Windows update couldn't install

[JoeRain]

There are some "cracked" softwares on my PC. But they've been here long enough and throughout that time with AV always turned on, it never detected anything and Windows was able to update just normally.
Days before this update problem (which was almost a month ago by this time), I did hard-boot the PC a couple of times because i was panicking to see it froze (which i found out later was actually caused by its in the middle of updating).

 

[Gary R]

OK thanks for telling me that.

I don't suspect Malware was the cause of your problems, but the fact that you powered down during an update, is almost certainly the cause of why you can't update now.

Still waiting for feedback on my findings in your last log. Weekends tend to be slow in that regard, since helper's families generally tend to want their attention at this time.

Will get back to you once I have something more constructive to say.

 

[JoeRain]

Thanks, Gary. Enjoy your time with family and friends too.

 

[Gary R]

• Navigate to C:\Windows\System32\Config and locate the COMPONENTS file.
• Please copy this file to your desktop.
• Note: If you receive an error that this file is in-use, simply reboot your computer and try again.
• Right-click on this file on your desktop and select Send To...Compressed (zipped) folder. This will create a file named COMPONENTS.ZIP on your desktop.
• The file will likely be too large to upload here so please upload to a file sharing service.
• Examples of services to upload to are WeTransfer and TransferKit and SendFileOnline

Please post me the link to the file


By the way, whereabouts in the world are you located ?

 

[JoeRain]

Hello, Gary. Here you go.
COMPONENTS.zip

I'm in Indonesia

 

[Gary R]

OK just wanted to know because you had an entry in your FRST.txt log for an ISP in Jakarta. If you'd been located somewhere else then that might have been suspicious, but for someone in Indonesia it's perfectly normal.

Looking at your Components Hive now, back as soon as I've finished analysing it.

 

[Gary R]

Nothing conclusive in your Components Hive, I expected to see corruptions in it that were connected to the failures seen earlier in your CbsPersist_20220624163658.log

So what I'd like to do now is to run a brief test, to test a theory.

This will not resolve your problem, but if it proves to be correct, then I think we may be able to progress things.

So first ....

WARNING! The following fix is specific to the user's system in this thread only. No one else should follow these instructions, as it could damage your system.

• Download the attachment SFCFix.zip and save it on your desktop.
• Save any work you have open, and close all programs.
• Drag the SFCFix.zip file over the SFCFix.exe executable and release it.

• SFCFix will launch, let it complete.
• Once done, a file will appear on your desktop, called SFCFix.txt
• Open the file, then copy and paste its content in your next reply.

Next ....

Try to update your computer.

If it fails (as I expect it to) then please post me your latest .... C:\Windows\Logs\CBS\CBS.log

 

[JoeRain]

Hello, Gary. Sorry just got back here again, had a family trip last weekend and just arrived this afternoon in jakarta.


SFCFix version 3.0.2.1 by niemiro.
Start time: 2022-07-04 20:09:45.450
Microsoft Windows 10 Build 19043 - amd64
Using .zip script file at C:\Users\asus\Desktop\SFCFix.zip [0]




PowerCopy::
Successfully took permissions for file or folder C:\Windows\WinSxS\amd64_microsoft-windows-telnet-client_31bf3856ad364e35_10.0.19041.1_none_6e229ee8c467f101\telnet.exe
Successfully took permissions for file or folder C:\Windows\WinSxS\amd64_microsoft-windows-telnet-client_31bf3856ad364e35_10.0.19041.1741_none_2cbfc6a2da659991\telnet.exe
Successfully took permissions for file or folder C:\Windows\WinSxS\amd64_microsoft-windows-telnet-client_31bf3856ad364e35_10.0.19041.1741_none_2cbfc6a2da659991\r\telnet.exe
Successfully took permissions for file or folder C:\Windows\WinSxS\amd64_microsoft-windows-telnet-client_31bf3856ad364e35_10.0.19041.1741_none_2cbfc6a2da659991\f\telnet.exe

Successfully copied file C:\Users\asus\AppData\Local\niemiro\Archive\amd64_microsoft-windows-telnet-client_31bf3856ad364e35_10.0.19041.1_none_6e229ee8c467f101\telnet.exe to C:\Windows\WinSxS\amd64_microsoft-windows-telnet-client_31bf3856ad364e35_10.0.19041.1_none_6e229ee8c467f101\telnet.exe.
Successfully copied file C:\Users\asus\AppData\Local\niemiro\Archive\amd64_microsoft-windows-telnet-client_31bf3856ad364e35_10.0.19041.1741_none_2cbfc6a2da659991\telnet.exe to C:\Windows\WinSxS\amd64_microsoft-windows-telnet-client_31bf3856ad364e35_10.0.19041.1741_none_2cbfc6a2da659991\telnet.exe.
Successfully copied file C:\Users\asus\AppData\Local\niemiro\Archive\amd64_microsoft-windows-telnet-client_31bf3856ad364e35_10.0.19041.1741_none_2cbfc6a2da659991\r\telnet.exe to C:\Windows\WinSxS\amd64_microsoft-windows-telnet-client_31bf3856ad364e35_10.0.19041.1741_none_2cbfc6a2da659991\r\telnet.exe.
Successfully copied file C:\Users\asus\AppData\Local\niemiro\Archive\amd64_microsoft-windows-telnet-client_31bf3856ad364e35_10.0.19041.1741_none_2cbfc6a2da659991\f\telnet.exe to C:\Windows\WinSxS\amd64_microsoft-windows-telnet-client_31bf3856ad364e35_10.0.19041.1741_none_2cbfc6a2da659991\f\telnet.exe.

Successfully restored ownership for C:\Windows\WinSxS\amd64_microsoft-windows-telnet-client_31bf3856ad364e35_10.0.19041.1_none_6e229ee8c467f101\telnet.exe
Successfully restored permissions on C:\Windows\WinSxS\amd64_microsoft-windows-telnet-client_31bf3856ad364e35_10.0.19041.1_none_6e229ee8c467f101\telnet.exe
Successfully restored ownership for C:\Windows\WinSxS\amd64_microsoft-windows-telnet-client_31bf3856ad364e35_10.0.19041.1741_none_2cbfc6a2da659991\telnet.exe
Successfully restored permissions on C:\Windows\WinSxS\amd64_microsoft-windows-telnet-client_31bf3856ad364e35_10.0.19041.1741_none_2cbfc6a2da659991\telnet.exe
Successfully restored ownership for C:\Windows\WinSxS\amd64_microsoft-windows-telnet-client_31bf3856ad364e35_10.0.19041.1741_none_2cbfc6a2da659991\r\telnet.exe
Successfully restored permissions on C:\Windows\WinSxS\amd64_microsoft-windows-telnet-client_31bf3856ad364e35_10.0.19041.1741_none_2cbfc6a2da659991\r\telnet.exe
Successfully restored ownership for C:\Windows\WinSxS\amd64_microsoft-windows-telnet-client_31bf3856ad364e35_10.0.19041.1741_none_2cbfc6a2da659991\f\telnet.exe
Successfully restored permissions on C:\Windows\WinSxS\amd64_microsoft-windows-telnet-client_31bf3856ad364e35_10.0.19041.1741_none_2cbfc6a2da659991\f\telnet.exe
PowerCopy:: directive completed successfully.




Successfully processed all directives.
SFCFix version 3.0.2.1 by niemiro has completed.
Currently storing 18 datablocks.
Finish time: 2022-07-04 20:10:03.556
Script hash: BFgwFDsYZDSywtBT6S14ptqcY/xmETcBSS6me5zkVM4=
----------------------EOF-----------------------

I'll try the update and attach the CBS log

 

[Gary R]

No problem. Hope you enjoyed your trip.

 

[JoeRain]

Thanks, Gary. We had a great time.

Here's the CBS

CBS.zip

 

[Gary R]

Gad to hear it.

Looking over your logs now, let's hope they show me what I want to see.

Probably going to take a while. Back as soon as I've finished.

 

[Gary R]

Unfortunately I didn't see what I expected to see.

So .......

Download FRST64 to your Desktop.

• Double click Frst.exe to launch it.
• FRST will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • When finished scanning 2 logs will open on your Desktop, FRST.txt and Addition.txt
  • Please post them in your next reply.

Next ...

• Download the attachment SFCFix.txt and also save it on your desktop.
• Save any work you have open, and close all programs.
• Drag the SFCFix.txt file over the SFCFix.exe executable and release it.

• SFCFix will launch, let it complete.
• Once done, a file will appear on your desktop, called SFCFix.txt
• Open the file, then copy and paste its content in your next reply.

 

[JoeRain]

Thanks, Gary.

Here are the logs.

