Jump to content

eggyburps

Members
  • Posts

    2
  • Joined

  • Last visited

Everything posted by eggyburps

  1. forgot to attach additional.txt Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-04-2022 01 Ran by chris (21-04-2022 17:11:36) Running from C:\Users\chris\Downloads Microsoft Windows 11 Home Version 21H2 22000.613 (X64) (2022-03-17 18:44:32) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-3499411280-506982931-862582420-500 - Administrator - Disabled) chris (S-1-5-21-3499411280-506982931-862582420-1001 - Administrator - Enabled) => C:\Users\chris DefaultAccount (S-1-5-21-3499411280-506982931-862582420-503 - Limited - Disabled) Guest (S-1-5-21-3499411280-506982931-862582420-501 - Limited - Disabled) WDAGUtilityAccount (S-1-5-21-3499411280-506982931-862582420-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) ARMOURY CRATE Lite Service (HKLM\...\{EF3944FF-2501-4568-B15C-5701E726719E}) (Version: 5.0.8 - ASUS) ASUS AIOFan HAL (HKLM\...\{EAE80DED-1A39-41C5-9F60-87CC947F6454}) (Version: 1.1.43.0 - ASUSTek COMPUTER INC.) Hidden ASUS AIOFan HAL (HKLM-x32\...\{2e3d34f7-20ec-4a4a-bfb6-2c74633e412d}) (Version: 1.1.43.0 - ASUSTek COMPUTER INC.) Hidden ASUS AURA Extension Card HAL (HKLM\...\{237E1CAC-1708-4940-AC34-DF15C079AB70}) (Version: 1.1.0.13 - ASUSTeK COMPUTER INC.) Hidden ASUS AURA Extension Card HAL (HKLM-x32\...\{c398adfb-d090-4897-8845-baca53f7ecde}) (Version: 1.1.0.13 - ASUSTeK COMPUTER INC.) Hidden ASUS AURA Motherboard HAL (HKLM\...\{4EBEAC95-76BC-46A8-8644-6E2F1C87CF70}) (Version: 1.2.8.0 - ASUSTeK COMPUTER INC.) Hidden ASUS AURA Motherboard HAL (HKLM-x32\...\{c289ca16-807e-4373-92c3-29ef5dc2119a}) (Version: 1.2.8.0 - ASUSTeK COMPUTER INC.) Hidden ASUS Aura SDK (HKLM\...\{CF8E6E00-9C03-4440-81C0-21FACB921A6B}) (Version: 3.04.11 - ASUSTek COMPUTER INC.) Hidden ASUS AURA VGA Component (HKLM\...\{71BB96A6-EAC4-45AE-A17D-D3ED43FF1D14}) (Version: 0.0.4.8 - ASUSTek COMPUTER INC. ) Hidden ASUS AURA VGA Component (HKLM-x32\...\{7c01c465-34a9-4e0e-85c1-e54a7c919571}) (Version: 0.0.4.8 - ASUSTek COMPUTER INC. ) Hidden ASUS Framework Service (HKLM-x32\...\{8bc53c84-d9aa-4cc6-b19c-261f445494dc}) (Version: 2.1.3.0 - ASUSTek COMPUTER INC.) ASUS Framework Service (HKLM-x32\...\{EA6A87BE-8AD3-40D2-944C-9DF5FBFF4332}) (Version: 2.1.3.0 - ASUSTek COMPUTER INC.) Hidden ASUS Motherboard (HKLM-x32\...\{93795eb8-bd86-4d4d-ab27-ff80f9467b37}) (Version: 3.00.10 - ASUSTek Computer Inc.) ASUS Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.107.79 - ASUSTeK Computer Inc.) Hidden AURA DRAM Component (HKLM\...\{9AFE5429-866B-457D-A864-80BCF7672EE8}) (Version: 1.1.16 - ASUS) Hidden AURA DRAM Component (HKLM-x32\...\{41a78792-5489-400c-a567-b78d40b8c878}) (Version: 1.1.16 - ASUS) Hidden AURA lighting effect add-on (HKLM-x32\...\{1E2EA04B-FCA7-457E-B6F4-F33E1858E859}) (Version: 0.0.21 - ASUS) AURA lighting effect add-on x64 (HKLM\...\{C5A4A164-4428-4931-B728-96EEF0FA3C44}) (Version: 0.0.21 - ASUS) AURA Service (HKLM-x32\...\{0E536061-3B55-4D45-BF58-0BDA261C94B0}) (Version: 3.05.29 - ASUSTeK Computer Inc.) Hidden AURA Service (HKLM-x32\...\{abff099e-96f5-4bf4-9c6e-6f435f9f6c55}) (Version: 3.05.29 - ASUSTeK Computer Inc.) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Burning Crusade Classic (HKLM-x32\...\Burning Crusade Classic) (Version: - Blizzard Entertainment) ENE RGB HAL (HKLM\...\{E050E98C-5524-4AFB-9E53-97700BEF2C02}) (Version: 1.1.39.5 - Ene Tech.) Hidden ENE RGB HAL (HKLM-x32\...\{09239bb1-d62b-4710-991f-f8cf987be42b}) (Version: 1.1.39.5 - Ene Tech.) Hidden ENE_EHD_M2_HAL (HKLM\...\{37A48B7F-D4EA-4863-844E-A284E2AA3C5D}) (Version: 1.0.9.6 - ENE TECHNOLOGY INC.) Hidden ENE_EHD_M2_HAL (HKLM-x32\...\{fb849319-e131-4301-9dc9-458db90abe1d}) (Version: 1.0.9.6 - ENE TECHNOLOGY INC.) Hidden ExpressVPN (HKLM-x32\...\{19815e60-96a5-48a7-90a4-ac639eef871a}) (Version: 10.23.0.6 - ExpressVPN) ExpressVPN (HKLM-x32\...\{E5B9C3E5-889C-4F22-A959-F4B8773D7837}) (Version: 10.23.0.6 - ExpressVPN) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 100.0.4896.127 - Google LLC) Kingston AURA DRAM Component (HKLM\...\{965CDF5F-901C-476F-B3A8-7396701B1129}) (Version: 1.1.12 - KINGSTON COMPONENTS INC.) Hidden Kingston AURA DRAM Component (HKLM-x32\...\{2237a879-7fa4-4e21-ae3b-00f6a649b9d9}) (Version: 1.1.12 - KINGSTON COMPONENTS INC.) Hidden Malwarebytes version 4.5.8.191 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.8.191 - Malwarebytes) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 100.0.1185.44 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 100.0.1185.44 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3499411280-506982931-862582420-1001\...\OneDriveSetup.exe) (Version: 22.065.0412.0004 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{6A2A8076-135F-4F55-BB02-DED67C8C6934}) (Version: 4.67.0.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29913 (HKLM-x32\...\{855e31d2-9031-46e1-b06d-c9d7777deefb}) (Version: 14.28.29913.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.26.28720 (HKLM-x32\...\{86380aef-fd23-4fc3-8723-a98ccad8f2c6}) (Version: 14.26.28720.3 - Microsoft Corporation) Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 99.0.1 (x64 en-US)) (Version: 99.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 99.0.1 - Mozilla) NVIDIA Graphics Driver 456.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 456.71 - NVIDIA Corporation) Patriot Viper DRAM RGB (HKLM\...\{1F9C282E-CCB4-4D8E-A5CB-7B74DFCD8C95}) (Version: 1.0.9.2 - Patriot Memory) Hidden Patriot Viper DRAM RGB (HKLM-x32\...\{fdc098ce-d76c-4e2e-a0a6-01a24e9a1f7d}) (Version: 1.0.9.2 - Patriot Memory) Patriot Viper M2 SSD RGB (HKLM\...\{8B4C0A3D-C135-4E1F-98D8-3926494B4D61}) (Version: 1.0.6.5 - Patriot Memory) Hidden Patriot Viper M2 SSD RGB (HKLM-x32\...\{387596e5-692e-4baf-bec2-3338d555df7a}) (Version: 1.0.6.5 - Patriot Memory) PHISON HAL (HKLM\...\{966E33F0-6786-4B38-AA29-C1B3F6C1955D}) (Version: 1.0.9.0 - PHISON Electronics Corp.) Hidden PHISON HAL (HKLM-x32\...\{549da357-1b81-456b-83f2-dcc47c41dfff}) (Version: 1.0.9.0 - PHISON Electronics Corp.) Hidden ROG Live Service (HKLM-x32\...\{2D87BFB6-C184-4A59-9BBE-3E20CE797631}) (Version: 1.3.12.0 - ASUSTek COMPUTER INC.) TeamViewer (HKLM\...\TeamViewer) (Version: 15.28.9 - TeamViewer) Universal Holtek RGB DRAM (HKLM\...\{826388E4-E31F-4514-948B-3BB954FB3EAF}) (Version: 1.0.0.2 - PD) Hidden Universal Holtek RGB DRAM (HKLM-x32\...\{6870588f-9f28-488b-a169-cf548ad6b393}) (Version: 1.0.0.2 - PD) WD_BLACK AN1500 (HKLM\...\{085E2365-0A70-4230-B664-02D5E4FE7E9C}) (Version: 1.0.14.0 - ENE TECHNOLOGY INC.) Hidden WD_BLACK AN1500 (HKLM-x32\...\{e42c5874-37b0-4977-9e8d-70bf006e1f76}) (Version: 1.0.14.0 - ENE TECHNOLOGY INC.) Hidden World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment) Packages: ========= ARMOURY CRATE -> C:\Program Files\WindowsApps\B9ECED6F.ArmouryCrate_5.0.11.0_x64__qmba6cd70vzyy [2022-03-17] (ASUSTeK COMPUTER INC.) Disney+ -> C:\Program Files\WindowsApps\Disney.37853FC22B2CE_1.27.1.0_x64__6rarf9sa4v8jt [2022-04-20] (Disney) Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.12.3171.0_x64__8wekyb3d8bbwe [2022-03-25] (Microsoft Studios) [MS Ad] NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.962.0_x64__56jybvy8sckqj [2022-03-17] (NVIDIA Corp.) Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0 [2022-03-20] (Spotify AB) [Startup Task] ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-04-21] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\nvshext.dll [2020-10-07] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-04-21] (Malwarebytes Corporation -> Malwarebytes) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\chris\Desktop\John - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default" ==================== Loaded Modules (Whitelisted) ============= 2022-01-10 07:36 - 2022-01-10 07:36 - 000515584 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\ac_node_addon\prebuilds\win32-ia32\node.napi.node 2022-01-11 16:52 - 2022-01-11 16:52 - 000479744 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\ffi-napi\prebuilds\win32-ia32\node.napi.node 2022-01-11 16:52 - 2022-01-11 16:52 - 000470016 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\ref-napi\prebuilds\win32-ia32\node.napi.node 2022-01-10 07:36 - 2022-01-10 07:36 - 000832512 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\usb-detection\prebuilds\win32-ia32\node.napi.node 2022-03-17 12:02 - 2022-01-12 16:43 - 000093184 _____ () [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\zlibwapi.dll 2021-12-23 15:51 - 2021-12-23 15:51 - 000081920 _____ () [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\WindowID\WindowID.dll 2020-05-26 17:08 - 2020-05-26 17:08 - 002831360 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\LightingService\log4cxx.dll 2022-03-17 12:02 - 2022-04-20 20:16 - 000070400 _____ (ASUSTeK Computer Inc. -> ) [File not signed] C:\Program Files (x86)\ASUS\AXSP\4.02.12\PEbiosinterface32.dll 2021-12-27 09:03 - 2021-12-27 09:03 - 000046592 _____ (CTI) [File not signed] C:\Program Files\ENE\Aac_ENE RGB HAL\x64\MsIo64_ENE.dll 2021-12-27 09:04 - 2021-12-27 09:04 - 000047104 _____ (CTI) [File not signed] C:\Program Files\ENE\Aac_ENE RGB HAL\x86\MsIo32_ENE.dll 2022-03-17 12:02 - 2022-01-12 16:43 - 003394560 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\libcrypto-1_1-x64.dll 2022-03-17 12:02 - 2022-01-12 16:43 - 000679424 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\libssl-1_1-x64.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2021-06-05 05:08 - 2021-06-05 05:08 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3499411280-506982931-862582420-1001\Control Panel\Desktop\\Wallpaper -> DNS Servers: 10.20.0.1 - 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{BE89CB63-5BF1-4C5B-B68E-164699B15D5B}] => (Allow) C:\Program Files (x86)\ASUS\ROG Live Service\ROGLiveService.exe (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.) FirewallRules: [{5330F032-A48B-4BB4-A48D-891871913116}] => (Allow) C:\Program Files (x86)\ASUS\ROG Live Service\ROGLiveService.exe (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.) FirewallRules: [{FE472429-D3FB-47CC-911E-D07D13378C0B}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe (ASUSTeK COMPUTER INC. -> ASUS) FirewallRules: [{6F43F44F-3974-4ADE-A72C-FC92DDFDB8E4}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmouryHtmlDebugServer.exe (ASUSTeK COMPUTER INC. -> ASUS) FirewallRules: [{5A05E488-21BA-4F75-B44C-BCD2DAF69A07}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.) FirewallRules: [{BFD8F93A-AD15-426E-89B4-3F932D3CFBCF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{50907806-85F1-4C3D-85FD-32F173EF3EA8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{86C2B6EF-DA01-45CE-AAD8-16A2075B49D8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{FCAAE198-69DF-4D5C-AAEA-FCCF081D9340}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{D9EAA6A6-6A2F-488F-BBD2-C28404C2D56A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{292D313D-638B-44FD-B45A-D88CAD192A1E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{3B4CE323-6E8F-4E89-98D4-F80A0B26B49C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{AD64D3A6-021D-4D5A-A04F-05A0BE0513E5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{A4DB7C02-2292-47BF-BAC4-D6AABAB58BA0}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{FE5019D9-33F1-4F1E-9C49-65FDB17B2735}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.44\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{BA1EFC5C-9290-4FE2-B542-A733B6D47CE4}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22082.402.1279.2578_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{2D853E9E-4327-40A3-8A02-50E5CF11E9E7}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22082.402.1279.2578_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{D8732421-A735-4D31-9E17-C97445ED9B3A}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{639A1E81-B9E4-46A5-9592-52DED2BBBBCA}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{524DD617-3EA0-43A2-841C-98746F881B33}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{6680ADC5-DB23-4E2A-944A-0635FCAF6D76}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{23535932-AE42-4456-86E2-72550E34F649}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{CFCF886D-777F-4D1D-B030-8D1024B741F5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) ==================== Restore Points ========================= 28-03-2022 12:28:18 Scheduled Checkpoint 04-04-2022 13:35:28 ExpressVPN 12-04-2022 13:29:36 Scheduled Checkpoint 13-04-2022 16:00:27 Windows Modules Installer 20-04-2022 20:15:28 Installed GoToMyPC ==================== Faulty Device Manager Devices ============ Name: ExpressVPN TAP Adapter Description: ExpressVPN TAP Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: ExpressVPN Service: tapexpressvpn Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ======================== Application errors: ================== Error: (04/20/2022 08:30:53 PM) (Source: nssm) (EventID: 1045) (User: ) Description: Error attaching to console for service ExpressVPNService. AttachConsole() failed: No process is on the other end of the pipe. Error: (04/13/2022 10:24:24 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY) Description: User hive is loaded by another process (Registry Lock) Process name: C:\Windows\System32\svchost.exe, PID: 5220, ProfSvc PID: 1916. Error: (04/13/2022 10:24:24 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY) Description: User hive is loaded by another process (Registry Lock) Process name: C:\Windows\System32\svchost.exe, PID: 5220, ProfSvc PID: 1916. Error: (04/13/2022 10:23:46 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress. . Error: (04/13/2022 10:23:46 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] Error: (04/04/2022 01:35:50 PM) (Source: nssm) (EventID: 1045) (User: ) Description: Error attaching to console for service ExpressVPNService. AttachConsole() failed: No process is on the other end of the pipe. Error: (04/03/2022 11:57:17 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program identity_helper.exe version 100.0.1185.29 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 3c48 Start Time: 01d8478c8a2cbf21 Termination Time: 4294967295 Application Path: C:\Program Files (x86)\Microsoft\Edge\Application\100.0.1185.29\identity_helper.exe Report Id: 90f60d9f-bc13-443f-9702-b40b28909332 Faulting package full name: Microsoft.MicrosoftEdge.Stable_99.0.1150.55_neutral__8wekyb3d8bbwe Faulting package-relative application ID: App Hang type: Quiesce Error: (03/28/2022 07:17:20 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program identity_helper.exe version 99.0.1150.55 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: acc Start Time: 01d842ae70d65ca3 Termination Time: 4294967295 Application Path: C:\Program Files (x86)\Microsoft\Edge\Application\99.0.1150.55\identity_helper.exe Report Id: ca5ef74c-bcbe-4605-a86f-3ced3f957b57 Faulting package full name: Microsoft.MicrosoftEdge.Stable_99.0.1150.52_neutral__8wekyb3d8bbwe Faulting package-relative application ID: App Hang type: Quiesce System errors: ============= Error: (04/21/2022 04:28:11 PM) (Source: Server) (EventID: 2505) (User: ) Description: The server could not bind to the transport \Device\NetBT_Tcpip_{30B021AF-034E-4D02-9E1E-98FB35892CCF} because another computer on the network has the same name. The server could not start. Error: (04/21/2022 04:24:19 PM) (Source: Server) (EventID: 2505) (User: ) Description: The server could not bind to the transport \Device\NetBT_Tcpip_{34AD31DA-071F-44E8-8F42-FDF80C6FCC9A} because another computer on the network has the same name. The server could not start. Error: (04/20/2022 10:21:45 PM) (Source: Server) (EventID: 2505) (User: ) Description: The server could not bind to the transport \Device\NetBT_Tcpip_{30B021AF-034E-4D02-9E1E-98FB35892CCF} because another computer on the network has the same name. The server could not start. Error: (04/20/2022 09:51:53 PM) (Source: Schannel) (EventID: 4114) (User: NT AUTHORITY) Description: The certificate received from the remote server was issued by an untrusted certificate authority. Because of this, none of the data contained in the certificate can be validated. The TLS connection request has failed. The attached data contains the server certificate. The SSPI client process is svchost[WpnService] (PID: 3220). Error: (04/20/2022 09:51:53 PM) (Source: Schannel) (EventID: 4114) (User: NT AUTHORITY) Description: The certificate received from the remote server was issued by an untrusted certificate authority. Because of this, none of the data contained in the certificate can be validated. The TLS connection request has failed. The attached data contains the server certificate. The SSPI client process is svchost[WpnService] (PID: 3220). Error: (04/20/2022 09:51:42 PM) (Source: Server) (EventID: 2505) (User: ) Description: The server could not bind to the transport \Device\NetBT_Tcpip_{34AD31DA-071F-44E8-8F42-FDF80C6FCC9A} because another computer on the network has the same name. The server could not start. Error: (04/20/2022 09:51:35 PM) (Source: Server) (EventID: 2505) (User: ) Description: The server could not bind to the transport \Device\NetBT_Tcpip_{34AD31DA-071F-44E8-8F42-FDF80C6FCC9A} because another computer on the network has the same name. The server could not start. Error: (04/20/2022 09:50:20 PM) (Source: Server) (EventID: 2505) (User: ) Description: The server could not bind to the transport \Device\NetBT_Tcpip_{34AD31DA-071F-44E8-8F42-FDF80C6FCC9A} because another computer on the network has the same name. The server could not start. Windows Defender: ================ Date: 2022-04-20 21:20:08 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2022-04-17 18:24:16 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2022-04-17 09:23:42 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2022-04-13 17:36:15 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2022-04-12 17:28:27 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Event[0] Date: 2022-04-20 20:04:13 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.363.552.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.19100.5 Error code: 0x80072efd Error description: A connection with the server could not be established Date: 2022-04-20 20:04:13 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.363.552.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiSpyware Update Type: Full Current Engine Version: Previous Engine Version: 1.1.19100.5 Error code: 0x80072efd Error description: A connection with the server could not be established Date: 2022-04-20 20:04:13 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.363.552.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.19100.5 Error code: 0x80072efd Error description: A connection with the server could not be established Date: 2022-04-20 20:04:09 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.363.552.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.19100.5 Error code: 0x80072efd Error description: A connection with the server could not be established Date: 2022-04-20 20:04:09 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.363.552.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiSpyware Update Type: Full Current Engine Version: Previous Engine Version: 1.1.19100.5 Error code: 0x80072efd Error description: A connection with the server could not be established ==================== Memory info =========================== BIOS: American Megatrends Inc. 1302 09/02/2019 Motherboard: ASUSTeK COMPUTER INC. ROG MAXIMUS XI HERO Processor: Intel(R) Core(TM) i5-9400F CPU @ 2.90GHz Percentage of memory in use: 11% Total physical RAM: 65451.65 MB Available physical RAM: 58138.86 MB Total Virtual: 75179.65 MB Available Virtual: 65331.86 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:930.81 GB) (Free:780.71 GB) NTFS Drive d: (CCCOMA_X64FRE_EN-US_DV9) (CDROM) (Total:5.18 GB) (Free:0 GB) UDF \\?\Volume{bbfc377e-7e89-4eed-9183-546cbabe9d90}\ () (Fixed) (Total:0.59 GB) (Free:0.08 GB) NTFS \\?\Volume{dbfc58c1-496f-4021-9b1a-9ae6a6584390}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ======================= Addition.txt FRST.txt
  2. Thanks!! Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-04-2022 01 Ran by chris (administrator) on DESKTOP-PKUDR23 (21-04-2022 17:10:02) Running from C:\Users\chris\Downloads Loaded Profiles: chris Platform: Microsoft Windows 11 Home Version 21H2 22000.613 (X64) Language: English (United States) Default browser: FF Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe ->) (ASUSTeK COMPUTER INC. -> ) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\SwAgent\ArmourySwAgent.exe (C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe ->) (ASUSTeK COMPUTER INC. -> ASUS) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmouryWebBrowserEdge.exe (C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpnd\expressvpnd.exe (C:\Program Files (x86)\ExpressVPN\expressvpnd\expressvpnd.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpnd\lightway.exe (C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.Service.exe ->) (ASUSTEK COMPUTER INCORPORATION -> ASUSTeK COMPUTER INC.) C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.UserSessionHelper.exe (C:\Program Files\Google\Chrome\Application\chrome.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationService.exe (C:\Program Files\Google\Chrome\Application\chrome.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe (C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (C:\Program Files\TeamViewer\TeamViewer_Service.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer_Desktop.exe (C:\Program Files\TeamViewer\TeamViewer_Service.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\tv_w32.exe (C:\Program Files\TeamViewer\TeamViewer_Service.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\tv_x64.exe (cmd.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpnd\expressvpn-browser-helper.exe (explorer.