Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-05-2022 Ran by eugeneandteresa (28-05-2022 19:04:58) Running from C:\Users\eugeneandteresa\Desktop Microsoft Windows 10 Home Version 21H1 19043.1706 (X64) (2020-08-27 03:47:55) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-3528544182-332038941-3401246441-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3528544182-332038941-3401246441-503 - Limited - Disabled) eugeneandteresa (S-1-5-21-3528544182-332038941-3401246441-1002 - Administrator - Enabled) => C:\Users\eugeneandteresa Guest (S-1-5-21-3528544182-332038941-3401246441-501 - Limited - Disabled) WDAGUtilityAccount (S-1-5-21-3528544182-332038941-3401246441-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 12 Labours of Hercules III: Girl Power (HKLM-x32\...\WTA-4b57b438-6042-4f83-8bc9-af3817521e93) (Version: 3.0.2.118 - WildTangent) Hidden Avast SecureLine VPN (HKLM-x32\...\Avast SecureLine) (Version: 5.17.6057.3944 - Avast Software) Azkend 2: The World Beneath (HKLM-x32\...\WTA-cc2f566d-a904-4380-a1dc-cd9a6606a1bf) (Version: 2.2.0.98 - WildTangent) Hidden Barn Yarn Collector's Edition (HKLM-x32\...\WTA-cdf45559-b53d-4ba9-a7c7-1afc750b4b4b) (Version: 3.0.2.48 - WildTangent) Hidden Bonjour (HKLM-x32\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.) Coyote The Outlander (HKLM-x32\...\WTA-ddde5db2-c7e3-440b-9899-da5d8fc886d8) (Version: 3.0.2.59 - WildTangent) Hidden Delicious: Emily's Wonder Wedding Premium Edition (HKLM-x32\...\WTA-dd8cc9e1-7d1e-454d-aee4-cb561b1e3585) (Version: 3.0.2.59 - WildTangent) Hidden DisableMSDefender (HKLM-x32\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden Dropbox 25 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.8.2 - Dropbox, Inc.) Energy Star (HKLM-x32\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company) Entwined: The Perfect Murder (HKLM-x32\...\WTA-d07fc465-77f9-4d9d-98c9-0de0b5d94f05) (Version: 3.0.2.59 - WildTangent) Hidden Evernote v. 5.8.6 (HKLM-x32\...\{FEDC7C10-EF67-11E4-9B07-00505695D7B0}) (Version: 5.8.6.7519 - Evernote Corp.) Family Vacation 2: Road Trip (HKLM-x32\...\WTA-35bf0a58-96d0-4af3-92a6-6335b236c335) (Version: 3.0.2.59 - WildTangent) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 101.0.4951.67 - Google LLC) Home Makeover (HKLM-x32\...\WTA-dea03d40-c6c6-4603-b55b-0a756fe079fe) (Version: 3.0.2.59 - WildTangent) Hidden IGT Slots: Paradise Garden (HKLM-x32\...\WTA-2b7f906f-291c-45cd-9140-b1e051d0340d) (Version: 3.0.2.59 - WildTangent) Hidden Imperial Island: Birth of an Empire (HKLM-x32\...\WTA-a42ad1db-b95e-488b-8d74-e20b7d8d6054) (Version: 3.0.2.59 - WildTangent) Hidden Jewel Match Snowscapes (HKLM-x32\...\WTA-43420215-c697-4d80-9005-250ab881eb4f) (Version: 3.0.2.118 - WildTangent) Hidden Living Legends: Frozen Beauty Collector's Edition (HKLM-x32\...\WTA-080ea6bf-8574-4591-bcfe-a7392f82f6d9) (Version: 3.0.2.59 - WildTangent) Hidden Lost Lands: Dark Overlord Collector's Edition (HKLM-x32\...\WTA-62425731-919a-43b4-b718-dcf84732a2ba) (Version: 3.0.2.59 - WildTangent) Hidden Lost Souls: Timeless Fables Collector's Edition (HKLM-x32\...\WTA-8549c664-181b-49f8-b9ed-1c2f1c1be250) (Version: 3.0.2.59 - WildTangent) Hidden Magic Heroes: Save Our Park (HKLM-x32\...\WTA-6ec07954-8c25-4f3b-9b83-e133780b402c) (Version: 3.0.2.59 - WildTangent) Hidden Manor Memoirs Collector's Edition (HKLM-x32\...\WTA-92b9e03a-f821-40c5-b189-44edf2360653) (Version: 3.0.2.59 - WildTangent) Hidden Microsoft OneDrive (HKU\S-1-5-21-3528544182-332038941-3401246441-1002\...\OneDriveSetup.exe) (Version: 22.099.0508.0001 - Microsoft Corporation) Mystery Expedition: Prisoners of Ice (HKLM-x32\...\WTA-c74d770e-de32-43ab-92ff-6810ab3db366) (Version: 3.0.2.59 - WildTangent) Hidden OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Plagiarii (HKLM-x32\...\WTA-13234cd2-bf12-42d9-87cb-bab9599b462f) (Version: 3.0.2.59 - WildTangent) Hidden Polar Bowler 1st Frame (HKLM-x32\...\WTA-48d2392a-42a0-4948-a283-43fe5fab77cd) (Version: 3.0.2.59 - WildTangent) Hidden Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.31213 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7944 - Realtek Semiconductor Corp.) REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.59 - REALTEK Semiconductor Corp.) Runefall (HKLM-x32\...\WTA-70840a76-9ffd-4f23-8b2b-c5a601894717) (Version: 3.0.2.126 - WildTangent) Hidden Rush Hour! Gas Station (HKLM-x32\...\WTA-6d367f47-0afc-4bba-8e34-93f931e6576f) (Version: 3.0.2.59 - WildTangent) Hidden Sky High Farm (HKLM-x32\...\WTA-8916ed5c-b9b9-44b3-9c2a-61725d9b9df1) (Version: 3.0.2.59 - WildTangent) Hidden Synaptics Pointing Device Driver (HKLM-x32\...