907.1654.6357_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1CED4B7D-92CF-4CB4-B8E9-89ACC9547805}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22273.907.1654.6357_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1F8C659B-3246-4E25-AC6D-2029C24E80E9}] => (Allow) C:\Program Files\Avast Software\Cleanup\TuneupUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{5BCD4221-D9AC-46D5-B52F-A4E507CB4EE1}] => (Allow) C:\Program Files\Avast Software\Cleanup\TuneupUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{47D82CA3-DE5C-4ED4-986A-CF797BF0AF87}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
 
==================== Restore Points =========================
 
31-10-2022 11:58:02 AdwCleaner_BeforeCleaning_31/10/2022_11:58:02
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (10/31/2022 11:59:41 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.
 
Error: (10/31/2022 11:59:41 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
 
Error: (10/31/2022 11:59:41 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
 
Error: (10/31/2022 11:59:41 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.
 
Error: (10/31/2022 11:59:41 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.
 
Error: (10/31/2022 11:59:41 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
 
Error: (10/31/2022 11:59:41 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
 
Error: (10/30/2022 07:40:01 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Program Files\Avast Software\Cleanup\TuneupSvc.exe, PID: 4984, ProfSvc PID: 2124.
 
 
System errors:
=============
Error: (11/01/2022 11:43:24 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.
 
Error: (10/31/2022 11:58:09 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avast SecureLine VPN service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (10/31/2022 11:58:09 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/31/2022 11:58:09 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA LocalSystem Container service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 6000 milliseconds: Restart the service.
 
Error: (10/31/2022 11:58:09 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The DtsApo4Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/31/2022 11:58:09 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The ASUS System Diagnosis service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (10/31/2022 11:58:09 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Realtek Audio Universal Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (10/31/2022 11:58:09 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The ASUS Link Remote service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
 
CodeIntegrity:
===============
Date: 2022-11-01 17:11:14
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.
 
Date: 2022-11-01 06:00:45
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.
 
 
==================== Memory info =========================== 
 
BIOS: American Megatrends Inc. FA706IH.316 03/12/2021
Motherboard: ASUSTeK COMPUTER INC. FA706IH
Processor: AMD Ryzen 7 4800H with Radeon Graphics 
Percentage of memory in use: 46%
Total physical RAM: 32175.23 MB
Available physical RAM: 17188.84 MB
Total Virtual: 37039.23 MB
Available Virtual: 18369.09 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:953.17 GB) (Free:669.22 GB) (Model: SPCC M.2 PCIe SSD) NTFS
Drive d: () (Fixed) (Total:931.5 GB) (Free:733.35 GB) (Model: ST1000LM035-1RK172) NTFS
 
\\?\Volume{c95b2622-04d3-4d17-86bc-c7ab187f9143}\ () (Fixed) (Total:0.58 GB) (Free:0.07 GB) NTFS
\\?\Volume{c6c9306c-e9f4-4f2f-9892-c9f4cf92d8e0}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 04A1E3A2)
 
Partition: GPT.
 
==========================================================
Disk: 1 (Protective MBR) (Size: 953.9 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

  • 0

#10
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,053 posts

Another fix, and ... please, be careful!  :whistling:

FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
Edge Notifications: Default -> hxxps://forsts.click
C:\Program Files (x86)\shj1nedza4.dat
EmptyTemp:
End::
  • Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Post the log in your next reply.

 

 

In your next reply please post:

  1. The fixlog.txt
  2. Feedback: How is the computer running now? Any remaining issue/question/concern?

  • 0

Advertisements


#11
moondog830

moondog830

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 804 posts

The computer is now running great. Everything seems to be running smoother and quicker. Thanks so much!

