Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-05-2022 Ran by eugeneandteresa (administrator) on DESKTOP-5NS045K (HP HP Notebook) (24-05-2022 21:37:21) Running from C:\Users\eugeneandteresa\Desktop Loaded Profiles: eugeneandteresa Platform: Microsoft Windows 10 Home Version 21H1 19043.1706 (X64) Language: English (United States) Default browser: Chrome Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Advanced Micro Devices, Inc. -> Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (atiesrxx.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe (C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe ->) (Advanced Micro Devices, Inc. -> Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe ->) (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe (C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe ->) (Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCopyAccelerator.exe (explorer.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\SecureLine VPN\Vpn.exe <4> (explorer.exe ->) (Hewlett Packard -> Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 4520 series\Bin\ScanToPCActivationApp.exe (explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <8> (explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (services.exe ->) (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\SecureLine VPN\VpnSvc.exe (services.exe ->) (CyberLink Corp. -> ) C:\Program Files\CyberLink\Shared files\RichVideo64.exe (services.exe ->) (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe (services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\NisSrv.exe (services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (services.exe ->) (WildTangent Inc -> WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (svchost.exe ->) (CyberLink Corp. -> CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe (svchost.exe ->) (Hewlett Packard -> Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 4520 series\Bin\HPNetworkCommunicatorCom.exe (svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2203.4603.0_x64__8wekyb3d8bbwe\Cortana.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8911872 2016-10-15] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-07-06] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [654088 2015-02-17] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795336 2015-06-21] (CyberLink Corp. -> CyberLink Corp.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard) HKU\S-1-5-21-3528544182-332038941-3401246441-1002\...\Run: [HP ENVY 4520 series (NET)] => C:\Program Files\HP\HP ENVY 4520 series\Bin\ScanToPCActivationApp.exe [3651080 2015-03-09] (Hewlett Packard -> Hewlett-Packard Development Company, LP) HKLM\...\Windows x64\Print Processors\hpfpp02t: C:\Windows\System32\spool\prtprocs\x64\hpfpp02t.dll [253440 2010-05-14] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation) HKLM\...\Print\Monitors\HP D711 Status Monitor: C:\WINDOWS\system32\hpinkstsD711LM.dll [383496 2014-12-18] (Hewlett Packard -> Hewlett-Packard Development Company, LP) HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP ENVY 4520 series): C:\WINDOWS\system32\HPDiscoPMD711.dll [807432 2015-03-09] (Hewlett Packard -> Hewlett-Packard Development Company, LP) HKLM\...\Print\Monitors\HP Universal Port Monitor: C:\WINDOWS\system32\hpbprtmon.dll [432648 2015-07-10] (Microsoft Windows Hardware Compatibility Publisher -> HP) HKLM\...\Print\Monitors\PCL hpf3l02t: C:\WINDOWS\system32\hpf3l02t.dll [138752 2010-05-14] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Company) HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\101.0.4951.67\Installer\chrmstp.exe [2022-05-13] (Google LLC -> Google LLC) HKLM\Software\...\Authentication\Credential Providers: [{FA076B7A-C331-48e2-9EE9-7683A553739E}] -> C:\Program Files (x86)\CyberLink\YouCam6\CLCredProv\x64\CLCredProv.dll [2015-07-01] (CyberLink Corp. -> CyberLink) HKLM\Software\...\Authentication\Credential Provider Filters: [{FA076B7A-C331-48e2-9EE9-7683A553739E}] -> C:\Program Files (x86)\CyberLink\YouCam6\CLCredProv\x64\CLCredProv.dll [2015-07-01] (CyberLink Corp. -> CyberLink) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast SecureLine VPN.lnk [2022-04-12] ShortcutTarget: Avast SecureLine VPN.lnk -> C:\Program Files\AVAST Software\SecureLine VPN\Vpn.exe (Avast Software s.r.o. -> AVAST Software) ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0911D881-C51A-47BA-8805-5E6634255CB9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [993000 2022-04-08] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {1609AA4F-95D0-4A92-8785-76F4D5706494} - System32\Tasks\Avast Software\Avast SecureLine VPN Bug Report => C:\Program Files\Avast Software\SecureLine VPN\AvBugReport.exe [4688664 2022-04-07] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 11 --programpath "C:\Program Files\Avast Software\SecureLine VPN" --configpath "C:\ProgramData\Avast Software\SecureLine VPN" --path "C:\ProgramData\Avast Software\SecureLine VPN\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --logpath "C:\ProgramData\Avast Software\SecureLine VPN\log" --guid 09995f44-1518-419e-8ed1-9b24feee8f9e Task: {1AA4210D-4ECE-480E-8EEC-38BE7C5C6657} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe [515512 2015-07-01] (CyberLink Corp. -> CyberLink Corp.) Task: {2D86FEE5-B053-4A0C-926E-EEB3C45EAFD6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [324952 2020-06-19] (HP Inc. -> HP Inc.) Task: {31E13182-75D5-49D7-A94D-1518FB53AD71} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [447800 2015-07-11] (Hewlett-Packard Company -> Hewlett-Packard Company) Task: {40966AE0-8167-43CB-B30D-A00269CFEF2E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [993000 2022-04-08] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {549D4A34-291D-4771-B7FB-0C76BF38184F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1133912 2020-06-19] (HP Inc. -> HP Inc.) Task: {6DE8C96B-426C-4575-9718-A63E94E890DE} - System32\Tasks\Avast SecureLine => C:\Program Files\AVAST Software\SecureLine\SecureLine.exe /nogui (No File) Task: {71AF3764-164A-441B-8061-4CBB2F76BB3C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-07] (HP Inc. -> HP Inc.) Task: {7D3ED69E-0B16-46FF-BF07-17F4E2EE605C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [447800 2015-07-11] (Hewlett-Packard Company -> Hewlett-Packard Company) Task: {842FB748-1833-4718-BBEC-922D541F4539} - System32\Tasks\WpsExternal_eugeneandteresa_20220510085141 => C:\Program Files (x86)\Kingsoft\WPS Office\11.2.0.11130\office6\wpscloudsvr.exe [1061120 2022-05-10] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) Task: {84E027B0-AC16-40BE-AA39-4511768796A3} - System32\Tasks\Avast SecureLine VPN Update => C:\Program Files\Avast Software\SecureLine VPN\VpnUpdate.exe [1227032 2022-04-07] (Avast Software s.r.o. -> AVAST Software) Task: {98BC104C-14D4-4E8C-9749-029F3EA65FEA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [135000 2020-06-22] (HP Inc. -> HP Inc.) Task: {BD0052F8-EFE4-4BFF-A43E-0774DA23B862} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {CBAE028D-9108-4376-B902-0AC0DE2C33B1} - System32\Tasks\WpsNotifyTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsnotify.exe -from=task (No File) Task: {CCE25C2A-20BE-4BA9-92B4-6A2D779B1251} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [993000 2022-04-08] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {CDD42170-5868-47DE-BF09-6A3D959A4787} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [511344 2015-06-19] (Dropbox, Inc -> ) Task: {D0CA2AC0-EF8D-459C-BC79-3B77AE6B7486} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-04-27] (Google Inc -> Google Inc.) Task: {D3C94C33-C2A9-426D-A61D-1A2827D396FB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [993000 2022-04-08] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {D63D5647-8D63-41E6-993C-7C07645BB044} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-04-27] (Google Inc -> Google Inc.) Task: {DBF78A08-3AB1-40DA-8B73-9756E2118970} - System32\Tasks\Avast Software\Avast SecureLine VPN Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-vpn\icarus.exe [6634776 2022-03-29] (Avast Software s.r.o. -> Avast Software) Task: {DF7BB16F-6D1D-408E-8896-2A426BE8C967} - System32\Tasks\WpsNotifyTask_eugeneandteresa => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsnotify.exe -from=task (No File) Task: {EBB658C4-A27A-4406-A1F7-C47330A267A1} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [198696 2016-11-07] (HP Inc. -> HP Inc.) Task: {EED38363-19A0-4F12-A7FF-9D62E991277D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-18] (Adobe Inc. -> Adobe Inc.) Task: {F1F9BBF6-6686-438D-8BD7-7BFE64A789BD} - System32\Tasks\WpsUpdateTask_eugeneandteresa => C:\Program Files (x86)\Kingsoft\WPS Office\11.2.0.11130\office6\wpsupdate.exe [170752 2022-05-10] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) Task: {F29C7F9F-D61F-473A-AC08-363A46ADB988} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_TH6593J2K5 => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1133912 2020-06-19] (HP Inc. -> HP Inc.) Task: {F67BD79A-D42A-41FE-B3F1-4BF60F78EE51} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1133912 2020-06-19] (HP Inc. -> HP Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\WpsNotifyTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsnotify.exe Task: C:\WINDOWS\Tasks\WpsNotifyTask_eugeneandteresa.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsnotify.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{c4dd7e44-d672-4bd8-b603-a928b0a41bf8}: [DhcpNameServer] 192.168.1.1 Edge: ======= Edge HomeButtonPage: HKU\S-1-5-21-3528544182-332038941-3401246441-1002 -> hxxp://www.google.com/ Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found] Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found] Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found] Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found] Edge DefaultProfile: Default Edge Profile: C:\Users\eugeneandteresa\AppData\Local\Microsoft\Edge\User Data\Default [2022-05-24] Edge HomePage: Default -> hxxp://www.google.com/ FireFox: ======== FF DefaultProfile: vheqgxg1.default FF ProfilePath: C:\Users\eugeneandteresa\AppData\Roaming\Mozilla\Firefox\Profiles\vheqgxg1.default [2022-05-23] FF Homepage: Mozilla\Firefox\Profiles\vheqgxg1.default -> www.google.com FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-05] (Adobe Systems, Inc.) [File not signed] FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-06-25] (WildTangent Inc -> ) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2022-04-07] (Adobe Inc. -> Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Profile 1 CHR Profile: C:\Users\eugeneandteresa\AppData\Local\Google\Chrome\User Data\Default [2020-03-04] CHR NewTab: Default -> Not-active:"chrome-extension://jadhamcfimejpbemfkgoeijaimpciehj/stubby.html" CHR Extension: (Slides) - C:\Users\eugeneandteresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12] CHR Extension: (Docs) - C:\Users\eugeneandteresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12] CHR Extension: (Google Drive) - C:\Users\eugeneandteresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-16] CHR Extension: (YouTube) - C:\Users\eugeneandteresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-27] CHR Extension: (Adobe Acrobat) - C:\Users\eugeneandteresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-03-03] CHR Extension: (Sheets) - C:\Users\eugeneandteresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12] CHR Extension: (Google Docs Offline) - C:\Users\eugeneandteresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-01-15] CHR Extension: (YourTemplateFinder ) - C:\Users\eugeneandteresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\jadhamcfimejpbemfkgoeijaimpciehj [2019-12-17] CHR Extension: (Chrome Web Store Payments) - C:\Users\eugeneandteresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-03] CHR Extension: (Gmail) - C:\Users\eugeneandteresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-29] CHR Extension: (Chrome Media Router) - C:\Users\eugeneandteresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-02-08] CHR Profile: C:\Users\eugeneandteresa\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-03-04] CHR Profile: C:\Users\eugeneandteresa\AppData\Local\Google\Chrome\User Data\Profile 1 [2022-05-22] CHR HomePage: Profile 1 -> hxxp://www.google.com/ CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\eugeneandteresa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2022-04-27] CHR Extension: (Google Docs Offline) - C:\Users\eugeneandteresa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-04-19] CHR Extension: (Chrome Web Store Payments) - C:\Users\eugeneandteresa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-30] CHR Profile: C:\Users\eugeneandteresa\AppData\Local\Google\Chrome\User Data\System Profile [2020-03-04] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AdaptiveSleepService; c:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [138752 2015-07-06] () [File not signed] R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-18] (Adobe Inc. -> Adobe Inc.) R2 AMD FUEL Service; c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-07-06] (Advanced Micro Devices, Inc.) [File not signed] R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-06-25] (WildTangent Inc -> WildTangent) R2 HPSupportSolutionsFrameworkService; c:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [379736 2020-08-20] (HP Inc. -> HP Inc.) R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [608520 2015-02-17] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] (CyberLink Corp. -> ) R2 SecureLine; C:\Program Files\Avast Software\SecureLine VPN\VpnSvc.exe [9692952 2022-04-07] (Avast Software s.r.o. -> AVAST Software) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\NisSrv.exe [3116848 2022-04-08] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe [133544 2022-04-08] (Microsoft Windows Publisher -> Microsoft Corporation) S3 wpscloudsvr; C:\Program Files (x86)\Kingsoft\office6\wpscloudsvr.exe [1061120 2022-05-10] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 aswVpnRdr; C:\WINDOWS\System32\drivers\aswVpnRdr.sys [59008 2022-01-26] (Avast Software s.r.o. -> Avast Software) S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed] S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed] R3 clwvd6; C:\WINDOWS\System32\drivers\clwvd6.sys [41704 2013-10-29] (CyberLink