I've tried for a week but nothing has helped. It has been injecting in the boot process even with a fresh windows USB. Permissions have all been changed and certificates are all signed. Multiple remote viewer connections have been happening and CPU usage has been high. Any windows device connected to my router have been infected as well.
I tried a fix with Farbar and this is my scan after the fix. I'm not super techy so I am not sure exactly what all i'm looking at. Anybody with more knowledge than me want to check out this scan file and see if anything looks out of place and get me a proper fix?
Any help would be greatly appreciated!!
-----------------------------------
FRST-
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23.06.2024
Ran by gr (administrator) on DESKTOP-DE0UM20 (ASUS System Product Name) (30-06-2024 18:35:11)
Running from C:\Users\gr\Desktop\FRST64.exe
Loaded Profiles: gr
Platform: Microsoft Windows 11 Home Version 23H2 22631.2861 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_524.13200.20.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.81\msedgewebview2.exe <6>
(Discord Inc. -> Discord Inc.) C:\Users\gr\AppData\Local\Discord\app-1.0.9152\Discord.exe <6>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <11>
(Microsoft Corporation -> Microsoft Corporation) C:\Users\gr\AppData\Local\Microsoft\OneDrive\24.116.0609.0005\Microsoft.SharePoint.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ) C:\Windows\System32\AsusUpdateCheck.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_af50fdb80983f7bc\jhi_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_d51901c26227fb29\WMIRegistrationService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\NisSrv.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d5ebba24696ee1d8\Display.NvContainer\NVDisplay.Container.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_524.13200.20.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKU\S-1-5-21-1320388668-3399326884-3787053663-1001\...\Run: [MicrosoftEdgeAutoLaunch_CDFDD2A6CF0551C4DC9CCCBA75A14F96] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3883576 2024-06-27] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1320388668-3399326884-3787053663-1001\...\Run: [Discord] => C:\Users\gr\AppData\Local\Discord\Update.exe [1526552 2024-06-24] (Discord Inc. -> GitHub)
HKU\S-1-5-21-1320388668-3399326884-3787053663-1001\...\RunOnce: [Delete Cached Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\gr\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" [69866528 2024-06-30] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1320388668-3399326884-3787053663-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\gr\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-1320388668-3399326884-3787053663-1001\...\RunOnce: [Uninstall 22.012.0117.0003] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\gr\AppData\Local\Microsoft\OneDrive\22.012.0117.0003" [0 2024-06-30] () <==== ATTENTION [zero byte File/Folder]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\126.0.6478.127\Installer\chrmstp.exe [2024-06-30] (Google LLC -> Google LLC)
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker -> No File <==== ATTENTION
Task: {63F9E9D4-4B87-4852-B657-27C4DBEE6322} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem128.0.6537.0{FA83A859-144B-469A-A93A-318052936C98} => C:\Program Files (x86)\Google\GoogleUpdater\128.0.6537.0\updater.exe [4623976 2024-06-13] (Google LLC -> Google LLC)
Task: {F1A36DC9-F9BF-47B6-8451-C2089E869AA8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpCmdRun.exe [1678960 2024-06-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {82C9FAFA-5D75-4E98-B68C-8983464B6292} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpCmdRun.exe [1678960 2024-06-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3FF30BCC-0642-46C6-BCB9-83220CC332D2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpCmdRun.exe [1678960 2024-06-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BCA7DE4B-20D1-45E2-BF34-3FD9E7926214} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Update => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpCmdRun.exe [1678960 2024-06-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9D72AF7A-CD7F-44F5-9E70-78A815DC51D9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpCmdRun.exe [1678960 2024-06-30] (Microsoft Windows Publisher -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{e7ec28e2-037e-446a-b6ba-0a6a1709851e}: [DhcpNameServer] 192.168.1.1
Edge:
=======
Edge Profile: C:\Users\gr\AppData\Local\Microsoft\Edge\User Data\Default [2024-06-30]
Edge Extension: (Google Docs Offline) - C:\Users\gr\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-06-30]
Edge Extension: (Edge relevant text changes) - C:\Users\gr\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-06-30]
Chrome:
=======
CHR Profile: C:\Users\gr\AppData\Local\Google\Chrome\User Data\Default [2024-06-30]
CHR Extension: (Google Docs Offline) - C:\Users\gr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-06-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\gr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-06-30]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AsusUpdateCheck; C:\Windows\System32\AsusUpdateCheck.exe [1217488 2024-06-30] (ASUSTeK COMPUTER INC. -> )
S2 Intel® Platform License Manager Service; C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_fc84dfa25a6a7727\lib\PlatformLicenseManagerService.exe [741488 2023-12-14] (Intel Corporation -> Intel® Corporation)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpDefenderCoreService.exe [1505416 2024-06-30] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\NisSrv.exe [3236728 2024-06-30] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MsMpEng.exe [133704 2024-06-30] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d5ebba24696ee1d8\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d5ebba24696ee1d8\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 MpKsla736691a; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{91B1CDC9-855C-4F77-A4F7-2E483AD30D9F}\MpKslDrv.sys [271648 2024-06-30] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [22080 2024-06-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [602520 2024-06-30] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105880 2024-06-30] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2024-06-30 18:35 - 2024-06-30 18:35 - 000010410 _____ C:\Users\gr\Desktop\FRST.txt
2024-06-30 18:29 - 2024-06-30 18:29 - 000003592 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1320388668-3399326884-3787053663-1001
2024-06-30 18:19 - 2024-06-30 18:29 - 000132532 _____ C:\Users\gr\Desktop\Fixlog.txt
2024-06-30 18:19 - 2024-06-30 18:19 - 000028672 _____ C:\exportBCDfile
2024-06-30 18:18 - 2024-06-30 18:35 - 000000000 ____D C:\FRST
2024-06-30 18:18 - 2024-06-30 18:18 - 002395648 _____ (Farbar) C:\Users\gr\Desktop\FRST64.exe
2024-06-30 18:17 - 2024-06-30 18:17 - 002093056 _____ (Farbar) C:\Users\gr\Desktop\FRST.exe
2024-06-30 18:12 - 2024-06-30 18:12 - 008791352 _____ (Malwarebytes) C:\Users\gr\Downloads\AdwCleaner.exe
2024-06-30 17:50 - 2024-06-30 17:50 - 000000000 ____D C:\Users\gr\AppData\Local\VirtualStore
2024-06-30 17:43 - 2024-06-30 17:43 - 000000000 ____D C:\Users\gr\AppData\Local\OneDrive
2024-06-30 17:40 - 2024-06-30 17:41 - 000000098 _____ C:\Users\gr\Desktop\READ.txt
2024-06-30 17:32 - 2024-06-30 18:30 - 000000000 ____D C:\Users\gr\AppData\Roaming\discord
2024-06-30 17:32 - 2024-06-30 18:29 - 000000000 ____D C:\Users\gr\AppData\Local\Discord
2024-06-30 17:32 - 2024-06-30 17:32 - 114111256 _____ (Discord Inc.) C:\Users\gr\Downloads\DiscordSetup.exe
2024-06-30 17:32 - 2024-06-30 17:32 - 000002232 _____ C:\Users\gr\Desktop\Discord.lnk
2024-06-30 17:32 - 2024-06-30 17:32 - 000000000 ____D C:\Users\gr\AppData\Roaming\NVIDIA
2024-06-30 17:32 - 2024-06-30 17:32 - 000000000 ____D C:\Users\gr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2024-06-30 17:32 - 2024-06-30 17:32 - 000000000 ____D C:\Users\gr\AppData\Local\SquirrelTemp
2024-06-30 17:27 - 2024-06-30 17:27 - 008420232 _____ (Google LLC) C:\Users\gr\Downloads\ChromeSetup.exe
2024-06-30 17:27 - 2024-06-30 17:27 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-06-30 17:27 - 2024-06-30 17:27 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2024-06-30 17:27 - 2024-06-30 17:27 - 000000000 ____D C:\Windows\system32\Tasks\GoogleSystem
2024-06-30 17:27 - 2024-06-30 17:27 - 000000000 ____D C:\Users\gr\AppData\Local\Google
2024-06-30 17:27 - 2024-06-30 17:27 - 000000000 ____D C:\Users\gr\AppData\Local\Comms
2024-06-30 17:27 - 2024-06-30 17:27 - 000000000 ____D C:\Program Files\Google
2024-06-30 17:27 - 2024-06-30 17:27 - 000000000 ____D C:\Program Files (x86)\Google
2024-06-30 17:25 - 2024-06-30 18:28 - 000000000 ____D C:\ProgramData\NVIDIA
2024-06-30 17:25 - 2024-06-30 17:32 - 000000000 ____D C:\Users\gr\AppData\Local\NVIDIA
2024-06-30 17:25 - 2024-06-30 17:25 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2024-06-30 17:25 - 2024-06-30 17:25 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2024-06-30 17:24 - 2024-06-30 17:24 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2024-06-30 17:24 - 2021-09-22 07:11 - 001858672 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2024-06-30 17:24 - 2021-09-22 07:11 - 001858672 _____ C:\Windows\system32\vulkaninfo.exe
2024-06-30 17:24 - 2021-09-22 07:11 - 001438840 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2024-06-30 17:24 - 2021-09-22 07:11 - 001438840 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2024-06-30 17:24 - 2021-09-22 07:11 - 001097848 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2024-06-30 17:24 - 2021-09-22 07:11 - 001097848 _____ C:\Windows\system32\vulkan-1.dll
2024-06-30 17:24 - 2021-09-22 07:11 - 000951928 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2024-06-30 17:24 - 2021-09-22 07:11 - 000951928 _____ C:\Windows\SysWOW64\vulkan-1.dll
2024-06-30 17:24 - 2021-09-22 07:10 - 001474688 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2024-06-30 17:24 - 2021-09-22 07:10 - 001212544 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2024-06-30 17:24 - 2021-09-22 07:07 - 001520784 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2024-06-30 17:24 - 2021-09-22 07:07 - 001171088 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2024-06-30 17:24 - 2021-09-22 07:07 - 000716944 _____ C:\Windows\system32\nvofapi64.dll
2024-06-30 17:24 - 2021-09-22 07:07 - 000706184 _____ (NVIDIA Corporation) C:\Windows\system32\nvidia-smi.exe
2024-06-30 17:24 - 2021-09-22 07:07 - 000676496 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2024-06-30 17:24 - 2021-09-22 07:07 - 000645256 _____ (NVIDIA Corporation) C:\Windows\system32\nvml.dll
2024-06-30 17:24 - 2021-09-22 07:07 - 000577168 _____ C:\Windows\SysWOW64\nvofapi.dll
2024-06-30 17:24 - 2021-09-22 07:07 - 000564344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2024-06-30 17:24 - 2021-09-22 07:07 - 000145064 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2024-06-30 17:24 - 2021-09-22 07:07 - 000046264 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhdap64.dll
2024-06-30 17:24 - 2021-09-22 07:06 - 008854136 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2024-06-30 17:24 - 2021-09-22 07:06 - 007920776 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2024-06-30 17:24 - 2021-09-22 07:06 - 004987512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2024-06-30 17:24 - 2021-09-22 07:06 - 002925680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2024-06-30 17:24 - 2021-09-22 07:06 - 002112144 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2024-06-30 17:24 - 2021-09-22 07:06 - 001595520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2024-06-30 17:24 - 2021-09-22 07:06 - 000919168 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2024-06-30 17:24 - 2021-09-22 07:06 - 000750224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2024-06-30 17:24 - 2021-09-22 07:06 - 000447120 _____ (NVIDIA Corporation) C:\Windows\system32\nvdebugdump.exe
2024-06-30 17:24 - 2021-09-22 07:05 - 005681272 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2024-06-30 17:24 - 2021-09-22 07:05 - 000849024 _____ (NVIDIA Corporation) C:\Windows\system32\MCU.exe
2024-06-30 17:24 - 2021-09-22 07:04 - 007280824 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2024-06-30 17:24 - 2021-09-22 07:04 - 006216312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2024-06-30 17:24 - 2021-09-22 06:36 - 000083133 _____ C:\Windows\system32\nvinfo.pb
2024-06-30 17:23 - 2023-08-14 12:13 - 005334952 _____ (Intel Corporation) C:\Windows\system32\Drivers\Netwtw12.sys
2024-06-30 17:23 - 2023-08-14 12:13 - 001475496 _____ (Intel Corporation) C:\Windows\system32\IntelIHVRouter12.dll
2024-06-30 17:18 - 2024-06-30 18:29 - 000378376 _____ C:\Windows\system32\syncas.dll
2024-06-30 17:18 - 2024-06-30 18:29 - 000000000 ____D C:\Program Files (x86)\ASUS
2024-06-30 17:18 - 2024-06-30 18:28 - 001189784 _____ (ASUSTeK Computer Inc.) C:\Windows\system32\AsusDownloadAgent.exe
2024-06-30 17:17 - 2024-06-30 18:28 - 000338040 _____ () C:\Windows\system32\AsusDownLoadLicense.exe
2024-06-30 17:12 - 2024-06-30 17:12 - 000000000 ____D C:\Users\gr\AppData\Local\Publishers
2024-06-30 04:15 - 2024-06-30 03:16 - 000000000 ____D C:\Windows\Panther
2024-06-30 03:23 - 2024-06-30 18:32 - 000803640 _____ C:\Windows\system32\PerfStringBackup.INI
2024-06-30 03:23 - 2024-06-30 17:32 - 000000000 ____D C:\Users\gr\AppData\Local\D3DSCache
2024-06-30 03:21 - 2024-06-30 18:34 - 000000000 ____D C:\Users\gr\AppData\Roaming\Microsoft\MMC
2024-06-30 03:21 - 2024-06-30 18:29 - 000003374 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1320388668-3399326884-3787053663-1001
2024-06-30 03:21 - 2024-06-30 18:29 - 000002374 _____ C:\Users\gr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-06-30 03:21 - 2024-06-30 03:21 - 000000000 ___RD C:\Users\gr\OneDrive
2024-06-30 03:21 - 2024-06-30 03:21 - 000000000 ____D C:\Users\gr\AppData\Roaming\Microsoft\Vault
2024-06-30 03:21 - 2024-06-30 03:21 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2024-06-30 03:20 - 2024-06-30 18:26 - 000000000 ____D C:\Users\gr\AppData\Local\Packages
2024-06-30 03:20 - 2024-06-30 03:20 - 000000000 __RHD C:\Users\Public\AccountPictures
2024-06-30 03:20 - 2024-06-30 03:20 - 000000000 ___SD C:\Users\gr\AppData\Roaming\Microsoft\SystemCertificates
2024-06-30 03:20 - 2024-06-30 03:20 - 000000000 ___SD C:\Users\gr\AppData\Roaming\Microsoft\Protect
2024-06-30 03:20 - 2024-06-30 03:20 - 000000000 ___SD C:\Users\gr\AppData\Roaming\Microsoft\Crypto
2024-06-30 03:20 - 2024-06-30 03:20 - 000000000 ___SD C:\Users\gr\AppData\Roaming\Microsoft\Credentials
2024-06-30 03:20 - 2024-06-30 03:20 - 000000000 ____D C:\Users\gr\AppData\Roaming\Microsoft\Network
2024-06-30 03:20 - 2024-06-30 03:20 - 000000000 ____D C:\Users\gr\AppData\Roaming\Adobe
2024-06-30 03:20 - 2024-06-30 03:20 - 000000000 ____D C:\Users\gr\AppData\Local\ConnectedDevicesPlatform
2024-06-30 03:19 - 2024-06-30 17:19 - 000000000 ____D C:\Users\gr\AppData\Roaming\Microsoft\Spelling
2024-06-30 03:19 - 2024-06-30 03:21 - 000000000 ____D C:\Users\gr
2024-06-30 03:19 - 2024-06-30 03:20 - 000000000 ____D C:\Users\gr\AppData\Roaming\Microsoft\Windows
2024-06-30 03:19 - 2024-06-30 03:19 - 000000020 ___SH C:\Users\gr\ntuser.ini
2024-06-30 03:17 - 2024-06-30 18:28 - 000001623 _____ C:\Windows\system32\config\VSMIDK
2024-06-30 03:17 - 2024-06-30 18:17 - 000000000 ____D C:\ProgramData\Packages
2024-06-30 03:17 - 2024-06-30 03:17 - 000000000 _SHDL C:\Documents and Settings
2024-06-30 03:16 - 2024-06-30 03:17 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-06-30 03:16 - 2024-06-30 03:17 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-06-30 03:16 - 2024-06-30 03:17 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-06-30 03:16 - 2024-06-30 03:17 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2024-06-30 03:16 - 2024-06-30 03:16 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2024-06-30 03:16 - 2024-06-30 03:16 - 000000000 ____D C:\ProgramData\ASUS
2024-06-30 03:15 - 2024-06-30 18:28 - 001269120 _____ () C:\Windows\system32\wpbbin.exe
2024-06-30 03:15 - 2024-06-30 18:28 - 001217488 _____ C:\Windows\system32\AsusUpdateCheck.exe
2024-06-30 03:15 - 2024-06-30 18:28 - 000012288 ___SH C:\DumpStack.log.tmp
2024-06-30 03:15 - 2024-06-30 18:28 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2024-06-30 03:15 - 2024-06-30 18:28 - 000000000 ____D C:\Windows\system32\SleepStudy
2024-06-30 03:15 - 2024-06-30 17:26 - 000000000 ____D C:\Windows\system32\Drivers\wd
2024-06-30 03:15 - 2024-06-30 03:15 - 000295328 _____ C:\Windows\system32\FNTCACHE.DAT
2024-06-30 03:15 - 2024-06-30 03:15 - 000000000 ____D C:\Windows\system32\config\BFS
2024-06-30 03:15 - 2024-06-30 03:15 - 000000000 ____D C:\Windows\ServiceProfiles
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2024-06-30 18:32 - 2022-05-06 22:22 - 000000000 ____D C:\Windows\INF
2024-06-30 18:31 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\SystemTemp
2024-06-30 18:30 - 2022-05-06 22:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-06-30 18:28 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\system32\Drivers\DriverData
2024-06-30 18:28 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\AppReadiness
2024-06-30 18:28 - 2022-05-06 22:17 - 000262144 _____ C:\Windows\system32\config\BBI
2024-06-30 18:25 - 2022-05-06 22:17 - 000000000 ____D C:\Windows\CbsTemp
2024-06-30 18:17 - 2022-05-06 22:24 - 000000000 ___HD C:\Program Files\WindowsApps
2024-06-30 17:36 - 2022-05-06 22:24 - 000000000 ____D C:\ProgramData\USOPrivate
2024-06-30 17:33 - 2022-05-06 22:17 - 000000000 ____D C:\Windows\servicing
2024-06-30 17:27 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\system32\SecurityHealth
2024-06-30 17:26 - 2022-05-06 22:24 - 000000000 ____D C:\Program Files\Windows Defender
2024-06-30 17:25 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\appcompat
2024-06-30 17:23 - 2022-05-06 22:17 - 000032768 _____ C:\Windows\system32\config\ELAM
2024-06-30 17:12 - 2022-05-06 22:24 - 000000000 ___RD C:\Windows\PrintDialog
2024-06-30 04:15 - 2022-05-06 22:24 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2024-06-30 03:21 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\system32\AppLocker
2024-06-30 03:20 - 2022-05-06 22:24 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2024-06-30 03:18 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\system32\spool
2024-06-30 03:17 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2024-06-30 03:17 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\ServiceState
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
ADDITION--
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23.06.2024
Ran by gr (30-06-2024 18:35:30)
Running from C:\Users\gr\Desktop
Microsoft Windows 11 Home Version 23H2 22631.2861 (X64) (2024-06-30 10:17:16)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-1320388668-3399326884-3787053663-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1320388668-3399326884-3787053663-503 - Limited - Disabled)
gr (S-1-5-21-1320388668-3399326884-3787053663-1001 - Administrator - Enabled) => C:\Users\gr
Guest (S-1-5-21-1320388668-3399326884-3787053663-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1320388668-3399326884-3787053663-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Discord (HKU\S-1-5-21-1320388668-3399326884-3787053663-1001\...\Discord) (Version: 1.0.9152 - Discord Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 126.0.6478.127 - Google LLC)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 126.0.2592.81 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 126.0.2592.81 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1320388668-3399326884-3787053663-1001\...\OneDriveSetup.exe) (Version: 24.116.0609.0005 - Microsoft Corporation)
NVIDIA Graphics Driver 472.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 472.12 - NVIDIA Corporation)
Packages:
=========
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.1.28.0_x64__8wekyb3d8bbwe [2024-06-30] (Microsoft Corp.)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.12.3171.0_x64__8wekyb3d8bbwe [2024-06-30] (Microsoft Studios) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.966.0_x64__56jybvy8sckqj [2024-06-30] (NVIDIA Corp.)
Photos -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2024.11060.20006.0_x64__8wekyb3d8bbwe [2024-06-30] (Microsoft Corporation) [Startup Task]
WinAppRuntime.Main.1.5 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Main.1.5_5001.159.55.0_x64__8wekyb3d8bbwe [2024-06-30] (Microsoft Corp.)
WinAppRuntime.Singleton -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Singleton_5001.159.55.0_x64__8wekyb3d8bbwe [2024-06-30] (Microsoft Corp.)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d5ebba24696ee1d8\nvshext.dll [2021-09-22] (Nvidia Corporation -> NVIDIA Corporation)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2022-05-06 22:24 - 2024-06-30 18:27 - 000000027 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1320388668-3399326884-3787053663-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
30-06-2024 17:21:57 Windows Modules Installer
==================== Faulty Device Manager Devices ============
Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: RAID Controller
Description: RAID Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: PCI Device
Description: PCI Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: PCI Device
Description: PCI Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: ========================
Application errors:
==================
Error: (06/30/2024 06:29:05 PM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: AsusDownloadAgent.exe, version: 2.1.0.0, time stamp: 0x60925fad
Faulting module name: AsusDownloadAgent.exe, version: 2.1.0.0, time stamp: 0x60925fad
Exception code: 0xc0000409
Fault offset: 0x0000000000011cf8
Faulting process id: 0x0x1958
Faulting application start time: 0x0x1dacb560f303b86
Faulting application path: C:\Windows\system32\AsusDownloadAgent.exe
Faulting module path: C:\Windows\system32\AsusDownloadAgent.exe
Report Id: ab990538-6a1f-44fa-86dc-14de21f152bb
Faulting package full name:
Faulting package-relative application ID:
System errors:
=============
Error: (06/30/2024 06:28:24 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\Windows\system32\IntelIHVRouter12.dll
Error: (06/30/2024 06:28:24 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\Windows\system32\IntelIHVRouter12.dll
==================== Memory info ===========================
BIOS: American Megatrends Inc. 3205 03/18/2024
Motherboard: ASUSTeK COMPUTER INC. PRIME B660M-A WIFI D4
Processor: 12th Gen Intel® Core™ i7-12700F
Percentage of memory in use: 15%
Total physical RAM: 32581.27 MB
Available physical RAM: 27655.19 MB
Total Virtual: 37701.27 MB
Available Virtual: 30761.55 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:930.65 GB) (Free:861.83 GB) (Model: WD Blue SN570 1TB) NTFS
\\?\Volume{e581e547-14cd-4ce9-8dcb-4347305eae92}\ () (Fixed) (Total:0.75 GB) (Free:0.08 GB) NTFS
\\?\Volume{d4f83712-d675-42e9-b82d-b208b59af60f}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt =======================
Back to top