FRST
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-07-2022
Ran by asus (administrator) on LAPTOP-O9IIDCTE (ASUSTeK COMPUTER INC. TUF Gaming FX505DT_FX505DT) (06-07-2022 09:18:49)
Running from C:\Users\asus\Desktop
Loaded Profiles: asus
Platform: Microsoft Windows 10 Home Single Language Version 21H1 19043.1645 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_5e38ce8081e93b46\ASUSOptimization\AsusOSD.exe
(C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe ->) (ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\SwAgent\ArmourySwAgent.exe
(C:\Program Files (x86)\GlassWire\GWCtlSrv.exe ->) (GlassWire -> SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCopyAccelerator.exe
(C:\Users\asus\AppData\Roaming\Zoom\bin\Zoom.exe ->) (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) C:\Users\asus\AppData\Roaming\Zoom\bin\CptHost.exe
(C:\Users\asus\AppData\Roaming\Zoom\bin\Zoom.exe ->) (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) C:\Users\asus\AppData\Roaming\Zoom\bin\zWebview2Agent.exe
(C:\Users\asus\AppData\Roaming\Zoom\bin\zWebview2Agent.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\103.0.1264.44\msedgewebview2.exe <6>
(DriverStore\FileRepository\asussci2.inf_amd64_5e38ce8081e93b46\ASUSOptimization\AsusOptimization.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_5e38ce8081e93b46\ASUSOptimization\AsusOptimizationStartupTask.exe
(DriverStore\FileRepository\asussci2.inf_amd64_5e38ce8081e93b46\ASUSSoftwareManager\AsusSoftwareManager.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_5e38ce8081e93b46\ASUSSoftwareManager\AsusSoftwareManagerAgent.exe
(DriverStore\FileRepository\u0374485.inf_amd64_abfb7dc77f8ab6ca\B374507\atiesrxx.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0374485.inf_amd64_abfb7dc77f8ab6ca\B374507\atieclxx.exe
(explorer.exe ->) (ASUSTeK COMPUTER INC.) C:\Program Files\WindowsApps\B9ECED6F.GameVisual_2.2.2.0_x64__qmba6cd70vzyy\ACMON.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe
(explorer.exe ->) (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectMonitor.exe
(explorer.exe ->) (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectUI.exe
(explorer.exe ->) (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) C:\Users\asus\AppData\Roaming\Zoom\bin\Zoom.exe <2>
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <12>
(Nvidia Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0374485.inf_amd64_abfb7dc77f8ab6ca\B374507\atiesrxx.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUS Inc.) C:\Program Files (x86)\ASUS\GameSDK Service\GameSDK.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_5e38ce8081e93b46\ASUSLinkRemote\AsusLinkRemote.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.) C:\Program Files (x86)\ASUS\ROG Live Service\ROGLiveService.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.) C:\Program Files (x86)\LightingService\LightingService.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_5e38ce8081e93b46\AsusAppService\AsusAppService.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_5e38ce8081e93b46\ASUSLinkNear\AsusLinkNear.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_5e38ce8081e93b46\ASUSOptimization\AsusOptimization.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_5e38ce8081e93b46\ASUSSoftwareManager\AsusSoftwareManager.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_5e38ce8081e93b46\ASUSSwitch\AsusSwitch.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_5e38ce8081e93b46\ASUSSystemAnalysis\AsusSystemAnalysis.exe
(services.exe ->) (DTS, Inc. -> ) C:\Windows\System32\DTS\PC\APO3x\DTSAPO3Service.exe
(services.exe ->) (GlassWire -> SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_5e38ce8081e93b46\ASUSSystemDiagnosis\AsusSystemDiagnosis.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\NisSrv.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvami.inf_amd64_531cf42fcad619f7\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(services.exe ->) (vivo Mobile Communication Co., Ltd -> TODO: <Company name>) C:\Program Files (x86)\EasyShare_ex\vivoesServiceWin7.exe
(services.exe ->) (Windscribe Limited -> Windscribe Limited) C:\Program Files (x86)\Windscribe\WindscribeService.exe
(svchost.exe ->) (ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AcPowerNotification\AcPowerNotification.exe
(svchost.exe ->) (ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe
(svchost.exe ->) (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe <2>
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2204.13303.0_x64__8wekyb3d8bbwe\Cortana.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.22031.10091.0_x64__8wekyb3d8bbwe\Music.UI.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Reflect UI] => C:\Program Files\Macrium\Common\ReflectUI.exe [9831896 2022-05-11] (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd)
HKLM-x32\...\Run: [TeamsMachineUninstallerLocalAppData] => C:\Users\asus\AppData\Local\Microsoft\Teams\Update.exe [2492168 2022-05-18] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKLM-x32\...\Run: [TeamsMachineUninstallerProgramData] => %ProgramData%\Microsoft\Teams\Update.exe --uninstall --msiUninstall --source=default (No File)
HKU\S-1-5-21-118308293-610972259-2242679070-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2632072 2022-06-25] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-118308293-610972259-2242679070-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4282328 2022-06-07] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-118308293-610972259-2242679070-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [5881872 2022-05-31] (Tonec Inc. -> Tonec Inc.)
HKU\S-1-5-21-118308293-610972259-2242679070-1001\...\Run: [pCloud] => C:\Program Files\pCloud Drive\pCloud.exe [3426152 2022-04-21] (pCloud AG -> pCloud AG)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\103.0.5060.66\Installer\chrmstp.exe [2022-06-30] (Google LLC -> Google LLC)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {09EB5F01-6C6E-4674-8EDC-FEAE2F434697} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1654272 2022-03-31] (Nvidia Corporation -> NVIDIA Corporation)
Task: {0A9ADBA9-45A8-49DF-8839-A4708C608A58} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-23] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {10414F54-5B9B-4E0C-857F-0364AA99621D} - System32\Tasks\ASUS Update Checker 2.0 => C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_5e38ce8081e93b46\ASUSSoftwareManager\AsusUpdateChecker.exe [790768 2022-04-17] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
Task: {1462239F-31A6-4AF3-BEAE-16A732CA82BF} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906752 2022-03-31] (Nvidia Corporation -> NVIDIA Corporation)
Task: {15674975-5919-45B0-B2C6-4AE0709C9B4A} - System32\Tasks\ASUS\ASUSUpdateTaskMachineUA => C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [168520 2021-10-30] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {1C1E1F60-CF0F-4CE0-8D51-14178594D88C} - System32\Tasks\RtkAudUService64_BG => C:\Windows\system32\RtkAudUService64.exe [862192 2019-02-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {29DA90B8-AF36-4532-98D9-6A5820F102EA} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1654272 2022-03-31] (Nvidia Corporation -> NVIDIA Corporation)
Task: {30ECFBBF-C27D-4625-B2D7-E57C8328AF2A} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4214152 2022-06-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {325F2B89-5AF0-4D7D-ABE3-975FDD86C682} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23246768 2022-06-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {348B1B35-FD5F-4481-AE67-93E3C5DA81FA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8304072 2022-06-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {41275F06-D4A5-4C8E-8768-52649753B9F4} - System32\Tasks\ASUS\ArmourySocketServer => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe [2179960 2021-09-17] (ASUSTeK Computer Inc. -> ASUS)
Task: {444E5BE1-166B-4B51-9542-B4636FED6BB5} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {46B8194F-3EC5-417A-B1B3-22A5D64CD150} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23246768 2022-06-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {4DB82C05-8B0E-4E5C-8120-46161FBBAD56} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1654272 2022-03-31] (Nvidia Corporation -> NVIDIA Corporation)
Task: {577EE8CC-6261-44F8-9B0E-83FBB1D26DAB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-12-14] (Google LLC -> Google LLC)
Task: {5ACC8CA2-10EF-4D63-B981-6D6E9A488DF7} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [42144 2022-04-29] (HP Inc. -> HP Inc.)
Task: {727EDD41-B904-4527-B183-C9FBB0A9A258} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1654272 2022-03-31] (Nvidia Corporation -> NVIDIA Corporation)
Task: {794F3136-4EE5-489B-B05D-BE189256BC36} - System32\Tasks\ASUS\Framework Service => C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe [44588888 2021-08-19] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {7DD4847D-DB8F-438E-9836-746B283EE87A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-23] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {80E9EDF4-E377-4CC7-92D0-A27783DB2800} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144800 2022-06-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {84E492A6-6975-4FD8-90BE-BB2B44422975} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [42144 2022-04-29] (HP Inc. -> HP Inc.)
Task: {8B620F63-2CD8-4623-82B1-17EFFF7CF3EF} - System32\Tasks\ASUS\ASUSUpdateTaskMachineCore => C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [168520 2021-10-30] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {A2355B96-A6F1-49C0-9D86-85F514C440FE} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1003128 2022-03-01] (Nvidia Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {A52A6621-A872-486B-BDCB-B3E24245996D} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-118308293-610972259-2242679070-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4214152 2022-06-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {A54DFF77-12A9-4DD2-8F1D-99C66E664CD4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-23] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A59B6B95-4E54-42F1-AF71-8200D8378DF9} - System32\Tasks\ASUS Optimization 36D18D69AFC3 => C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_5e38ce8081e93b46\ASUSOptimization\AsusHotkey.exe [240304 2022-04-17] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
Task: {AC9E2608-1E2B-45D8-9ACC-D6EB418D2A40} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-17] (Adobe Inc. -> Adobe Inc.)
Task: {ADC0F00D-91FC-45B9-95BA-433EFBC68608} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-12-14] (Google LLC -> Google LLC)
Task: {B2493BE6-E4F8-4308-A5D8-F72C2AC0A8D8} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [67472 2022-05-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {BB253548-1427-40C1-931E-82E2236DED5D} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144800 2022-06-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {BF1922B3-2CAE-4EBB-929A-058FE4C4CA94} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3342080 2022-03-31] (Nvidia Corporation -> NVIDIA Corporation)
Task: {BF7AEEBF-BBAE-4C05-B9D7-A40BF7EE082D} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646344 2022-03-31] (Nvidia Corporation -> NVIDIA Corporation)
Task: {D5DA5C19-B847-4D8D-A6FE-C4311E94A77F} - System32\Tasks\DSB Notification => C:\Program Files\ASUS\DSB Notification\DSBNotification.exe [782216 2019-01-28] (ASUSTeK Computer Inc. -> ASUSTeK COMPUTER INC.)
Task: {DCEE7D3F-2527-402E-92D8-A7C629B1075E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8304072 2022-06-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {E1C77EBD-8AAA-43E6-A672-23409D8D2F2D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-23] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E2716B82-B968-472F-81E6-33E5BBBE38D1} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {E60812A2-6054-44B1-8282-C4F225ADF0D1} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906752 2022-03-31] (Nvidia Corporation -> NVIDIA Corporation)
Task: {EAF842E5-C5A9-48F7-AB28-24663A00AC9D} - System32\Tasks\ASUS\P508PowerAgent_sdk => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe (No File)
Task: {EEEB09EB-83D9-4B54-A149-B007D4E71FFD} - System32\Tasks\ASUS\AcPowerNotification => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AcPowerNotification\AcPowerNotification.exe [104600 2021-09-17] (ASUSTeK Computer Inc. -> ASUS)
Task: {F04CD05A-68FE-440F-B539-0E6154F8F3B1} - System32\Tasks\AsusSystemAnalysis_754F3273-0563-4F20-B12F-826510B07474 => C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_5e38ce8081e93b46\ASUSSystemAnalysis\AsusSystemAnalysis.exe [3555560 2022-04-17] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.18.1
Tcpip\..\Interfaces\{9770a4cb-3e71-4609-8f9c-bbffb1b8cdfe}: [DhcpNameServer] 114.129.23.33 114.129.22.33
Tcpip\..\Interfaces\{a225a796-3e5b-44e7-84f7-5f3715184586}: [DhcpNameServer] 192.168.18.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\asus\AppData\Local\Microsoft\Edge\User Data\Default [2022-06-01]
Edge HKU\S-1-5-21-118308293-610972259-2242679070-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [llbjbkhnmlidjebalopleeepgdfgcpec] - C:\Program Files (x86)\Internet Download Manager\IDMEdgeExt.crx [2022-05-31]

