Jump to content

wi-fi hacked possible malware


Recommended Posts

Thanks!!

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-04-2022 01
Ran by chris (administrator) on DESKTOP-PKUDR23 (21-04-2022 17:10:02)
Running from C:\Users\chris\Downloads
Loaded Profiles: chris
Platform: Microsoft Windows 11 Home Version 21H2 22000.613 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe ->) (ASUSTeK COMPUTER INC. -> ) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\SwAgent\ArmourySwAgent.exe
(C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe ->) (ASUSTeK COMPUTER INC. -> ASUS) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmouryWebBrowserEdge.exe
(C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpnd\expressvpnd.exe
(C:\Program Files (x86)\ExpressVPN\expressvpnd\expressvpnd.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpnd\lightway.exe
(C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.Service.exe ->) (ASUSTEK COMPUTER INCORPORATION -> ASUSTeK COMPUTER INC.) C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.UserSessionHelper.exe
(C:\Program Files\Google\Chrome\Application\chrome.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationService.exe
(C:\Program Files\Google\Chrome\Application\chrome.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\TeamViewer\TeamViewer_Service.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer_Desktop.exe
(C:\Program Files\TeamViewer\TeamViewer_Service.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(C:\Program Files\TeamViewer\TeamViewer_Service.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\tv_x64.exe
(cmd.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpnd\expressvpn-browser-helper.exe
(explorer.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <19>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.44\msedgewebview2.exe <6>
(explorer.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <24>
(services.exe ->) (ASUSTeK Computer Inc. -> ASUSTek COMPUTER INC.) C:\Program Files (x86)\ASUS\AsusCertService\AsusCertService.exe
(services.exe ->) (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\2.01.07\AsusFanControlService.exe
(services.exe ->) (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AXSP\4.02.12\atkexComSvc.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.) C:\Program Files (x86)\ASUS\ROG Live Service\ROGLiveService.exe
(services.exe ->) (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\LightingService\LightingService.exe
(services.exe ->) (ASUSTEK COMPUTER INCORPORATION -> ASUSTeK COMPUTER INC.) C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.Service.exe
(services.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(svchost.exe ->) (ASUSTeK Computer Inc. -> ) C:\Program Files\ASUS\KINGSTON_Aac_DRAM\AacKingstonDramHal_x64.exe
(svchost.exe ->) (ASUSTeK Computer Inc. -> ) C:\Program Files\ASUS\KINGSTON_Aac_DRAM\AacKingstonDramHal_x86.exe
(svchost.exe ->) (ASUSTeK COMPUTER INC. -> ASUS) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AcPowerNotification\AcPowerNotification.exe
(svchost.exe ->) (ASUSTeK COMPUTER INC. -> ASUS) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe
(svchost.exe ->) (ASUSTeK Computer Inc. -> ASUSTek Compputer Inc.) C:\Program Files\ASUS\AacMB\Aac3572MbHal_x86.exe <2>
(svchost.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe <4>
(svchost.exe ->) (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files\ASUS\AacExtCard\extensionCardHal_x86.exe
(svchost.exe ->) (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files\ASUS\ASUS_Aac_DRAM\Aac3572DramHal_x86.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_4.5.0.0_x64__8wekyb3d8bbwe\Microsoft.Notes.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\amd64\MoUsoCoreWorker.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [ExpressVPNNotificationService] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationServiceStarter.exe [379352 2022-04-14] (EXPRSVPN LLC -> ExpressVPN)
HKU\S-1-5-21-3499411280-506982931-862582420-1001\...\Run: [Battle.net] => C:\Program Files (x86)\Battle.net\Battle.net.exe [1088456 2022-04-15] (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
HKU\S-1-5-21-3499411280-506982931-862582420-1001\...\Run: [ExpressVPN4] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe [852960 2022-04-14] (EXPRSVPN LLC -> ExpressVPN)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\100.0.4896.127\Installer\chrmstp.exe [2022-04-15] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0123ABD3-0C72-4228-9E21-D3EC3D21483E} - System32\Tasks\ASUS\ArmourySocketServer => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe [2196448 2022-01-24] (ASUSTeK COMPUTER INC. -> ASUS)
Task: {04183830-523F-4674-B99D-AFDD188ADF1E} - System32\Tasks\GoogleUpdateTaskMachineCore{5D8B878E-E610-4C05-933E-B027163A4A1D} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-03-17] (Google LLC -> Google LLC)
Task: {059DF40B-2B09-445B-91EC-671F7017BF8B} - System32\Tasks\ASUS\AcPowerNotification => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AcPowerNotification\AcPowerNotification.exe [294880 2022-01-24] (ASUSTeK COMPUTER INC. -> ASUS)
Task: {0C7424FB-65EE-425E-AF27-5632E234B907} - System32\Tasks\ASUS\ASUSUpdateTaskMachineCore1d83a3164357d71 => C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [158224 2022-03-17] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {2119AFFC-2455-423B-A3CB-2A1F88D9087C} - System32\Tasks\ASUS\Framework Service => C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe [43022856 2022-01-11] (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
Task: {730D5D38-8299-469A-8DED-E128ACC35465} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {76D7AA3A-DC9B-4B67-B405-07FA5AFD1920} - System32\Tasks\ASUS\ASUSUpdateTaskMachineUA => C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [158224 2022-03-17] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {8D15B454-0CD0-4A00-B6F7-2E0A2E7372D8} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {D79376AF-2BB4-45A1-B662-F0D12AAC261E} - System32\Tasks\GoogleUpdateTaskMachineUA{499318E1-1926-41EC-8DF5-7BA6AD80AB51} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-03-17] (Google LLC -> Google LLC)
Task: {F9C98A47-EAF5-499A-9613-4000C75630E3} - System32\Tasks\ASUS\NoiseCancelingEngine => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\MBLedSDK\NoiseCancelingEngine.exe [1241960 2021-11-24] (ASUSTeK Computer Inc. -> ASUS)
Task: {F9D4C138-149B-4D02-A78F-2C92CB6ECDEA} - System32\Tasks\ASUS\P508PowerAgent_sdk => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe (No File)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{30b021af-034e-4d02-9e1e-98fb35892ccf}: [NameServer] 10.20.0.1
Tcpip\..\Interfaces\{34ad31da-071f-44e8-8f42-fdf80c6fcc9a}: [DhcpNameServer] 192.168.1.1

Edge: 
=======
Edge Profile: C:\Users\chris\AppData\Local\Microsoft\Edge\User Data\Default [2022-04-20]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF DefaultProfile: 5e4fvr75.default
FF ProfilePath: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\5e4fvr75.default [2022-04-20]
FF ProfilePath: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\a6efzyo7.default-release [2022-04-21]

Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default [2022-04-21]
CHR Extension: (Slides) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2022-03-17]
CHR Extension: (Docs) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2022-03-17]
CHR Extension: (Google Drive) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2022-03-17]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2022-03-22]
CHR Extension: (Sheets) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2022-03-17]
CHR Extension: (ExpressVPN: VPN proxy for a better internet) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgddmllnllkalaagkghckoinaemmogpe [2022-03-20]
CHR Extension: (Google Docs Offline) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-04-20]
CHR Extension: (MetaMask) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2022-04-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-03-17]
CHR Extension: (Gmail) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2022-03-17]
CHR Profile: C:\Users\chris\AppData\Local\Google\Chrome\User Data\Profile 1 [2022-04-21]
CHR Extension: (Slides) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2022-04-21]
CHR Extension: (Docs) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2022-04-21]
CHR Extension: (Google Drive) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2022-04-21]
CHR Extension: (Sheets) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2022-04-21]
CHR Extension: (Google Docs Offline) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-04-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-04-21]
CHR Extension: (Gmail) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2022-04-21]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ArmouryCrateService; C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.Service.exe [349408 2021-12-01] (ASUSTEK COMPUTER INCORPORATION -> ASUSTeK COMPUTER INC.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\4.02.12\atkexComSvc.exe [457544 2021-10-21] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S2 asus; C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [158224 2022-03-17] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R2 AsusCertService; C:\Program Files (x86)\ASUS\AsusCertService\AsusCertService.exe [179488 2021-09-16] (ASUSTeK Computer Inc. -> ASUSTek COMPUTER INC.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\2.01.07\AsusFanControlService.exe [2092872 2021-11-26] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S3 asusm; C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [158224 2022-03-17] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S2 AsusUpdateCheck; C:\Windows\System32\AsusUpdateCheck.exe [1097624 2022-04-20] (ASUSTeK Computer Inc. -> )
R2 ExpressVPNService; C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe [438240 2022-04-14] (EXPRSVPN LLC -> ExpressVPN)
R2 LightingService; C:\Program Files (x86)\LightingService\LightingService.exe [3683496 2021-11-24] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8347832 2022-04-21] (Malwarebytes Inc -> Malwarebytes)
R2 ROG Live Service; C:\Program Files (x86)\ASUS\ROG Live Service\ROGLiveService.exe [6108336 2022-02-14] (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [14865896 2022-04-05] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\NisSrv.exe [3116848 2022-04-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe [133544 2022-04-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 Asusgio2; C:\Windows\system32\drivers\AsIO2.sys [34384 2021-10-21] (ASUSTeK Computer Inc. -> )
R1 Asusgio3; C:\Windows\system32\drivers\AsIO3.sys [43192 2021-09-16] (ASUSTeK Computer Inc. -> )
R3 AX88772; C:\Windows\System32\DriverStore\FileRepository\netax88772.inf_amd64_f1efe88b4f90c639\ax88772.sys [116736 2021-06-05] (Microsoft Windows -> ASIX Electronics Corp.)
R1 CTIIO; C:\Windows\system32\drivers\CtiIo64.sys [30728 2022-03-17] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Innovation Co., LTd.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [103888 2022-04-21] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 expressvpnsplittunnel; C:\Program Files (x86)\ExpressVPN\splittunnel\expressvpnsplittunnel.sys [45640 2022-04-14] (ExprsVPN LLC -> ExpressVPN)
R3 expressvpntun; C:\Windows\System32\drivers\expressvpn-tun.sys [46896 2022-03-02] (Express VPN International Ltd. -> ExpressVPN)
S3 Hsp; C:\Windows\System32\drivers\Hsp.sys [110904 2022-03-17] (Microsoft Windows -> Microsoft Corporation)
R4 IOMap; C:\Windows\system32\drivers\IOMap64.sys [46728 2022-01-28] (ASUSTEK COMPUTER INC. -> ASUSTeK Computer Inc.)
R0 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [223176 2022-04-21] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2022-04-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [193992 2022-04-21] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [70072 2022-04-21] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239560 2022-04-21] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [158856 2022-04-21] (Malwarebytes Inc -> Malwarebytes)
R1 MSIO; C:\Windows\system32\drivers\MsIo64.sys [17424 2020-01-19] (Microsoft Windows Hardware Compatibility Publisher -> MICSYS Technology Co., LTd)
S3 tapexpressvpn; C:\Windows\System32\drivers\tapexpressvpn.sys [61496 2022-03-02] (ExprsVPN LLC -> The OpenVPN Project)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [49600 2022-04-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [443664 2022-04-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [90384 2022-04-07] (Microsoft Windows -> Microsoft Corporation)
S3 cpuz152; \??\C:\Windows\temp\cpuz152\cpuz152_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Three months (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-04-21 17:10 - 2022-04-21 17:10 - 000019681 _____ C:\Users\chris\Downloads\FRST.txt
2022-04-21 17:09 - 2022-04-21 17:10 - 000000000 ____D C:\FRST
2022-04-21 17:08 - 2022-04-21 17:08 - 002366464 _____ (Farbar) C:\Users\chris\Downloads\FRST64.exe
2022-04-21 16:59 - 2022-04-21 16:59 - 000193992 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2022-04-21 16:59 - 2022-04-21 16:59 - 000158856 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2022-04-21 16:59 - 2022-04-21 16:59 - 000070072 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2022-04-21 16:55 - 2022-04-21 16:59 - 000000000 ____D C:\Users\chris\AppData\Local\mbam
2022-04-21 16:54 - 2022-04-21 16:54 - 000239560 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2022-04-21 16:54 - 2022-04-21 16:54 - 000223176 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2022-04-21 16:54 - 2022-04-21 16:54 - 000103888 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2022-04-21 16:54 - 2022-04-21 16:54 - 000021480 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2022-04-21 16:54 - 2022-04-21 16:54 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-04-21 16:54 - 2022-04-21 16:54 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2022-04-21 16:53 - 2022-04-21 16:53 - 002443448 _____ (Malwarebytes) C:\Users\chris\Downloads\MBSetup.exe
2022-04-21 16:53 - 2022-04-21 16:53 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-04-21 16:53 - 2022-04-21 16:53 - 000000000 ____D C:\Program Files\Malwarebytes
2022-04-21 16:41 - 2022-04-21 16:41 - 000002390 _____ C:\Users\chris\Desktop\John - Chrome.lnk
2022-04-20 22:15 - 2022-04-21 17:10 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-04-20 22:15 - 2022-04-21 17:01 - 000000000 ____D C:\Users\chris\AppData\LocalLow\Mozilla
2022-04-20 22:15 - 2022-04-20 22:15 - 000336376 _____ (Mozilla) C:\Users\chris\Downloads\Firefox Installer.exe
2022-04-20 22:15 - 2022-04-20 22:15 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-04-20 22:15 - 2022-04-20 22:15 - 000000993 _____ C:\Users\Public\Desktop\Firefox.lnk
2022-04-20 22:15 - 2022-04-20 22:15 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2022-04-20 22:15 - 2022-04-20 22:15 - 000000000 ____D C:\Users\chris\AppData\Roaming\Mozilla
2022-04-20 22:15 - 2022-04-20 22:15 - 000000000 ____D C:\Users\chris\AppData\Local\Mozilla
2022-04-20 22:15 - 2022-04-20 22:15 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-04-20 22:15 - 2022-04-20 22:15 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-04-20 21:47 - 2022-04-20 21:47 - 000000000 ____D C:\Users\chris\Downloads\R7000-V1.0.11.134_10.2.119
2022-04-20 21:42 - 2022-04-20 21:42 - 031728435 _____ C:\Users\chris\Downloads\R7000-V1.0.11.134_10.2.119.zip
2022-04-20 20:30 - 2022-04-20 20:30 - 038642072 _____ (ExpressVPN) C:\Users\chris\Downloads\expressvpn_windows_10.23.0.6_release.exe
2022-04-20 20:22 - 2022-04-20 20:23 - 000000000 ____D C:\Users\chris\AppData\Local\TeamViewer
2022-04-20 20:22 - 2022-04-20 20:22 - 000000889 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer.lnk
2022-04-20 20:22 - 2022-04-20 20:22 - 000000877 _____ C:\Users\Public\Desktop\TeamViewer.lnk
2022-04-20 20:22 - 2022-04-20 20:22 - 000000000 ____D C:\Users\chris\AppData\Roaming\TeamViewer
2022-04-20 20:21 - 2022-04-20 22:43 - 000000000 ____D C:\Program Files\TeamViewer
2022-04-20 20:17 - 2022-04-20 20:17 - 035963456 _____ (TeamViewer Germany GmbH) C:\Users\chris\Downloads\TeamViewer_Setup_x64.exe
2022-04-20 20:16 - 2022-04-20 20:16 - 000000000 ____D C:\ProgramData\LogMeInLogs
2022-04-20 20:15 - 2022-04-20 20:20 - 000000000 ____D C:\Users\chris\AppData\Roaming\GoToMyPC
2022-04-20 20:15 - 2022-04-20 20:15 - 000000000 ____D C:\ProgramData\GoToMyPC
2022-04-20 20:15 - 2022-04-05 10:56 - 000199072 _____ (LogMeIn, Inc.) C:\Windows\system32\gotomon_x64.dll
2022-04-20 20:15 - 2022-04-05 10:43 - 000047696 _____ (LogMeIn, Inc) C:\Windows\system32\Drivers\monblanking.sys
2022-04-13 16:02 - 2022-04-13 16:02 - 002550832 _____ (The ICU Project) C:\Windows\system32\icu.dll
2022-04-13 16:02 - 2022-04-13 16:02 - 002080992 _____ (The ICU Project) C:\Windows\SysWOW64\icu.dll
2022-04-13 16:02 - 2022-04-13 16:02 - 000372736 _____ C:\Windows\system32\hwreqchk.dll
2022-04-13 16:02 - 2022-04-13 16:02 - 000069632 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2022-04-13 16:02 - 2022-04-13 16:02 - 000032768 _____ C:\Windows\system32\agentactivationruntimestarter.exe
2022-04-13 16:02 - 2022-04-13 16:02 - 000015192 _____ C:\Windows\system32\DrtmAuthTxt.wim
2022-04-13 16:01 - 2022-04-13 16:01 - 000000000 ___HD C:\$WinREAgent
2022-04-10 21:35 - 2022-04-10 21:35 - 000001082 _____ C:\Users\Public\Desktop\Burning Crusade Classic.lnk
2022-04-10 21:35 - 2022-04-10 21:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Burning Crusade Classic
2022-04-06 19:46 - 2022-04-06 19:46 - 000000000 ____D C:\Users\chris\AppData\Local\NVIDIA Corporation
2022-04-04 13:35 - 2022-04-20 20:30 - 000002330 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExpressVPN.lnk
2022-04-04 13:35 - 2022-04-20 20:30 - 000002160 _____ C:\Users\Public\Desktop\ExpressVPN.lnk
2022-04-04 13:35 - 2022-04-04 13:35 - 038531800 _____ (ExpressVPN) C:\Users\chris\Downloads\expressvpn_windows_10.21.0.9_release.exe
2022-03-21 22:42 - 2022-03-21 22:42 - 000001066 _____ C:\Users\Public\Desktop\World of Warcraft.lnk
2022-03-21 22:42 - 2022-03-21 22:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2022-03-21 22:38 - 2022-04-10 21:51 - 000000000 ____D C:\Program Files (x86)\World of Warcraft
2022-03-21 22:36 - 2022-04-21 16:27 - 000000000 ____D C:\Users\chris\AppData\Local\Battle.net
2022-03-21 22:36 - 2022-03-21 22:36 - 000000000 ____D C:\Users\chris\AppData\Roaming\Battle.net
2022-03-21 22:36 - 2022-03-21 22:36 - 000000000 ____D C:\Users\chris\AppData\Local\CEF
2022-03-21 22:36 - 2022-03-21 22:36 - 000000000 ____D C:\ProgramData\Blizzard Entertainment
2022-03-21 22:35 - 2022-04-17 09:13 - 000000000 ____D C:\Program Files (x86)\Battle.net
2022-03-21 22:35 - 2022-03-21 22:35 - 004837816 _____ (Blizzard Entertainment) C:\Users\chris\Downloads\Battle.net-Setup (2).exe
2022-03-21 22:35 - 2022-03-21 22:35 - 000000936 _____ C:\Users\Public\Desktop\Battle.net.lnk
2022-03-21 22:35 - 2022-03-21 22:35 - 000000000 ____D C:\Users\chris\AppData\Local\Blizzard Entertainment
2022-03-21 22:35 - 2022-03-21 22:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2022-03-21 22:34 - 2022-03-21 22:34 - 004837816 _____ (Blizzard Entertainment) C:\Users\chris\Downloads\Battle.net-Setup (1).exe
2022-03-18 22:39 - 2018-10-16 22:57 - 000131744 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaLPSS2_GPIO2.sys
2022-03-17 14:42 - 2022-03-21 22:35 - 000000000 ____D C:\ProgramData\Battle.net
2022-03-17 14:42 - 2022-03-17 14:42 - 004837816 _____ (Blizzard Entertainment) C:\Users\chris\Downloads\Battle.net-Setup.exe
2022-03-17 12:45 - 2022-04-20 20:23 - 000003584 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3499411280-506982931-862582420-1001
2022-03-17 12:43 - 2022-03-17 12:43 - 000000000 ____D C:\Windows\system32\HealthAttestationClient
2022-03-17 12:42 - 2022-03-20 14:19 - 000000000 ____D C:\Windows\Panther
2022-03-17 12:41 - 2022-03-17 12:41 - 038477008 _____ (ExpressVPN) C:\Users\chris\Downloads\expressvpn_windows_10.20.0.6_release (1).exe
2022-03-17 12:39 - 2022-04-20 20:30 - 000000000 ____D C:\Program Files (x86)\ExpressVPN
2022-03-17 12:39 - 2022-04-04 18:20 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2022-03-17 12:39 - 2022-03-17 12:41 - 000000000 ____D C:\Users\chris\AppData\Local\ExpressVPN
2022-03-17 12:39 - 2022-03-17 12:39 - 000000000 ____D C:\ProgramData\ExpressVPN
2022-03-17 12:38 - 2022-03-17 12:38 - 038477008 _____ (ExpressVPN) C:\Users\chris\Downloads\expressvpn_windows_10.20.0.6_release.exe
2022-03-17 12:36 - 2022-03-17 12:36 - 000464384 _____ (curl, hxxps://curl.se/) C:\Windows\SysWOW64\curl.exe
2022-03-17 12:35 - 2022-03-17 12:35 - 000523776 _____ (curl, hxxps://curl.se/) C:\Windows\system32\curl.exe
2022-03-17 12:35 - 2022-03-17 12:35 - 000339968 _____ C:\Windows\system32\Windows.Management.InprocObjects.dll
2022-03-17 12:35 - 2022-03-17 12:35 - 000339968 _____ C:\Windows\system32\pku2u.dll
2022-03-17 12:35 - 2022-03-17 12:35 - 000311296 _____ C:\Windows\system32\EsclScan.dll
2022-03-17 12:35 - 2022-03-17 12:35 - 000247808 _____ C:\Windows\SysWOW64\pku2u.dll
2022-03-17 12:35 - 2022-03-17 12:35 - 000210432 _____ C:\Windows\system32\CloudIdWxhExtension.dll
2022-03-17 12:35 - 2022-03-17 12:35 - 000188416 _____ C:\Windows\system32\EsclProtocol.dll
2022-03-17 12:35 - 2022-03-17 12:35 - 000077824 _____ C:\Windows\system32\APMonUI.dll
2022-03-17 12:35 - 2022-03-17 12:35 - 000040960 _____ C:\Windows\system32\prxyqry.dll
2022-03-17 12:35 - 2022-03-17 12:35 - 000013824 _____ C:\Windows\SysWOW64\prxyqry.dll
2022-03-17 12:31 - 2022-04-21 16:42 - 000000000 ____D C:\Program Files (x86)\Google
2022-03-17 12:31 - 2022-04-20 20:37 - 000003496 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{499318E1-1926-41EC-8DF5-7BA6AD80AB51}
2022-03-17 12:31 - 2022-04-20 20:37 - 000003372 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{5D8B878E-E610-4C05-933E-B027163A4A1D}
2022-03-17 12:31 - 2022-04-15 18:18 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-03-17 12:31 - 2022-04-15 18:18 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-03-17 12:31 - 2022-03-17 12:41 - 000000000 ____D C:\Users\chris\AppData\Local\Google
2022-03-17 12:31 - 2022-03-17 12:31 - 001343320 _____ (Google LLC) C:\Users\chris\Downloads\ChromeSetup (1).exe
2022-03-17 12:31 - 2022-03-17 12:31 - 000000000 ____D C:\Program Files\Google
2022-03-17 12:30 - 2022-04-13 01:23 - 000000000 ____D C:\Windows\system32\MRT
2022-03-17 12:30 - 2022-03-17 12:30 - 001343320 _____ (Google LLC) C:\Users\chris\Downloads\ChromeSetup.exe
2022-03-17 12:04 - 2022-03-17 12:04 - 000000000 ____D C:\Users\chris\AppData\Local\Comms
2022-03-17 12:04 - 2022-03-17 12:04 - 000000000 ____D C:\Users\chris\AppData\Local\ASUS
2022-03-17 12:03 - 2022-03-17 12:04 - 000000000 ____D C:\Program Files (x86)\LightingService
2022-03-17 12:02 - 2022-03-17 12:04 - 000000000 ____D C:\Program Files\ASUS
2022-03-17 12:02 - 2022-03-17 12:02 - 000030728 _____ (Creative Technology Innovation Co., LTd.) C:\Windows\system32\Drivers\CtiIo64.sys
2022-03-17 12:02 - 2022-03-17 12:02 - 000000000 ____D C:\Program Files\PHISON
2022-03-17 12:02 - 2022-03-17 12:02 - 000000000 ____D C:\Program Files\PD
2022-03-17 12:02 - 2022-03-17 12:02 - 000000000 ____D C:\Program Files\Patriot
2022-03-17 12:02 - 2022-03-17 12:02 - 000000000 ____D C:\Program Files\ENE
2022-03-17 12:02 - 2021-10-21 11:01 - 000120880 _____ C:\Windows\system32\AsIO2.dll
2022-03-17 12:02 - 2021-10-21 11:01 - 000095280 _____ C:\Windows\SysWOW64\AsIO2.dll
2022-03-17 12:02 - 2021-10-21 11:01 - 000034384 _____ C:\Windows\system32\Drivers\AsIO2.sys
2022-03-17 12:02 - 2020-01-19 19:49 - 000017424 _____ (MICSYS Technology Co., LTd) C:\Windows\system32\Drivers\MsIo64.sys
2022-03-17 12:02 - 2020-01-19 19:49 - 000017424 _____ (MICSYS Technology Co., LTd) C:\Windows\system32\Drivers\MsIo64.old
2022-03-17 12:01 - 2022-03-17 12:03 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2022-03-17 12:01 - 2022-03-17 12:03 - 000000000 ____D C:\Windows\system32\Tasks\ASUS
2022-03-17 12:01 - 2022-03-17 12:03 - 000000000 ____D C:\Users\chris\AppData\Local\AcSdkInsLog
2022-03-17 11:59 - 2022-04-20 20:30 - 000000000 ____D C:\ProgramData\Package Cache
2022-03-17 11:59 - 2022-03-17 13:44 - 000000000 ____D C:\Users\chris\AppData\Local\PlaceholderTileLogoFolder
2022-03-17 11:59 - 2022-03-17 12:01 - 000000087 _____ C:\Windows\skipsavetoini
2022-03-17 11:59 - 2022-01-28 10:38 - 000046728 ____N (ASUSTeK Computer Inc.) C:\Windows\system32\Drivers\IOMap64.sys
2022-03-17 11:59 - 2021-09-16 16:25 - 000151608 _____ (©ASUSTeK Computer Inc.) C:\Windows\system32\AsIO3.dll
2022-03-17 11:59 - 2021-09-16 16:25 - 000123744 _____ (©ASUSTeK Computer Inc.) C:\Windows\SysWOW64\AsIO3.dll
2022-03-17 11:59 - 2021-09-16 16:25 - 000043192 _____ C:\Windows\system32\Drivers\AsIO3.sys
2022-03-17 11:58 - 2022-04-20 20:23 - 000003376 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3499411280-506982931-862582420-1001
2022-03-17 11:58 - 2022-04-20 20:23 - 000002379 _____ C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-03-17 11:58 - 2022-04-13 16:42 - 000000000 ____D C:\Program Files (x86)\ASUS
2022-03-17 11:58 - 2022-03-20 19:33 - 000000000 ____D C:\Users\chris\AppData\Local\VirtualStore
2022-03-17 11:58 - 2022-03-17 12:45 - 000000000 ___RD C:\Users\chris\OneDrive
2022-03-17 11:58 - 2022-03-17 11:58 - 001189784 _____ (ASUSTeK Computer Inc.) C:\Windows\system32\AsusDownloadAgent.exe
2022-03-17 11:58 - 2022-03-17 11:58 - 000378376 _____ C:\Windows\system32\syncas.dll
2022-03-17 11:58 - 2022-03-17 11:58 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2022-03-17 11:56 - 2022-04-21 16:26 - 000000000 ____D C:\Users\chris\AppData\Local\D3DSCache
2022-03-17 11:56 - 2022-04-13 23:23 - 000000000 ____D C:\Users\chris\AppData\Local\Packages
2022-03-17 11:56 - 2022-04-07 06:41 - 000000000 ____D C:\Users\chris
2022-03-17 11:56 - 2022-03-17 11:58 - 000333224 _____ () C:\Windows\system32\AsusDownLoadLicense.exe
2022-03-17 11:56 - 2022-03-17 11:56 - 000000020 ___SH C:\Users\chris\ntuser.ini
2022-03-17 11:56 - 2022-03-17 11:56 - 000000000 __RHD C:\Users\Public\AccountPictures
2022-03-17 11:56 - 2022-03-17 11:56 - 000000000 ____D C:\Users\chris\AppData\Roaming\Adobe
2022-03-17 11:56 - 2022-03-17 11:56 - 000000000 ____D C:\Users\chris\AppData\Local\Publishers
2022-03-17 11:56 - 2022-03-17 11:56 - 000000000 ____D C:\Users\chris\AppData\Local\ConnectedDevicesPlatform
2022-03-17 11:56 - 2021-06-05 05:04 - 000001281 _____ C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools.lnk
2022-03-17 11:56 - 2021-06-05 05:04 - 000000407 _____ C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Explorer.lnk
2022-03-17 11:50 - 2022-04-20 20:23 - 000803404 _____ C:\Windows\system32\PerfStringBackup.INI
2022-03-17 11:50 - 2022-03-20 13:56 - 000000000 ____D C:\ProgramData\Packages
2022-03-17 11:50 - 2022-03-17 14:44 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2022-03-17 11:50 - 2022-03-17 11:50 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2022-03-17 11:50 - 2022-03-17 11:50 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2022-03-17 11:49 - 2020-10-07 13:36 - 001769688 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2022-03-17 11:49 - 2020-10-07 13:36 - 001769688 _____ C:\Windows\system32\vulkaninfo.exe
2022-03-17 11:49 - 2020-10-07 13:36 - 001370328 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2022-03-17 11:49 - 2020-10-07 13:36 - 001370328 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2022-03-17 11:49 - 2020-10-07 13:36 - 001054936 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2022-03-17 11:49 - 2020-10-07 13:36 - 001054936 _____ C:\Windows\system32\vulkan-1.dll
2022-03-17 11:49 - 2020-10-07 13:36 - 000917720 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2022-03-17 11:49 - 2020-10-07 13:36 - 000917720 _____ C:\Windows\SysWOW64\vulkan-1.dll
2022-03-17 11:49 - 2020-10-07 13:34 - 001023216 _____ (NVIDIA Corporation) C:\Windows\system32\nvml.dll
2022-03-17 11:49 - 2020-10-07 13:34 - 000816368 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcumd.dll
2022-03-17 11:49 - 2020-10-07 13:34 - 000673520 _____ C:\Windows\system32\nvofapi64.dll
2022-03-17 11:49 - 2020-10-07 13:34 - 000670616 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2022-03-17 11:49 - 2020-10-07 13:34 - 000555248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2022-03-17 11:49 - 2020-10-07 13:34 - 000543128 _____ C:\Windows\SysWOW64\nvofapi.dll
2022-03-17 11:49 - 2020-10-07 13:33 - 007707544 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2022-03-17 11:49 - 2020-10-07 13:33 - 006860184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2022-03-17 11:49 - 2020-10-07 13:33 - 004174064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2022-03-17 11:49 - 2020-10-07 13:33 - 002508528 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2022-03-17 11:49 - 2020-10-07 13:33 - 002098072 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2022-03-17 11:49 - 2020-10-07 13:33 - 001585560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2022-03-17 11:49 - 2020-10-07 13:33 - 001507224 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2022-03-17 11:49 - 2020-10-07 13:33 - 001161112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2022-03-17 11:49 - 2020-10-07 13:33 - 000813464 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2022-03-17 11:49 - 2020-10-07 13:33 - 000657304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2022-03-17 11:49 - 2020-10-07 13:33 - 000589208 _____ (NVIDIA Corporation) C:\Windows\system32\nvidia-smi.exe
2022-03-17 11:49 - 2020-10-07 13:33 - 000445848 _____ (NVIDIA Corporation) C:\Windows\system32\nvdebugdump.exe
2022-03-17 11:49 - 2020-10-07 13:33 - 000230720 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2022-03-17 11:49 - 2020-10-07 13:33 - 000047232 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhdap64.dll
2022-03-17 11:49 - 2020-10-07 13:32 - 005519600 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2022-03-17 11:49 - 2020-10-07 13:32 - 000849648 _____ (NVIDIA Corporation) C:\Windows\system32\MCU.exe
2022-03-17 11:49 - 2020-10-07 13:29 - 007001536 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2022-03-17 11:49 - 2020-10-07 13:29 - 005972824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2022-03-17 11:49 - 2020-10-07 13:11 - 000080930 _____ C:\Windows\system32\nvinfo.pb
2022-03-17 11:44 - 2022-03-17 11:44 - 000000000 _SHDL C:\Documents and Settings
2022-03-17 11:43 - 2022-04-20 20:16 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2022-03-17 11:43 - 2022-04-17 09:14 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-03-17 11:43 - 2022-04-17 09:14 - 000002278 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-03-17 11:43 - 2022-04-13 16:42 - 000000000 ____D C:\ProgramData\ASUS
2022-03-17 11:43 - 2022-04-07 17:08 - 000000000 ____D C:\Windows\system32\Drivers\wd
2022-03-17 11:43 - 2022-04-06 19:01 - 000003480 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-03-17 11:43 - 2022-04-06 19:01 - 000003356 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-03-17 11:42 - 2022-04-20 20:16 - 001136496 _____ C:\Windows\system32\wpbbin.exe
2022-03-17 11:42 - 2022-04-20 20:16 - 001097624 _____ C:\Windows\system32\AsusUpdateCheck.exe
2022-03-17 11:42 - 2022-04-20 20:16 - 000012288 ___SH C:\DumpStack.log.tmp
2022-03-17 11:42 - 2022-04-20 19:53 - 000000000 ____D C:\Windows\system32\SleepStudy
2022-03-17 11:42 - 2022-04-13 22:24 - 000292696 _____ C:\Windows\system32\FNTCACHE.DAT
2022-03-17 11:42 - 2022-03-17 11:42 - 000000000 ____D C:\Windows\ServiceProfiles
2022-03-02 01:14 - 2022-03-02 01:14 - 000061496 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tapexpressvpn.sys
2022-03-02 01:14 - 2022-03-02 01:14 - 000046896 _____ (ExpressVPN) C:\Windows\system32\Drivers\expressvpn-tun.sys

==================== Three months (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-04-21 16:59 - 2021-06-05 05:10 - 000000000 ____D C:\Windows\SystemTemp
2022-04-21 16:54 - 2021-06-05 05:10 - 000000000 ___HD C:\Windows\ELAMBKUP
2022-04-21 16:34 - 2021-06-05 05:10 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-04-21 16:24 - 2021-06-05 05:10 - 000000000 ___HD C:\Program Files\WindowsApps
2022-04-21 16:24 - 2021-06-05 05:10 - 000000000 ____D C:\Windows\AppReadiness
2022-04-20 20:36 - 2021-06-05 05:09 - 000000000 ____D C:\Windows\INF
2022-04-20 20:15 - 2021-06-05 05:01 - 000524288 _____ C:\Windows\system32\config\BBI
2022-04-13 22:23 - 2021-06-05 05:10 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2022-04-13 22:23 - 2021-06-05 05:10 - 000000000 ____D C:\Windows\SysWOW64\vi-VN
2022-04-13 22:23 - 2021-06-05 05:10 - 000000000 ____D C:\Windows\SysWOW64\eu-ES
2022-04-13 22:23 - 2021-06-05 05:10 - 000000000 ____D C:\Windows\SystemResources
2022-04-13 22:23 - 2021-06-05 05:10 - 000000000 ____D C:\Windows\system32\vi-VN
2022-04-13 22:23 - 2021-06-05 05:10 - 000000000 ____D C:\Windows\system32\oobe
2022-04-13 22:23 - 2021-06-05 05:10 - 000000000 ____D C:\Windows\system32\eu-ES
2022-04-13 22:23 - 2021-06-05 05:10 - 000000000 ____D C:\Windows\system32\appraiser
2022-04-13 22:23 - 2021-06-05 05:10 - 000000000 ____D C:\Windows\ShellExperiences
2022-04-13 22:23 - 2021-06-05 05:10 - 000000000 ____D C:\Windows\DiagTrack
2022-04-13 22:23 - 2021-06-05 05:10 - 000000000 ____D C:\Windows\bcastdvr
2022-04-13 19:20 - 2021-06-05 05:01 - 000000000 ____D C:\Windows\CbsTemp
2022-03-24 17:18 - 2021-06-05 05:10 - 000000000 ____D C:\Windows\LiveKernelReports

==================== SigCheckExt =========================

2022-04-21 17:08 - 2022-04-21 17:08 - 002366464 _____ (Farbar) C:\Users\chris\Downloads\FRST64.exe

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


==================== BCD ================================

Firmware Boot Manager
---------------------
identifier              {fwbootmgr}
displayorder            {bootmgr}
                        {6cbdeb50-a629-11ec-9aa5-9f896549f7ba}
                        {6179611b-c121-11ec-a3c6-3c8cf8f60d30}
                        {6179611c-c121-11ec-a3c6-3c8cf8f60d30}
                        {6179611d-c121-11ec-a3c6-3c8cf8f60d30}
timeout                 1

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
path                    \EFI\MICROSOFT\BOOT\BOOTMGFW.EFI
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {6cbdeb51-a629-11ec-9aa5-9f896549f7ba}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Firmware Application (101fffff)
-------------------------------
identifier              {6179611b-c121-11ec-a3c6-3c8cf8f60d30}
description             UEFI:CD/DVD Drive

Firmware Application (101fffff)
-------------------------------
identifier              {6179611c-c121-11ec-a3c6-3c8cf8f60d30}
description             UEFI:Removable Device

Firmware Application (101fffff)
-------------------------------
identifier              {6179611d-c121-11ec-a3c6-3c8cf8f60d30}
description             UEFI:Network Device

Firmware Application (101fffff)
-------------------------------
identifier              {6cbdeb50-a629-11ec-9aa5-9f896549f7ba}
description             UEFI: ASUS DRW-24B1ST   j

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.efi
description             Windows 11
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {6cbdeb53-a629-11ec-9aa5-9f896549f7ba}
displaymessageoverride  Recovery
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
osdevice                partition=C:
systemroot              \Windows
resumeobject            {6cbdeb51-a629-11ec-9aa5-9f896549f7ba}
nx                      OptIn
bootmenupolicy          Standard

Windows Boot Loader
-------------------
identifier              {6cbdeb53-a629-11ec-9aa5-9f896549f7ba}
device                  ramdisk=[\Device\HarddiskVolume4]\Recovery\WindowsRE\Winre.wim,{6cbdeb54-a629-11ec-9aa5-9f896549f7ba}
path                    \windows\system32\winload.efi
description             Windows Recovery Environment
locale                  en-us
inherit                 {bootloadersettings}
displaymessage          Recovery
osdevice                ramdisk=[\Device\HarddiskVolume4]\Recovery\WindowsRE\Winre.wim,{6cbdeb54-a629-11ec-9aa5-9f896549f7ba}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {6cbdeb51-a629-11ec-9aa5-9f896549f7ba}
device                  partition=C:
path                    \Windows\system32\winresume.efi
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {6cbdeb53-a629-11ec-9aa5-9f896549f7ba}
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
custom:21000026         partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \EFI\Microsoft\Boot\memtest.efi
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 No

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Local

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {6cbdeb54-a629-11ec-9aa5-9f896549f7ba}
description             Windows Recovery
ramdisksdidevice        partition=\Device\HarddiskVolume4
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

==================== End of FRST.txt ========================

 

 

 

Link to post
Share on other sites

forgot to attach additional.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-04-2022 01
Ran by chris (21-04-2022 17:11:36)
Running from C:\Users\chris\Downloads
Microsoft Windows 11 Home Version 21H2 22000.613 (X64) (2022-03-17 18:44:32)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3499411280-506982931-862582420-500 - Administrator - Disabled)
chris (S-1-5-21-3499411280-506982931-862582420-1001 - Administrator - Enabled) => C:\Users\chris
DefaultAccount (S-1-5-21-3499411280-506982931-862582420-503 - Limited - Disabled)
Guest (S-1-5-21-3499411280-506982931-862582420-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3499411280-506982931-862582420-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ARMOURY CRATE Lite Service (HKLM\...\{EF3944FF-2501-4568-B15C-5701E726719E}) (Version: 5.0.8 - ASUS)
ASUS AIOFan HAL (HKLM\...\{EAE80DED-1A39-41C5-9F60-87CC947F6454}) (Version: 1.1.43.0 - ASUSTek COMPUTER INC.) Hidden
ASUS AIOFan HAL (HKLM-x32\...\{2e3d34f7-20ec-4a4a-bfb6-2c74633e412d}) (Version: 1.1.43.0 - ASUSTek COMPUTER INC.) Hidden
ASUS AURA Extension Card HAL (HKLM\...\{237E1CAC-1708-4940-AC34-DF15C079AB70}) (Version: 1.1.0.13 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Extension Card HAL (HKLM-x32\...\{c398adfb-d090-4897-8845-baca53f7ecde}) (Version: 1.1.0.13 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Motherboard HAL (HKLM\...\{4EBEAC95-76BC-46A8-8644-6E2F1C87CF70}) (Version: 1.2.8.0 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Motherboard HAL (HKLM-x32\...\{c289ca16-807e-4373-92c3-29ef5dc2119a}) (Version: 1.2.8.0 - ASUSTeK COMPUTER INC.) Hidden
ASUS Aura SDK (HKLM\...\{CF8E6E00-9C03-4440-81C0-21FACB921A6B}) (Version: 3.04.11 - ASUSTek COMPUTER INC.) Hidden
ASUS AURA VGA Component (HKLM\...\{71BB96A6-EAC4-45AE-A17D-D3ED43FF1D14}) (Version: 0.0.4.8 - ASUSTek COMPUTER INC. ) Hidden
ASUS AURA VGA Component (HKLM-x32\...\{7c01c465-34a9-4e0e-85c1-e54a7c919571}) (Version: 0.0.4.8 - ASUSTek COMPUTER INC. ) Hidden
ASUS Framework Service (HKLM-x32\...\{8bc53c84-d9aa-4cc6-b19c-261f445494dc}) (Version: 2.1.3.0 - ASUSTek COMPUTER INC.)
ASUS Framework Service (HKLM-x32\...\{EA6A87BE-8AD3-40D2-944C-9DF5FBFF4332}) (Version: 2.1.3.0 - ASUSTek COMPUTER INC.) Hidden
ASUS Motherboard (HKLM-x32\...\{93795eb8-bd86-4d4d-ab27-ff80f9467b37}) (Version: 3.00.10 - ASUSTek Computer Inc.)
ASUS Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.107.79 - ASUSTeK Computer Inc.) Hidden
AURA DRAM Component (HKLM\...\{9AFE5429-866B-457D-A864-80BCF7672EE8}) (Version: 1.1.16 - ASUS) Hidden
AURA DRAM Component (HKLM-x32\...\{41a78792-5489-400c-a567-b78d40b8c878}) (Version: 1.1.16 - ASUS) Hidden
AURA lighting effect add-on (HKLM-x32\...\{1E2EA04B-FCA7-457E-B6F4-F33E1858E859}) (Version: 0.0.21 - ASUS)
AURA lighting effect add-on x64 (HKLM\...\{C5A4A164-4428-4931-B728-96EEF0FA3C44}) (Version: 0.0.21 - ASUS)
AURA Service (HKLM-x32\...\{0E536061-3B55-4D45-BF58-0BDA261C94B0}) (Version: 3.05.29 - ASUSTeK Computer Inc.) Hidden
AURA Service (HKLM-x32\...\{abff099e-96f5-4bf4-9c6e-6f435f9f6c55}) (Version: 3.05.29 - ASUSTeK Computer Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Burning Crusade Classic (HKLM-x32\...\Burning Crusade Classic) (Version:  - Blizzard Entertainment)
ENE RGB HAL (HKLM\...\{E050E98C-5524-4AFB-9E53-97700BEF2C02}) (Version: 1.1.39.5 - Ene Tech.) Hidden
ENE RGB HAL (HKLM-x32\...\{09239bb1-d62b-4710-991f-f8cf987be42b}) (Version: 1.1.39.5 - Ene Tech.) Hidden
ENE_EHD_M2_HAL (HKLM\...\{37A48B7F-D4EA-4863-844E-A284E2AA3C5D}) (Version: 1.0.9.6 - ENE TECHNOLOGY INC.) Hidden
ENE_EHD_M2_HAL (HKLM-x32\...\{fb849319-e131-4301-9dc9-458db90abe1d}) (Version: 1.0.9.6 - ENE TECHNOLOGY INC.) Hidden
ExpressVPN (HKLM-x32\...\{19815e60-96a5-48a7-90a4-ac639eef871a}) (Version: 10.23.0.6 - ExpressVPN)
ExpressVPN (HKLM-x32\...\{E5B9C3E5-889C-4F22-A959-F4B8773D7837}) (Version: 10.23.0.6 - ExpressVPN) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 100.0.4896.127 - Google LLC)
Kingston AURA DRAM Component (HKLM\...\{965CDF5F-901C-476F-B3A8-7396701B1129}) (Version: 1.1.12 - KINGSTON COMPONENTS INC.) Hidden
Kingston AURA DRAM Component (HKLM-x32\...\{2237a879-7fa4-4e21-ae3b-00f6a649b9d9}) (Version: 1.1.12 - KINGSTON COMPONENTS INC.) Hidden
Malwarebytes version 4.5.8.191 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.8.191 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 100.0.1185.44 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 100.0.1185.44 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3499411280-506982931-862582420-1001\...\OneDriveSetup.exe) (Version: 22.065.0412.0004 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{6A2A8076-135F-4F55-BB02-DED67C8C6934}) (Version: 4.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29913 (HKLM-x32\...\{855e31d2-9031-46e1-b06d-c9d7777deefb}) (Version: 14.28.29913.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.26.28720 (HKLM-x32\...\{86380aef-fd23-4fc3-8723-a98ccad8f2c6}) (Version: 14.26.28720.3 - Microsoft Corporation)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 99.0.1 (x64 en-US)) (Version: 99.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 99.0.1 - Mozilla)
NVIDIA Graphics Driver 456.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 456.71 - NVIDIA Corporation)
Patriot Viper DRAM RGB (HKLM\...\{1F9C282E-CCB4-4D8E-A5CB-7B74DFCD8C95}) (Version: 1.0.9.2 - Patriot Memory) Hidden
Patriot Viper DRAM RGB (HKLM-x32\...\{fdc098ce-d76c-4e2e-a0a6-01a24e9a1f7d}) (Version: 1.0.9.2 - Patriot Memory)
Patriot Viper M2 SSD RGB (HKLM\...\{8B4C0A3D-C135-4E1F-98D8-3926494B4D61}) (Version: 1.0.6.5 - Patriot Memory) Hidden
Patriot Viper M2 SSD RGB (HKLM-x32\...\{387596e5-692e-4baf-bec2-3338d555df7a}) (Version: 1.0.6.5 - Patriot Memory)
PHISON HAL (HKLM\...\{966E33F0-6786-4B38-AA29-C1B3F6C1955D}) (Version: 1.0.9.0 - PHISON Electronics Corp.) Hidden
PHISON HAL (HKLM-x32\...\{549da357-1b81-456b-83f2-dcc47c41dfff}) (Version: 1.0.9.0 - PHISON Electronics Corp.) Hidden
ROG Live Service (HKLM-x32\...\{2D87BFB6-C184-4A59-9BBE-3E20CE797631}) (Version: 1.3.12.0 - ASUSTek COMPUTER INC.)
TeamViewer (HKLM\...\TeamViewer) (Version: 15.28.9 - TeamViewer)
Universal Holtek RGB DRAM (HKLM\...\{826388E4-E31F-4514-948B-3BB954FB3EAF}) (Version: 1.0.0.2 - PD) Hidden
Universal Holtek RGB DRAM (HKLM-x32\...\{6870588f-9f28-488b-a169-cf548ad6b393}) (Version: 1.0.0.2 - PD)
WD_BLACK AN1500 (HKLM\...\{085E2365-0A70-4230-B664-02D5E4FE7E9C}) (Version: 1.0.14.0 - ENE TECHNOLOGY INC.) Hidden
WD_BLACK AN1500 (HKLM-x32\...\{e42c5874-37b0-4977-9e8d-70bf006e1f76}) (Version: 1.0.14.0 - ENE TECHNOLOGY INC.) Hidden
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

Packages:
=========
ARMOURY CRATE -> C:\Program Files\WindowsApps\B9ECED6F.ArmouryCrate_5.0.11.0_x64__qmba6cd70vzyy [2022-03-17] (ASUSTeK COMPUTER INC.)
Disney+ -> C:\Program Files\WindowsApps\Disney.37853FC22B2CE_1.27.1.0_x64__6rarf9sa4v8jt [2022-04-20] (Disney)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.12.3171.0_x64__8wekyb3d8bbwe [2022-03-25] (Microsoft Studios) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.962.0_x64__56jybvy8sckqj [2022-03-17] (NVIDIA Corp.)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0 [2022-03-20] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-04-21] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\nvshext.dll [2020-10-07] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-04-21] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\chris\Desktop\John - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default"

==================== Loaded Modules (Whitelisted) =============

2022-01-10 07:36 - 2022-01-10 07:36 - 000515584 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\ac_node_addon\prebuilds\win32-ia32\node.napi.node
2022-01-11 16:52 - 2022-01-11 16:52 - 000479744 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\ffi-napi\prebuilds\win32-ia32\node.napi.node
2022-01-11 16:52 - 2022-01-11 16:52 - 000470016 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\ref-napi\prebuilds\win32-ia32\node.napi.node
2022-01-10 07:36 - 2022-01-10 07:36 - 000832512 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\usb-detection\prebuilds\win32-ia32\node.napi.node
2022-03-17 12:02 - 2022-01-12 16:43 - 000093184 _____ () [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\zlibwapi.dll
2021-12-23 15:51 - 2021-12-23 15:51 - 000081920 _____ () [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\WindowID\WindowID.dll
2020-05-26 17:08 - 2020-05-26 17:08 - 002831360 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\LightingService\log4cxx.dll
2022-03-17 12:02 - 2022-04-20 20:16 - 000070400 _____ (ASUSTeK Computer Inc. -> ) [File not signed] C:\Program Files (x86)\ASUS\AXSP\4.02.12\PEbiosinterface32.dll
2021-12-27 09:03 - 2021-12-27 09:03 - 000046592 _____ (CTI) [File not signed] C:\Program Files\ENE\Aac_ENE RGB HAL\x64\MsIo64_ENE.dll
2021-12-27 09:04 - 2021-12-27 09:04 - 000047104 _____ (CTI) [File not signed] C:\Program Files\ENE\Aac_ENE RGB HAL\x86\MsIo32_ENE.dll
2022-03-17 12:02 - 2022-01-12 16:43 - 003394560 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\libcrypto-1_1-x64.dll
2022-03-17 12:02 - 2022-01-12 16:43 - 000679424 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\libssl-1_1-x64.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2021-06-05 05:08 - 2021-06-05 05:08 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3499411280-506982931-862582420-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 10.20.0.1 - 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{BE89CB63-5BF1-4C5B-B68E-164699B15D5B}] => (Allow) C:\Program Files (x86)\ASUS\ROG Live Service\ROGLiveService.exe (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.)
FirewallRules: [{5330F032-A48B-4BB4-A48D-891871913116}] => (Allow) C:\Program Files (x86)\ASUS\ROG Live Service\ROGLiveService.exe (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.)
FirewallRules: [{FE472429-D3FB-47CC-911E-D07D13378C0B}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe (ASUSTeK COMPUTER INC. -> ASUS)
FirewallRules: [{6F43F44F-3974-4ADE-A72C-FC92DDFDB8E4}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmouryHtmlDebugServer.exe (ASUSTeK COMPUTER INC. -> ASUS)
FirewallRules: [{5A05E488-21BA-4F75-B44C-BCD2DAF69A07}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
FirewallRules: [{BFD8F93A-AD15-426E-89B4-3F932D3CFBCF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{50907806-85F1-4C3D-85FD-32F173EF3EA8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{86C2B6EF-DA01-45CE-AAD8-16A2075B49D8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{FCAAE198-69DF-4D5C-AAEA-FCCF081D9340}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D9EAA6A6-6A2F-488F-BBD2-C28404C2D56A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{292D313D-638B-44FD-B45A-D88CAD192A1E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3B4CE323-6E8F-4E89-98D4-F80A0B26B49C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{AD64D3A6-021D-4D5A-A04F-05A0BE0513E5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A4DB7C02-2292-47BF-BAC4-D6AABAB58BA0}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{FE5019D9-33F1-4F1E-9C49-65FDB17B2735}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.44\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BA1EFC5C-9290-4FE2-B542-A733B6D47CE4}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22082.402.1279.2578_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2D853E9E-4327-40A3-8A02-50E5CF11E9E7}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22082.402.1279.2578_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D8732421-A735-4D31-9E17-C97445ED9B3A}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{639A1E81-B9E4-46A5-9592-52DED2BBBBCA}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{524DD617-3EA0-43A2-841C-98746F881B33}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{6680ADC5-DB23-4E2A-944A-0635FCAF6D76}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{23535932-AE42-4456-86E2-72550E34F649}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{CFCF886D-777F-4D1D-B030-8D1024B741F5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

==================== Restore Points =========================

28-03-2022 12:28:18 Scheduled Checkpoint
04-04-2022 13:35:28 ExpressVPN
12-04-2022 13:29:36 Scheduled Checkpoint
13-04-2022 16:00:27 Windows Modules Installer
20-04-2022 20:15:28 Installed GoToMyPC

==================== Faulty Device Manager Devices ============

Name: ExpressVPN TAP Adapter
Description: ExpressVPN TAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ExpressVPN
Service: tapexpressvpn
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (04/20/2022 08:30:53 PM) (Source: nssm) (EventID: 1045) (User: )
Description: Error attaching to console for service ExpressVPNService.
AttachConsole() failed:
No process is on the other end of the pipe.

