Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-07-2021 01 Ran by moond (23-07-2021 08:00:27) Running from C:\Users\moond\Desktop\Virus Checking Windows 10 Home Version 20H2 19042.1110 (X64) (2020-09-27 14:02:04) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-1336835431-166869274-4150396170-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1336835431-166869274-4150396170-503 - Limited - Disabled) Guest (S-1-5-21-1336835431-166869274-4150396170-501 - Limited - Disabled) moond (S-1-5-21-1336835431-166869274-4150396170-1001 - Administrator - Enabled) => C:\Users\moond WDAGUtilityAccount (S-1-5-21-1336835431-166869274-4150396170-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.1 - Adobe Systems) Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated) AOMEI Partition Assistant 9.1 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version: - AOMEI International Network Limited.) Aslain's WoT Modpack version 1.13.0.1.00 (HKLM-x32\...\Aslains_WoT_Modpack_Installer_is1) (Version: 1.13.0.1.00 - Aslain) Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 21.5.2470 - Avast Software) bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 91.1.26.77 - Brave Software Inc) calibre 64bit (HKLM\...\{6DB760DC-BEC5-4727-AA50-722D2881725E}) (Version: 5.9.0 - Kovid Goyal) Discord (HKU\S-1-5-21-1336835431-166869274-4150396170-1001\...\Discord) (Version: 0.0.309 - Discord Inc.) Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.101.0 - Google LLC) Hidden Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 91.0.864.71 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1336835431-166869274-4150396170-1001\...\OneDriveSetup.exe) (Version: 21.119.0613.0001 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{E5A95BC5-81DF-4F0C-B910-B59DD012F037}) (Version: 2.81.0.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24123 (HKLM-x32\...\{206898cc-4b41-4d98-ac28-9f9ae57f91fe}) (Version: 14.0.24123.0 - Microsoft Corporation) NVIDIA Graphics Driver 457.63 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 457.63 - NVIDIA Corporation) OpenOffice 4.1.8 (HKLM-x32\...\{963FD672-F116-4AE3-AE25-84B576E610A7}) (Version: 4.18.9803 - Apache Software Foundation) PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.5.3 - TeamSpeak Systems GmbH) VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN) VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.2.0.39 - VSO Software) Wargaming.net Game Center (HKU\S-1-5-21-1336835431-166869274-4150396170-1001\...\Wargaming.net Game Center) (Version: 21.4.0.5527 - Wargaming.net) WinRAR 6.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.00.0 - win.rar GmbH) World of Tanks NA (HKU\S-1-5-21-1336835431-166869274-4150396170-1001\...\WOT.NA.PRODUCTION) (Version: - Wargaming.net) World_of_Warships (HKU\S-1-5-21-1336835431-166869274-4150396170-1001\...\WOWS.WW.PRODUCTION) (Version: - Wargaming.net) Packages: ========= AMD Radeon™ Settings Lite -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.59462344778C5_10.19.40016.0_x64__0a9344xs7nr4m [2021-01-19] (Advanced Micro Devices Inc.) DTS:X Ultra -> C:\Program Files\WindowsApps\DTSInc.DTSXUltra_1.10.9.0_x64__t5j2fzbtdg37r [2021-07-01] (DTS, Inc.) HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_129.1.234.0_x64__v10z8vjag6ke6 [2021-07-23] (HP Inc.) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-01-19] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-01-19] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.6151.0_x64__8wekyb3d8bbwe [2021-06-20] (Microsoft Studios) [MS Ad] MyASUS -> C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_3.0.16.0_x64__qmba6cd70vzyy [2021-07-14] (ASUSTeK COMPUTER INC.) NFO Viewer -> C:\Program Files\WindowsApps\5480BrunoGiordano.NFOViewer_1.0.1.1_neutral__xzarbek87fvdr [2021-01-21] (Bruno Giordano) NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-05-26] (NVIDIA Corp.) Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.26.249.0_x64__dt26b99r8h8gj [2021-06-20] (Realtek Semiconductor Corp) Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0 [2021-07-23] (Spotify AB) [Startup Task] ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-06-25] (Avast Software s.r.o. -> AVAST Software) ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-06-25] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2011-09-05] (Adobe Systems, Incorporated -> Adobe Systems Inc.) ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-06-25] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-06-25] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvam.inf_amd64_21f432cacc7a9a01\nvshext.dll [2021-01-21] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2011-09-05] (Adobe Systems, Incorporated -> Adobe Systems Inc.) ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-06-25] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== ==================== Loaded Modules (Whitelisted) ============= 2012-03-09 16:26 - 2012-03-09 16:26 - 000100352 _____ () [File not signed] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\zlib1.dll 2012-03-15 02:11 - 2013-01-02 23:39 - 002249352 _____ (Adobe Systems Incorporated -> Adobe Systems, Incorporated) [File not signed] C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\amtlib.dll 2012-03-15 02:40 - 2012-03-15 02:40 - 000041984 _____ (Adobe Systems, Incorporated) [File not signed] C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Required\Plug-Ins\Extensions\FastCore.8BX 2012-03-15 02:41 - 2012-03-15 02:41 - 000284672 _____ (Adobe Systems, Incorporated) [File not signed] C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Required\Plug-Ins\Extensions\MMXCore.8BX 2012-03-15 02:32 - 2012-03-15 02:32 - 000596480 _____ (Adobe Systems, Incorporated) [File not signed] C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Required\Plug-Ins\Extensions\MultiProcessor Support.8BX 2021-06-20 07:51 - 2021-06-20 07:52 - 000187392 _____ (Fortemedia) [File not signed] C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.26.249.0_x64__dt26b99r8h8gj\FMAPOCTL.dll 2012-03-15 02:06 - 2012-03-15 02:06 - 002923008 _____ (Intel Corporation) [File not signed] C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\libmmd.dll 2021-01-19 17:42 - 2021-01-19 17:42 - 000023040 _____ (Synaptics Incorporated.) [File not signed] C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.26.249.0_x64__dt26b99r8h8gj\SynAudSrvDll.dll 2012-03-09 16:26 - 2012-03-09 16:26 - 000249344 _____ (The cURL library, hxxp://curl.haxx.se/) [File not signed] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\libcurl.dll 2012-03-09 16:26 - 2012-03-09 16:26 - 001106944 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\LIBEAY32.dll 2012-03-09 16:26 - 2012-03-09 16:26 - 000237056 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\SSLEAY32.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== SearchScopes: HKU\S-1-5-21-1336835431-166869274-4150396170-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2019-12-07 05:14 - 2019-12-07 05:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1336835431-166869274-4150396170-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [TCP Query User{21991367-46A6-4996-AB19-A332DA8FF6F9}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net) FirewallRules: [UDP Query User{ECE68012-151A-4C66-BD1B-9BAA17D5FF04}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net) FirewallRules: [TCP Query User{07A24EDE-913A-49E2-ADA8-905C2F840074}C:\programdata\wargaming.net\gamecenter\dlls\wgc_renderer.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\dlls\wgc_renderer.exe => No File FirewallRules: [UDP Query User{207C7886-A052-47A1-B5FA-E21933F948D2}C:\programdata\wargaming.net\gamecenter\dlls\wgc_renderer.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\dlls\wgc_renderer.exe => No File FirewallRules: [TCP Query User{D7CC9ADE-2176-4C8A-A415-033ED4D76A09}C:\games\world_of_tanks_na\win64\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_na\win64\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net) FirewallRules: [UDP Query User{11D864D6-894E-441C-971C-5C8CF290199F}C:\games\world_of_tanks_na\win64\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_na\win64\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net) FirewallRules: [{4BDADAE3-46A2-4717-BF20-EB5E416EA67E}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe (Adobe Systems Incorporated -> ) FirewallRules: [{E9E8FDE0-F76A-459A-855B-D089568A476A}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe (Adobe Systems Incorporated -> ) FirewallRules: [{49CC1B4E-E589-4DAB-BC08-23259290767A}] => (Allow) LPort=7935 FirewallRules: [TCP Query User{9BDF0B1D-94E6-431B-97E0-3318C4D12F09}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe => No File FirewallRules: [UDP Query User{E1C2A2DF-5A44-4890-BBA3-D77E49A2570D}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe => No File FirewallRules: [TCP Query User{4603173A-AC86-47AD-A700-35EC624C30B0}C:\games\world_of_tanks_na\win64\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_na\win64\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net) FirewallRules: [UDP Query User{E9184F50-F763-444E-BC70-C3436CACDB4B}C:\games\world_of_tanks_na\win64\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_na\win64\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net) FirewallRules: [{74D9A269-086E-4191-B6BA-CE1854D4A85B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{D524098E-69E4-4FD8-9463-854CE9ACF8F2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{21AF1AAA-6EAE-46D3-9144-18F0DADBFF73}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{A0D0E0AB-B2B0-4C02-8F3D-B6388A8AC7A9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{A4EDD4B8-B8AF-44E9-9E30-FC58BA2F9118}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.) FirewallRules: [{3A40AA1A-9F21-436C-BF8F-AD67FC48032D}] => (Allow) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSLinkNear\AsusLinkNear.exe (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.) FirewallRules: [{EB93E258-67B2-465F-A9E2-8220B0C70D55}] => (Allow) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSLinkRemote\AsusLinkRemoteAgent.exe (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​) FirewallRules: [{5CB8B6CF-29BB-43BD-85A8-52E1FDF2C325}] => (Allow) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSLinkRemote\AsusLinkRemoteAgent.exe (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​) FirewallRules: [{21265F1A-27D1-425A-B404-0E95ABD11E4E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{89BCFAE7-A2D7-4ABD-B82F-466D2E504B1E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{B92F7B88-13AD-415B-BA9C-0A3B7E77E8D4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{52DF629F-AE4F-4813-B1A6-3E378F7F7045}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{B7D967E2-AC99-4664-B5B5-58601360D422}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{BACA22A7-DEB6-4CA9-835F-8262C1D316A5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{0997998C-890B-484E-BE50-52B4A5F70476}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{840ED4D8-85AE-4319-927C-A7FE9BCEA148}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) ==================== Restore Points ========================= 15-07-2021 15:49:51 Windows Modules Installer 17-07-2021 20:51:12 Windows Modules Installer ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (07/23/2021 07:20:48 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program soffice.bin version 4.0.9803.500 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 4fbc Start Time: 01d77efd573a5604 Termination Time: 16 Application Path: C:\Program Files (x86)\OpenOffice 4\program\soffice.bin Report Id: 0badca3b-1ef3-4553-b16d-44852cd0eab5 Faulting package full name: Faulting package-relative application ID: Hang type: Cross-process Error: (07/22/2021 08:20:03 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: AsusSystemAnalysis.exe, version: 2.1.8.0, time stamp: 0x60d8a223 Faulting module name: AsusWinIo64.dll, version: 1.0.14.0, time stamp: 0x60d8a243 Exception code: 0xc0000005 Fault offset: 0x000000000000c243 Faulting process id: 0x2638 Faulting application start time: 0x01d77f587a99fe93 Faulting application path: C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemAnalysis\AsusSystemAnalysis.exe Faulting module path: C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemAnalysis\AsusWinIo64.dll Report Id: 696ec5d5-4928-406e-b10c-b0a52356ed85 Faulting package full name: Faulting package-relative application ID: Error: (07/22/2021 08:15:03 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: AsusSystemAnalysis.exe, version: 2.1.8.0, time stamp: 0x60d8a223 Faulting module name: AsusWinIo64.dll, version: 1.0.14.0, time stamp: 0x60d8a243 Exception code: 0xc0000005 Fault offset: 0x000000000000c243 Faulting process id: 0x47cc Faulting application start time: 0x01d77f57c7c7e1b5 Faulting application path: C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemAnalysis\AsusSystemAnalysis.exe Faulting module path: C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemAnalysis\AsusWinIo64.dll Report Id: 5da0d332-4622-44b0-baf6-9d01c830ee39 Faulting package full name: Faulting package-relative application ID: Error: (07/22/2021 08:10:03 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: AsusSystemAnalysis.exe, version: 2.1.8.0, time stamp: 0x60d8a223 Faulting module name: AsusWinIo64.dll, version: 1.0.14.0, time stamp: 0x60d8a243 Exception code: 0xc0000005 Fault offset: 0x000000000000c243 Faulting process id: 0x5214 Faulting application start time: 0x01d77f5714f63960 Faulting application path: C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemAnalysis\AsusSystemAnalysis.exe Faulting module path: C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemAnalysis\AsusWinIo64.dll Report Id: df8627ca-cd4b-4846-8964-3653f1d83458 Faulting package full name: Faulting package-relative application ID: Error: (07/22/2021 08:05:03 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: AsusSystemAnalysis.exe, version: 2.1.8.0, time stamp: 0x60d8a223 Faulting module name: AsusWinIo64.dll, version: 1.0.14.0, time stamp: 0x60d8a243 Exception code: 0xc0000005 Fault offset: 0x000000000000c243 Faulting process id: 0x2110 Faulting application start time: 0x01d77f56621f712f Faulting application path: C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemAnalysis\AsusSystemAnalysis.exe Faulting module path: C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemAnalysis\AsusWinIo64.dll Report Id: a316c619-ea26-4af0-8ec8-203f6d31bd71 Faulting package full name: Faulting package-relative application ID: Error: (07/22/2021 08:00:03 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: AsusSystemAnalysis.exe, version: 2.1.8.0, time stamp: 0x60d8a223 Faulting module name: AsusWinIo64.dll, version: 1.0.14.0, time stamp: 0x60d8a243 Exception code: 0xc0000005 Fault offset: 0x000000000000c243 Faulting process id: 0x3c8c Faulting application start time: 0x01d77f55af55721d Faulting application path: C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemAnalysis\AsusSystemAnalysis.exe Faulting module path: C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemAnalysis\AsusWinIo64.dll Report Id: 6ae33a1c-7297-4fc3-be6f-ad85f89bf500 Faulting package full name: Faulting package-relative