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe (explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <19> (explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.44\msedgewebview2.exe <6> (explorer.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <24> (services.exe ->) (ASUSTeK Computer Inc. -> ASUSTek COMPUTER INC.) C:\Program Files (x86)\ASUS\AsusCertService\AsusCertService.exe (services.exe ->) (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\2.01.07\AsusFanControlService.exe (services.exe ->) (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AXSP\4.02.12\atkexComSvc.exe (services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.) C:\Program Files (x86)\ASUS\ROG Live Service\ROGLiveService.exe (services.exe ->) (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\LightingService\LightingService.exe (services.exe ->) (ASUSTEK COMPUTER INCORPORATION -> ASUSTeK COMPUTER INC.) C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.Service.exe (services.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe (services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe (services.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\NVDisplay.Container.exe <2> (services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe (svchost.exe ->) (ASUSTeK Computer Inc. -> ) C:\Program Files\ASUS\KINGSTON_Aac_DRAM\AacKingstonDramHal_x64.exe (svchost.exe ->) (ASUSTeK Computer Inc. -> ) C:\Program Files\ASUS\KINGSTON_Aac_DRAM\AacKingstonDramHal_x86.exe (svchost.exe ->) (ASUSTeK COMPUTER INC. -> ASUS) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AcPowerNotification\AcPowerNotification.exe (svchost.exe ->) (ASUSTeK COMPUTER INC. -> ASUS) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe (svchost.exe ->) (ASUSTeK Computer Inc. -> ASUSTek Compputer Inc.) C:\Program Files\ASUS\AacMB\Aac3572MbHal_x86.exe <2> (svchost.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe <4> (svchost.exe ->) (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files\ASUS\AacExtCard\extensionCardHal_x86.exe (svchost.exe ->) (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files\ASUS\ASUS_Aac_DRAM\Aac3572DramHal_x86.exe (svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_4.5.0.0_x64__8wekyb3d8bbwe\Microsoft.Notes.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2> (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\amd64\MoUsoCoreWorker.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [ExpressVPNNotificationService] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationServiceStarter.exe [379352 2022-04-14] (EXPRSVPN LLC -> ExpressVPN) HKU\S-1-5-21-3499411280-506982931-862582420-1001\...\Run: [Battle.net] => C:\Program Files (x86)\Battle.net\Battle.net.exe [1088456 2022-04-15] (Blizzard Entertainment, Inc. -> Blizzard Entertainment) HKU\S-1-5-21-3499411280-506982931-862582420-1001\...\Run: [ExpressVPN4] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe [852960 2022-04-14] (EXPRSVPN LLC -> ExpressVPN) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\100.0.4896.127\Installer\chrmstp.exe [2022-04-15] (Google LLC -> Google LLC) ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0123ABD3-0C72-4228-9E21-D3EC3D21483E} - System32\Tasks\ASUS\ArmourySocketServer => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe [2196448 2022-01-24] (ASUSTeK COMPUTER INC. -> ASUS) Task: {04183830-523F-4674-B99D-AFDD188ADF1E} - System32\Tasks\GoogleUpdateTaskMachineCore{5D8B878E-E610-4C05-933E-B027163A4A1D} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-03-17] (Google LLC -> Google LLC) Task: {059DF40B-2B09-445B-91EC-671F7017BF8B} - System32\Tasks\ASUS\AcPowerNotification => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AcPowerNotification\AcPowerNotification.exe [294880 2022-01-24] (ASUSTeK COMPUTER INC. -> ASUS) Task: {0C7424FB-65EE-425E-AF27-5632E234B907} - System32\Tasks\ASUS\ASUSUpdateTaskMachineCore1d83a3164357d71 => C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [158224 2022-03-17] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) Task: {2119AFFC-2455-423B-A3CB-2A1F88D9087C} - System32\Tasks\ASUS\Framework Service => C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe [43022856 2022-01-11] (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.) Task: {730D5D38-8299-469A-8DED-E128ACC35465} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate Task: {76D7AA3A-DC9B-4B67-B405-07FA5AFD1920} - System32\Tasks\ASUS\ASUSUpdateTaskMachineUA => C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [158224 2022-03-17] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) Task: {8D15B454-0CD0-4A00-B6F7-2E0A2E7372D8} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB" Task: {D79376AF-2BB4-45A1-B662-F0D12AAC261E} - System32\Tasks\GoogleUpdateTaskMachineUA{499318E1-1926-41EC-8DF5-7BA6AD80AB51} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-03-17] (Google LLC -> Google LLC) Task: {F9C98A47-EAF5-499A-9613-4000C75630E3} - System32\Tasks\ASUS\NoiseCancelingEngine => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\MBLedSDK\NoiseCancelingEngine.exe [1241960 2021-11-24] (ASUSTeK Computer Inc. -> ASUS) Task: {F9D4C138-149B-4D02-A78F-2C92CB6ECDEA} - System32\Tasks\ASUS\P508PowerAgent_sdk => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe (No File) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\..\Interfaces\{30b021af-034e-4d02-9e1e-98fb35892ccf}: [NameServer] 10.20.0.1 Tcpip\..\Interfaces\{34ad31da-071f-44e8-8f42-fdf80c6fcc9a}: [DhcpNameServer] 192.168.1.1 Edge: ======= Edge Profile: C:\Users\chris\AppData\Local\Microsoft\Edge\User Data\Default [2022-04-20] Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee] FireFox: ======== FF DefaultProfile: 5e4fvr75.default FF ProfilePath: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\5e4fvr75.default [2022-04-20] FF ProfilePath: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\a6efzyo7.default-release [2022-04-21] Chrome: ======= CHR DefaultProfile: Profile 1 CHR Profile: C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default [2022-04-21] CHR Extension: (Slides) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2022-03-17] CHR Extension: (Docs) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2022-03-17] CHR Extension: (Google Drive) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2022-03-17] CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2022-03-22] CHR Extension: (Sheets) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2022-03-17] CHR Extension: (ExpressVPN: VPN proxy for a better internet) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgddmllnllkalaagkghckoinaemmogpe [2022-03-20] CHR Extension: (Google Docs Offline) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-04-20] CHR Extension: (MetaMask) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2022-04-20] CHR Extension: (Chrome Web Store Payments) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-03-17] CHR Extension: (Gmail) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2022-03-17] CHR Profile: C:\Users\chris\AppData\Local\Google\Chrome\User Data\Profile 1 [2022-04-21] CHR Extension: (Slides) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2022-04-21] CHR Extension: (Docs) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2022-04-21] CHR Extension: (Google Drive) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2022-04-21] CHR Extension: (Sheets) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2022-04-21] CHR Extension: (Google Docs Offline) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-04-21] CHR Extension: (Chrome Web Store Payments) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-04-21] CHR Extension: (Gmail) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2022-04-21] CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 ArmouryCrateService; C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.Service.exe [349408 2021-12-01] (ASUSTEK COMPUTER INCORPORATION -> ASUSTeK COMPUTER INC.) R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\4.02.12\atkexComSvc.exe [457544 2021-10-21] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) S2 asus; C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [158224 2022-03-17] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) R2 AsusCertService; C:\Program Files (x86)\ASUS\AsusCertService\AsusCertService.exe [179488 2021-09-16] (ASUSTeK Computer Inc. -> ASUSTek COMPUTER INC.) R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\2.01.07\AsusFanControlService.exe [2092872 2021-11-26] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) S3 asusm; C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [158224 2022-03-17] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) S2 AsusUpdateCheck; C:\Windows\System32\AsusUpdateCheck.exe [1097624 2022-04-20] (ASUSTeK Computer Inc. -> ) R2 ExpressVPNService; C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe [438240 2022-04-14] (EXPRSVPN LLC -> ExpressVPN) R2 LightingService; C:\Program Files (x86)\LightingService\LightingService.exe [3683496 2021-11-24] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8347832 2022-04-21] (Malwarebytes Inc -> Malwarebytes) R2 ROG Live Service; C:\Program Files (x86)\ASUS\ROG Live Service\ROGLiveService.exe [6108336 2022-02-14] (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.) R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [14865896 2022-04-05] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\NisSrv.exe [3116848 2022-04-07] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe [133544 2022-04-07] (Microsoft Windows Publisher -> Microsoft Corporation) R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 Asusgio2; C:\Windows\system32\drivers\AsIO2.sys [34384 2021-10-21] (ASUSTeK Computer Inc. -> ) R1 Asusgio3; C:\Windows\system32\drivers\AsIO3.sys [43192 2021-09-16] (ASUSTeK Computer Inc. -> ) R3 AX88772; C:\Windows\System32\DriverStore\FileRepository\netax88772.inf_amd64_f1efe88b4f90c639\ax88772.sys [116736 2021-06-05] (Microsoft Windows -> ASIX Electronics Corp.) R1 CTIIO; C:\Windows\system32\drivers\CtiIo64.sys [30728 2022-03-17] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Innovation Co., LTd.) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [103888 2022-04-21] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) S3 expressvpnsplittunnel; C:\Program Files (x86)\ExpressVPN\splittunnel\expressvpnsplittunnel.sys [45640 2022-04-14] (ExprsVPN LLC -> ExpressVPN) R3 expressvpntun; C:\Windows\System32\drivers\expressvpn-tun.sys [46896 2022-03-02] (Express VPN International Ltd. -> ExpressVPN) S3 Hsp; C:\Windows\System32\drivers\Hsp.sys [110904 2022-03-17] (Microsoft Windows -> Microsoft Corporation) R4 IOMap; C:\Windows\system32\drivers\IOMap64.sys [46728 2022-01-28] (ASUSTEK COMPUTER INC. -> ASUSTeK Computer Inc.) R0 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [223176 2022-04-21] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2022-04-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [193992 2022-04-21] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [70072 2022-04-21] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239560 2022-04-21] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [158856 2022-04-21] (Malwarebytes Inc -> Malwarebytes) R1 MSIO; C:\Windows\system32\drivers\MsIo64.sys [17424 2020-01-19] (Microsoft Windows Hardware Compatibility Publisher -> MICSYS Technology Co., LTd) S3 tapexpressvpn; C:\Windows\System32\drivers\tapexpressvpn.sys [61496 2022-03-02] (ExprsVPN LLC -> The OpenVPN Project) S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [49600 2022-04-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [443664 2022-04-07] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [90384 2022-04-07] (Microsoft Windows -> Microsoft Corporation) S3 cpuz152; \??\C:\Windows\temp\cpuz152\cpuz152_x64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Three months (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2022-04-21 17:10 - 2022-04-21 17:10 - 000019681 _____ C:\Users\chris\Downloads\FRST.txt 2022-04-21 17:09 - 2022-04-21 17:10 - 000000000 ____D C:\FRST 2022-04-21 17:08 - 2022-04-21 17:08 - 002366464 _____ (Farbar) C:\Users\chris\Downloads\FRST64.exe 2022-04-21 16:59 - 2022-04-21 16:59 - 000193992 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2022-04-21 16:59 - 2022-04-21 16:59 - 000158856 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2022-04-21 16:59 - 2022-04-21 16:59 - 000070072 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2022-04-21 16:55 - 2022-04-21 16:59 - 000000000 ____D C:\Users\chris\AppData\Local\mbam 2022-04-21 16:54 - 2022-04-21 16:54 - 000239560 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2022-04-21 16:54 - 2022-04-21 16:54 - 000223176 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2022-04-21 16:54 - 2022-04-21 16:54 - 000103888 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys 2022-04-21 16:54 - 2022-04-21 16:54 - 000021480 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys 2022-04-21 16:54 - 2022-04-21 16:54 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2022-04-21 16:54 - 2022-04-21 16:54 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2022-04-21 16:53 - 2022-04-21 16:53 - 002443448 _____ (Malwarebytes) C:\Users\chris\Downloads\MBSetup.exe 2022-04-21 16:53 - 2022-04-21 16:53 - 000000000 ____D C:\ProgramData\Malwarebytes 2022-04-21 16:53 - 2022-04-21 16:53 - 000000000 ____D C:\Program Files\Malwarebytes 2022-04-21 16:41 - 2022-04-21 16:41 - 000002390 _____ C:\Users\chris\Desktop\John - Chrome.lnk 2022-04-20 22:15 - 2022-04-21 17:10 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38 2022-04-20 22:15 - 2022-04-21 17:01 - 000000000 ____D C:\Users\chris\AppData\LocalLow\Mozilla 2022-04-20 22:15 - 2022-04-20 22:15 - 000336376 _____ (Mozilla) C:\Users\chris\Downloads\Firefox Installer.exe 2022-04-20 22:15 - 2022-04-20 22:15 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2022-04-20 22:15 - 2022-04-20 22:15 - 000000993 _____ C:\Users\Public\Desktop\Firefox.lnk 2022-04-20 22:15 - 2022-04-20 22:15 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla 2022-04-20 22:15 - 2022-04-20 22:15 - 000000000 ____D C:\Users\chris\AppData\Roaming\Mozilla 2022-04-20 22:15 - 2022-04-20 22:15 - 000000000 ____D C:\Users\chris\AppData\Local\Mozilla 2022-04-20 22:15 - 2022-04-20 22:15 - 000000000 ____D C:\Program Files\Mozilla Firefox 2022-04-20 22:15 - 2022-04-20 22:15 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2022-04-20 21:47 - 2022-04-20 21:47 - 000000000 ____D C:\Users\chris\Downloads\R7000-V1.0.11.134_10.2.119 2022-04-20 21:42 - 2022-04-20 21:42 - 031728435 _____ C:\Users\chris\Downloads\R7000-V1.0.11.134_10.2.119.zip 2022-04-20 20:30 - 2022-04-20 20:30 - 038642072 _____ (ExpressVPN) C:\Users\chris\Downloads\expressvpn_windows_10.23.0.6_release.exe 2022-04-20 20:22 - 2022-04-20 20:23 - 000000000 ____D C:\Users\chris\AppData\Local\TeamViewer 2022-04-20 20:22 - 2022-04-20 20:22 - 000000889 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer.lnk 2022-04-20 20:22 - 2022-04-20 20:22 - 000000877 _____ C:\Users\Public\Desktop\TeamViewer.lnk 2022-04-20 20:22 - 2022-04-20 20:22 - 000000000 ____D C:\Users\chris\AppData\Roaming\TeamViewer 2022-04-20 20:21 - 2022-04-20 22:43 - 000000000 ____D C:\Program Files\TeamViewer 2022-04-20 20:17 - 2022-04-20 20:17 - 035963456 _____ (TeamViewer Germany GmbH) C:\Users\chris\Downloads\TeamViewer_Setup_x64.exe 2022-04-20 20:16 - 2022-04-20 20:16 - 000000000 ____D C:\ProgramData\LogMeInLogs 2022-04-20 20:15 - 2022-04-20 20:20 - 000000000 ____D C:\Users\chris\AppData\Roaming\GoToMyPC 2022-04-20 20:15 - 2022-04-20 20:15 - 000000000 ____D C:\ProgramData\GoToMyPC 2022-04-20 20:15 - 2022-04-05 10:56 - 000199072 _____ (LogMeIn, Inc.) C:\Windows\system32\gotomon_x64.dll 2022-04-20 20:15 - 2022-04-05 10:43 - 000047696 _____ (LogMeIn, Inc) C:\Windows\system32\Drivers\monblanking.sys 2022-04-13 16:02 - 2022-04-13 16:02 - 002550832 _____ (The ICU Project) C:\Windows\system32\icu.dll 2022-04-13 16:02 - 2022-04-13 16:02 - 002080992 _____ (The ICU Project) C:\Windows\SysWOW64\icu.dll 2022-04-13 16:02 - 2022-04-13 16:02 - 000372736 _____ C:\Windows\system32\hwreqchk.dll 2022-04-13 16:02 - 2022-04-13 16:02 - 000069632 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2022-04-13 16:02 - 2022-04-13 16:02 - 000032768 _____ C:\Windows\system32\agentactivationruntimestarter.exe 2022-04-13 16:02 - 2022-04-13 16:02 - 000015192 _____ C:\Windows\system32\DrtmAuthTxt.wim 2022-04-13 16:01 - 2022-04-13 16:01 - 000000000 ___HD C:\$WinREAgent 2022-04-10 21:35 - 2022-04-10 21:35 - 000001082 _____ C:\Users\Public\Desktop\Burning Crusade Classic.lnk 2022-04-10 21:35 - 2022-04-10 21:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Burning Crusade Classic 2022-04-06 19:46 - 2022-04-06 19:46 - 000000000 ____D C:\Users\chris\AppData\Local\NVIDIA Corporation 2022-04-04 13:35 - 2022-04-20 20:30 - 000002330 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExpressVPN.lnk 2022-04-04 13:35 - 2022-04-20 20:30 - 000002160 _____ C:\Users\Public\Desktop\ExpressVPN.lnk 2022-04-04 13:35 - 2022-04-04 13:35 - 038531800 _____ (ExpressVPN) C:\Users\chris\Downloads\expressvpn_windows_10.21.0.9_release.exe 2022-03-21 22:42 - 2022-03-21 22:42 - 000001066 _____ C:\Users\Public\Desktop\World of Warcraft.lnk 2022-03-21 22:42 - 2022-03-21 22:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft 2022-03-21 22:38 - 2022-04-10 21:51 - 000000000 ____D C:\Program Files (x86)\World of Warcraft 2022-03-21 22:36 - 2022-04-21 16:27 - 000000000 ____D C:\Users\chris\AppData\Local\Battle.net 2022-03-21 22:36 - 2022-03-21 22:36 - 000000000 ____D C:\Users\chris\AppData\Roaming\Battle.net 2022-03-21 22:36 - 2022-03-21 22:36 - 000000000 ____D C:\Users\chris\AppData\Local\CEF 2022-03-21 22:36 - 2022-03-21 22:36 - 000000000 ____D C:\ProgramData\Blizzard Entertainment 2022-03-21 22:35 - 2022-04-17 09:13 - 000000000 ____D C:\Program Files (x86)\Battle.net 2022-03-21 22:35 - 2022-03-21 22:35 - 004837816 _____ (Blizzard Entertainment) C:\Users\chris\Downloads\Battle.net-Setup (2).exe 2022-03-21 22:35 - 2022-03-21 22:35 - 000000936 _____ C:\Users\Public\Desktop\Battle.net.lnk 2022-03-21 22:35 - 2022-03-21 22:35 - 000000000 ____D C:\Users\chris\AppData\Local\Blizzard Entertainment 2022-03-21 22:35 - 2022-03-21 22:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net 2022-03-21 22:34 - 2022-03-21 22:34 - 004837816 _____ (Blizzard Entertainment) C:\Users\chris\Downloads\Battle.net-Setup (1).exe 2022-03-18 22:39 - 2018-10-16 22:57 - 000131744 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaLPSS2_GPIO2.sys 2022-03-17 14:42 - 2022-03-21 22:35 - 000000000 ____D C:\ProgramData\Battle.net 2022-03-17 14:42 - 2022-03-17 14:42 - 004837816 _____ (Blizzard Entertainment) C:\Users\chris\Downloads\Battle.net-Setup.exe 2022-03-17 12:45 - 2022-04-20 20:23 - 000003584 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3499411280-506982931-862582420-1001 2022-03-17 12:43 - 2022-03-17 12:43 - 000000000 ____D C:\Windows\system32\HealthAttestationClient 2022-03-17 12:42 - 2022-03-20 14:19 - 000000000 ____D C:\Windows\Panther 2022-03-17 12:41 - 2022-03-17 12:41 - 038477008 _____ (ExpressVPN) C:\Users\chris\Downloads\expressvpn_windows_10.20.0.6_release (1).exe 2022-03-17 12:39 - 2022-04-20 20:30 - 000000000 ____D C:\Program Files (x86)\ExpressVPN 2022-03-17 12:39 - 2022-04-04 18:20 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools 2022-03-17 12:39 - 2022-03-17 12:41 - 000000000 ____D C:\Users\chris\AppData\Local\ExpressVPN 2022-03-17 12:39 - 2022-03-17 12:39 - 000000000 ____D C:\ProgramData\ExpressVPN 2022-03-17 12:38 - 2022-03-17 12:38 - 038477008 _____ (ExpressVPN) C:\Users\chris\Downloads\expressvpn_windows_10.20.0.6_release.exe 2022-03-17 12:36 - 2022-03-17 12:36 - 000464384 _____ (curl, hxxps://curl.se/) C:\Windows\SysWOW64\curl.exe 2022-03-17 12:35 - 2022-03-17 12:35 - 000523776 _____ (curl, hxxps://curl.se/) C:\Windows\system32\curl.exe 2022-03-17 12:35 - 2022-03-17 12:35 - 000339968 _____ C:\Windows\system32\Windows.Management.InprocObjects.dll 2022-03-17 12:35 - 2022-03-17 12:35 - 000339968 _____ C:\Windows\system32\pku2u.dll 2022-03-17 12:35 - 2022-03-17 12:35 - 000311296 _____ C:\Windows\system32\EsclScan.dll 2022-03-17 12:35 - 2022-03-17 12:35 - 000247808 _____ C:\Windows\SysWOW64\pku2u.dll 2022-03-17 12:35 - 2022-03-17 12:35 - 000210432 _____ C:\Windows\system32\CloudIdWxhExtension.dll 2022-03-17 12:35 - 2022-03-17 12:35 - 000188416 _____ C:\Windows\system32\EsclProtocol.dll 2022-03-17 12:35 - 2022-03-17 12:35 - 000077824 _____ C:\Windows\system32\APMonUI.dll 2022-03-17 12:35 - 2022-03-17 12:35 - 000040960 _____ C:\Windows\system32\prxyqry.dll 2022-03-17 12:35 - 2022-03-17 12:35 - 000013824 _____ C:\Windows\SysWOW64\prxyqry.dll 2022-03-17 12:31 - 2022-04-21 16:42 - 000000000 ____D C:\Program Files (x86)\Google 2022-03-17 12:31 - 2022-04-20 20:37 - 000003496 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{499318E1-1926-41EC-8DF5-7BA6AD80AB51} 2022-03-17 12:31 - 2022-04-20 20:37 - 000003372 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{5D8B878E-E610-4C05-933E-B027163A4A1D} 2022-03-17 12:31 - 2022-04-15 18:18 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2022-03-17 12:31 - 2022-04-15 18:18 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2022-03-17 12:31 - 2022-03-17 12:41 - 000000000 ____D C:\Users\chris\AppData\Local\Google 2022-03-17 12:31 - 2022-03-17 12:31 - 001343320 _____ (Google LLC) C:\Users\chris\Downloads\ChromeSetup (1).exe 2022-03-17 12:31 - 2022-03-17 12:31 - 000000000 ____D C:\Program Files\Google 2022-03-17 12:30 - 2022-04-13 01:23 - 000000000 ____D C:\Windows\system32\MRT 2022-03-17 12:30 - 2022-03-17 12:30 - 001343320 _____ (Google LLC) C:\Users\chris\Downloads\ChromeSetup.exe 2022-03-17 12:04 - 2022-03-17 12:04 - 000000000 ____D C:\Users\chris\AppData\Local\Comms 2022-03-17 12:04 - 2022-03-17 12:04 - 000000000 ____D C:\Users\chris\AppData\Local\ASUS 2022-03-17 12:03 - 2022-03-17 12:04 - 000000000 ____D C:\Program Files (x86)\LightingService 2022-03-17 12:02 - 2022-03-17 12:04 - 000000000 ____D C:\Program Files\ASUS 2022-03-17 12:02 - 2022-03-17 12:02 - 000030728 _____ (Creative Technology Innovation Co., LTd.) C:\Windows\system32\Drivers\CtiIo64.sys 2022-03-17 12:02 - 2022-03-17 12:02 - 000000000 ____D C:\Program Files\PHISON 2022-03-17 12:02 - 2022-03-17 12:02 - 000000000 ____D C:\Program Files\PD 2022-03-17 12:02 - 2022-03-17 12:02 - 000000000 ____D C:\Program Files\Patriot 2022-03-17 12:02 - 2022-03-17 12:02 - 000000000 ____D C:\Program Files\ENE 2022-03-17 12:02 - 2021-10-21 11:01 - 000120880 _____ C:\Windows\system32\AsIO2.dll 2022-03-17 12:02 - 2021-10-21 11:01 - 000095280 _____ C:\Windows\SysWOW64\AsIO2.dll 2022-03-17 12:02 - 2021-10-21 11:01 - 000034384 _____ C:\Windows\system32\Drivers\AsIO2.sys 2022-03-17 12:02 - 2020-01-19 19:49 - 000017424 _____ (MICSYS Technology Co., LTd) C:\Windows\system32\Drivers\MsIo64.sys 2022-03-17 12:02 - 2020-01-19 19:49 - 000017424 _____ (MICSYS Technology Co., LTd) C:\Windows\system32\Drivers\MsIo64.old 2022-03-17 12:01 - 2022-03-17 12:03 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2022-03-17 12:01 - 2022-03-17 12:03 - 000000000 ____D C:\Windows\system32\Tasks\ASUS 2022-03-17 12:01 - 2022-03-17 12:03 - 000000000 ____D C:\Users\chris\AppData\Local\AcSdkInsLog 2022-03-17 11:59 - 2022-04-20 20:30 - 000000000 ____D C:\ProgramData\Package Cache 2022-03-17 11:59 - 2022-03-17 13:44 - 000000000 ____D C:\Users\chris\AppData\Local\PlaceholderTileLogoFolder 2022-03-17 11:59 - 2022-03-17 12:01 - 000000087 _____ C:\Windows\skipsavetoini 2022-03-17 11:59 - 2022-01-28 10:38 - 000046728 ____N (ASUSTeK Computer Inc.) C:\Windows\system32\Drivers\IOMap64.sys 2022-03-17 11:59 - 2021-09-16 16:25 - 000151608 _____ (©ASUSTeK Computer Inc.) C:\Windows\system32\AsIO3.dll 2022-03-17 11:59 - 2021-09-16 16:25 - 000123744 _____ (©ASUSTeK Computer Inc.) C:\Windows\SysWOW64\AsIO3.dll 2022-03-17 11:59 - 2021-09-16 16:25 - 000043192 _____ C:\Windows\system32\Drivers\AsIO3.sys 2022-03-17 11:58 - 2022-04-20 20:23 - 000003376 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3499411280-506982931-862582420-1001 2022-03-17 11:58 - 2022-04-20 20:23 - 000002379 _____ C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2022-03-17 11:58 - 2022-04-13 16:42 - 000000000 ____D C:\Program Files (x86)\ASUS 2022-03-17 11:58 - 2022-03-20 19:33 - 000000000 ____D C:\Users\chris\AppData\Local\VirtualStore 2022-03-17 11:58 - 2022-03-17 12:45 - 000000000 ___RD C:\Users\chris\OneDrive 2022-03-17 11:58 - 2022-03-17 11:58 - 001189784 _____ (ASUSTeK Computer Inc.) C:\Windows\system32\AsusDownloadAgent.exe 2022-03-17 11:58 - 2022-03-17 11:58 - 000378376 _____ C:\Windows\system32\syncas.dll 2022-03-17 11:58 - 2022-03-17 11:58 - 000000000 ____D C:\ProgramData\Microsoft OneDrive 2022-03-17 11:56 - 2022-04-21 16:26 - 000000000 ____D C:\Users\chris\AppData\Local\D3DSCache 2022-03-17 11:56 - 2022-04-13 23:23 - 000000000 ____D C:\Users\chris\AppData\Local\Packages 2022-03-17 11:56 - 2022-04-07 06:41 - 000000000 ____D C:\Users\chris 2022-03-17 11:56 - 2022-03-17 11:58 - 000333224 _____ () C:\Windows\system32\AsusDownLoadLicense.exe 2022-03-17 11:56 - 2022-03-17 11:56 - 000000020 ___SH C:\Users\chris\ntuser.ini 2022-03-17 11:56 - 2022-03-17 11:56 - 000000000 __RHD C:\Users\Public\AccountPictures 2022-03-17 11:56 - 2022-03-17 11:56 - 000000000 ____D C:\Users\chris\AppData\Roaming\Adobe 2022-03-17 11:56 - 2022-03-17 11:56 - 000000000 ____D C:\Users\chris\AppData\Local\Publishers 2022-03-17 11:56 - 2022-03-17 11:56 - 000000000 ____D C:\Users\chris\AppData\Local\ConnectedDevicesPlatform 2022-03-17 11:56 - 2021-06-05 05:04 - 000001281 _____ C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools.lnk 2022-03-17 11:56 - 2021-06-05 05:04 - 000000407 _____ C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Explorer.lnk 2022-03-17 11:50 - 2022-04-20 20:23 - 000803404 _____ C:\Windows\system32\PerfStringBackup.INI 2022-03-17 11:50 - 2022-03-20 13:56 - 000000000 ____D C:\ProgramData\Packages 2022-03-17 11:50 - 2022-03-17 14:44 - 000000000 ____D C:\ProgramData\NVIDIA Corporation 2022-03-17 11:50 - 2022-03-17 11:50 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation 2022-03-17 11:50 - 2022-03-17 11:50 - 000000000 ____D C:\Program Files\NVIDIA Corporation 2022-03-17 11:49 - 2020-10-07 13:36 - 001769688 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe 2022-03-17 11:49 - 2020-10-07 13:36 - 001769688 _____ C:\Windows\system32\vulkaninfo.exe 2022-03-17 11:49 - 2020-10-07 13:36 - 001370328 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe 2022-03-17 11:49 - 2020-10-07 13:36 - 001370328 _____ C:\Windows\SysWOW64\vulkaninfo.exe 2022-03-17 11:49 - 2020-10-07 13:36 - 001054936 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll 2022-03-17 11:49 - 2020-10-07 13:36 - 001054936 _____ C:\Windows\system32\vulkan-1.dll 2022-03-17 11:49 - 2020-10-07 13:36 - 000917720 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll 2022-03-17 11:49 - 2020-10-07 13:36 - 000917720 _____ C:\Windows\SysWOW64\vulkan-1.dll 2022-03-17 11:49 - 2020-10-07 13:34 - 001023216 _____ (NVIDIA Corporation) C:\Windows\system32\nvml.dll 2022-03-17 11:49 - 2020-10-07 13:34 - 000816368 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcumd.dll 2022-03-17 11:49 - 2020-10-07 13:34 - 000673520 _____ C:\Windows\system32\nvofapi64.dll 2022-03-17 11:49 - 2020-10-07 13:34 - 000670616 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll 2022-03-17 11:49 - 2020-10-07 13:34 - 000555248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll 2022-03-17 11:49 - 2020-10-07 13:34 - 000543128 _____ C:\Windows\SysWOW64\nvofapi.dll 2022-03-17 11:49 - 2020-10-07 13:33 - 007707544 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2022-03-17 11:49 - 2020-10-07 13:33 - 006860184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2022-03-17 11:49 - 2020-10-07 13:33 - 004174064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2022-03-17 11:49 - 2020-10-07 13:33 - 002508528 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2022-03-17 11:49 - 2020-10-07 13:33 - 002098072 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2022-03-17 11:49 - 2020-10-07 13:33 - 001585560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2022-03-17 11:49 - 2020-10-07 13:33 - 001507224 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2022-03-17 11:49 - 2020-10-07 13:33 - 001161112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2022-03-17 11:49 - 2020-10-07 13:33 - 000813464 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll 2022-03-17 11:49 - 2020-10-07 13:33 - 000657304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll 2022-03-17 11:49 - 2020-10-07 13:33 - 000589208 _____ (NVIDIA Corporation) C:\Windows\system32\nvidia-smi.exe 2022-03-17 11:49 - 2020-10-07 13:33 - 000445848 _____ (NVIDIA Corporation) C:\Windows\system32\nvdebugdump.exe 2022-03-17 11:49 - 2020-10-07 13:33 - 000230720 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys 2022-03-17 11:49 - 2020-10-07 13:33 - 000047232 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhdap64.dll 2022-03-17 11:49 - 2020-10-07 13:32 - 005519600 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll 2022-03-17 11:49 - 2020-10-07 13:32 - 000849648 _____ (NVIDIA Corporation) C:\Windows\system32\MCU.exe 2022-03-17 11:49 - 2020-10-07 13:29 - 007001536 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll 2022-03-17 11:49 - 2020-10-07 