FireFox:
========
FF DefaultProfile: 8gffeskn.default
FF ProfilePath: C:\Users\asus\AppData\Roaming\Mozilla\Firefox\Profiles\8gffeskn.default [2021-11-02]
FF ProfilePath: C:\Users\asus\AppData\Roaming\Mozilla\Firefox\Profiles\64gsr5o8.default-release [2022-07-06]
FF Notifications: Mozilla\Firefox\Profiles\64gsr5o8.default-release -> hxxps://web.whatsapp.com; hxxps://drive.google.com
FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\asus\AppData\Roaming\Mozilla\Firefox\Profiles\64gsr5o8.default-release\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2022-06-29]
FF Extension: (IDM Integration Module) - C:\Users\asus\AppData\Roaming\Mozilla\Firefox\Profiles\64gsr5o8.default-release\Extensions\mozilla_cc3@internetdownloadmanager.com.xpi [2022-05-27]
FF Extension: (uBlock Origin) - C:\Users\asus\AppData\Roaming\Mozilla\Firefox\Profiles\64gsr5o8.default-release\Extensions\uBlock0@raymondhill.net.xpi [2022-06-15]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\asus\AppData\Roaming\Mozilla\Firefox\Profiles\64gsr5o8.default-release\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2022-06-29]
FF Extension: (Scopus Document Download Manager) - C:\Users\asus\AppData\Roaming\Mozilla\Firefox\Profiles\64gsr5o8.default-release\Extensions\{3489af5d-5f4b-4903-95ff-6ce9f73f08d3}.xpi [2021-11-30]
FF HKU\S-1-5-21-118308293-610972259-2242679070-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\asus\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\asus\AppData\Roaming\IDM\idmmzcc5 [2021-11-01] [Legacy] [not signed]
FF HKU\S-1-5-21-118308293-610972259-2242679070-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-12-20] [Legacy]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-04-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2022-06-05] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2022-05-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-03-04] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default [2022-06-22]
CHR Extension: (Google Docs Offline) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-06-16]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2022-05-16]
CHR Extension: (IDM Integration Module) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2022-05-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-12-14]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2022-05-31]
CHR HKU\S-1-5-21-118308293-610972259-2242679070-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2022-05-31]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2022-05-31]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-17] (Adobe Inc. -> Adobe Inc.)
S2 asus; C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [168520 2021-10-30] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R2 AsusAppService; C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_5e38ce8081e93b46\AsusAppService\AsusAppService.exe [872112 2022-04-17] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 ASUSLinkNear; C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_5e38ce8081e93b46\ASUSLinkNear\AsusLinkNear.exe [1163488 2022-04-17] (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
R2 ASUSLinkRemote; C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_5e38ce8081e93b46\ASUSLinkRemote\AsusLinkRemote.exe [762016 2022-04-17] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
S3 asusm; C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [168520 2021-10-30] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R2 ASUSOptimization; C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_5e38ce8081e93b46\ASUSOptimization\AsusOptimization.exe [373984 2022-04-17] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
S2 AsusROGLSLService; C:\Program Files (x86)\ASUS\AsusROGLSLService\AsusROGLSLService.exe [591176 2021-10-30] (ASUSTeK Computer Inc. -> )
R2 ASUSSoftwareManager; C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_5e38ce8081e93b46\ASUSSoftwareManager\AsusSoftwareManager.exe [1054960 2022-04-17] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 ASUSSwitch; C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_5e38ce8081e93b46\ASUSSwitch\AsusSwitch.exe [605424 2022-04-17] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 ASUSSystemAnalysis; C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_5e38ce8081e93b46\ASUSSystemAnalysis\AsusSystemAnalysis.exe [3555560 2022-04-17] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 ASUSSystemDiagnosis; C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_5e38ce8081e93b46\ASUSSystemDiagnosis\AsusSystemDiagnosis.exe [709040 2022-04-17] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek COMPUTER INC.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11988384 2022-06-19] (Microsoft Corporation -> Microsoft Corporation)
R2 DTSAPO3Service; C:\Windows\System32\DTS\PC\APO3x\DTSAPO3Service.exe [223640 2019-09-03] (DTS, Inc. -> )
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\22.121.0605.0002\FileSyncHelper.exe [3374472 2022-06-25] (Microsoft Corporation -> Microsoft Corporation)
R2 GameSDK Service; C:\Program Files (x86)\ASUS\GameSDK Service\GameSDK.exe [397544 2022-05-31] (ASUSTeK COMPUTER INC. -> ASUS Inc.)
R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [7289288 2022-02-18] (GlassWire -> SecureMix LLC)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [223904 2022-04-29] (HP Inc. -> HP Inc.)
R2 LightingService; C:\Program Files (x86)\LightingService\LightingService.exe [3835360 2022-03-10] (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [10869024 2022-05-11] (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\22.121.0605.0002\OneDriveUpdaterService.exe [3812744 2022-06-25] (Microsoft Corporation -> Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2575624 2022-06-29] (Electronic Arts, Inc. -> Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3494672 2022-06-29] (Electronic Arts, Inc. -> Electronic Arts)
S2 RefreshRateService; C:\Program Files (x86)\ASUSTeK COMPUTER INC\RefreshRateService\RefreshRateService.exe [40672 2021-09-10] (ASUSTEK COMPUTER INCORPORATION -> ASUSTek Computer Inc.)
R2 ROG Live Service; C:\Program Files (x86)\ASUS\ROG Live Service\ROGLiveService.exe [6304488 2022-04-25] (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.)
R2 vivoesServiceWin7; C:\Program Files (x86)\EasyShare_ex\vivoesServiceWin7.exe [85152 2021-10-25] (vivo Mobile Communication Co., Ltd -> TODO: <Company name>)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\NisSrv.exe [3120992 2022-06-23] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe [133544 2022-06-23] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [1256880 2022-06-29] (Windscribe Limited -> Windscribe Limited)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nvami.inf_amd64_531cf42fcad619f7\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nvami.inf_amd64_531cf42fcad619f7\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdfendrmgr; C:\Windows\System32\drivers\amdfendrmgr.sys [41536 2021-07-07] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdwddmg; C:\Windows\System32\DriverStore\FileRepository\u0374485.inf_amd64_abfb7dc77f8ab6ca\B374507\amdkmdag.sys [81600360 2021-12-08] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R1 Asusgio2; C:\Windows\system32\drivers\AsIO2.sys [33832 2019-04-10] (ASUSTeK Computer Inc. -> )
R3 AsusPTPDrv; C:\Windows\System32\drivers\AsusPTPFilter.sys [108504 2019-04-24] (ASUSTek Computer Inc. -> ASUSTek COMPUTER INC.)
R3 AsusSAIO; C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_5e38ce8081e93b46\ASUSSystemAnalysis\AsusSAIO.sys [37040 2022-04-17] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R1 ATKWMIACPIIO; C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_5e38ce8081e93b46\ASUSOptimization\AsusWmiAcpi.sys [45248 2022-04-17] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R1 cbfs20; C:\Windows\System32\drivers\cbfs20.sys [447560 2022-01-04] (Microsoft Windows Hardware Compatibility Publisher -> Callback Technologies, Inc. - www.callback.com)
R1 gwdrv; C:\Windows\system32\DRIVERS\gwdrv.sys [33152 2015-05-29] (GlassWire -> SecureMix LLC)
R3 HIDSwitch; C:\Windows\System32\drivers\AsRadioControl.sys [32696 2020-11-19] (ASUSTek Computer Inc. -> ASUS)
S3 ManyCam; C:\Windows\system32\DRIVERS\mcvidrv.sys [66952 2018-07-30] (ManyCam (VISICOM MÉDIA INC.) -> Visicom Media Inc.)
S3 mcaudrv_simple; C:\Windows\system32\drivers\mcaudrv_x64.sys [35960 2014-12-29] (ManyCam -> Visicom Media Inc.)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [48552 2021-11-01] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation)
S3 tap0901; C:\Windows\System32\drivers\tap0901.sys [39920 2021-05-26] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
R3 tapwindscribe0901; C:\Windows\System32\drivers\tapwindscribe0901.sys [57768 2021-12-28] (Windscribe Limited -> The OpenVPN Project)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49576 2022-06-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [452856 2022-06-23] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [91384 2022-06-23] (Microsoft Windows -> Microsoft Corporation)
S3 WindscribeSplitTunnel; C:\Windows\system32\DRIVERS\WindscribeSplitTunnel.sys [35752 2022-06-29] (Windscribe Limited -> )
R3 windtun420; C:\Windows\System32\drivers\windtun420.sys [47544 2021-12-28] (Windscribe Limited -> WireGuard LLC)
S3 MpKsl0e00d998; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{92D91227-CD2B-4149-8ACE-687C76D85917}\MpKslDrv.sys [X]
S3 rpmcdriver; \??\D:\ASUS_WTP_MAIN\ThirdPartyTool\Amd\RPMC\rpmcdriver.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-07-06 09:18 - 2022-07-06 09:19 - 000035308 _____ C:\Users\asus\Desktop\FRST.txt
2022-07-06 08:57 - 2022-07-06 08:57 - 002369024 _____ (Farbar) C:\Users\asus\Desktop\FRST64.exe
2022-07-04 20:21 - 2022-07-04 20:21 - 000000000 ___HD C:\$WinREAgent
2022-07-04 20:10 - 2022-07-04 20:10 - 000007396 _____ C:\Users\asus\Desktop\SFCFix.txt
2022-07-04 20:06 - 2022-07-04 20:06 - 000136203 _____ C:\Users\asus\Downloads\SFCFix.zip
2022-06-30 21:12 - 2022-06-30 21:12 - 000000000 ____D C:\Users\asus\.ms-ad
2022-06-29 21:19 - 2022-06-29 21:19 - 000000000 ____D C:\Users\asus\AppData\Local\SwGame
2022-06-29 21:17 - 2022-06-29 21:18 - 000000000 ____D C:\ProgramData\Electronic Arts
2022-06-29 21:10 - 2022-06-29 21:10 - 000001064 _____ C:\Users\Public\Desktop\Origin.lnk
2022-06-29 21:10 - 2022-06-29 21:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2022-06-29 21:09 - 2022-06-29 21:10 - 000000000 ____D C:\Program Files (x86)\Origin
2022-06-29 21:07 - 2022-07-01 10:51 - 000000000 ____D C:\Users\asus\AppData\Roaming\Origin
2022-06-29 21:07 - 2022-07-01 10:49 - 000000000 ____D C:\Users\asus\AppData\Local\Origin
2022-06-29 21:07 - 2022-06-29 21:07 - 000000000 ____D C:\Users\asus\.QtWebEngineProcess
2022-06-29 21:07 - 2022-06-29 21:07 - 000000000 ____D C:\Users\asus\.Origin
2022-06-29 21:06 - 2022-07-01 09:49 - 000000000 ____D C:\ProgramData\Origin
2022-06-29 15:40 - 2022-06-30 20:46 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-06-29 13:38 - 2022-06-29 13:38 - 000000223 _____ C:\Users\asus\Desktop\STAR WARS Jedi Fallen Order™.url
2022-06-29 11:11 - 2022-06-29 11:11 - 000001081 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2022-06-29 09:18 - 2022-06-29 09:19 - 012446927 _____ C:\Users\asus\Desktop\COMPONENTS.zip
2022-06-29 09:02 - 2022-06-29 09:02 - 000003711 _____ C:\GetDeviceStatus.xml
2022-06-29 09:02 - 2022-06-29 09:02 - 000000228 _____ C:\SetMatrixLEDScript.xml
2022-06-29 09:02 - 2022-06-29 09:02 - 000000200 _____ C:\QueryAllDevice.xml
2022-06-29 09:02 - 2022-06-29 09:02 - 000000066 _____ C:\GetDeviceCap.xml
2022-06-29 08:48 - 2022-06-29 08:48 - 000001142 _____ C:\Users\Public\Desktop\Windscribe.lnk
2022-06-29 08:48 - 2022-06-29 08:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windscribe
2022-06-29 08:35 - 2022-06-29 08:35 - 000000061 _____ C:\Windows\skipsavetoini
2022-06-29 08:08 - 2022-06-29 08:08 - 000903572 _____ C:\Users\asus\Downloads\Kelompok 6_Tugas 3_Essay DOE.pdf
2022-06-29 08:03 - 2022-06-29 08:03 - 000035453 _____ C:\Users\asus\Downloads\urutan KE 5(1).pptx
2022-06-29 08:00 - 2022-06-29 08:00 - 005997925 _____ C:\Users\asus\Downloads\center-for-health-statistics.pptx
2022-06-29 08:00 - 2022-06-29 08:00 - 000035453 _____ C:\Users\asus\Downloads\urutan KE 5.pptx
2022-06-26 18:10 - 2022-06-26 18:11 - 170993363 _____ C:\Users\asus\Downloads\video_20191025_140902.mp4
2022-06-26 18:04 - 2022-06-26 18:05 - 054451950 _____ C:\Users\asus\Downloads\video_20191228_172838.mp4
2022-06-25 17:50 - 2022-07-04 21:52 - 000000000 ____D C:\Users\asus\Desktop\CBS
2022-06-25 14:58 - 2022-06-25 14:58 - 000000643 _____ C:\Users\Public\Desktop\Animal Crossing - New Horizons.lnk
2022-06-23 02:06 - 2022-06-23 02:06 - 000000218 _____ C:\Users\asus\AppData\Local\recently-used.xbel
2022-06-23 02:05 - 2022-06-23 02:05 - 000000000 ____D C:\Users\asus\AppData\Local\gtk-3.0
2022-06-20 22:00 - 2022-06-23 02:06 - 000000000 ____D C:\Users\asus\AppData\Roaming\gsmartcontrol
2022-06-20 21:58 - 2022-06-20 21:58 - 010745236 _____ C:\Users\asus\Desktop\gsmartcontrol-1.1.3-win32.zip
2022-06-20 21:58 - 2022-06-20 21:58 - 000000000 ____D C:\Users\asus\Desktop\gsmartcontrol-1.1.3-win32
2022-06-17 22:11 - 2022-06-17 22:11 - 008760207 _____ C:\Users\asus\Downloads\memtest86-usb.zip
2022-06-17 22:11 - 2022-06-17 22:11 - 000000000 ____D C:\Users\asus\Downloads\memtest86-usb
2022-06-17 22:11 - 2022-06-17 22:11 - 000000000 ____D C:\Users\asus\Downloads\memtest86-4.3.7-usb.img
2022-06-17 22:10 - 2022-06-17 22:10 - 000861403 _____ C:\Users\asus\Downloads\memtest86-4.3.7-usb.img.zip
2022-06-17 21:07 - 2022-06-17 21:07 - 000000000 ____D C:\SeaTemp
2022-06-17 21:05 - 2022-06-17 21:05 - 000000000 ____D C:\Users\asus\Downloads\USBbootSetup-SeaToolsBootable
2022-06-17 20:04 - 2022-06-17 20:04 - 000438263 _____ C:\Users\asus\Desktop\26-WK-IT-TIMPBJ-2022 Surat Pengumuman Pemenang Tender Sophos.pdf
2022-06-17 15:19 - 2022-06-19 12:46 - 000025368 _____ C:\Users\asus\Downloads\Data Masa Sewa Laptop Periode II.xlsx
2022-06-17 15:11 - 2022-06-17 15:11 - 000065752 _____ C:\Users\asus\Downloads\Distribusi Laptop Tahap 2 Kirim SCM.xlsx
2022-06-17 14:27 - 2022-06-17 14:27 - 000010954 _____ C:\Users\asus\Desktop\ev.htm
2022-06-17 14:27 - 2022-06-17 14:27 - 000000000 ____D C:\Users\asus\Desktop\ev_files
2022-06-17 14:25 - 2022-06-17 14:25 - 000119123 _____ C:\Users\asus\Downloads\ev.xlsx
2022-06-17 10:54 - 2022-06-17 10:54 - 000000000 ____D C:\Users\asus\AppData\LocalLow\11BitStudios
2022-06-17 10:49 - 2022-06-17 10:49 - 000000222 _____ C:\Users\asus\Desktop\Moonlighter.url
2022-06-16 20:31 - 2022-06-16 20:31 - 000000000 ____D C:\Users\asus\Desktop\FRST-OlderVersion
2022-06-15 20:05 - 2022-06-15 20:14 - 001037683 _____ C:\Users\asus\Downloads\Presentasi Statlan Poin 3.pptx
2022-06-15 16:08 - 2022-06-15 16:30 - 000000000 ____D C:\Users\asus\Documents\Reflect
2022-06-12 20:46 - 2022-06-12 20:46 - 017455929 _____ C:\Users\asus\Downloads\Math Subject for High School - 10th Grade_ Right Triangle Relationships and Trigonometry by Slidesgo.pptx
2022-06-11 14:57 - 2022-06-11 15:51 - 000000000 ____D C:\Users\asus\Downloads\sistempersediaan(1)
2022-06-11 14:57 - 2022-06-11 14:57 - 014515689 _____ C:\Users\asus\Downloads\sistempersediaan(1).zip
2022-06-11 10:49 - 2022-06-11 10:49 - 000266395 _____ C:\Users\asus\Downloads\JIDOKA.pptx

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-07-06 09:19 - 2022-05-16 15:26 - 000000000 ____D C:\FRST
2022-07-06 09:18 - 2021-01-14 07:22 - 000000000 ____D C:\Windows\system32\SleepStudy
2022-07-06 09:08 - 2019-12-07 16:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-07-06 09:05 - 2019-12-07 16:13 - 000000000 ____D C:\Windows\INF
2022-07-06 09:03 - 2021-12-14 14:09 - 000000000 ____D C:\Program Files (x86)\Google
2022-07-06 08:44 - 2021-11-05 07:35 - 000003752 _____ C:\Windows\system32\Tasks\AsusSystemAnalysis_754F3273-0563-4F20-B12F-826510B07474
2022-07-06 08:41 - 2021-10-30 00:49 - 000000000 ____D C:\Users\asus\AppData\Local\D3DSCache
2022-07-06 08:39 - 2022-02-11 08:37 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-07-06 08:39 - 2019-12-07 16:14 - 000000000 ____D C:\Windows\AppReadiness
2022-07-06 08:38 - 2021-11-02 03:42 - 000000000 ____D C:\Users\asus\AppData\LocalLow\Mozilla
2022-07-06 08:37 - 2021-10-30 00:43 - 000000000 ___RD C:\Users\asus\OneDrive
2022-07-06 08:03 - 2021-10-30 00:59 - 000000000 ____D C:\ProgramData\NVIDIA
2022-07-06 07:56 - 2021-01-14 07:23 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2022-07-04 22:01 - 2019-12-07 16:03 - 000786432 _____ C:\Windows\system32\config\BBI
2022-07-04 21:28 - 2021-10-29 09:07 - 000795738 _____ C:\Windows\system32\PerfStringBackup.INI
2022-07-04 21:21 - 2021-01-14 07:22 - 000494096 _____ C:\Windows\system32\FNTCACHE.DAT
2022-07-04 21:11 - 2019-12-07 16:14 - 000000000 ___SD C:\Windows\system32\UNP
2022-07-04 21:11 - 2019-12-07 16:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2022-07-04 21:11 - 2019-12-07 16:14 - 000000000 ____D C:\Windows\SysWOW64\lv-LV
2022-07-04 21:11 - 2019-12-07 16:14 - 000000000 ____D C:\Windows\SysWOW64\lt-LT
2022-07-04 21:11 - 2019-12-07 16:14 - 000000000 ____D C:\Windows\SysWOW64\et-EE
2022-07-04 21:11 - 2019-12-07 16:14 - 000000000 ____D C:\Windows\SysWOW64\es-MX
2022-07-04 21:11 - 2019-12-07 16:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2022-07-04 21:11 - 2019-12-07 16:14 - 000000000 ____D C:\Windows\SystemResources
2022-07-04 21:11 - 2019-12-07 16:14 - 000000000 ____D C:\Windows\system32\ShellExperiences
2022-07-04 21:11 - 2019-12-07 16:14 - 000000000 ____D C:\Windows\system32\oobe
2022-07-04 21:11 - 2019-12-07 16:14 - 000000000 ____D C:\Windows\system32\migwiz
2022-07-04 21:11 - 2019-12-07 16:14 - 000000000 ____D C:\Windows\system32\lv-LV
2022-07-04 21:11 - 2019-12-07 16:14 - 000000000 ____D C:\Windows\system32\lt-LT
2022-07-04 21:11 - 2019-12-07 16:14 - 000000000 ____D C:\Windows\system32\et-EE
2022-07-04 21:11 - 2019-12-07 16:14 - 000000000 ____D C:\Windows\system32\es-MX
2022-07-04 21:11 - 2019-12-07 16:14 - 000000000 ____D C:\Windows\system32\Dism
2022-07-04 21:11 - 2019-12-07 16:14 - 000000000 ____D C:\Windows\system32\DDFs
2022-07-04 21:11 - 2019-12-07 16:14 - 000000000 ____D C:\Windows\bcastdvr
2022-07-04 21:11 - 2019-12-07 16:14 - 000000000 ____D C:\Program Files\Common Files\System
2022-07-04 21:11 - 2019-12-07 16:03 - 000000000 ____D C:\Windows\servicing
2022-07-04 20:59 - 2021-11-01 15:11 - 000000000 ____D C:\Users\asus\AppData\Roaming\DMCache
2022-07-04 20:59 - 2019-12-07 16:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-07-04 20:58 - 2019-12-07 16:03 - 000000000 ____D C:\Windows\CbsTemp
2022-07-04 20:19 - 2021-11-03 22:13 - 000000000 ____D C:\Windows\system32\MRT
2022-07-04 20:14 - 2021-11-03 22:12 - 145918784 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2022-07-04 20:10 - 2022-05-13 11:12 - 000000000 ____D C:\SFCFix
2022-07-04 20:10 - 2022-05-13 11:03 - 000000000 ____D C:\Users\asus\AppData\Local\niemiro
2022-07-01 10:56 - 2021-11-02 03:43 - 000000000 ____D C:\Program Files (x86)\Steam
2022-07-01 09:48 - 2021-11-01 15:35 - 000000000 ____D C:\Users\asus\Documents\Euro Truck Simulator 2
2022-07-01 09:23 - 2021-10-30 04:14 - 000000000 ____D C:\Users\asus\AppData\Local\ASUS
2022-07-01 09:23 - 2021-10-30 01:03 - 000000000 ____D C:\ProgramData\ASUS
2022-07-01 09:21 - 2021-11-01 14:44 - 000000000 ____D C:\Users\asus\AppData\Local\CrashDumps
2022-07-01 09:21 - 2021-10-30 01:04 - 000000000 ____D C:\Program Files\ASUS
2022-06-30 21:45 - 2021-11-01 15:11 - 000000000 ____D C:\Users\asus\Downloads\Video
2022-06-30 21:12 - 2021-10-30 00:37 - 000000000 ____D C:\Users\asus
2022-06-30 20:46 - 2021-11-02 03:41 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-06-29 22:56 - 2021-11-01 16:15 - 000004562 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2022-06-29 22:55 - 2022-04-13 15:41 - 000002075 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2022-06-29 22:55 - 2022-04-13 15:41 - 000002063 _____ C:\Users\Public\Desktop\Adobe Acrobat DC.lnk
2022-06-29 21:38 - 2021-11-02 03:42 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2022-06-29 21:19 - 2021-11-27 16:56 - 000000000 ____D C:\Users\asus\AppData\Local\UnrealEngine
2022-06-29 13:38 - 2021-11-02 03:49 - 000000000 ____D C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2022-06-29 11:11 - 2021-11-02 16:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2022-06-29 09:36 - 2021-10-30 03:11 - 000000000 ____D C:\Users\asus\AppData\Local\PlaceholderTileLogoFolder
2022-06-29 09:36 - 2021-10-30 00:51 - 000000000 ____D C:\ProgramData\Packages
2022-06-29 09:36 - 2021-10-30 00:37 - 000000000 ____D C:\Users\asus\AppData\Local\Packages
2022-06-29 09:30 - 2021-12-28 14:08 - 000000000 ____D C:\Program Files (x86)\Windscribe
2022-06-29 09:23 - 2021-10-30 01:13 - 000000000 ____D C:\Program Files (x86)\ASUS
2022-06-29 09:23 - 2021-10-30 00:59 - 000000000 ____D C:\ProgramData\Package Cache
2022-06-29 08:48 - 2022-02-03 16:15 - 000035752 _____ C:\Windows\system32\Drivers\WindscribeSplitTunnel.sys
2022-06-29 08:43 - 2022-05-04 16:20 - 000000000 ____D C:\Users\asus\AppData\Local\ElevatedDiagnostics
2022-06-29 08:25 - 2021-10-30 01:29 - 000000000 ____D C:\Program Files (x86)\LightingService
2022-06-29 08:19 - 2022-03-24 14:26 - 000000000 ____D C:\Users\asus\Documents\Outlook Files
2022-06-26 17:54 - 2021-11-05 20:40 - 000000000 ____D C:\Users\asus\Desktop\Dok.Papa
2022-06-26 17:29 - 2021-11-05 09:04 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2022-06-25 22:40 - 2022-01-25 21:18 - 000000000 ____D C:\Users\asus\AppData\Roaming\qBittorrent
2022-06-25 20:53 - 2022-04-04 08:18 - 000002134 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-06-25 20:53 - 2021-11-01 16:36 - 000003194 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2022-06-25 10:42 - 2021-11-04 21:17 - 000000000 ____D C:\Users\asus\AppData\Local\Ubisoft Game Launcher
2022-06-23 21:29 - 2022-05-28 20:59 - 000000000 ____D C:\Users\asus\AppData\Roaming\Telegram Desktop
2022-06-23 21:25 - 2021-01-14 07:23 - 000000000 ____D C:\Windows\system32\Drivers\wd
2022-06-19 21:40 - 2021-01-14 07:27 - 000000000 ____D C:\Program Files\Microsoft Office
2022-06-18 11:58 - 2021-11-01 15:11 - 000000000 ____D C:\Users\asus\Downloads\Compressed
2022-06-16 09:31 - 2021-01-14 07:25 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-06-16 09:31 - 2021-01-14 07:25 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-06-15 20:26 - 2021-11-18 10:10 - 000000000 ____D C:\Users\asus\Documents\Zoom
2022-06-15 13:09 - 2022-05-02 21:35 - 000000000 ____D C:\ProgramData\Macrium
2022-06-11 11:10 - 2022-02-19 14:53 - 000000000 ____D C:\Users\asus\Downloads\materisisman2
2022-06-11 11:10 - 2022-02-19 14:53 - 000000000 ____D C:\Users\asus\Downloads\materisisman1
2022-06-11 07:42 - 2021-12-11 10:59 - 000003588 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-118308293-610972259-2242679070-1001

==================== Files in the root of some directories ========

2022-06-23 02:06 - 2022-06-23 02:06 - 000000218 _____ () C:\Users\asus\AppData\Local\recently-used.xbel
2021-11-25 13:35 - 2021-11-25 13:35 - 000007597 _____ () C:\Users\asus\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================