\SynTPDeinstKey) (Version: 19.3.31.31 - Synaptics Incorporated) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM-x32\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent) WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.11.16 - WildTangent) Hidden WPS Office (11.2.0.11130) (HKU\S-1-5-21-3528544182-332038941-3401246441-1002\...\Kingsoft Office) (Version: 11.2.0.11130 - Kingsoft Corp.) WPS Office (9.1.0.5113) (HKLM-x32\...\Kingsoft Office) (Version: 9.1.0.5113 - Kingsoft Corp.) Packages: ========= Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2815.0_x64__343d40qqvtj1t [2020-02-22] (Amazon.com) Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-08] (Autodesk Inc.) Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.218.400.0_x64__kgqvnymyfvs32 [2022-05-26] (king.com) Hearts Deluxe -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.HeartsDeluxe_6.12.80.0_x64__kx24dqmazqk8j [2022-04-30] (Random Salad Games LLC) HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_136.1.269.0_x64__v10z8vjag6ke6 [2022-04-30] (HP Inc.) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-12] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-12] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.12.5120.0_x64__8wekyb3d8bbwe [2022-05-19] (Microsoft Studios) [MS Ad] Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.98.1805.0_x64__mcm4njqhnhss8 [2022-02-17] (Netflix, Inc.) Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_7.4.4.0_x64__kx24dqmazqk8j [2021-09-29] (Random Salad Games LLC) Snapfish -> C:\Program Files\WindowsApps\AD2F1837.HPConnectedPhotopoweredbySnapfish_6.1.736.0_x86__v10z8vjag6ke6 [2018-08-05] (Snapfish) The Weather Channel for HP -> C:\Program Files\WindowsApps\Weather.TheWeatherChannelforHP_2015.1108.1.0_x64__t3yemqpq4kp7p [2015-12-25] (The Weather Channel.) TripAdvisor Hotels Flights Restaurants -> C:\Program Files\WindowsApps\TripAdvisorLLC.TripAdvisorHotelsFlightsRestaurants_1.5.10.0_x64__qj0v5chwq8f2g [2016-11-18] (TripAdvisor LLC) Twitter -> C:\Program Files\WindowsApps\9E2F88E3.TWITTER_7.0.1.0_neutral__wgeqdkkx372wm [2021-06-13] (Twitter Inc.) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3528544182-332038941-3401246441-1002_Classes\CLSID\{28A80003-18FD-411D-B0A3-3C81F618E22B}\InprocServer32 -> C:\Program Files (x86)\Kingsoft\WPS Office\11.2.0.11130\office6\kwpsmenushellext64.dll (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) CustomCLSID: HKU\S-1-5-21-3528544182-332038941-3401246441-1002_Classes\CLSID\{C591CFEA-E432-495d-A0BE-58E4CCD87B17}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated) ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-07-06] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) ContextMenuHandlers1_S-1-5-21-3528544182-332038941-3401246441-1002: [ kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Program Files (x86)\Kingsoft\WPS Office\11.2.0.11130\office6\kwpsmenushellext64.dll [2022-05-10] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) ContextMenuHandlers4_S-1-5-21-3528544182-332038941-3401246441-1002: [ kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Program Files (x86)\Kingsoft\WPS Office\11.2.0.11130\office6\kwpsmenushellext64.dll [2022-05-10] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\eugeneandteresa\Desktop\Person 2 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default" ShortcutWithArgument: C:\Users\eugeneandteresa\Desktop\T (T Mark) - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1" ShortcutWithArgument: C:\Users\eugeneandteresa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\AmazonShopping.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.amazon.com/gp/bit/amazonbookmark.html?tag=hp2-desktop-us-20&partner=HP ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=square ==================== Loaded Modules (Whitelisted) ============= 2015-07-06 21:37 - 2015-07-06 21:37 - 000127488 _____ () [File not signed] c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2020-08-26 20:10 - 2020-08-26 20:10 - 001093120 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL 2020-08-26 20:10 - 2020-08-26 20:10 - 000057344 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80ENU.DLL ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE HKU\S-1-5-21-3528544182-332038941-3401246441-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE HKU\S-1-5-21-3528544182-332038941-3401246441-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE SearchScopes: HKLM-x32 -> {D8CD7189-C016-4F3E-A662-338FC9BC2F1C} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-3528544182-332038941-3401246441-1002 -> {D8CD7189-C016-4F3E-A662-338FC9BC2F1C} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-04-30] (EVERNOTE CORPORATION -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-10-27] (HP Inc. -> HP Inc.) ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-07-10 04:04 - 2015-07-10 04:02 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3528544182-332038941-3401246441-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\eugeneandteresa\Downloads\IMG_0717.JPG DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{B395C93D-E756-47B8-AFF3-E6A81882442B}] => (Allow) C:\Program Files (x86)\Kingsoft\WPS Office\11.2.0.11130\office6\wpscloudsvr.exe (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) FirewallRules: [{4E57078B-D683-4BC2-AA2C-697A8F99E71F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe => No File FirewallRules: [{41760F8E-DB41-4032-A03B-9480A0CBD96D}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE => No File FirewallRules: [{2DF6422E-A071-482C-AC68-84BB5D248AE8}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe (CyberLink Corp. -> CyberLink Corp.) FirewallRules: [{4EA3A70C-2F4F-4AE0-8C77-8D4693E71FCE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe (CyberLink Corp. -> CyberLink Corp.) FirewallRules: [{D5BBAF24-3FAF-436D-9116-DFC20027D665}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe (CyberLink Corp. -> CyberLink Corp.) FirewallRules: [{F10744C6-22B1-4465-B86A-7F9815480ABA}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe (CyberLink Corp. -> CyberLink) FirewallRules: [{BABE52EC-A881-494C-B19F-3572C4C85DA4}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.) FirewallRules: [{D1B1F1AE-375C-4C74-ADDA-C6437679994A}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) FirewallRules: [{830885B0-2F6C-431E-A3CF-2A48215FF64D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{67D38694-2BC6-4F8E-A3F6-569D516A1846}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{0940E4B8-691A-4B9A-9EF0-0ECC0AB39922}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{FC0E0283-D9E3-4717-A6F2-489120266ABA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{314DCD60-728B-4FC3-B88B-2EA6C69314A0}] => (Allow) C:\Users\eugeneandteresa\AppData\Local\Temp\7zS3B40\HP.EasyStart.exe => No File FirewallRules: [{6C550162-E66F-43EA-89B6-9283CE4DA510}] => (Allow) C:\Program Files\HP\HP ENVY 4520 series\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP) FirewallRules: [{AE399043-1073-48A7-9C34-19F0368E81FE}] => (Allow) LPort=5357 FirewallRules: [{D528461A-3BDD-4EE8-B3D4-EBEBB01AD69D}] => (Allow) C:\Program Files\HP\HP ENVY 4520 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP) FirewallRules: [{9FF97159-F972-4581-AA6A-7D2089C411BF}] => (Allow) C:\Program Files (x86)\Kingsoft\WPS Office\11.2.0.11130\office6\wps.exe (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) FirewallRules: [{103E1CB8-DC4E-44D2-8405-C16D4B7718CC}] => (Allow) C:\Program Files\Avast Software\SecureLine VPN\Vpn.exe (Avast Software s.r.o. -> AVAST Software) FirewallRules: [{4D9E664E-6C6A-47CA-929C-BE684D84DBB8}] => (Allow) C:\Program Files\Avast Software\SecureLine VPN\Vpn.exe (Avast Software s.r.o. -> AVAST Software) FirewallRules: [{B6111BA0-60A4-4791-9069-779C382D7C3E}] => (Allow) C:\Program Files (x86)\Kingsoft\WPS Office\11.2.0.11130\office6\promecefpluginhost.exe (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) FirewallRules: [{26D4BD02-B846-43FD-8FEE-8AF85DD1D1F2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{B1B5E957-F5E9-4EFC-9985-0B0CE76770F4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{D192121A-3416-47F4-9DB2-B239ECFCD2DC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{55011E91-E37A-46CF-9EF4-6987422253E8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{D3CADAED-4E7E-4865-8A78-D14BCD95CD4A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) ==================== Restore Points ========================= 16-04-2022 23:58:48 Windows Modules Installer 13-05-2022 09:51:02 Windows Modules Installer 26-05-2022 20:04:20 Removed swMSM. ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (05/28/2022 06:53:39 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: HPSF.exe, version: 8.0.29.6, time stamp: 0x55a0aec4 Faulting module name: KERNELBASE.dll, version: 10.0.19041.1706, time stamp: 0x458acb5b Exception code: 0xe0434352 Fault offset: 0x0000000000034fd9 Faulting process id: 0x1da4 Faulting application start time: 0x01d872fced9c04e8 Faulting application path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report Id: 8b79fd79-0ad3-4380-872d-9a757bbe1bc1 Faulting package full name: Faulting package-relative application ID: Error: (05/28/2022 06:53:28 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: HPSF.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.MissingMethodException at HP.SupportAssistant.HPSALight.App.OnStartup(System.Windows.StartupEventArgs) at System.Windows.Application.<.ctor>b__1_0(System.Object) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate) at System.Windows.Threading.DispatcherOperation.InvokeImpl() at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at MS.Internal.CulturePreservingExecutionContext.Run(MS.Internal.CulturePreservingExecutionContext, System.Threading.ContextCallback, System.Object) at System.Windows.Threading.DispatcherOperation.Invoke() at System.Windows.Threading.Dispatcher.ProcessQueue() at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate) at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32) at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr) at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef) at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame) at System.Windows.Application.RunDispatcher(System.Object) at System.Windows.Application.RunInternal(System.Windows.Window) at HP.SupportAssistant.HPSALight.App.Main() Error: (05/28/2022 06:40:57 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: PowerDVD14Agent.exe, version: 14.0.1.5418, time stamp: 0x55823d4f Faulting module name: BoomerangLib.dll_unloaded, version: 3.0.0.3818, time stamp: 0x5302d454 Exception code: 0xc0000005 Fault offset: 0x00001000 Faulting process id: 0x18d0 Faulting application start time: 0x01d872fcf861842a Faulting application path: C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe Faulting module path: BoomerangLib.dll Report Id: a03418ab-fa8a-437c-84f5-6ddb3e37c9b6 Faulting package full name: Faulting package-relative application ID: Error: (05/26/2022 08:19:57 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: HPSF.exe, version: 8.0.29.6, time stamp: 0x55a0aec4 Faulting module name: KERNELBASE.dll, version: 10.0.19041.1706, time stamp: 0x458acb5b Exception code: 0xe0434352 Fault offset: 0x0000000000034fd9 Faulting process id: 0x20c8 Faulting application start time: 0x01d87178169cfd41 Faulting application path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report Id: 5427b5d7-d73e-40c5-94cc-c275bc742d73 Faulting package full name: Faulting package-relative application ID: Error: (05/26/2022 08:19:53 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: HPSF.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.MissingMethodException at HP.SupportAssistant.HPSALight.App.OnStartup(System.Windows.StartupEventArgs) at System.Windows.Application.<.ctor>b__1_0(System.Object) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate) at System.Windows.Threading.DispatcherOperation.InvokeImpl() at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at MS.Internal.CulturePreservingExecutionContext.Run(MS.Internal.CulturePreservingExecutionContext, System.Threading.ContextCallback, System.Object) at System.Windows.Threading.DispatcherOperation.Invoke() at System.Windows.Threading.Dispatcher.ProcessQueue() at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate) at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32) at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr) at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef) at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame) at System.Windows.Application.RunDispatcher(System.Object) at System.Windows.Application.RunInternal(System.Windows.Window) at HP.SupportAssistant.HPSALight.App.Main() Error: (05/26/2022 08:05:09 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (05/26/2022 07:41:45 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: HPSF.exe, version: 8.0.29.6, time stamp: 0x55a0aec4 Faulting module name: KERNELBASE.dll, version: 10.0.19041.1706, time stamp: 0x458acb5b Exception code: 0xe0434352 Fault offset: 0x0000000000034fd9 Faulting process id: 0x1e6c Faulting application start time: 0x01d871731babb5e7 Faulting application path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report Id: 08800509-b61d-4d9e-b316-2ad26a440e84 Faulting package full name: Faulting package-relative application ID: Error: (05/26/2022 07:41:30 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: HPSF.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.MissingMethodException at HP.SupportAssistant.HPSALight.App.OnStartup(System.Windows.StartupEventArgs) at System.Windows.Application.<.ctor>b__1_0(System.Object) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate) at System.Windows.Threading.DispatcherOperation.InvokeImpl() at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at MS.Internal.CulturePreservingExecutionContext.Run(MS.Internal.CulturePreservingExecutionContext, System.Threading.ContextCallback, System.Object) at System.Windows.Threading.DispatcherOperation.Invoke() at System.Windows.Threading.Dispatcher.ProcessQueue() at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate) at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32) at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr) at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef) at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame) at System.Windows.Application.RunDispatcher(System.Object) at System.Windows.Application.RunInternal(System.Windows.Window) at HP.SupportAssistant.HPSALight.App.Main() System errors: ============= Error: (05/28/2022 06:51:11 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-5NS045K) Description: Unable to start a DCOM Server: Microsoft.MicrosoftEdge_44.19041.1266.0_neutral__8wekyb3d8bbwe!MicrosoftEdge as Unavailable/Unavailable. The error: "2147942402" Happened while starting this command: "C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca Error: (05/28/2022 06:46:42 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80240017: 2022-04 Update for Windows 10 Version 21H1 for x64-based Systems (KB5005463). Error: (05/28/2022 06:45:48 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Storage Service service hung on starting. Error: (05/28/2022 06:43:42 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The System Guard Runtime Monitor Broker service hung on starting. Error: (05/28/2022 06:41:36 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Downloaded Maps Manager service hung on starting. Error: (05/28/2022 06:41:22 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service. Error: (05/28/2022 06:41:07 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-5NS045K) Description: Unable to start a DCOM Server: Microsoft.MicrosoftEdge_44.19041.1266.0_neutral__8wekyb3d8bbwe!MicrosoftEdge as Unavailable/Unavailable. The error: "2147942402" Happened while starting this command: "C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca Error: (05/28/2022 06:40:48 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service. Windows Defender: ================ Date: 2022-05-14 23:41:04 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2022-04-16 00:35:20 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2022-03-13 10:48:14 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2022-01-18 23:50:19 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2022-01-18 00:32:18 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Event[0]: Date: 2022-05-26 19:07:34 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.367.530.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.19200.6 Error code: 0x80070102 Error description: The wait operation timed out. Date: 2022-05-26 19:07:34 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.367.530.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.19200.6 Error code: 0x80070102 Error description: The wait operation timed out. Date: 2022-01-14 09:12:30 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.355.1916.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.18800.4 Error code: 0x80070102 Error description: The wait operation timed out. Date: 2022-01-02 05:41:35 Description: Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions. ==================== Memory info =========================== BIOS: Insyde F.12 07/30/2015 Motherboard: HP 8137 Processor: AMD A6-5200 APU with Radeon(TM) HD Graphics Percentage of memory in use: 82% Total physical RAM: 3537.01 MB Available physical RAM: 624.19 MB Total Virtual: 5137.01 MB Available Virtual: 1570.11 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:443.88 GB) (Free:365.14 GB) (Model: WDC WD5000LPVX-60V0TT0) NTFS Drive d: (RECOVERY) (Fixed) (Total:19.75 GB) (Free:2.31 GB) (Model: WDC WD5000LPVX-60V0TT0) NTFS ==>[system with boot components (obtained from drive)] \\?\Volume{edf5a484-0761-48ad-a3a2-9e127e8fd8c9}\ () (Fixed) (Total:1.75 GB) (Free:0.86 GB) NTFS \\?\Volume{9b45ea5d-e30f-4003-82d5-cb5d123c8799}\ () (Fixed) (Total:0.25 GB) (Free:0.2 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: EFD32010) Partition: GPT. ==================== End of Addition.txt =======================