13:29 - 005972824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2022-03-17 11:49 - 2020-10-07 13:11 - 000080930 _____ C:\Windows\system32\nvinfo.pb 2022-03-17 11:44 - 2022-03-17 11:44 - 000000000 _SHDL C:\Documents and Settings 2022-03-17 11:43 - 2022-04-20 20:16 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2022-03-17 11:43 - 2022-04-17 09:14 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2022-03-17 11:43 - 2022-04-17 09:14 - 000002278 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2022-03-17 11:43 - 2022-04-13 16:42 - 000000000 ____D C:\ProgramData\ASUS 2022-03-17 11:43 - 2022-04-07 17:08 - 000000000 ____D C:\Windows\system32\Drivers\wd 2022-03-17 11:43 - 2022-04-06 19:01 - 000003480 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2022-03-17 11:43 - 2022-04-06 19:01 - 000003356 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2022-03-17 11:42 - 2022-04-20 20:16 - 001136496 _____ C:\Windows\system32\wpbbin.exe 2022-03-17 11:42 - 2022-04-20 20:16 - 001097624 _____ C:\Windows\system32\AsusUpdateCheck.exe 2022-03-17 11:42 - 2022-04-20 20:16 - 000012288 ___SH C:\DumpStack.log.tmp 2022-03-17 11:42 - 2022-04-20 19:53 - 000000000 ____D C:\Windows\system32\SleepStudy 2022-03-17 11:42 - 2022-04-13 22:24 - 000292696 _____ C:\Windows\system32\FNTCACHE.DAT 2022-03-17 11:42 - 2022-03-17 11:42 - 000000000 ____D C:\Windows\ServiceProfiles 2022-03-02 01:14 - 2022-03-02 01:14 - 000061496 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tapexpressvpn.sys 2022-03-02 01:14 - 2022-03-02 01:14 - 000046896 _____ (ExpressVPN) C:\Windows\system32\Drivers\expressvpn-tun.sys ==================== Three months (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2022-04-21 16:59 - 2021-06-05 05:10 - 000000000 ____D C:\Windows\SystemTemp 2022-04-21 16:54 - 2021-06-05 05:10 - 000000000 ___HD C:\Windows\ELAMBKUP 2022-04-21 16:34 - 2021-06-05 05:10 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2022-04-21 16:24 - 2021-06-05 05:10 - 000000000 ___HD C:\Program Files\WindowsApps 2022-04-21 16:24 - 2021-06-05 05:10 - 000000000 ____D C:\Windows\AppReadiness 2022-04-20 20:36 - 2021-06-05 05:09 - 000000000 ____D C:\Windows\INF 2022-04-20 20:15 - 2021-06-05 05:01 - 000524288 _____ C:\Windows\system32\config\BBI 2022-04-13 22:23 - 2021-06-05 05:10 - 000000000 ___RD C:\Windows\ImmersiveControlPanel 2022-04-13 22:23 - 2021-06-05 05:10 - 000000000 ____D C:\Windows\SysWOW64\vi-VN 2022-04-13 22:23 - 2021-06-05 05:10 - 000000000 ____D C:\Windows\SysWOW64\eu-ES 2022-04-13 22:23 - 2021-06-05 05:10 - 000000000 ____D C:\Windows\SystemResources 2022-04-13 22:23 - 2021-06-05 05:10 - 000000000 ____D C:\Windows\system32\vi-VN 2022-04-13 22:23 - 2021-06-05 05:10 - 000000000 ____D C:\Windows\system32\oobe 2022-04-13 22:23 - 2021-06-05 05:10 - 000000000 ____D C:\Windows\system32\eu-ES 2022-04-13 22:23 - 2021-06-05 05:10 - 000000000 ____D C:\Windows\system32\appraiser 2022-04-13 22:23 - 2021-06-05 05:10 - 000000000 ____D C:\Windows\ShellExperiences 2022-04-13 22:23 - 2021-06-05 05:10 - 000000000 ____D C:\Windows\DiagTrack 2022-04-13 22:23 - 2021-06-05 05:10 - 000000000 ____D C:\Windows\bcastdvr 2022-04-13 19:20 - 2021-06-05 05:01 - 000000000 ____D C:\Windows\CbsTemp 2022-03-24 17:18 - 2021-06-05 05:10 - 000000000 ____D C:\Windows\LiveKernelReports ==================== SigCheckExt ========================= 2022-04-21 17:08 - 2022-04-21 17:08 - 002366464 _____ (Farbar) C:\Users\chris\Downloads\FRST64.exe ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== BCD ================================ Firmware Boot Manager --------------------- identifier {fwbootmgr} displayorder {bootmgr} {6cbdeb50-a629-11ec-9aa5-9f896549f7ba} {6179611b-c121-11ec-a3c6-3c8cf8f60d30} {6179611c-c121-11ec-a3c6-3c8cf8f60d30} {6179611d-c121-11ec-a3c6-3c8cf8f60d30} timeout 1 Windows Boot Manager -------------------- identifier {bootmgr} device partition=\Device\HarddiskVolume1 path \EFI\MICROSOFT\BOOT\BOOTMGFW.EFI description Windows Boot Manager locale en-US inherit {globalsettings} default {current} resumeobject {6cbdeb51-a629-11ec-9aa5-9f896549f7ba} displayorder {current} toolsdisplayorder {memdiag} timeout 30 Firmware Application (101fffff) ------------------------------- identifier {6179611b-c121-11ec-a3c6-3c8cf8f60d30} description UEFI:CD/DVD Drive Firmware Application (101fffff) ------------------------------- identifier {6179611c-c121-11ec-a3c6-3c8cf8f60d30} description UEFI:Removable Device Firmware Application (101fffff) ------------------------------- identifier {6179611d-c121-11ec-a3c6-3c8cf8f60d30} description UEFI:Network Device Firmware Application (101fffff) ------------------------------- identifier {6cbdeb50-a629-11ec-9aa5-9f896549f7ba} description UEFI: ASUS DRW-24B1ST j Windows Boot Loader ------------------- identifier {current} device partition=C: path \Windows\system32\winload.efi description Windows 11 locale en-US inherit {bootloadersettings} recoverysequence {6cbdeb53-a629-11ec-9aa5-9f896549f7ba} displaymessageoverride Recovery recoveryenabled Yes isolatedcontext Yes allowedinmemorysettings 0x15000075 osdevice partition=C: systemroot \Windows resumeobject {6cbdeb51-a629-11ec-9aa5-9f896549f7ba} nx OptIn bootmenupolicy Standard Windows Boot Loader ------------------- identifier {6cbdeb53-a629-11ec-9aa5-9f896549f7ba} device ramdisk=[\Device\HarddiskVolume4]\Recovery\WindowsRE\Winre.wim,{6cbdeb54-a629-11ec-9aa5-9f896549f7ba} path \windows\system32\winload.efi description Windows Recovery Environment locale en-us inherit {bootloadersettings} displaymessage Recovery osdevice ramdisk=[\Device\HarddiskVolume4]\Recovery\WindowsRE\Winre.wim,{6cbdeb54-a629-11ec-9aa5-9f896549f7ba} systemroot \windows nx OptIn bootmenupolicy Standard winpe Yes Resume from Hibernate --------------------- identifier {6cbdeb51-a629-11ec-9aa5-9f896549f7ba} device partition=C: path \Windows\system32\winresume.efi description Windows Resume Application locale en-US inherit {resumeloadersettings} recoverysequence {6cbdeb53-a629-11ec-9aa5-9f896549f7ba} recoveryenabled Yes isolatedcontext Yes allowedinmemorysettings 0x15000075 filedevice partition=C: custom:21000026 partition=C: filepath \hiberfil.sys bootmenupolicy Standard debugoptionenabled No Windows Memory Tester --------------------- identifier {memdiag} device partition=\Device\HarddiskVolume1 path \EFI\Microsoft\Boot\memtest.efi description Windows Memory Diagnostic locale en-US inherit {globalsettings} badmemoryaccess Yes EMS Settings ------------ identifier {emssettings} bootems No Debugger Settings ----------------- identifier {dbgsettings} debugtype Local RAM Defects ----------- identifier {badmemory} Global Settings --------------- identifier {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Boot Loader Settings -------------------- identifier {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Hypervisor Settings ------------------- identifier {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Resume Loader Settings ---------------------- identifier {resumeloadersettings} inherit {globalsettings} Device options -------------- identifier {6cbdeb54-a629-11ec-9aa5-9f896549f7ba} description Windows Recovery ramdisksdidevice partition=\Device\HarddiskVolume4 ramdisksdipath \Recovery\WindowsRE\boot.sdi ==================== End of FRST.txt ========================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.