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 31-10-2022 02
Ran by moond (02-11-2022 12:56:42) Run:2
Running from C:\Users\moond\Desktop\Virus Checking and Repair
Loaded Profiles: moond
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
Edge Notifications: Default -> hxxps://forsts.click
C:\Program Files (x86)\shj1nedza4.dat
EmptyTemp:
End::
*****************
 
Restore point was successfully created.
Processes closed successfully.
"Edge Notifications" => removed successfully
C:\Program Files (x86)\shj1nedza4.dat => moved successfully
 
=========== EmptyTemp: ==========
 
FlushDNS => completed
BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 27585485 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 24020718 B
Windows/system/drivers => 197780 B
Edge => 0 B
Chrome => 0 B
Brave => 538265265 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 15786 B
NetworkService => 15786 B
moond => -9085613 B
 
RecycleBin => 8654848 B
EmptyTemp: => 572.3 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 12:57:45 ====

  • 0

#12
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,053 posts

Great!
 
Let's move the tools we used and create a new restore point.

Download KpRm by kernel-panik and save it to your desktop.

  • Right-click kprm_(version).exe and select Run as Administrator.
  • Read and accept the disclaimer.
  • When the tool opens, ensure all boxes under Actions are checked.
  • Under Delete Quarantines select Delete Now, then click Run.
  • Once complete, click OK.
  • A log will open in Notepad titled kprm-(date).txt.
  • Please copy and paste its contents in your next reply.

  • 0

#13
moondog830

moondog830

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 804 posts
# Run at 11/3/2022 5:46:59 AM
# KpRm (Kernel-panik) version 2.9.3
# Run by moond from C:\Users\moond\Desktop
# Computer Name: PAPASASUS
# OS: Windows 10 X64 (22000) 
# Number of passes: 2
 
- Checked options -
 
    ~ Registry Backup
    ~ Delete Tools
    ~ Restore System Settings
    ~ UAC Restore
    ~ Delete Restore Points
    ~ Create Restore Point
    ~ Delete Quarantines
 
- Create Registry Backup -
 
   ~ [OK] Hive C:\WINDOWS\System32\config\SOFTWARE backed up
   ~ [OK] Hive C:\Users\moond\NTUSER.dat backed up
 
     [OK] Registry Backup: C:\KPRM\backup\2022-11-03-05-46-59
 
- Delete Tools -
 
 
  ## AdwCleaner
     [OK] C:\Users\moond\Desktop\Virus Checking and Repair\adwcleaner(1).exe deleted
     [OK] C:\AdwCleaner deleted
 
  ## FRST
     [OK] C:\Users\moond\Desktop\FRST-OlderVersion deleted
     [OK] C:\Users\moond\Desktop\Virus Checking and Repair\Addition.txt deleted
     [OK] C:\Users\moond\Desktop\Virus Checking and Repair\Fixlog.txt deleted
     [OK] C:\Users\moond\Desktop\Virus Checking and Repair\FRST-OlderVersion deleted
     [OK] C:\Users\moond\Desktop\Virus Checking and Repair\FRST.txt deleted
     [OK] C:\Users\moond\Desktop\Virus Checking and Repair\FRST64.exe deleted
     [OK] C:\FRST deleted
 
  ## Malwarebytes (log)
     [OK] C:\Users\moond\Desktop\Virus Checking and Repair\Malwarebytes report.txt deleted
 
- Restore System Settings -
 
     [OK] Reset WinSock
     [OK] FLUSHDNS
     [OK] Hide Hidden file.
     [OK] Show Extensions for known file types
     [OK] Hide protected operating system files
 
- Restore UAC -
 
     [OK] Set EnableLUA with default (1) value
     [OK] Set ConsentPromptBehaviorAdmin with default (5) value
     [OK] Set ConsentPromptBehaviorUser with default (3) value
     [OK] Set EnableInstallerDetection with default (0) value
     [OK] Set EnableSecureUIAPaths with default (1) value
     [OK] Set EnableUIADesktopToggle with default (0) value
     [OK] Set EnableVirtualization with default (1) value
     [OK] Set FilterAdministratorToken with default (0) value
     [OK] Set PromptOnSecureDesktop with default (1) value
     [OK] Set ValidateAdminCodeSignatures with default (0) value
 