application ID: Error: (07/22/2021 07:55:03 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: AsusSystemAnalysis.exe, version: 2.1.8.0, time stamp: 0x60d8a223 Faulting module name: AsusWinIo64.dll, version: 1.0.14.0, time stamp: 0x60d8a243 Exception code: 0xc0000005 Fault offset: 0x000000000000c243 Faulting process id: 0x5110 Faulting application start time: 0x01d77f54fc805943 Faulting application path: C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemAnalysis\AsusSystemAnalysis.exe Faulting module path: C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemAnalysis\AsusWinIo64.dll Report Id: 9fddda42-e6e5-4db3-a15c-b1a69660803a Faulting package full name: Faulting package-relative application ID: Error: (07/22/2021 07:50:03 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: AsusSystemAnalysis.exe, version: 2.1.8.0, time stamp: 0x60d8a223 Faulting module name: AsusWinIo64.dll, version: 1.0.14.0, time stamp: 0x60d8a243 Exception code: 0xc0000005 Fault offset: 0x000000000000c243 Faulting process id: 0x306c Faulting application start time: 0x01d77f5449ae4198 Faulting application path: C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemAnalysis\AsusSystemAnalysis.exe Faulting module path: C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSystemAnalysis\AsusWinIo64.dll Report Id: 33e3c23e-7b47-4d8f-8387-572e6be49c12 Faulting package full name: Faulting package-relative application ID: System errors: ============= Error: (07/23/2021 07:56:10 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY) Description: A corruption was discovered in the file system structure on volume Z:. The exact nature of the corruption is unknown. The file system structures need to be scanned online. Error: (07/23/2021 07:56:10 AM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT AUTHORITY) Description: Z:\Device\HarddiskVolume163 Error: (07/23/2021 07:56:09 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY) Description: A corruption was discovered in the file system structure on volume Z:. The exact nature of the corruption is unknown. The file system structures need to be scanned and fixed offline. Error: (07/23/2021 07:29:23 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY) Description: A corruption was discovered in the file system structure on volume Z:. The exact nature of the corruption is unknown. The file system structures need to be scanned online. Error: (07/23/2021 07:29:23 AM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT AUTHORITY) Description: Z:\Device\HarddiskVolume143 Error: (07/23/2021 05:26:57 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-906HTT3) Description: The server {D0582E3B-3126-4CAA-9155-AC37C912A489} did not register with DCOM within the required timeout. Error: (07/23/2021 05:25:01 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY) Description: A corruption was discovered in the file system structure on volume Z:. The exact nature of the corruption is unknown. The file system structures need to be scanned online. Error: (07/23/2021 05:25:01 AM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT AUTHORITY) Description: Z:\Device\HarddiskVolume123 Windows Defender: ================ Date: 2021-01-19 17:39:11 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-01-19 17:32:18 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-01-19 17:09:40 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-01-19 18:45:56 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.303.25.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16400.2 Error code: 0x80240009 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. CodeIntegrity: =============== Date: 2021-07-23 05:40:26 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. Date: 2021-07-23 05:25:37 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. ==================== Memory info =========================== BIOS: American Megatrends Inc. FA706IH.316 03/12/2021 Motherboard: ASUSTeK COMPUTER INC. FA706IH Processor: AMD Ryzen 7 4800H with Radeon Graphics Percentage of memory in use: 33% Total physical RAM: 32175.24 MB Available physical RAM: 21469.2 MB Total Virtual: 37039.24 MB Available Virtual: 22215.02 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:953.27 GB) (Free:749.89 GB) NTFS Drive d: () (Fixed) (Total:931.5 GB) (Free:733.35 GB) NTFS Drive g: (HP P600) (CDROM) (Total:0.05 GB) (Free:0 GB) CDFS Drive z: (Lennee) (Fixed) (Total:952.84 GB) (Free:937.94 GB) NTFS \\?\Volume{b03fb79a-5a13-4c8e-9bf6-b5ad784a4ea1}\ () (Fixed) (Total:0.49 GB) (Free:0.08 GB) NTFS \\?\Volume{e9f0f7ff-9bc8-11eb-a249-d8c0a623d848}\ () (Fixed) (Total:0.93 GB) (Free:0.93 GB) FAT \\?\Volume{c6c9306c-e9f4-4f2f-9892-c9f4cf92d8e0}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 04A1E3A2) Partition: GPT. ========================================================== Disk: 1 (Protective MBR) (Size: 953.9 GB) (Disk ID: 00000000) Partition: GPT. ========================================================== Disk: 2 (Size: 953.8 GB) (Disk ID: 701B06D1) Partition: GPT. ==================== End of Addition.txt =======================