Addition
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-07-2022
Ran by asus (06-07-2022 09:20:57)
Running from C:\Users\asus\Desktop
Microsoft Windows 10 Home Single Language Version 21H1 19043.1645 (X64) (2021-10-29 17:32:54)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-118308293-610972259-2242679070-500 - Administrator - Disabled)
asus (S-1-5-21-118308293-610972259-2242679070-1001 - Administrator - Enabled) => C:\Users\asus
DefaultAccount (S-1-5-21-118308293-610972259-2242679070-503 - Limited - Disabled)
Guest (S-1-5-21-118308293-610972259-2242679070-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-118308293-610972259-2242679070-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4K YouTube to MP3 (HKLM\...\{59D477E6-8A5E-4CE9-AFC7-E5BDA210DECA}) (Version: 4.5.4.4870 - Open Media LLC) Hidden
4K YouTube to MP3 (HKLM-x32\...\{97170b5e-2065-460d-8aab-5faf4e7f1a8f}) (Version: 4.3.4.4590 - Open Media LLC)
7-Zip 16.04 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1604-000001000000}) (Version: 16.04.00.0 - Igor Pavlov)
7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Adobe Acrobat DC (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 22.001.20142 - Adobe)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.11 - Adobe Systems Incorporated)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-001824458876}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Animal Crossing: New Horizons (HKLM-x32\...\Animal Crossing: New Horizons_is1) (Version: - )
Aplikasi Microsoft 365 untuk perusahaan - id-id (HKLM\...\O365ProPlusRetail - id-id) (Version: 16.0.15225.20288 - Microsoft Corporation)
Asian Language And Spelling Dictionaries Support For Adobe Acrobat Reader (HKLM\...\{AC76BA86-7AD7-0000-0000-BC15014EA700}) (Version: 21.001.20135 - Adobe Systems Incorporated)
Assassin's Creed Valhalla (HKLM-x32\...\Uplay Install 13504) (Version: - Ubisoft)
ASUS Aac_NBDT HAL (HKLM\...\{01D3B7AA-D078-4506-B460-60877FCDDBD6}) (Version: 2.4.2.0 - ASUSTek COMPUTER INC.) Hidden
ASUS Aac_NBDT HAL (HKLM-x32\...\{52b48e15-2733-4646-a008-c6f1922c46ab}) (Version: 2.4.2.0 - ASUSTek COMPUTER INC.) Hidden
ASUS AURA Display Component (HKLM\...\{AFD1CF98-FE97-434C-A095-9F27C5BEA53C}) (Version: 1.1.29.0 - ASUSTek COMPUTER INC. ) Hidden
ASUS AURA Display Component (HKLM-x32\...\{c5669622-d369-4e19-ae7b-d6b33d469f2d}) (Version: 1.1.29.0 - ASUSTek COMPUTER INC. ) Hidden
ASUS AURA Headset Component (HKLM\...\{A3C4120D-8096-4307-91A2-FFE37EBD5A3D}) (Version: 1.3.11.0 - ASUSTek COMPUTER INC.) Hidden
ASUS AURA Headset Component (HKLM-x32\...\{8fdbf6da-e99e-479d-8981-0c8faf88d84b}) (Version: 1.3.11.0 - ASUSTek COMPUTER INC.) Hidden
ASUS Aura SDK (HKLM\...\{CF8E6E00-9C03-4440-81C0-21FACB921A6B}) (Version: 3.04.11 - ASUSTek COMPUTER INC.) Hidden
ASUS Framework Service (HKLM-x32\...\{8bf47d14-406b-49e8-8759-966757033aa0}) (Version: 2.1.1.3 - ASUSTek COMPUTER INC.)
ASUS Framework Service (HKLM-x32\...\{EA6A87BE-8AD3-40D2-944C-9DF5FBFF4332}) (Version: 2.1.1.3 - ASUSTek COMPUTER INC.) Hidden
ASUS Keyboard HAL (HKLM\...\{0FA0CDEE-5DC8-421E-A97D-C74FA6E66FC3}) (Version: 1.1.27.0 - ASUSTek COMPUTER INC.) Hidden
ASUS Keyboard HAL (HKLM-x32\...\{f85f47f8-3d16-4c94-84ab-66429113e123}) (Version: 1.1.27.0 - ASUSTek COMPUTER INC.) Hidden
ASUS MB Peripheral Products (HKLM\...\{BFED9861-7D96-4528-89F1-B090ABBF11A7}) (Version: 1.0.35 - ASUSTeK Computer Inc.) Hidden
ASUS MB Peripheral Products (HKLM-x32\...\{193a2068-8738-4276-ab1b-9133f9403487}) (Version: 1.0.35 - ASUSTeK Computer Inc.) Hidden
ASUS Mouse HAL (HKLM\...\{B8F984F2-7887-4DD2-8D96-F9A4BC5A4AC5}) (Version: 1.1.0.27 - ASUSTek COMPUTER INC.) Hidden
ASUS Mouse HAL (HKLM-x32\...\{33293f2d-c1c1-4931-af92-d3b33c73a984}) (Version: 1.1.0.27 - ASUSTek COMPUTER INC.) Hidden
ASUS Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.107.79 - ASUSTeK Computer Inc.) Hidden
AURA lighting effect add-on (HKLM-x32\...\{1E2EA04B-FCA7-457E-B6F4-F33E1858E859}) (Version: 0.0.18 - ASUS)
AURA lighting effect add-on x64 (HKLM\...\{C5A4A164-4428-4931-B728-96EEF0FA3C44}) (Version: 0.0.18 - ASUS)
AURA Service (HKLM-x32\...\{0E536061-3B55-4D45-BF58-0BDA261C94B0}) (Version: 3.05.40 - ASUSTeK Computer Inc.) Hidden
AURA Service (HKLM-x32\...\{a1318319-c95b-48da-beb8-63ed6e4d809a}) (Version: 3.05.40 - ASUSTeK Computer Inc.)
calibre (HKLM-x32\...\{8BDF54E6-AF7F-4B16-B6F9-C759AEC88AF8}) (Version: 5.42.0 - Kovid Goyal)
DSB Notification (HKLM\...\{A82D01C4-0F9C-4FD6-9E2F-EDBD1E9826DC}) (Version: 1.2.1 - ASUSTeK COMPUTER INC.)
Eastward (HKLM-x32\...\Eastward_is1) (Version: - )
EasyShare (HKLM-x32\...\espc_ex) (Version: 1.2.5.0 - 维沃移动通信有限公司)
e-SPT PPh Pasal 4 Ayat (2) (HKLM-x32\...\{25957081-778A-486A-A805-DC143FF310CA}) (Version: 1.0.0 - DJP)
GameSDK Service (HKLM-x32\...\{021d69c3-d686-4a94-8fb5-fd1ee782fb14}) (Version: 1.0.5.0 - ASUSTek COMPUTER INC.)
GameSDK Service (HKLM-x32\...\{7160DA8D-3F25-4F6E-ABC8-F693551D82FA}) (Version: 1.0.5.0 - ASUSTek COMPUTER INC.) Hidden
GlassWire 2.3 (remove only) (HKLM-x32\...\GlassWire 2.3) (Version: 2.3.397 - SecureMix LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 103.0.5060.66 - Google LLC)
House Flipper (HKLM-x32\...\House Flipper_is1) (Version: - )
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: 6.41.2 - Tonec Inc.)
Kena: Bridge of Spirits (HKLM-x32\...\Kena: Bridge of Spirits_is1) (Version: - )
Kingdom Hearts III and Re-Mind (HKLM-x32\...\Kingdom Hearts III and Re-Mind_is1) (Version: - )
Macrium Reflect Free (HKLM\...\{DD87E394-0D6B-4D4D-8C82-1DE8E3A1F789}) (Version: 8.0.6635 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free (HKLM\...\MacriumReflect) (Version: v8.0.6635 - Paramount Software (UK) Ltd.)
Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.15225.20288 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 103.0.1264.44 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 103.0.1264.44 - Microsoft Corporation)
Microsoft Office Home and Student 2019 - id-id (HKLM\...\HomeStudent2019Retail - id-id) (Version: 16.0.15225.20288 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 22.121.0605.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40660 (HKLM-x32\...\{7DAD0258-515C-3DD4-8964-BD714199E0F7}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40660 (HKLM-x32\...\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29913 (HKLM-x32\...\{855e31d2-9031-46e1-b06d-c9d7777deefb}) (Version: 14.28.29913.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.28.29913 (HKLM\...\{620A7633-7A09-42A8-8580-076A4483C4B0}) (Version: 14.28.29913 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.28.29913 (HKLM\...\{EECDD137-13DA-46ED-ADA0-BDF7F8BE65B8}) (Version: 14.28.29913 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.28.29334 (HKLM-x32\...\{14C49FC8-3E9B-4F29-8526-26629B5CF30B}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.28.29334 (HKLM-x32\...\{0D01A812-82A1-481F-8546-8E28E976F8DF}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 102.0 (x64 en-US)) (Version: 102.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 93.0 - Mozilla)
Night in the Woods (HKLM-x32\...\Night in the Woods_is1) (Version: - )
NVIDIA FrameView SDK 1.2.7521.31103277 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.2.7521.31103277 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.25.1.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.25.1.27 - NVIDIA Corporation)
NVIDIA Graphics Driver 512.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 512.95 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.39.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.39.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.15225.20150 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.15225.20288 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.5.113.50894 - Electronic Arts, Inc.)
pCloud Drive (HKLM\...\{18EFB491-BD4B-4203-ADD4-CB7C13381C70}) (Version: 3.11.11.0 - pCloud AG) Hidden
pCloud Drive (HKLM-x32\...\{5f47c6ec-0d76-4c75-b216-479fd39aff45}) (Version: 3.11.11.0 - pCloud AG)
qBittorrent 4.4.2 (HKLM-x32\...\qBittorrent) (Version: 4.4.2 - The qBittorrent project)
RefreshRateService (HKLM-x32\...\{7E5E84CB-B190-4658-A4DC-166779C329D1}) (Version: 2.1.0 - ASUSTeK COMPUTER INC.)
Revo Uninstaller 2.3.9 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.3.9 - VS Revo Group, Ltd.)
ROG Live Service (HKLM-x32\...\{2D87BFB6-C184-4A59-9BBE-3E20CE797631}) (Version: 1.4.10.0 - ASUSTek COMPUTER INC.)
SAP GUI for Windows 7.60 (HKLM-x32\...\SAPGUI) (Version: 7.60 Compilation 1 - SAP SE)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Submerged: Hidden Depths (HKLM-x32\...\Submerged: Hidden Depths_is1) (Version: - )
Telegram Desktop (HKU\S-1-5-21-118308293-610972259-2242679070-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 3.7.3 - Telegram FZ-LLC)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 127.1.10616 - Ubisoft)
Vensim PLE x64 version 9.0.1 (HKLM\...\{5479A112-E875-49FC-B1DF-30D85569E957}_is1) (Version: 9.0.1 - Ventana Systems, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.16 - VideoLAN)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Windscribe (HKLM-x32\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 2.4.10 - Windscribe Limited)
WinRAR 5.80 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.80.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-118308293-610972259-2242679070-1001\...\ZoomUMX) (Version: 5.10.4 (5035) - Zoom Video Communications, Inc.)

Packages:
=========
AMD Radeon Software -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.20025.0_x64__0a9344xs7nr4m [2022-02-15] (Advanced Micro Devices Inc.) [Startup Task]
ARMOURY CRATE -> C:\Program Files\WindowsApps\B9ECED6F.ArmouryCrate_5.1.5.0_x64__qmba6cd70vzyy [2022-06-29] (ASUSTeK COMPUTER INC.)
AURA Creator -> C:\Program Files\WindowsApps\B9ECED6F.AURACreator_3.4.2.0_x64__qmba6cd70vzyy [2022-06-18] (ASUSTeK COMPUTER INC.)
DTS Headphone:X v1 -> C:\Program Files\WindowsApps\DTSInc.DTSHeadphoneXv1_2.0.0.0_x64__t5j2fzbtdg37r [2021-10-30] (DTS, Inc.)
freda epub ebook reader -> C:\Program Files\WindowsApps\5957Turnipsoft.freda_4.40.7.0_x64__ypmq2qh89vmny [2022-05-27] (Turnipsoft)
GameVisual -> C:\Program Files\WindowsApps\B9ECED6F.GameVisual_2.2.2.0_x64__qmba6cd70vzyy [2022-06-29] (ASUSTeK COMPUTER INC.) [Startup Task]
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_136.1.269.0_x64__v10z8vjag6ke6 [2022-04-29] (HP Inc.)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.13.5310.0_x64__8wekyb3d8bbwe [2022-06-11] (Microsoft Studios) [MS Ad]
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_52.10620.425.0_x64__8wekyb3d8bbwe [2022-07-04] (Microsoft Corporation)
MyASUS -> C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_3.1.5.0_x64__qmba6cd70vzyy [2022-07-01] (ASUSTeK COMPUTER INC.)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.962.0_x64__56jybvy8sckqj [2022-05-28] (NVIDIA Corp.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-12-07] (Microsoft Corporation)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.1.137.0_x64__dt26b99r8h8gj [2021-10-30] (Realtek Semiconductor Corp)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.188.612.0_x86__zpdnekdrzrea0 [2022-06-25] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-118308293-610972259-2242679070-1001_Classes\CLSID\{227C9E8F-71A1-4B23-9076-682A1A8EAAED}\localserver32 -> c:\program files\macrium\common\reflectmonitor.exe (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd)
CustomCLSID: HKU\S-1-5-21-118308293-610972259-2242679070-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> "C:\Users\asus\AppData\Local\Microsoft\Teams\current\Teams.exe" --toast => No File
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2021-03-03] (Tonec Inc. -> Tonec FZE)
ShellIconOverlayIdentifiers: [ pCloudINPROGRESS] -> {D8BFAFBD-B670-4252-9C17-9CF1C64C2BAF} => C:\Program Files\pCloud Drive\OverlayIcon64.dll [2017-10-23] (TODO: <Company name>) [File not signed]
ShellIconOverlayIdentifiers: [ pCloudINSYNC] -> {8D0C0582-552A-4A6B-9455-DA63E1F329C0} => C:\Program Files\pCloud Drive\OverlayIcon64.dll [2017-10-23] (TODO: <Company name>) [File not signed]
ShellIconOverlayIdentifiers: [ pCloudNOSYNC] -> {3858ED1B-8F1C-42ED-A8A9-FDBF591E3C6B} => C:\Program Files\pCloud Drive\OverlayIcon64.dll [2017-10-23] (TODO: <Company name>) [File not signed]
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.121.0605.0002\FileSyncShell64.dll [2022-06-25] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ContextMenuExtension] -> {3103a792-c2d9-3c57-98dd-30071b26c05f} => C:\Program Files\pCloud Drive\ContextMenuHandler.DLL [2022-01-24] (pCloud AG) [File not signed]
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2022-05-11] (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2022-05-11] (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.121.0605.0002\FileSyncShell64.dll [2022-06-25] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [ContextMenuExtension] -> {3103a792-c2d9-3c57-98dd-30071b26c05f} => C:\Program Files\pCloud Drive\ContextMenuHandler.DLL [2022-01-24] (pCloud AG) [File not signed]
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.121.0605.0002\FileSyncShell64.dll [2022-06-25] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Windows\System32\atiacm64.dll [2021-12-08] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvami.inf_amd64_531cf42fcad619f7\nvshext.dll [2022-05-21] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2021-08-19 04:27 - 2021-08-19 04:27 - 000477696 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\ffi-napi\prebuilds\win32-ia32\node.napi.node
2021-08-19 04:27 - 2021-08-19 04:27 - 000471040 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\ref-napi\prebuilds\win32-ia32\node.napi.node
2021-08-19 04:27 - 2021-08-19 04:27 - 000454656 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\registry-js\prebuilds\win32-ia32\node.napi.node
2021-10-30 04:07 - 2019-12-24 08:51 - 000093184 _____ () [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\zlibwapi.dll
2021-08-19 04:27 - 2021-08-19 04:27 - 000081920 _____ () [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\WindowID\WindowID.dll
2022-06-29 09:36 - 2022-06-29 09:36 - 000038400 _____ () [File not signed] C:\Program Files\WindowsApps\B9ECED6F.GameVisual_2.2.2.0_x64__qmba6cd70vzyy\DetectDisplayDC.dll
2022-06-29 09:36 - 2022-06-29 09:36 - 000038912 _____ () [File not signed] C:\Program Files\WindowsApps\B9ECED6F.GameVisual_2.2.2.0_x64__qmba6cd70vzyy\VideoEnhance.dll
2020-05-27 07:08 - 2020-05-27 07:08 - 002831360 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\LightingService\log4cxx.dll
2022-06-29 09:36 - 2022-06-29 09:36 - 000462848 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files\WindowsApps\B9ECED6F.GameVisual_2.2.2.0_x64__qmba6cd70vzyy\ColorU.dll
2016-10-05 09:52 - 2019-02-21 23:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2021-10-30 04:07 - 2019-06-27 06:07 - 003394560 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\libcrypto-1_1-x64.dll
2021-10-30 04:07 - 2019-06-27 06:07 - 000679424 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\libssl-1_1-x64.dll
2017-10-23 18:28 - 2017-10-23 18:28 - 000342016 _____ (TODO: <Company name>) [File not signed] C:\Program Files\pCloud Drive\OverlayIcon64.dll
2022-06-29 09:36 - 2022-06-29 09:36 - 000452096 _____ (TODO: <Company name>) [File not signed] C:\Program Files\WindowsApps\B9ECED6F.GameVisual_2.2.2.0_x64__qmba6cd70vzyy\ColorUGameDLL.dll
2022-06-29 09:36 - 2022-06-29 09:36 - 000029696 _____ (TODO: <Company name>) [File not signed] C:\Program Files\WindowsApps\B9ECED6F.GameVisual_2.2.2.0_x64__qmba6cd70vzyy\GLCDdll.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2021-11-09] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2022-05-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2021-11-09] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-03-04] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2022-06-19] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-05-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-05-28] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-05-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-05-28] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-05-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-05-28] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-05-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-05-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2019-04-16] (SAP SE -> SAP, Walldorf)
Handler-x32: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2019-04-16] (SAP SE -> SAP, Walldorf)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-118308293-610972259-2242679070-1001\...\sharepoint.com -> hxxps://ptwaskita-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2022-06-29 09:26 - 2022-06-29 09:26 - 000002560 _____ C:\Windows\system32\drivers\etc\hosts
109.94.209.70 *.fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 fitgirlrepacks.in # Fake FitGirl site
109.94.209.70 www.fitgirlrepacks.in # Fake FitGirl site
109.94.209.70 fitgirlrepacks.co # Fake FitGirl site
109.94.209.70 fitgirl-repacks.cc # Fake FitGirl site
109.94.209.70 fitgirl-repacks.to # Fake FitGirl site
109.94.209.70 fitgirl-repack.com # Fake FitGirl site
109.94.209.70 fitgirl-repacks.website # Fake FitGirl site
109.94.209.70 fitgirlrepack.games # Fake FitGirl site
109.94.209.70 www.fitgirlrepacks.co # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.cc # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.to # Fake FitGirl site
109.94.209.70 www.fitgirl-repack.com # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.website # Fake FitGirl site
109.94.209.70 ww9.fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 www.fitgirlrepack.games # Fake FitGirl site
109.94.209.70 *.fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 fitgirl-repack.net # Fake FitGirl site
109.94.209.70 www.fitgirl-repack.net # Fake FitGirl site
109.94.209.70 fitgirlpack.site # Fake FitGirl site
109.94.209.70 www.fitgirlpack.site # Fake FitGirl site
109.94.209.70 fitgirl-repack.org # Fake FitGirl site
109.94.209.70 www.fitgirl-repack.org # Fake FitGirl site

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-118308293-610972259-2242679070-1001\Control Panel\Desktop\\Wallpaper -> c:\users\asus\appdata\local\packages\microsoft.windows.photos_8wekyb3d8bbwe\localstate\photosappbackground\yokohama kaidashi kikou.gif
DNS Servers: 192.168.18.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run: => "Reflect UI"
HKLM\...\StartupApproved\Run32: => "TeamsMachineInstaller"
HKLM\...\StartupApproved\Run32: => "TeamsMachineUninstallerLocalAppData"
HKLM\...\StartupApproved\Run32: => "TeamsMachineUninstallerProgramData"
HKU\S-1-5-21-118308293-610972259-2242679070-1001\...\StartupApproved\Run: => "IDMan"
HKU\S-1-5-21-118308293-610972259-2242679070-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-118308293-610972259-2242679070-1001\...\StartupApproved\Run: => "pCloud"
HKU\S-1-5-21-118308293-610972259-2242679070-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F61F8C81-934A-4DB4-BF7D-9D8E65695B4F}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe (GlassWire -> SecureMix LLC)
FirewallRules: [{90E96F18-84CA-411C-8B88-0BAAE9094C0E}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe (GlassWire -> SecureMix LLC)
FirewallRules: [{5E112E68-ECA4-41AF-B055-86DEB6660148}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{57889B76-1B31-4D92-A5DB-392FD0B8E9FE}] => (Allow) C:\Program Files (x86)\Steam\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{5F37642C-E55B-479D-8597-74D1FBBAB13E}] => (Allow) C:\Program Files (x86)\Steam\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{C8D22E7D-F9EB-4533-B994-FCA99E2681DF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{42641C93-E1A9-454C-A747-BE4F9E3CD00E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{68A8D12A-D6DC-4D07-9987-228E6C53EF63}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{385C474E-269A-416E-9A1C-CB255D47DEA6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{52B3AA02-33A8-4993-B621-0DB392B4F3F7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{0D2A8F35-8DB9-4102-93E9-3FEE14387FAC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{7C8BE5D8-61EE-48BB-B6B1-45F915DCEDAB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{D405AA78-A27C-470C-BB61-46AD91D07FAB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{66487DE3-EBF6-4E38-83C1-4AFD8C6F2811}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{646CCEFE-FC43-462B-9512-FA6D867425C2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{00E23E38-716B-41A7-98D2-269B0D75CAA2}] => (Allow) C:\Users\asus\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{B2F802B5-098E-4C65-98C9-9B9964EB040C}] => (Allow) C:\Users\asus\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{7E936BAA-6090-48A3-A809-6489D1D4D7F4}] => (Allow) C:\Users\asus\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{E82BE4C7-FD7F-4DFD-8BC9-762A8D4A41CF}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{11A8B490-A105-420E-84F0-9079FE0D08A4}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{153FD571-B101-4720-821F-EA2EA80F7174}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{74037785-45C8-45E0-8195-10C9908CD789}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FCCA1B51-F9EB-480B-99D5-9074A0AB6E56}] => (Allow) D:\SteamLibrary\steamapps\common\No Man's Sky\Binaries\NMS.exe (Hello Games) [File not signed]
FirewallRules: [{CC45DBA8-A281-460C-B421-79E6F18C4C9B}] => (Allow) D:\SteamLibrary\steamapps\common\No Man's Sky\Binaries\NMS.exe (Hello Games) [File not signed]
FirewallRules: [{811763DA-A4E3-45E1-B2D9-0119B8D80082}] => (Allow) D:\SteamLibrary\steamapps\common\GRIS\GRIS.exe () [File not signed]
FirewallRules: [{5E1BC903-E8D6-4110-B6FA-3E9A42C61364}] => (Allow) D:\SteamLibrary\steamapps\common\GRIS\GRIS.exe () [File not signed]
FirewallRules: [{7B3992D9-F50D-4368-BDFE-838C6E56CBCD}] => (Allow) D:\SteamLibrary\steamapps\common\Sniper Elite 4\Launcher\SniperElite4.exe () [File not signed]
FirewallRules: [{1742C275-7F3B-428E-BE86-8D7BD6C83BF1}] => (Allow) D:\SteamLibrary\steamapps\common\Sniper Elite 4\Launcher\SniperElite4.exe () [File not signed]
FirewallRules: [{34A89C9A-9781-43CC-B6CF-01CAA3825909}] => (Allow) D:\SteamLibrary\steamapps\common\Psychonauts 2\Psychonauts2.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{A0E3C930-44BF-46C8-8E99-A8DDB172DD5F}] => (Allow) D:\SteamLibrary\steamapps\common\Psychonauts 2\Psychonauts2.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{42D7EB32-D1B0-4460-BC91-639003E818A9}] => (Allow) D:\SteamLibrary\steamapps\common\Sable\Sable.exe () [File not signed]
FirewallRules: [{F5C7D93C-8B11-4AC8-8594-BF853E1C7728}] => (Allow) D:\SteamLibrary\steamapps\common\Sable\Sable.exe () [File not signed]
FirewallRules: [{A064CF78-05E5-453D-B67A-F1D02A0FE536}] => (Allow) D:\SteamLibrary\steamapps\common\Moonlighter\Moonlighter.exe () [File not signed]
FirewallRules: [{25D69426-36E8-465B-8541-F87DBB32F2FE}] => (Allow) D:\SteamLibrary\steamapps\common\Moonlighter\Moonlighter.exe () [File not signed]
FirewallRules: [{DE5F86E3-B898-4116-8E4F-22E72DCE6140}] => (Allow) D:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{F827B885-58F4-42F1-B376-FE5FCA3C97FA}] => (Allow) D:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{056C6B05-D898-43B9-8C26-761819ACE4CD}] => (Allow) D:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{5E2F1E7E-E974-46DB-9199-29085ABFED86}] => (Allow) D:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{72D6E201-C669-477D-870D-0F29A69F1AE6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.188.612.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{98B0E9B2-6ADC-4549-AE03-F444E55BD15B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.188.612.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E299130E-5A32-4DDB-9DB2-DCD3675E6FFC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.188.612.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9F452677-2349-41D2-AAC0-8456C7B0810A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.188.612.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{35AD0476-C0DE-4899-B23E-326BEC2A6CAC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.188.612.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{C3DCC711-2B5C-4E0F-9F6F-8DBE9BF7EFCB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.188.612.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{604362C7-86D1-4BDE-B42E-366080FB16D8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.188.612.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{324CA3A2-4E33-4CB3-B88C-213776F51F7C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.188.612.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{2BEEBA88-F347-4972-92BB-EACC1DB9D3B4}] => (Allow) C:\Program Files (x86)\ASUS\ROG Live Service\ROGLiveService.exe (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.)
FirewallRules: [{EC55EF2E-08AB-4EBE-9815-B3CA108CC933}] => (Allow) C:\Program Files (x86)\ASUS\ROG Live Service\ROGLiveService.exe (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.)
FirewallRules: [{4C58EC3D-C11F-47AD-88D3-13B5F3C39D76}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.85.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C7694F4A-FEF8-4FAB-91C8-CF760126F2FF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.85.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E0A40831-E78B-40BC-AB81-4D5BEAD1006E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.85.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B3507C45-FF71-438F-9FD0-A6BE57CE3912}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.85.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{AFB0F0CB-A8D4-4854-852E-9A9862E9260A}] => (Allow) C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_3.1.5.0_x64__qmba6cd70vzyy\MyASUS\AsusMyASUS.exe (ASUSTeK COMPUTER INC.) [File not signed]
FirewallRules: [{973C213B-F346-4E7D-A1D5-DFF52DA9C394}] => (Allow) C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_3.1.5.0_x64__qmba6cd70vzyy\MyASUS\AsusMyASUS.exe (ASUSTeK COMPUTER INC.) [File not signed]
FirewallRules: [{1277F7CA-0EE6-4D17-B2F8-B297458A6DE6}] => (Allow) C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_3.1.5.0_x64__qmba6cd70vzyy\MyASUS\AsusMyASUS.exe (ASUSTeK COMPUTER INC.) [File not signed]
FirewallRules: [{658B792E-93A0-4D09-8DA1-EAD52D3696C8}] => (Allow) C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_3.1.5.0_x64__qmba6cd70vzyy\MyASUS\AsusMyASUS.exe (ASUSTeK COMPUTER INC.) [File not signed]
FirewallRules: [{3656A2FD-5BA2-4815-93AF-5B89625C00B1}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{836F22BC-8007-4619-A71B-C0301378EB24}] => (Allow) C:\Program Files\ASUS\ARMOURY CRATE Service\MobilePlugin\AutoConnectHelper.exe => No File
FirewallRules: [{E96DA3C0-85DE-4AAC-A5E2-A4B0B090B6F4}] => (Allow) C:\Program Files\ASUS\ARMOURY CRATE Service\MobilePlugin\AutoConnectHelper.exe => No File
FirewallRules: [{D832630D-FFCE-4329-8D62-EF507818A386}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\103.0.1264.44\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{152BDE77-02A2-40B5-AB09-B05EFC0837B8}] => (Allow) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_5e38ce8081e93b46\ASUSSwitch\AsusSwitchNet.exe (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
FirewallRules: [{CD20E693-56C3-4426-9BA0-28C646FDB986}] => (Allow) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_5e38ce8081e93b46\ASUSLinkNear\AsusLinkNear.exe (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
FirewallRules: [{1AA3798C-1D74-41E8-B74E-6CB4D81806F4}] => (Allow) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_5e38ce8081e93b46\ASUSSwitch\AsusSwitchNetMDNS.exe (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
FirewallRules: [{3BC6C580-58FC-41B0-8060-7132C7732957}] => (Allow) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_5e38ce8081e93b46\ASUSLinkRemote\AsusLinkRemoteAgent.exe (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
FirewallRules: [{6086871A-3D2B-4404-A991-6EAD211F2AE2}] => (Allow) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_5e38ce8081e93b46\ASUSLinkRemote\AsusLinkRemoteAgent.exe (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)

==================== Restore Points =========================


==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (07/06/2022 09:19:14 AM) (Source: VSS) (EventID: 12293) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on a Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine details Cannot ask provider {b5946137-7b9f-4925-af80-51abd60b20d5} if volume is supported. [0x8000ffff] [hr = 0x8000ffff, Catastrophic failure
].


Operation:
Check If Volume Is Supported by Provider
Add a Volume to a Shadow Copy Set

Context:
Execution Context: Coordinator
Provider ID: {00000000-0000-0000-0000-000000000000}
Volume Name: \\?\Volume{a88e34b8-53a6-4622-9d6b-d38d23da6024}\
Execution Context: Coordinator

Error: (07/06/2022 09:00:17 AM) (Source: VSS) (EventID: 12293) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on a Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine details Cannot ask provider {b5946137-7b9f-4925-af80-51abd60b20d5} if volume is supported. [0x8000ffff] [hr = 0x8000ffff, Catastrophic failure
].


Operation:
Check If Volume Is Supported by Provider
Add a Volume to a Shadow Copy Set

Context:
Execution Context: Coordinator
Provider ID: {00000000-0000-0000-0000-000000000000}
Volume Name: \\?\Volume{a88e34b8-53a6-4622-9d6b-d38d23da6024}\
Execution Context: Coordinator

Error: (07/06/2022 08:03:14 AM) (Source: Firefox Default Browser Agent) (EventID: 12007) (User: )
Description: Event-ID 12007

Error: (07/06/2022 08:03:13 AM) (Source: Firefox Default Browser Agent) (EventID: 0) (User: )
Description: Event-ID 0

Error: (07/06/2022 07:57:49 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\LAPTOP-O9IIDCTE$ via https://AMD-KeyId-8a0578cf56146fea399af903fb5b0ac36eb2786a.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps

Method: GET(203ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (07/04/2022 09:22:18 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\LAPTOP-O9IIDCTE$ via https://AMD-KeyId-8a0578cf56146fea399af903fb5b0ac36eb2786a.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps

Method: GET(171ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (07/04/2022 09:04:31 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\LAPTOP-O9IIDCTE$ via https://AMD-KeyId-8a0578cf56146fea399af903fb5b0ac36eb2786a.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps

Method: GET(234ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (07/04/2022 08:22:23 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1737_none_7dec0d8c7ca729de\TiWorker.exe -Embedding; Description = Windows Modules Installer; Error = 0x8004230f).


System errors:
=============
Error: (07/06/2022 07:57:27 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (07/06/2022 07:57:27 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the Origin Web Helper Service service to connect.

Error: (07/06/2022 07:57:27 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The RefreshRateService service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (07/06/2022 07:57:27 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the RefreshRateService service to connect.

Error: (07/06/2022 07:56:24 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AMD Log Utility service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (07/06/2022 07:56:24 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the AMD Log Utility service to connect.

Error: (07/06/2022 07:55:42 AM) (Source: volmgr) (EventID: 45) (User: )
Description: The system could not sucessfully load the crash dump driver.

Error: (07/06/2022 07:55:16 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!


Windows Defender:
================
Date: 2022-06-30 21:20:54
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-06-30 21:13:51
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-06-29 11:08:41
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-06-29 10:02:20
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-06-26 18:22:34
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:

Date: 2022-06-16 22:09:42
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.367.1662.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19200.6
Error code: 0x8024001e
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

CodeIntegrity:
===============
Date: 2022-06-30 21:11:38
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2022-06-23 17:47:15
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. FX505DT.316 01/28/2021
Motherboard: ASUSTeK COMPUTER INC. FX505DT
Processor: AMD Ryzen 5 3550H with Radeon Vega Mobile Gfx
Percentage of memory in use: 65%
Total physical RAM: 8001.35 MB
Available physical RAM: 2738.32 MB
Total Virtual: 16705.35 MB
Available Virtual: 8021.39 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:343.81 GB) (Free:136.46 GB) (Model: TOSHIBA MQ04ABF100) NTFS
Drive d: (DATA) (Fixed) (Total:586.8 GB) (Free:155.38 GB) (Model: TOSHIBA MQ04ABF100) NTFS

\\?\Volume{854e9a11-9e96-48c9-911f-2275c0e85368}\ (RECOVERY) (Fixed) (Total:0.63 GB) (Free:0.12 GB) NTFS
\\?\Volume{b39b30e1-5bed-4a2b-95ec-076fdcfd034a}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: EE89CB1A)

Partition: GPT.

==================== End of Addition.txt =======================


SFCFix
SFCFix version 3.0.2.1 by niemiro.
Start time: 2022-07-06 09:30:08.605
Microsoft Windows 10 Build 19043 - amd64
Using .txt script file at C:\Users\asus\Desktop\SFCFix.txt [0]




FileScan::
[0: 1] C:\Windows\WinSxS\x86_microsoft-windows-s..gstack-boot-onecore_31bf3856ad364e35_10.0.19041.1371_none_6e64fe196d55a1d1\bfsvc.dll
Expected: UNKNOWN Found: x1bS0iNc6QOC4lAYogk2sO1PgBXYSaIePmfutzeCy2s=
Expected: 10.0.19041.1371
Successfully traced component x86_microsoft-windows-s..gstack-boot-onecore_31bf3856ad364e35_10.0.19041.1371_none_6e64fe196d55a1d1.
Package_17_for_KB5007273~31bf3856ad364e35~amd64~~19041.1371.1.0.5007273-36_neutral



[1: 1] C:\Windows\WinSxS\amd64_microsoft-windows-s..gstack-boot-onecore_31bf3856ad364e35_10.0.19041.1371_none_ca83999d25b31307\bfsvc.dll
Expected: UNKNOWN Found: MayQoTnXFfedRgP2kEmDtslv/Og36lqG8iknmFlfdmk=
Expected: 10.0.19041.1371
Successfully traced component amd64_microsoft-windows-s..gstack-boot-onecore_31bf3856ad364e35_10.0.19041.1371_none_ca83999d25b31307.
Package_6_for_KB5007273~31bf3856ad364e35~amd64~~19041.1371.1.0.5007273-10_neutral



[2: 1] C:\Windows\WinSxS\x86_microsoft-windows-s..gstack-boot-onecore_31bf3856ad364e35_10.0.19041.1_none_af9995d1577b1d00\bfsvc.dll
Expected: UNKNOWN Found: QmZ7rx7AMiYWLQaYpUGnJOv08xYTqFN/NDoanO5ZqtY=
Expected: 10.0.19041.1
Successfully traced component x86_microsoft-windows-s..gstack-boot-onecore_31bf3856ad364e35_10.0.19041.1_none_af9995d1577b1d00.
Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.1586.ae80f62a394dda63fbe1bd28782682dd



[3: 1] C:\Windows\WinSxS\x86_microsoft-windows-s..gstack-boot-onecore_31bf3856ad364e35_10.0.19041.1310_none_6e5f13256d5af026\bfsvc.dll
Expected: UNKNOWN Found: l5TEX81VRmMfm3iTWK4VJ4NGZmhRinQM6nfy+LKABPE=
Expected: 10.0.19041.1310
Successfully traced component x86_microsoft-windows-s..gstack-boot-onecore_31bf3856ad364e35_10.0.19041.1310_none_6e5f13256d5af026.
Package_17_for_KB5006753~31bf3856ad364e35~amd64~~19041.1310.1.0.5006753-36_neutral



[4: 1] C:\Windows\WinSxS\amd64_microsoft-windows-s..gstack-boot-onecore_31bf3856ad364e35_10.0.19041.1310_none_ca7daea925b8615c\bfsvc.dll
Expected: UNKNOWN Found: 695VUthUzzcucEaM/Xz6GlbBX61haqrDoyD00ydY+XI=
Expected: 10.0.19041.1310
Successfully traced component amd64_microsoft-windows-s..gstack-boot-onecore_31bf3856ad364e35_10.0.19041.1310_none_ca7daea925b8615c.
Package_6_for_KB5006753~31bf3856ad364e35~amd64~~19041.1310.1.0.5006753-11_neutral



[5: 1] C:\Windows\WinSxS\amd64_microsoft-windows-s..gstack-boot-onecore_31bf3856ad364e35_10.0.19041.1_none_0bb831550fd88e36\bfsvc.dll
Expected: UNKNOWN Found: 09k/q7Tr4/9wEiyeButQQWBn5X2mUAKnwMuF3EPdRV0=
Expected: 10.0.19041.1
Successfully traced component amd64_microsoft-windows-s..gstack-boot-onecore_31bf3856ad364e35_10.0.19041.1_none_0bb831550fd88e36.
Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.1586.ae80f62a394dda63fbe1bd28782682dd



[6: 1] C:\Windows\WinSxS\x86_microsoft-windows-s..gstack-boot-onecore_31bf3856ad364e35_10.0.19041.1525_none_6e4a01af6d6ac184\bfsvc.dll
Expected: UNKNOWN Found: STm72ilNypqg9xGwbAjVDBwvDe0oCaN/9GF6uxmQ2ec=
Expected: 10.0.19041.1525
Successfully traced component x86_microsoft-windows-s..gstack-boot-onecore_31bf3856ad364e35_10.0.19041.1525_none_6e4a01af6d6ac184.
Package_17_for_KB5011352~31bf3856ad364e35~amd64~~19041.1525.1.0.5011352-34_neutral



[7: 1] C:\Windows\WinSxS\amd64_microsoft-windows-s..gstack-boot-onecore_31bf3856ad364e35_10.0.19041.1525_none_ca689d3325c832ba\bfsvc.dll
Expected: UNKNOWN Found: mcfnu4wWbF3ol04njxFrw/FKzhkYqgqKS1RUt7Ye40c=
Expected: 10.0.19041.1525
Successfully traced component amd64_microsoft-windows-s..gstack-boot-onecore_31bf3856ad364e35_10.0.19041.1525_none_ca689d3325c832ba.
Package_6_for_KB5011352~31bf3856ad364e35~amd64~~19041.1525.1.0.5011352-10_neutral



[8: 1] C:\Windows\WinSxS\x86_microsoft-windows-s..gstack-boot-onecore_31bf3856ad364e35_10.0.19041.1613_none_6e3e5f096d7390dc\bfsvc.dll
Expected: UNKNOWN Found: OELJrdnqpRVevfoN2BoDIVhr8IdarqtzVAlVanhHQII=
Expected: 10.0.19041.1613
Successfully traced component x86_microsoft-windows-s..gstack-boot-onecore_31bf3856ad364e35_10.0.19041.1613_none_6e3e5f096d7390dc.
Package_17_for_KB5011651~31bf3856ad364e35~amd64~~19041.1613.1.1.5011651-32_neutral



[9: 1] C:\Windows\WinSxS\amd64_microsoft-windows-s..gstack-boot-onecore_31bf3856ad364e35_10.0.19041.1613_none_ca5cfa8d25d10212\bfsvc.dll
Expected: UNKNOWN Found: xfIjgIslZEWaGb96NmoJWFGXJNOCGNOmbpAyaEt7qug=
Expected: 10.0.19041.1613
Successfully traced component amd64_microsoft-windows-s..gstack-boot-onecore_31bf3856ad364e35_10.0.19041.1613_none_ca5cfa8d25d10212.
Package_6_for_KB5011651~31bf3856ad364e35~amd64~~19041.1613.1.1.5011651-11_neutral



[10: 1] C:\Windows\WinSxS\x86_microsoft-windows-s..gstack-boot-onecore_31bf3856ad364e35_10.0.19041.1677_none_6e4405a56d6e8f6a\bfsvc.dll
Expected: UNKNOWN Found: l21x9U7y5Na4mRk/zhOmpW6wjY9WoRWAO7HvgSk7qgs=
Expected: 10.0.19041.1677
Successfully traced component x86_microsoft-windows-s..gstack-boot-onecore_31bf3856ad364e35_10.0.19041.1677_none_6e4405a56d6e8f6a.
Package_17_for_KB5012677~31bf3856ad364e35~amd64~~19041.1677.1.1.5012677-35_neutral



[11: 1] C:\Windows\WinSxS\amd64_microsoft-windows-s..gstack-boot-onecore_31bf3856ad364e35_10.0.19041.1677_none_ca62a12925cc00a0\bfsvc.dll
Expected: UNKNOWN Found: fI81ZODHqulGsJE8sfuRE8XVTXHXZLDAgeKtr3F3mNk=
Expected: 10.0.19041.1677
Successfully traced component amd64_microsoft-windows-s..gstack-boot-onecore_31bf3856ad364e35_10.0.19041.1677_none_ca62a12925cc00a0.
Package_6_for_KB5012677~31bf3856ad364e35~amd64~~19041.1677.1.1.5012677-10_neutral



[12: 1] C:\Windows\WinSxS\x86_microsoft-windows-s..gstack-boot-onecore_31bf3856ad364e35_10.0.19041.1704_none_6e32780b6d7cad17\bfsvc.dll
Expected: UNKNOWN Found: wrvNI3x8ACZeurJ61PuiBLWzi68n+iEo8o/C/lhiBhA=
Expected: 10.0.19041.1704
Successfully traced component x86_microsoft-windows-s..gstack-boot-onecore_31bf3856ad364e35_10.0.19041.1704_none_6e32780b6d7cad17.
Package_17_for_KB5014032~31bf3856ad364e35~amd64~~19041.1704.1.4.5014032-36_neutral



[13: 1] C:\Windows\WinSxS\amd64_microsoft-windows-s..gstack-boot-onecore_31bf3856ad364e35_10.0.19041.1704_none_ca51138f25da1e4d\bfsvc.dll
Expected: UNKNOWN Found: nAK/Xz+rBNOOB7PJMXI1lfgXBHffzIAqTk2pYYuQLBc=
Expected: 10.0.19041.1704
Successfully traced component amd64_microsoft-windows-s..gstack-boot-onecore_31bf3856ad364e35_10.0.19041.1704_none_ca51138f25da1e4d.
Package_6_for_KB5014032~31bf3856ad364e35~amd64~~19041.1704.1.4.5014032-11_neutral



[14: 1] C:\Windows\WinSxS\x86_microsoft-windows-s..gstack-boot-onecore_31bf3856ad364e35_10.0.19041.1220_none_6e6ae35b6d51ed8c\bfsvc.dll
Expected: UNKNOWN Found: 1mt01pizou4NG6XsI1Q7IkRY+2XIfUCcP+Hf3jIIAxA=
Expected: 10.0.19041.1220
Successfully traced component x86_microsoft-windows-s..gstack-boot-onecore_31bf3856ad364e35_10.0.19041.1220_none_6e6ae35b6d51ed8c.
Package_17_for_KB5005699~31bf3856ad364e35~amd64~~19041.1220.1.0.5005699-33_neutral



[15: 1] C:\Windows\WinSxS\amd64_microsoft-windows-s..gstack-boot-onecore_31bf3856ad364e35_10.0.19041.1220_none_ca897edf25af5ec2\bfsvc.dll
Expected: UNKNOWN Found: WfDYgaF0WZFbF5r2MiFlvI5sEK+GRgqcrCHeH4wqLQc=
Expected: 10.0.19041.1220
Successfully traced component amd64_microsoft-windows-s..gstack-boot-onecore_31bf3856ad364e35_10.0.19041.1220_none_ca897edf25af5ec2.
Package_6_for_KB5005699~31bf3856ad364e35~amd64~~19041.1220.1.0.5005699-10_neutral



[16: 1] C:\Windows\WinSxS\x86_microsoft-windows-s..gstack-boot-onecore_31bf3856ad364e35_10.0.19041.1737_none_6e3534916d7a45ff\bfsvc.dll
Expected: UNKNOWN Found: CoUyiLa8c9oCqEVBM/S19+2pa2wdCr+rZTTI4vHZWM0=
Expected: 10.0.19041.1737
Successfully traced component x86_microsoft-windows-s..gstack-boot-onecore_31bf3856ad364e35_10.0.19041.1737_none_6e3534916d7a45ff.
Package_17_for_KB5014035~31bf3856ad364e35~amd64~~19041.1737.1.2.5014035-35_neutral



[17: 1] C:\Windows\WinSxS\amd64_microsoft-windows-s..gstack-boot-onecore_31bf3856ad364e35_10.0.19041.1737_none_ca53d01525d7b735\bfsvc.dll
Expected: UNKNOWN Found: wPu4O7aptnk/KZjFabHp/OCHQc3tNJRAK77X8qRJVxQ=
Expected: 10.0.19041.1737
Successfully traced component amd64_microsoft-windows-s..gstack-boot-onecore_31bf3856ad364e35_10.0.19041.1737_none_ca53d01525d7b735.
Package_6_for_KB5014035~31bf3856ad364e35~amd64~~19041.1737.1.2.5014035-11_neutral
FileScan:: directive completed successfully.




Successfully processed all directives.
SFCFix version 3.0.2.1 by niemiro has completed.
Currently storing 18 datablocks.
Finish time: 2022-07-06 09:30:37.021
Script hash: iwj01/P+5zN8qmx4LyMLO02S6BNJzeor9P8UoGHdhdU=
----------------------EOF-----------------------

 

[Gary R]

Looking them over now. Back ASAP.

 

[Gary R]

WARNING! The following fix is specific to the user's system in this thread only. No one else should follow these instructions, as it could damage your system.

• Download the attachment SFCFix.zip and save it on your desktop.
• Save any work you have open, and close all programs.
• Drag the SFCFix.zip file over the SFCFix.exe executable and release it.

• SFCFix will launch, let it complete.
• Once done, a file will appear on your desktop, called SFCFix.txt
• Open the file, then copy and paste its content in your next reply.

Next ...

• Restart the computer.
• Run the command SFC /SCANNOW in an elevated command prompt and report the result.

Next ....

• Try updating your Computer again.
• If it fails, attach a zipped C:\Windows\Logs\CBS\CBS.log to your next reply.

 

[JoeRain]

Thanks Gary. Did you find something from my logs?

SFCFix version 3.0.2.1 by niemiro.
Start time: 2022-07-08 20:51:03.523
Microsoft Windows 10 Build 19043 - amd64
Using .zip script file at C:\Users\asus\Desktop\SFCFix(1).zip [0]




PowerCopy::
Successfully took permissions for file or folder C:\Windows\WinSxS\amd64_microsoft-windows-s..gstack-boot-onecore_31bf3856ad364e35_10.0.19041.1737_none_ca53d01525d7b735\bfsvc.dll

Successfully copied file C:\Users\asus\AppData\Local\niemiro\Archive\amd64_microsoft-windows-s..gstack-boot-onecore_31bf3856ad364e35_10.0.19041.1737_none_ca53d01525d7b735\bfsvc.dll to C:\Windows\WinSxS\amd64_microsoft-windows-s..gstack-boot-onecore_31bf3856ad364e35_10.0.19041.1737_none_ca53d01525d7b735\bfsvc.dll.

Successfully restored ownership for C:\Windows\WinSxS\amd64_microsoft-windows-s..gstack-boot-onecore_31bf3856ad364e35_10.0.19041.1737_none_ca53d01525d7b735\bfsvc.dll
Successfully restored permissions on C:\Windows\WinSxS\amd64_microsoft-windows-s..gstack-boot-onecore_31bf3856ad364e35_10.0.19041.1737_none_ca53d01525d7b735\bfsvc.dll
PowerCopy:: directive completed successfully.




Successfully processed all directives.
SFCFix version 3.0.2.1 by niemiro has completed.
Currently storing 19 datablocks.
Finish time: 2022-07-08 20:51:09.526
Script hash: fPaPSkkgBS1XHk2x9uyVbA/xftt74bXzxzwkzblKVGQ=
----------------------EOF-----------------------


Restarting the computer now.

 

[Gary R]

In one of your earlier logs the following lines were found ...

2022-05-13 16:53:00, Error      [0x018049] CSI    00000640 (F) Failed execution of queue item Installer: Boot File Servicing (BFSVC) Installer ({c5f0e9d7-e844-4507-89e4-701b5a747221}) with HRESULT 8031004a [Error,Facility=(0031),Code=74 (0x004a)]. Failure will not be ignored: A rollback will be initiated after all the operations in the installer queue are completed; installer is reliable[gle=0x80004005]
2022-05-13 16:53:31, Error CSI 000006c8 (F) Installer: Boot File Servicing (BFSVC) Installer Binary Name: bfsvc.dll ErrorCode: 8031004a Phase: 31 Mode: Delta Component: NONE[gle=0x80004005]
2022-05-13 16:53:31, Info                  CSI    000006c9 ==Error Summary End==

... and when we look up the error code 8031004a .... we got ....

C:\Users\Gary R>err_6.4.5 0x8031004a
# for hex 0x8031004a / decimal -2144272310
FVE_E_NOT_ON_STACK winerror.h
# BitLocker Drive Encryption cannot be used because critical
# BitLocker system files are missing or corrupted. Use
# Windows Startup Repair to restore these files to your
# computer.

... which is why I asked you if you had Bitlocker on your drive, and why even though you haven't we tried a Startup Repair.

That did not work, so we looked elsewhere for a possible cause to your problem.

All the logs we've looked at since haven't really given us any consistent information as to what is causing your problem, which is that Windows performs a Rollback when installing the updates on your computer fails.

BFSVC installer is the mechanism that controls this, so what we tried in the last fix, is to replace the file for BFSVC with a known clean example to see if that resolves things.

 

[JoeRain]

Thank you for the explanation.
The updates still failed so here's the CBS.

CBS.zip

 

[Gary R]

Thanks looking over your latest logs now.

Be back ASAP.

 

[Gary R]

After looking through your logs, we're still seeing the same Boot problems causing your Rollback, so what we're going to do now is to rebuild your Boot Configuration Data (BCD) and see if that resolves things.

To do that, if you haven't already done so, I need you to create a Recovery Drive, because we're going to need to boot from that to accomplish what we need to do. Must be one created by Windows, not one created for Macrium.

I did post instructions for how to create one in post #69, but I'll repeat them again just in case you need them ....

The following article describes how to create one ... Create a recovery drive ... you'll need a USB drive of at least 16GB for W10

I STRONGLY RECOMMEND YOU TO NOTE THESE INSTRUCTIONS DOWN AS YOU WILL NOT BE ABLE TO ACCESS THEM FROM YOUR COMPUTER WHILE YOU ARE EXECUTING THEM

To boot from your Recovery Drive ....

• With your computer booted as normal, plug in your Recovery Drive
• Enter Settings into Search and then click on the Settings icon in the results
• Click on Advanced Startup and then Restart Now
• Your computer will reboot into the Advanced Startup menu ...
  • In the Choose an Option menu select Use a Device and then USB Drive UEFI
    • Windows will now boot from your Recovery Drive, when prompted choose your language, and keyboard types.
    • You will now be presented with an Advanced Startup menu that looks identical to the one you saw earlier, the only difference being that this one is on your Recovery Drive, which is of vital importance since we cannot rebuild your BCD if you are booted into your hard drive.
    • Click on Troubleshoot to select it, followed by Command Prompt.
    • A Command Window will open.
    • Please type in each of the following commands (in bold blue), and after each hit your return key ...
      • diskpart ... Opens the Disk Partitioning tool
      • select disk 0 ... Will select your first hard drive (the one with the Windows partition on it)
      • list volume ... Note the number of the partition that has no drive letter assigned to it, it is of 260MB of size and will have FAT32 listed under the FS column.
      • select volume X ... Replace X with the number of the partition that was 260MB the EFI System Partition that you identified in the last command.
      • assign letter=Z: ... Will assign the Z: letter to the EFI System Partition
      • exit... To exit the diskpart utility
        • Now enter the following commands (in bold blue) into the Command Window, and after each hit your return key ...
          • cd /d Z:\EFI\Microsoft\Boot ... Goes to the Boot directory in the Z: partition
          • attrib Z:\EFI\Microsoft\Boot\BCD -h -r -s ... Removes the hidden, read-only and system attributes from the BCD folder
          • ren Z:\EFI\Microsoft\Boot\BCD BCD.old ... Renamed the BCD folder to BCD.old
          • bootrec /rebuildbcd... This command will rebuild the BCD
            • When it asks you Add the installation to boot list?
            • Press on y followed by Enter
            • If it succeeded, you'll have a The operation completed successfully message
            • Once you're done, close the command prompt, restart your computer and try to update again.
            • Let me know if you can now update.