Error: (04/13/2022 10:24:24 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Windows\System32\svchost.exe, PID: 5220, ProfSvc PID: 1916.

Error: (04/13/2022 10:24:24 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Windows\System32\svchost.exe, PID: 5220, ProfSvc PID: 1916.

Error: (04/13/2022 10:23:46 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.

Error: (04/13/2022 10:23:46 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (04/04/2022 01:35:50 PM) (Source: nssm) (EventID: 1045) (User: )
Description: Error attaching to console for service ExpressVPNService.
AttachConsole() failed:
No process is on the other end of the pipe.

Error: (04/03/2022 11:57:17 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program identity_helper.exe version 100.0.1185.29 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 3c48

Start Time: 01d8478c8a2cbf21

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Microsoft\Edge\Application\100.0.1185.29\identity_helper.exe

Report Id: 90f60d9f-bc13-443f-9702-b40b28909332

Faulting package full name: Microsoft.MicrosoftEdge.Stable_99.0.1150.55_neutral__8wekyb3d8bbwe

Faulting package-relative application ID: App

Hang type: Quiesce

Error: (03/28/2022 07:17:20 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program identity_helper.exe version 99.0.1150.55 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: acc

Start Time: 01d842ae70d65ca3

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Microsoft\Edge\Application\99.0.1150.55\identity_helper.exe

Report Id: ca5ef74c-bcbe-4605-a86f-3ced3f957b57

Faulting package full name: Microsoft.MicrosoftEdge.Stable_99.0.1150.52_neutral__8wekyb3d8bbwe

Faulting package-relative application ID: App

Hang type: Quiesce


System errors:
=============
Error: (04/21/2022 04:28:11 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{30B021AF-034E-4D02-9E1E-98FB35892CCF} because another computer on the network has the same name.  The server could not start.

Error: (04/21/2022 04:24:19 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{34AD31DA-071F-44E8-8F42-FDF80C6FCC9A} because another computer on the network has the same name.  The server could not start.

Error: (04/20/2022 10:21:45 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{30B021AF-034E-4D02-9E1E-98FB35892CCF} because another computer on the network has the same name.  The server could not start.

Error: (04/20/2022 09:51:53 PM) (Source: Schannel) (EventID: 4114) (User: NT AUTHORITY)
Description: The certificate received from the remote server was issued by an untrusted certificate authority. Because of this, none of the data contained in the certificate can be validated. The TLS connection request has failed. The attached data contains the server certificate.
 The SSPI client process is svchost[WpnService] (PID: 3220).

Error: (04/20/2022 09:51:53 PM) (Source: Schannel) (EventID: 4114) (User: NT AUTHORITY)
Description: The certificate received from the remote server was issued by an untrusted certificate authority. Because of this, none of the data contained in the certificate can be validated. The TLS connection request has failed. The attached data contains the server certificate.
 The SSPI client process is svchost[WpnService] (PID: 3220).

Error: (04/20/2022 09:51:42 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{34AD31DA-071F-44E8-8F42-FDF80C6FCC9A} because another computer on the network has the same name.  The server could not start.

Error: (04/20/2022 09:51:35 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{34AD31DA-071F-44E8-8F42-FDF80C6FCC9A} because another computer on the network has the same name.  The server could not start.

Error: (04/20/2022 09:50:20 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{34AD31DA-071F-44E8-8F42-FDF80C6FCC9A} because another computer on the network has the same name.  The server could not start.


Windows Defender:
================
Date: 2022-04-20 21:20:08
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-04-17 18:24:16
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-04-17 09:23:42
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-04-13 17:36:15
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-04-12 17:28:27
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]

Date: 2022-04-20 20:04:13
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.363.552.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.19100.5
Error code: 0x80072efd
Error description: A connection with the server could not be established 

Date: 2022-04-20 20:04:13
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.363.552.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.19100.5
Error code: 0x80072efd
Error description: A connection with the server could not be established 

Date: 2022-04-20 20:04:13
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.363.552.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.19100.5
Error code: 0x80072efd
Error description: A connection with the server could not be established 

Date: 2022-04-20 20:04:09
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.363.552.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.19100.5
Error code: 0x80072efd
Error description: A connection with the server could not be established 

Date: 2022-04-20 20:04:09
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.363.552.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.19100.5
Error code: 0x80072efd
Error description: A connection with the server could not be established 

==================== Memory info =========================== 

BIOS: American Megatrends Inc. 1302 09/02/2019
Motherboard: ASUSTeK COMPUTER INC. ROG MAXIMUS XI HERO
Processor: Intel(R) Core(TM) i5-9400F CPU @ 2.90GHz
Percentage of memory in use: 11%
Total physical RAM: 65451.65 MB
Available physical RAM: 58138.86 MB
Total Virtual: 75179.65 MB
Available Virtual: 65331.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.81 GB) (Free:780.71 GB) NTFS
Drive d: (CCCOMA_X64FRE_EN-US_DV9) (CDROM) (Total:5.18 GB) (Free:0 GB) UDF

\\?\Volume{bbfc377e-7e89-4eed-9183-546cbabe9d90}\ () (Fixed) (Total:0.59 GB) (Free:0.08 GB) NTFS
\\?\Volume{dbfc58c1-496f-4021-9b1a-9ae6a6584390}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================

Addition.txt FRST.txt

Link to post
Share on other sites

  • Root Admin

Hell @eggyburps

Please attach logs, do not copy-paste logs unless asked.

 

Please ensure that you have the user manual for your router. Then perform a factory reset.

How To Reset Your Router
https://setuprouter.com/networking/how-to-reset-your-router/

 

Depending on one's preferences and the Router's capabilities please consider the following.

  • Disable acceptance of ICMP Pings
  • Change the Default Router password using a Strong Password
  • Use a Strong WiFi password on WPA2  using AES encryption or Enable WPA3 if it is an option.
  • Disable Remote Management
  • Create separate WiFi networks for groups of devices with similar purposes to prevent an entire network of devices from being compromised if a malicious actor is able to gain unauthorized access to one device or network. Example: Keep IoT devices on one network and mobile devices on another.
  • Change the network name (SSID).  Do not use your; Name, Postal address, or other personal information.  Make it unique or whimsical and known to your family/group.
  • Is the Router Firmware up-to-date?  Updating the firmware mitigates exploitable vulnerabilities.
  • Specifically set Firewall rules to BLOCK;   TCP and UDP ports 135 ~ 139, 445, 1234, 3389 and 5555
  • Document passwords created and store them in a safe but accessible location.

 

Then run the following scan and attach the log when ready

 

Microsoft Safety Scanner

Please make sure you Exit out of any other program you might have open so that the sole task is to run the following scan.   
That goes especially for web browsers, make sure all are fully exited out of and messenger programs are exited and closed as well
 

STEP 1

Please set File Explorer to SHOW ALL folders, all files, including hidden ones.  Use OPTION ONE or TWO of this article

https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html

STEP 2

I suggest a new scan for viruses & other malware. This may take several hours, depending on the number of files on the system and the speed of the computer.

The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. 

The download links & the how-to-run-the tool are at this link at Microsoft 

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

Look on the Scan Options & select the FULL scan.

Then start the scan. Have lots of patience. It may take several hours.

  • Once you see it has started, take a long long break;  walk away.  Do not pay credence if you see some intermediate early flash messages on the screen display.  The only things that count are the End result at the end of the run.
  • The scan will take several hours.  Leave it alone. It will remove any other remaining threats as it goes along.  Take a very long break, do your normal personal errands .....just do not use the computer during this scan.

This is likely to run for many hours as previously mentioned  ( depending on the number of files on your machine & the speed of the hardware.)

The log is named MSERT.log  and the log will be at C:\Windows\debug\msert.log

Please attach that log with your next reply.

Thank you

 

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.