Corp. -> CyberLink Corporation) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49600 2022-04-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [443664 2022-04-08] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [90384 2022-04-08] (Microsoft Windows -> Microsoft Corporation) R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [37280 2021-11-23] (HP Inc. -> HP) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2022-05-24 21:37 - 2022-05-24 21:41 - 000023808 _____ C:\Users\eugeneandteresa\Desktop\FRST.txt 2022-05-24 21:37 - 2022-05-24 21:37 - 000000000 ____D C:\Users\eugeneandteresa\Desktop\FRST-OlderVersion 2022-05-24 21:35 - 2022-05-24 21:39 - 000000000 ____D C:\FRST 2022-05-24 21:35 - 2022-05-24 21:37 - 002367488 _____ (Farbar) C:\Users\eugeneandteresa\Desktop\FRST64.exe 2022-05-13 13:57 - 2022-05-13 13:57 - 000011799 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim 2022-05-13 13:55 - 2022-05-13 13:55 - 000093696 _____ C:\WINDOWS\system32\Drivers\cimfs.sys 2022-05-13 13:54 - 2022-05-13 13:54 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll 2022-05-13 09:55 - 2022-05-13 09:55 - 000000000 ___HD C:\$WinREAgent 2022-05-10 08:51 - 2022-05-10 08:51 - 000004124 _____ C:\WINDOWS\system32\Tasks\WpsExternal_eugeneandteresa_20220510085141 2022-05-10 08:51 - 2022-05-10 08:51 - 000003806 _____ C:\WINDOWS\system32\Tasks\WpsUpdateTask_eugeneandteresa 2022-04-30 08:51 - 2022-05-14 08:49 - 000002416 _____ C:\Users\eugeneandteresa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2022-05-24 21:43 - 2019-12-07 02:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2022-05-24 21:36 - 2016-04-27 12:10 - 000000000 ____D C:\Program Files (x86)\Google 2022-05-24 21:29 - 2019-12-07 02:13 - 000000000 ____D C:\WINDOWS\INF 2022-05-24 21:25 - 2020-08-26 20:45 - 000004186 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{254E50A2-B31B-4F36-95C6-F0991617D5F2} 2022-05-24 21:20 - 2020-08-26 20:01 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2022-05-23 20:05 - 2020-07-21 09:34 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2022-05-23 20:05 - 2020-07-21 09:34 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2022-05-23 20:05 - 2019-12-07 02:14 - 000000000 ___HD C:\Program Files\WindowsApps 2022-05-23 20:05 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2022-05-23 20:01 - 2015-12-25 00:33 - 000000000 ____D C:\Users\eugeneandteresa\Documents\YouCam 2022-05-23 19:56 - 2016-07-04 12:26 - 000000000 ____D C:\ProgramData\HP 2022-05-19 11:23 - 2020-08-26 20:45 - 000004028 _____ C:\WINDOWS\system32\Tasks\Avast SecureLine VPN Update 2022-05-19 11:23 - 2020-08-26 20:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2022-05-19 11:23 - 2020-08-26 20:00 - 000008192 ___SH C:\DumpStack.log.tmp 2022-05-19 11:23 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\ServiceState 2022-05-19 11:23 - 2015-09-06 20:12 - 000000000 ____D C:\ProgramData\AVAST Software 2022-05-19 11:22 - 2019-12-07 02:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2022-05-19 11:22 - 2017-10-05 13:20 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin 2022-05-15 08:55 - 2020-08-26 20:24 - 000934962 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2022-05-15 00:00 - 2020-08-26 20:01 - 000276080 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2022-05-14 23:56 - 2019-12-07 02:14 - 000000000 ___SD C:\WINDOWS\system32\UNP 2022-05-14 23:56 - 2019-12-07 02:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2022-05-14 23:56 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SystemResources 2022-05-14 23:56 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\migwiz 2022-05-14 23:56 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\bcastdvr 2022-05-14 23:56 - 2019-12-07 02:14 - 000000000 ____D C:\Program Files\Common Files\System 2022-05-14 08:49 - 2021-12-11 10:13 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3528544182-332038941-3401246441-1002 2022-05-14 08:49 - 2020-08-26 20:45 - 000003398 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3528544182-332038941-3401246441-1002 2022-05-14 00:06 - 2019-12-07 02:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2022-05-14 00:01 - 2019-12-27 12:17 - 000000000 ____D C:\Users\eugeneandteresa\AppData\Local\ElevatedDiagnostics 2022-05-13 23:57 - 2015-12-25 11:40 - 000000000 ____D C:\WINDOWS\system32\MRT 2022-05-13 14:17 - 2015-12-25 11:39 - 145501456 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2022-05-13 08:19 - 2016-04-27 12:10 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2022-05-13 08:19 - 2016-04-27 12:10 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2022-04-29 08:40 - 2020-08-26 20:45 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2022-04-29 08:40 - 2020-08-26 20:45 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ========================