Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-06-2020 Ran by Computer (05-06-2020 22:54:19) Running from C:\Users\Computer\Downloads Windows 10 Home Version 1909 18363.836 (X64) (2020-02-17 20:40:47) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1258654874-2085747945-3346975225-500 - Administrator - Disabled) Computer (S-1-5-21-1258654874-2085747945-3346975225-1001 - Administrator - Enabled) => C:\Users\Computer DefaultAccount (S-1-5-21-1258654874-2085747945-3346975225-503 - Limited - Disabled) Guest (S-1-5-21-1258654874-2085747945-3346975225-501 - Limited - Disabled) WDAGUtilityAccount (S-1-5-21-1258654874-2085747945-3346975225-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF} FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4} FW: Avast Antivirus (Enabled) {D322394B-73F7-C65E-BBB0-3B81E063D6D4} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 3DMark (HKLM\...\{139D7147-6175-4398-88D3-E8C3A4A13DFF}) (Version: 2.3.3732.0 - Futuremark) Hidden 3DMark (HKLM-x32\...\{3c2496ac-4fcf-49c9-aac4-7fc4b9cdbb71}) (Version: 2.3.3732.0 - Futuremark) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.009.20067 - Adobe Systems Incorporated) Adobe Photoshop CC 2019 (HKLM-x32\...\PHSP_20_0) (Version: 20.0.0 - Adobe Systems Incorporated) AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 19.10.16 - Advanced Micro Devices, Inc.) ARMOURY CRATE Lite Service (HKLM\...\{EF3944FF-2501-4568-B15C-5701E726719E}) (Version: 2.7.10 - ASUS) ASUS AIOFan HAL (HKLM\...\{EAE80DED-1A39-41C5-9F60-87CC947F6454}) (Version: 1.1.1.0 - ASUSTek COMPUTER INC.) Hidden ASUS AIOFan HAL (HKLM-x32\...\{5f0b03c9-f6af-402b-bdcc-0a4ee1a61106}) (Version: 1.1.1.0 - ASUSTek COMPUTER INC.) Hidden ASUS AURA Display Component (HKLM\...\{AFD1CF98-FE97-434C-A095-9F27C5BEA53C}) (Version: 1.1.25 - ASUSTek COMPUTER INC. ) Hidden ASUS AURA Display Component (HKLM-x32\...\{94267bd0-fa8a-4aa4-925d-ec3e0d130fba}) (Version: 1.1.25 - ASUSTek COMPUTER INC. ) Hidden ASUS AURA Extension Card HAL (HKLM\...\{2C39FF80-1BB2-42C5-A58D-DC90EFF048F6}) (Version: 1.0.16 - ASUSTeK COMPUTER INC.) Hidden ASUS AURA Extension Card HAL (HKLM-x32\...\{e46f527f-1e64-4554-abc1-115f3429c25c}) (Version: 1.0.16 - ASUSTeK COMPUTER INC.) Hidden ASUS AURA Motherboard HAL (HKLM\...\{D800D836-DE15-4B00-8273-521F022CD837}) (Version: 1.0.60 - ASUSTeK COMPUTER INC.) Hidden ASUS AURA Motherboard HAL (HKLM-x32\...\{c419fb2d-9e54-470e-a884-55e37cdb88df}) (Version: 1.0.60 - ASUSTeK COMPUTER INC.) Hidden ASUS AURA Odd Component (HKLM\...\{B5E322FB-C191-463E-BDDD-4F22290EDFDB}) (Version: 1.0.8 - ASUSTeK COMPUTER INC.) Hidden ASUS AURA Odd Component (HKLM-x32\...\{277875e0-972c-4705-b09c-ca5acf5b2f7c}) (Version: 1.0.8 - ASUSTeK COMPUTER INC.) Hidden ASUS Aura SDK (HKLM\...\{CF8E6E00-9C03-4440-81C0-21FACB921A6B}) (Version: 3.03.51 - ASUSTek COMPUTER INC.) Hidden ASUS AURA VGA Component (HKLM\...\{71BB96A6-EAC4-45AE-A17D-D3ED43FF1D14}) (Version: 0.0.2.3 - ASUSTek COMPUTER INC. ) Hidden ASUS AURA VGA Component (HKLM-x32\...\{2977b6c2-6523-42f4-8f52-bf4f7fc7a840}) (Version: 0.0.2.3 - ASUSTek COMPUTER INC. ) Hidden ASUS Framework Service (HKLM-x32\...\{CB0E3BB6-3F2F-401E-B1D4-E23C582ACB11}) (Version: 1.0.4.1 - ASUSTek COMPUTER INC.) Hidden ASUS Framework Service (HKLM-x32\...\{da2da1f0-ff8a-4f1a-9e1b-c1f022f18275}) (Version: 1.0.4.1 - ASUSTek COMPUTER INC.) ASUS GLCKIO2 Driver (HKLM-x32\...\{3507c756-a80f-4b0e-8475-975d8b432176}) (Version: 1.0.20 - ASUSTeK Computer Inc.) Hidden ASUS GLCKIO2 Driver (HKLM-x32\...\{5960FD0F-BB3B-49AF-B175-F77DC91E995A}) (Version: 1.0.20 - ASUSTeK Computer Inc.) Hidden ASUS MB Peripheral Products (HKLM\...\{BFED9861-7D96-4528-89F1-B090ABBF11A7}) (Version: 1.0.31 - ASUSTeK Computer Inc.) Hidden ASUS MB Peripheral Products (HKLM-x32\...\{41fd1901-1c71-453a-b440-dbe756a2cdc6}) (Version: 1.0.31 - ASUSTeK Computer Inc.) Hidden ASUS Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.107.17 - ASUSTeK Computer Inc.) Hidden AURA DRAM Component (HKLM\...\{3881F403-B6B7-4D2F-BDAC-7901EB677F52}) (Version: 1.0.37 - ASUS) Hidden AURA DRAM Component (HKLM-x32\...\{60d8d6b5-0ec5-420a-a407-a42e19346d46}) (Version: 1.0.37 - ASUS) Hidden AURA Service (HKLM-x32\...\{0E536061-3B55-4D45-BF58-0BDA261C94B0}) (Version: 3.04.02 - ASUSTeK Computer Inc.) Hidden AURA Service (HKLM-x32\...\{68b1ee1c-1c6b-4400-a763-10786af9abd0}) (Version: 3.04.02 - ASUSTeK Computer Inc.) Avast Premium Security (HKLM-x32\...\Avast Antivirus) (Version: 20.3.2405 - Avast Software) Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 81.1.4223.139 - AVAST Software) Avast SecureLine VPN (HKLM\...\{2CD3C92F-EDC5-4B02-9B0A-9C1D37C58EF5}_is1) (Version: 5.5.522 - AVAST Software) Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 6.4.1.10871 - Avira Operations GmbH & Co. KG) Balanced (HKLM-x32\...\{0EA45DD4-A825-420C-AFED-C659EFE3B84F}) (Version: 4.00.0000 - Advanced Micro Devices, Inc.) Hidden Corsair AURA DRAM Component (HKLM\...\{376E0869-A4F1-4DC7-A1FD-EBF3AFFEB832}) (Version: 1.0.13 - CORSAIR COMPONENTS INC.) Hidden Corsair AURA DRAM Component (HKLM-x32\...\{8fce5ea9-d56f-4f89-a363-830eceb72c72}) (Version: 1.0.13 - CORSAIR COMPONENTS INC.) Hidden Easy Photo Scan (HKLM-x32\...\{9E3F2EC3-7E4F-4F20-A56F-7A24D6E3D39B}) (Version: 1.00.0017 - Seiko Epson Corporation) ENE IO Driver (HKLM-x32\...\{D0512FFD-6194-4D2E-967E-25B82A3322FF}) (Version: 3.0.0 - ENE TECHNOLOGY INC.) Hidden ENE RGB HAL (HKLM\...\{BBEB79B8-472B-44E6-B0BA-157909EFE7D6}) (Version: 1.00.12 - Ene Tech.) Hidden ENE RGB HAL (HKLM-x32\...\{e0fa04a3-0593-40a3-8eea-c45cf5d09062}) (Version: 1.00.12 - Ene Tech.) Hidden ENE_DRAM_RGB_AURA42 (HKLM\...\{BC5E0A82-C638-44CB-8129-20C8ED70DE7A}) (Version: 1.00.02 - Ene Tech.) Hidden ENE_DRAM_RGB_AURA42 (HKLM-x32\...\{f3d7fb09-b93f-4c01-a765-0b0adc5bc746}) (Version: 1.00.02 - Ene Tech.) Hidden Epson Event Manager (HKLM-x32\...\{E244A764-EDD0-46B0-8689-661F6B28D9E5}) (Version: 3.10.0069 - Seiko Epson Corporation) Epson ReadyInk Agent (A) (HKLM-x32\...\{A9B4584F-A29E-4880-97E6-1744B4AF2AF8}) (Version: 1.0.2.0 - Seiko Epson Corporation) Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version: - Seiko Epson Corporation) EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 3.00.04 - SEIKO EPSON Corp.) Epson Software Updater (HKLM-x32\...\{FD036A57-F81D-4865-AAF0-811558EA76AE}) (Version: 4.5.1 - Seiko Epson Corporation) EPSON XP-440 Series Printer Uninstall (HKLM\...\EPSON XP-440 Series) (Version: - Seiko Epson Corporation) EpsonNet Print (HKLM\...\{96ED1D58-440C-4345-8FEE-C4781366C67F}) (Version: 3.1.4.0 - SEIKO EPSON Corporation) Futuremark SystemInfo (HKLM-x32\...\{6583B359-134F-480D-9B31-9B94EFFAFE40}) (Version: 5.0.609.0 - Futuremark) GALAX GAMER RGB (HKLM\...\{06A16AA8-BBA7-4362-962E-16651962D87C}) (Version: 1.00.02 - Galaxy Microsystems Ltd.) Hidden GALAX GAMER RGB (HKLM-x32\...\{1257fdeb-ffa3-4e17-9d4b-189075ea3656}) (Version: 1.00.02 - Galaxy Microsystems Ltd.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 83.0.4103.97 - Google LLC) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden Gyazo 4.1.2.0 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.) Kingston AURA DRAM Component (HKLM\...\{6D2D2DAF-BFE4-45A6-BF40-8A9F7FF54F42}) (Version: 1.0.20 - KINGSTON COMPONENTS INC.) Hidden Kingston AURA DRAM Component (HKLM-x32\...\{c0c65c06-e79e-44b5-bd66-85099364afeb}) (Version: 1.0.20 - KINGSTON COMPONENTS INC.) Hidden Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 83.0.478.45 - Microsoft Corporation) Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.129.31 - ) Microsoft OneDrive (HKU\S-1-5-21-1258654874-2085747945-3346975225-1001\...\OneDriveSetup.exe) (Version: 20.064.0329.0008 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation) Mozilla Firefox 77.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 77.0.1 (x64 en-US)) (Version: 77.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 73.0.1 - Mozilla) Nitro Pro (HKLM\...\{C96C14B3-5E41-49E5-AAB5-22832C08CAED}) (Version: 13.15.1.282 - Nitro) Hidden Nitro Pro (HKLM-x32\...\{b6447f4a-7f1e-4f4c-b770-5b1e3dafd6f3}) (Version: 13.15.1.282 - Nitro) NVIDIA Graphics Driver 432.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 432.00 - NVIDIA Corporation) OEM Application Profile (HKLM-x32\...\{84AD2AF7-10C8-0395-66F9-FFAEB4C5DBF1}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Patriot Viper M2 SSD RGB (HKLM\...\{0886A906-0625-4A43-930D-AA92F6665AF4}) (Version: 1.00.05 - Patriot Memory) Hidden Patriot Viper M2 SSD RGB (HKLM-x32\...\{6fe9d429-3c13-4e27-91a4-4c7b8c3ac7a7}) (Version: 1.00.05 - Patriot Memory) Patriot Viper RGB (HKLM\...\{E42E13B0-071E-49C1-B1CC-58198E82F302}) (Version: 1.00.08 - Patriot Memory) Hidden Patriot Viper RGB (HKLM-x32\...\{4b7bfeff-ac47-46c1-aea6-4556f5f0e6bb}) (Version: 1.00.08 - Patriot Memory) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.31.828.2018 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8666 - Realtek Semiconductor Corp.) ROG Live Service (HKLM-x32\...\{2D87BFB6-C184-4A59-9BBE-3E20CE797631}) (Version: 1.0.28.0 - ASUSTek COMPUTER INC.) Spotify (HKU\S-1-5-21-1258654874-2085747945-3346975225-1001\...\Spotify) (Version: 1.1.34.694.gac68a2b3 - Spotify AB) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Packages: ========= ARMOURY CRATE -> C:\Program Files\WindowsApps\B9ECED6F.ArmouryCrate_2.7.8.0_x64__qmba6cd70vzyy [2020-06-04] (ASUSTeK COMPUTER INC.) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-02-26] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-02-26] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.5012.0_x64__8wekyb3d8bbwe [2020-05-23] (Microsoft Studios) [MS Ad] MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-26] (Microsoft Corporation) [MS Ad] NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.956.0_x64__56jybvy8sckqj [2020-02-17] (NVIDIA Corp.) Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.2.174.0_x64__dt26b99r8h8gj [2020-02-17] (Realtek Semiconductor Corp) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-05-18] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-05-18] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers1: [Nitro.Pro.ShellExtension.Shim] -> {211B6F25-950C-49CD-AB86-A448EF85686A} => C:\Program Files\Common Files\Nitro\Nitro.Pro.ShellExtension.Shim.dll [2020-03-13] (Nitro Software, Inc. -> Nitro Software, Inc.) ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {14cb2bd0-2375-3d10-9b5d-5e18865c8959} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2020-01-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-05-18] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {700866bb-c8e9-3e71-b359-abb28baed0e8} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2020-01-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_90685a092bcf58c7\nvshext.dll [2019-10-04] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {0cab5786-30e8-3185-9b3b-ccefbf1b8afe} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2020-01-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-05-18] (Avast Software s.r.o. -> AVAST Software) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\Computer\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory=Default ShortcutWithArgument: C:\Users\Computer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory=Default ==================== Loaded Modules (Whitelisted) ============= 2019-12-31 09:29 - 2019-12-31 09:29 - 000147456 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\ffi\build\Release\ffi_bindings.node 2019-12-31 09:29 - 2019-12-31 09:29 - 000138752 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\ref\build\Release\binding.node 2020-02-17 13:49 - 2019-12-23 17:51 - 000093184 _____ () [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\zlibwapi.dll 2020-02-17 13:49 - 2019-06-26 15:07 - 000094208 _____ () [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\SwAgent\MacroControl.dll 2019-12-31 09:29 - 2019-12-31 09:29 - 000081920 _____ () [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\WindowID\WindowID.dll 2019-11-05 13:33 - 2019-11-05 13:33 - 000209920 _____ () [File not signed] C:\Program Files\ENE\Aac_ENE RGB HAL\x86\AacHal_x86.dll 2019-10-22 01:16 - 2019-10-22 01:16 - 000264704 _____ () [File not signed] C:\Program Files\ENE\Aac_ENE RGB HAL\x86\SB_SMBUS_SDK.dll 2019-11-06 13:09 - 2019-11-06 13:09 - 000190976 _____ () [File not signed] C:\Program Files\ENE\Aac_ENE_DRAM_RGB_AURA42\x86\AacHal_x86.dll 2018-09-20 08:39 - 2018-09-20 08:39 - 000156672 _____ () [File not signed] C:\Program Files\Galaxy\Aac_GALAX GAMER RGB\AacHal_x86.dll 2020-01-17 14:18 - 2020-01-17 14:18 - 002831360 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\LightingService\log4cxx.dll 2020-02-17 13:49 - 2019-10-24 10:15 - 002676736 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\AURAChecker.dll 2018-09-20 08:08 - 2018-09-20 08:08 - 000053760 _____ (MS) [File not signed] C:\Program Files\Galaxy\Aac_GALAX GAMER RGB\MsIo32_Galax.dll 2020-02-17 13:49 - 2019-06-26 15:07 - 003394560 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\libcrypto-1_1-x64.dll 2020-02-17 13:49 - 2019-06-26 15:07 - 000679424 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\libssl-1_1-x64.dll 2020-05-18 19:26 - 2018-09-07 09:07 - 002095104 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\AVAST Software\SecureLine VPN\libcrypto-1_1.dll 2020-02-17 13:49 - 2019-07-31 13:48 - 000072704 _____ (TODO: ) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Protocol\Interrupt\InterruptTransfer.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== ==================== Association (Whitelisted) ================= ==================== Internet Explorer trusted/restricted ========== ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2019-03-18 21:49 - 2019-03-18 21:49 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1258654874-2085747945-3346975225-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Computer\Pictures\mother-elephant-baby-elephant-calf.jpg DNS Servers: 192.168.1.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKLM\...\StartupApproved\Run32: => "EEventManager" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{A0CBE7E3-567C-4C40-859D-1DE3B94D4851}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe (ASUSTeK Computer Inc. -> ASUS) FirewallRules: [TCP Query User{CAFB8E36-0FAE-48EC-873F-DB03DD5C15C4}C:\users\computer\appdata\local\packages\b9eced6f.armourycrate_qmba6cd70vzyy\localstate\gridupdatefile\asusgcdriverupdateclient.exe] => (Allow) C:\users\computer\appdata\local\packages\b9eced6f.armourycrate_qmba6cd70vzyy\localstate\gridupdatefile\asusgcdriverupdateclient.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) FirewallRules: [UDP Query User{80C3C99A-D28E-4518-BF9A-C2E725F297E9}C:\users\computer\appdata\local\packages\b9eced6f.armourycrate_qmba6cd70vzyy\localstate\gridupdatefile\asusgcdriverupdateclient.exe] => (Allow) C:\users\computer\appdata\local\packages\b9eced6f.armourycrate_qmba6cd70vzyy\localstate\gridupdatefile\asusgcdriverupdateclient.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) FirewallRules: [{D65003B5-6A6F-48B4-9094-6A63291A7F00}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{8389AABC-A9A3-49C1-82F2-EB489B455065}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{DE46A9FD-355C-4CED-8457-EDD7DA10A7D5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{A7A8BED9-795A-4E56-8122-11DE142849F7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{5B05585C-707C-456C-B9C2-84D45CA64342}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe () [File not signed] FirewallRules: [{41D5C73D-1D53-41BC-9A08-F39BE34FE0A1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe () [File not signed] FirewallRules: [{D4FA0ACF-3DF8-47DC-AD6F-6E87CD9CA04E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> ) FirewallRules: [{540190AF-F1D4-440F-8480-835BA49B6FCE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> ) FirewallRules: [{F50E4111-42CB-4919-9625-C3CB02958874}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) FirewallRules: [{88908AF3-BEB2-4C2C-84E5-933CDD99A1FC}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) FirewallRules: [{3D8FE9ED-B3BC-4164-9B0A-25AB34470C8A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{770950D5-672F-411D-9C3A-E464F8B750D7}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [TCP Query User{C26613A1-228E-4B92-8819-9BF1A00F2579}C:\users\computer\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\computer\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [UDP Query User{B5CE0B13-432F-4E3A-9E28-00296CC012E3}C:\users\computer\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\computer\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{615122E6-3354-4E51-80B8-83AB15A5E976}] => (Allow) C:\Program Files (x86)\ASUS\ROG Live Service\ROGLiveService.exe (ASUSTeK Computer Inc. -> ASUSTek COMPUTER INC.) FirewallRules: [{D2704DCA-4D1C-40C5-8EEF-6BA953BB0898}] => (Allow) C:\Program Files (x86)\ASUS\ROG Live Service\ROGLiveService.exe (ASUSTeK Computer Inc. -> ASUSTek COMPUTER INC.) FirewallRules: [{9E029DD2-6DB8-48F2-8992-A3C67DE4AAF5}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (Avast Software s.r.o. -> AVAST Software) FirewallRules: [{6C804B0E-921D-4411-887C-D6FE55DBD1C2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{57EF972A-C535-4F26-B5B1-6640E7D18937}] => (Allow) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation -> Microsoft Corporation) ==================== Restore Points ========================= 19-05-2020 19:06:42 Restore Point Created by FRST 26-05-2020 21:34:32 Windows Modules Installer 03-06-2020 22:06:44 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============ Name: avast! SecureLine TAP Adapter v3 Description: avast! SecureLine TAP Adapter v3 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: TAP-Windows Provider V9 Service: aswTap Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ======================== Application errors: ================== Error: (06/05/2020 09:58:19 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY) Description: Product: Avast Update Helper -- Error 1316. The specified account already exists. Error: (06/05/2020 09:48:42 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY) Description: Product: Avast Update Helper -- Error 1316. The specified account already exists. Error: (06/05/2020 08:58:19 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY) Description: Product: Avast Update Helper -- Error 1316. The specified account already exists. Error: (06/05/2020 06:48:43 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY) Description: Product: Avast Update Helper -- Error 1316. The specified account already exists. Error: (06/05/2020 05:49:30 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: LightingService.exe, version: 0.0.0.0, time stamp: 0x5ea69eef Faulting module name: LightingService.exe, version: 0.0.0.0, time stamp: 0x5ea69eef Exception code: 0xc0000005 Fault offset: 0x000abccc Faulting process id: 0x1cd8 Faulting application start time: 0x01d63b9c5422efd4 Faulting application path: C:\Program Files (x86)\LightingService\LightingService.exe Faulting module path: C:\Program Files (x86)\LightingService\LightingService.exe Report Id: 106eb89e-8660-4535-ae2c-238bf8f882b1 Faulting package full name: Faulting package-relative application ID: Error: (06/05/2020 05:01:53 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY) Description: Product: Avast Update Helper -- Error 1316. The specified account already exists. Error: (06/05/2020 02:48:43 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY) Description: Product: Avast Update Helper -- Error 1316. The specified account already exists. Error: (06/05/2020 02:31:08 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: LightingService.exe, version: 0.0.0.0, time stamp: 0x5ea69eef Faulting module name: LightingService.exe, version: 0.0.0.0, time stamp: 0x5ea69eef Exception code: 0xc0000005 Fault offset: 0x000abccc Faulting process id: 0x1e8c Faulting application start time: 0x01d63b809d86b6df Faulting application path: C:\Program Files (x86)\LightingService\LightingService.exe Faulting module path: C:\Program Files (x86)\LightingService\LightingService.exe Report Id: 7caaaabf-25c5-4102-bad7-0097b801dc0d Faulting package full name: Faulting package-relative application ID: System errors: ============= Error: (06/05/2020 08:50:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The WinDefend service failed to start due to the following error: Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Error: (06/05/2020 05:50:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (06/05/2020 05:50:01 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect. Error: (06/05/2020 05:49:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The LightingService service terminated unexpectedly. It has done this 1 time(s). Error: (06/05/2020 05:49:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The WinDefend service failed to start due to the following error: Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Error: (06/05/2020 02:31:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The LightingService service terminated unexpectedly. It has done this 1 time(s). Error: (06/05/2020 02:31:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The WinDefend service failed to start due to the following error: Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Error: (06/05/2020 07:50:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The WinDefend service failed to start due to the following error: Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Windows Defender: =================================== Date: 2020-02-19 10:50:50.018 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {75079BD8-8B9D-43C9-ABB2-028B466DFC0D} Scan Type: Antimalware Scan Parameters: Quick Scan CodeIntegrity: =================================== Date: 2020-06-05 22:52:04.118 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements. Date: 2020-06-05 22:52:02.570 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements. Date: 2020-06-05 22:52:02.550 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements. Date: 2020-06-05 22:51:45.423 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements. Date: 2020-06-05 22:51:45.422 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements. Date: 2020-06-05 22:49:36.523 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements. Date: 2020-06-05 22:49:36.521 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements. Date: 2020-06-05 22:49:28.614 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== BIOS: American Megatrends Inc. 1405 11/19/2019 Motherboard: ASUSTeK COMPUTER INC. PRIME X570-P Processor: AMD Ryzen 7 3700X 8-Core Processor Percentage of memory in use: 32% Total physical RAM: 32686.45 MB Available physical RAM: 21997.52 MB Total Virtual: 37550.45 MB Available Virtual: 23325.91 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:930.88 GB) (Free:735.72 GB) NTFS \\?\Volume{d2b1cc94-01b9-4a09-9969-a9c9280df095}\ (Recovery) (Fixed) (Total:0.52 GB) (Free:0.09 GB) NTFS \\?\Volume{c48991e0-7653-4156-8cc4-abed1b773350}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt =======================