- Clear Restore Points -
 
   ~ [OK] RP named AdwCleaner_BeforeCleaning_31/10/2022_11:58:02 created at 10/31/2022 15:58:02 deleted
   ~ [OK] RP named Avast Driver Updater - Update 3.4.2785.9920 created at 11/02/2022 00:55:37 deleted
   ~ [OK] RP named Restore Point Created by FRST created at 11/02/2022 16:56:44 deleted
     [OK] All system restore points have been successfully deleted
 
- Create Restore Point -
 
     [OK] System Restore Point created
 
- Display System Restore Point -
 
   ~ [I] RP named KpRm created at 11/03/2022 09:47:14
 
-- KPRM finished in 23.48s --

  • 0

#14
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,053 posts

Great, Mark!
 
I think now you need to read my final tips once more. Perhaps you should make a summary for your son too.   :)

Some of the following, are from Klein's (2005) article, So how did I get infected in the first place. Since then, the article has been reproduced or linked to in dozens of locations. As a result, many malware experts have continued updating it, to include current operating systems and software program information. My source is Security Garden, and I marked for you the following:

1. Keep your Windows updated!
It is important always to keep current with the latest security fixes from Microsoft. This can patch many of the security holes through which attackers can infect your computer.

2. Update 3rd Party Software Programs
Third Party software programs have long been targets for malware creators. It has been stated that "Adobe’s Reader and Flash and all versions of Java are together responsible for a total of 66 percent of the vulnerabilities in Windows systems exploited by malware.'' It's important to keep everything updated.

3. Update the browsers you use
Many malware infections install themselves by exploiting security holes in the Internet browser that you use. So... Keep them updated.

4. Be careful about what you download and what you open!

  • Many "freeware" programs come with an enormous amount of bundled spyware that will slow down your system, spawn pop-up advertisements, or just plain crash your browser or even Windows itself. Watch for pre-checked options such as toolbars that are not essential to the operation of the installed software.
  • Peer-to-peer (P2P) programs like Kazaa, BearShare, Imesh, Warez P2P, and others, allow the creation of a network enabling people to connect with other users and upload or download material in a fast efficient manner. BUT even if the P2P software you are using is "clean", a large percentage of the files served on the P2P network are likely to be infected.
  • Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Have this in mind.
  • Do not open any files without being certain of what they are!

5. Avoid questionable web sites!
Visit web sites that are trustworthy and reputable. Many disreputable sites will attempt to install malware on your system through "drive-by" exploits just by visiting the site in your browser. Lyrics sites, free software sites (especially ones that target young children), cracked software sites, and pornography sites are some of the worst offenders. Also, never give out personal information of any sort online or click "OK" to a pop-up unless it is signed by a reputable company and you know what it is.

6. Registry cleaners/driver boosters/system optimizers
I do not recommend registry cleaners, system optimizers, driver boosters and the like. It is your computer and certainly your choice. However, please consider that modifying registry keys incorrectly can cause Windows instability, or make Windows unbootable. With registry cleaner and system optimization software programs, the potential is ever present to cause more problems than they claim to fix. Do note, however, that Microsoft does not support the use of registry cleaners. See Microsoft support policy for the use of registry cleaning utilities.

7. PC means personal computer!
Don't give access to your computer to friends or family who appear to be clueless about what they are doing.

8. Back-up your work!
Make back-ups of your personal files frequently. You never know when you'll have to reformat and start from scratch. You can always reformat and reinstall programs, but you cannot replace your data if you haven't made backups.

9. Must-Have Software
An anti-virus and an anti-spyware program is a necessity for the security of your computer. Be sure that you keep them updated, and that real time protection is enabled. You have now Avast. Together with Malwarebytes, if you run it occasionally, depending on how often you use your computer, can keep you safe.

Happy safe computing. ZZZQehw.gif


I'm glad I was able to help you.


  • 0

#15
moondog830

moondog830

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 804 posts

thanks for all your help ... as usual you folks rock!


  • 1






Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP