Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-06-2022 01 Ran by eugeneandteresa (administrator) on DESKTOP-5NS045K (HP HP Notebook) (04-06-2022 14:55:19) Running from C:\Users\eugeneandteresa\Desktop Loaded Profiles: eugeneandteresa Platform: Microsoft Windows 10 Home Version 21H1 19043.1706 (X64) Language: English (United States) Default browser: Chrome Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (atiesrxx.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe (C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (explorer.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\SecureLine VPN\Vpn.exe <3> (explorer.exe ->) (Hewlett Packard -> Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 4520 series\Bin\ScanToPCActivationApp.exe (explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <10> (explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 4520 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe (Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (services.exe ->) () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe (services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (services.exe ->) (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\SecureLine VPN\VpnSvc.exe (services.exe ->) (CyberLink Corp. -> ) C:\Program Files\CyberLink\Shared files\RichVideo64.exe (services.exe ->) (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe (services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\NisSrv.exe (services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (svchost.exe ->) (CyberLink Corp. -> CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe (svchost.exe ->) (Dropbox, Inc -> ) C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe (svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2203.4603.0_x64__8wekyb3d8bbwe\Cortana.exe (svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20970.0_x64__8wekyb3d8bbwe\HxTsr.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8911872 2016-10-15] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-07-06] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [654088 2015-02-17] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795336 2015-06-21] (CyberLink Corp. -> CyberLink Corp.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard) HKU\S-1-5-21-3528544182-332038941-3401246441-1002\...\Run: [HP ENVY 4520 series (NET)] => C:\Program Files\HP\HP ENVY 4520 series\Bin\ScanToPCActivationApp.exe [3651080 2015-03-09] (Hewlett Packard -> Hewlett-Packard Development Company, LP) HKU\S-1-5-21-3528544182-332038941-3401246441-1002\...\Run: [MicrosoftEdgeAutoLaunch_721D4E0E443E49309379589FE12DB6DB] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3595192 2022-06-03] (Microsoft Corporation -> Microsoft Corporation) HKLM\...\Windows x64\Print Processors\hpfpp02t: C:\Windows\System32\spool\prtprocs\x64\hpfpp02t.dll [253440 2010-05-14] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation) HKLM\...\Print\Monitors\HP D711 Status Monitor: C:\WINDOWS\system32\hpinkstsD711LM.dll [383496 2014-12-18] (Hewlett Packard -> Hewlett-Packard Development Company, LP) HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP ENVY 4520 series): C:\WINDOWS\system32\HPDiscoPMD711.dll [807432 2015-03-09] (Hewlett Packard -> Hewlett-Packard Development Company, LP) HKLM\...\Print\Monitors\HP Universal Port Monitor: C:\WINDOWS\system32\hpbprtmon.dll [432648 2015-07-10] (Microsoft Windows Hardware Compatibility Publisher -> HP) HKLM\...\Print\Monitors\PCL hpf3l02t: C:\WINDOWS\system32\hpf3l02t.dll [138752 2010-05-14] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Company) HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\102.0.5005.63\Installer\chrmstp.exe [2022-06-02] (Google LLC -> Google LLC) HKLM\Software\...\Authentication\Credential Providers: [{FA076B7A-C331-48e2-9EE9-7683A553739E}] -> C:\Program Files (x86)\CyberLink\YouCam6\CLCredProv\x64\CLCredProv.dll [2015-07-01] (CyberLink Corp. -> CyberLink) HKLM\Software\...\Authentication\Credential Provider Filters: [{FA076B7A-C331-48e2-9EE9-7683A553739E}] -> C:\Program Files (x86)\CyberLink\YouCam6\CLCredProv\x64\CLCredProv.dll [2015-07-01] (CyberLink Corp. -> CyberLink) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast SecureLine VPN.lnk [2022-04-12] ShortcutTarget: Avast SecureLine VPN.lnk -> C:\Program Files\AVAST Software\SecureLine VPN\Vpn.exe (Avast Software s.r.o. -> AVAST Software) ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {11E863AA-932D-4EBA-B0F7-7D309324AB2B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [993000 2022-04-08] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {1609AA4F-95D0-4A92-8785-76F4D5706494} - System32\Tasks\Avast Software\Avast SecureLine VPN Bug Report => C:\Program Files\Avast Software\SecureLine VPN\AvBugReport.exe [4688664 2022-04-07] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 11 --programpath "C:\Program Files\Avast Software\SecureLine VPN" --configpath "C:\ProgramData\Avast Software\SecureLine VPN" --path "C:\ProgramData\Avast Software\SecureLine VPN\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --logpath "C:\ProgramData\Avast Software\SecureLine VPN\log" --guid 09995f44-1518-419e-8ed1-9b24feee8f9e Task: {1AA4210D-4ECE-480E-8EEC-38BE7C5C6657} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe [515512 2015-07-01] (CyberLink Corp. -> CyberLink Corp.) Task: {3C525D08-FF16-48AA-9468-3C9DA199716C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [993000 2022-04-08] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {3D348F22-009B-444D-A251-71BA8BA7954C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [993000 2022-04-08] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {48823B51-4F81-4672-89A9-024858FD1D38} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [993000 2022-04-08] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {842FB748-1833-4718-BBEC-922D541F4539} - System32\Tasks\WpsExternal_eugeneandteresa_20220510085141 => C:\Program Files (x86)\Kingsoft\WPS Office\11.2.0.11130\office6\wpscloudsvr.exe [1061120 2022-05-10] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) Task: {CDD42170-5868-47DE-BF09-6A3D959A4787} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [511344 2015-06-19] (Dropbox, Inc -> ) Task: {D0CA2AC0-EF8D-459C-BC79-3B77AE6B7486} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-04-27] (Google Inc -> Google Inc.) Task: {D63D5647-8D63-41E6-993C-7C07645BB044} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-04-27] (Google Inc -> Google Inc.) Task: {DBF78A08-3AB1-40DA-8B73-9756E2118970} - System32\Tasks\Avast Software\Avast SecureLine VPN Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-vpn\icarus.exe [6634776 2022-03-29] (Avast Software s.r.o. -> Avast Software) Task: {E40C66C4-F42F-4B39-BC4C-09977CB4C8D5} - System32\Tasks\Avast SecureLine VPN Update => C:\Program Files\Avast Software\SecureLine VPN\VpnUpdate.exe [1227032 2022-04-07] (Avast Software s.r.o. -> AVAST Software) Task: {EED38363-19A0-4F12-A7FF-9D62E991277D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-18] (Adobe Inc. -> Adobe Inc.) Task: {F1F9BBF6-6686-438D-8BD7-7BFE64A789BD} - System32\Tasks\WpsUpdateTask_eugeneandteresa => C:\Program Files (x86)\Kingsoft\WPS Office\11.2.0.11130\office6\wpsupdate.exe [170752 2022-05-10] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\WpsNotifyTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsnotify.exe Task: C:\WINDOWS\Tasks\WpsNotifyTask_eugeneandteresa.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsnotify.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{c4dd7e44-d672-4bd8-b603-a928b0a41bf8}: [DhcpNameServer] 192.168.1.1 Edge: ======= Edge HomeButtonPage: HKU\S-1-5-21-3528544182-332038941-3401246441-1002 -> hxxp://www.google.com/ Edge DefaultProfile: Default Edge Profile: C:\Users\eugeneandteresa\AppData\Local\Microsoft\Edge\User Data\Default [2022-06-04] Edge HomePage: Default -> hxxp://www.google.com/ FireFox: ======== FF DefaultProfile: vheqgxg1.default FF ProfilePath: C:\Users\eugeneandteresa\AppData\Roaming\Mozilla\Firefox\Profiles\vheqgxg1.default [2022-06-04] FF Homepage: Mozilla\Firefox\Profiles\vheqgxg1.default -> www.google.com FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-05] (Adobe Systems, Inc.) [File not signed] FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2022-04-07] (Adobe Inc. -> Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Profile 1 CHR Profile: C:\Users\eugeneandteresa\AppData\Local\Google\Chrome\User Data\Default [2022-06-04] CHR Extension: (Slides) - C:\Users\eugeneandteresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12] CHR Extension: (Docs) - C:\Users\eugeneandteresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12] CHR Extension: (Google Drive) - C:\Users\eugeneandteresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-16] CHR Extension: (YouTube) - C:\Users\eugeneandteresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-27] CHR Extension: (Adobe Acrobat) - C:\Users\eugeneandteresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-03-03] CHR Extension: (Sheets) - C:\Users\eugeneandteresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12] CHR Extension: (Google Docs Offline) - C:\Users\eugeneandteresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-01-15] CHR Extension: (Chrome Web Store Payments) - C:\Users\eugeneandteresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-03] CHR Extension: (Gmail) - C:\Users\eugeneandteresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-29] CHR Extension: (Chrome Media Router) - C:\Users\eugeneandteresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-02-08] CHR Profile: C:\Users\eugeneandteresa\AppData\Local\Google\Chrome\User Data\Guest Profile [2022-05-26] CHR Profile: C:\Users\eugeneandteresa\AppData\Local\Google\Chrome\User Data\Profile 1 [2022-05-29] CHR HomePage: Profile 1 -> hxxp://www.google.com/ CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\eugeneandteresa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2022-04-27] CHR Extension: (Google Docs Offline) - C:\Users\eugeneandteresa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-04-19] CHR Extension: (Chrome Web Store Payments) - C:\Users\eugeneandteresa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-30] CHR Profile: C:\Users\eugeneandteresa\AppData\Local\Google\Chrome\User Data\System Profile [2022-05-26] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdaptiveSleepService; c:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [138752 2015-07-06] () [File not signed] R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-18] (Adobe Inc. -> Adobe Inc.) R2 AMD FUEL Service; c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-07-06] (Advanced Micro Devices, Inc.) [File not signed] R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [608520 2015-02-17] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8524512 2022-06-03] (Malwarebytes Inc. -> Malwarebytes) R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] (CyberLink Corp. -> ) R2 SecureLine; C:\Program Files\Avast Software\SecureLine VPN\VpnSvc.exe [9692952 2022-04-07] (Avast Software s.r.o. -> AVAST Software) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\NisSrv.exe [3116848 2022-04-08] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe [133544 2022-04-08] (Microsoft Windows Publisher -> Microsoft Corporation) S3 wpscloudsvr; C:\Program Files (x86)\Kingsoft\office6\wpscloudsvr.exe [1061120 2022-05-10] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 aswVpnRdr; C:\WINDOWS\System32\drivers\aswVpnRdr.sys [59008 2022-01-26] (Avast Software s.r.o. -> Avast Software) R3 clwvd6; C:\WINDOWS\System32\drivers\clwvd6.sys [41704 2013-10-29] (CyberLink Corp. -> CyberLink Corporation) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [103888 2022-06-03] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2022-06-03] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-06-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [194512 2022-06-04] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [74688 2022-06-04] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239560 2022-06-03] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [181992 2022-06-04] (Malwarebytes Inc. -> Malwarebytes) R3 MpKsl8369ea73; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{54B7905D-F36F-492A-897E-B2B799F9E012}\MpKslDrv.sys [137464 2022-06-04] (Microsoft Windows -> Microsoft Corporation) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49600 2022-04-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [443664 2022-04-08] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [90384 2022-04-08] (Microsoft Windows -> Microsoft Corporation) R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [37280 2021-11-23] (HP Inc. -> HP) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2022-06-04 14:52 - 2022-06-04 14:52 - 000000000 ____D C:\Users\eugeneandteresa\AppData\Local\CrashDumps 2022-06-04 14:47 - 2022-06-04 14:47 - 000194512 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2022-06-04 14:47 - 2022-06-04 14:47 - 000181992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2022-06-04 14:47 - 2022-06-04 14:47 - 000074688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2022-06-03 19:30 - 2022-06-03 19:30 - 000001532 _____ C:\Users\eugeneandteresa\Desktop\Malwarebytes Log.txt 2022-06-03 18:54 - 2022-06-03 18:54 - 000004640 _____ C:\Users\eugeneandteresa\Desktop\AdwCleaner[C02].txt 2022-06-03 09:02 - 2022-06-03 09:02 - 000001538 _____ C:\Users\eugeneandteresa\Desktop\Malwarebytes Report.txt 2022-06-03 08:28 - 2022-06-03 08:28 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2022-06-03 08:28 - 2022-06-03 08:28 - 000002028 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2022-06-03 08:28 - 2022-06-03 08:28 - 000000000 ____D C:\Users\eugeneandteresa\AppData\Local\mbam 2022-06-03 08:27 - 2022-06-03 08:27 - 000239560 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2022-06-03 08:27 - 2022-06-03 08:27 - 000223176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2022-06-03 08:27 - 2022-06-03 08:25 - 000021480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys 2022-06-03 08:26 - 2022-06-03 08:25 - 000103888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2022-06-03 08:25 - 2022-06-03 08:25 - 000000000 ____D C:\ProgramData\Malwarebytes 2022-06-03 08:25 - 2022-06-03 08:25 - 000000000 ____D C:\Program Files\Malwarebytes 2022-06-03 08:21 - 2022-06-03 08:21 - 002546400 _____ (Malwarebytes) C:\Users\eugeneandteresa\Desktop\MBSetup.exe 2022-06-03 08:21 - 2022-06-03 08:21 - 000010213 _____ C:\Users\eugeneandteresa\Desktop\AdwCleaner[S00].txt 2022-06-03 08:16 - 2022-06-03 18:43 - 000000000 ____D C:\AdwCleaner 2022-06-03 08:15 - 2022-06-03 08:15 - 008551608 _____ (Malwarebytes) C:\Users\eugeneandteresa\Desktop\AdwCleaner.exe 2022-06-02 22:56 - 2022-06-02 22:56 - 000001362 _____ C:\Users\eugeneandteresa\Desktop\eset.txt 2022-06-02 11:00 - 2022-06-02 11:00 - 000001289 _____ C:\Users\eugeneandteresa\Desktop\ESET Online Scanner.lnk 2022-06-02 10:59 - 2022-06-02 10:59 - 000001395 _____ C:\Users\eugeneandteresa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk 2022-06-02 10:59 - 2022-06-02 10:59 - 000000000 ____D C:\Users\eugeneandteresa\AppData\Local\ESET 2022-06-02 10:57 - 2022-06-02 10:57 - 015274968 _____ (ESET) C:\Users\eugeneandteresa\Desktop\esetonlinescanner.exe 2022-06-01 12:40 - 2022-06-01 12:40 - 000000000 ____D C:\Users\eugeneandteresa\AppData\Local\OneDrive 2022-05-30 12:06 - 2022-05-30 12:06 - 018376648 _____ C:\Users\eugeneandteresa\Desktop\SOFTWARE.zip 2022-05-30 12:00 - 2022-05-30 12:00 - 084934656 _____ C:\Users\eugeneandteresa\Desktop\SOFTWARE 2022-05-29 10:28 - 2022-06-04 14:43 - 000008242 _____ C:\Users\eugeneandteresa\Desktop\Fixlog.txt 2022-05-29 10:28 - 2022-05-29 10:28 - 000002331 _____ C:\Users\eugeneandteresa\Desktop\cbwqexehhi.txt 2022-05-28 19:04 - 2022-06-04 14:31 - 000028546 _____ C:\Users\eugeneandteresa\Desktop\Addition.txt 2022-05-28 18:56 - 2022-06-04 15:00 - 000020167 _____ C:\Users\eugeneandteresa\Desktop\FRST.txt 2022-05-24 21:37 - 2022-06-04 14:17 - 000000000 ____D C:\Users\eugeneandteresa\Desktop\FRST-OlderVersion 2022-05-24 21:35 - 2022-06-04 14:58 - 000000000 ____D C:\FRST 2022-05-24 21:35 - 2022-06-04 14:17 - 002368000 _____ (Farbar) C:\Users\eugeneandteresa\Desktop\FRST64.exe 2022-05-13 13:57 - 2022-05-13 13:57 - 000011799 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim 2022-05-13 13:55 - 2022-05-13 13:55 - 000093696 _____ C:\WINDOWS\system32\Drivers\cimfs.sys 2022-05-13 13:54 - 2022-05-13 13:54 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll 2022-05-13 09:55 - 2022-05-13 09:55 - 000000000 ___HD C:\$WinREAgent 2022-05-10 08:51 - 2022-05-10 08:51 - 000004124 _____ C:\WINDOWS\system32\Tasks\WpsExternal_eugeneandteresa_20220510085141 2022-05-10 08:51 - 2022-05-10 08:51 - 000003806 _____ C:\WINDOWS\system32\Tasks\WpsUpdateTask_eugeneandteresa ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2022-06-04 15:03 - 2019-12-07 02:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2022-06-04 14:59 - 2015-12-25 00:33 - 000000000 ____D C:\Users\eugeneandteresa\Documents\YouCam 2022-06-04 14:54 - 2020-08-26 20:45 - 000004186 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{254E50A2-B31B-4F36-95C6-F0991617D5F2} 2022-06-04 14:49 - 2016-04-27 12:10 - 000000000 ____D C:\Program Files (x86)\Google 2022-06-04 14:46 - 2020-08-26 20:45 - 000004028 _____ C:\WINDOWS\system32\Tasks\Avast SecureLine VPN Update 2022-06-04 14:46 - 2020-08-26 20:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2022-06-04 14:46 - 2020-08-26 20:00 - 000008192 ___SH C:\DumpStack.log.tmp 2022-06-04 14:46 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\ServiceState 2022-06-04 14:46 - 2015-09-06 20:12 - 000000000 ____D C:\ProgramData\AVAST Software 2022-06-04 14:45 - 2019-12-07 02:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2022-06-04 14:45 - 2017-10-05 13:20 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin 2022-06-04 14:14 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2022-06-04 14:08 - 2020-08-26 20:01 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2022-06-04 13:48 - 2019-12-07 02:14 - 000000000 ___HD C:\Program Files\WindowsApps 2022-06-04 13:47 - 2020-07-21 09:34 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2022-06-04 13:47 - 2020-07-21 09:34 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2022-06-03 18:53 - 2015-07-23 00:57 - 000000000 ____D C:\ProgramData\Hewlett-Packard 2022-06-03 18:53 - 2015-07-23 00:29 - 000000000 ____D C:\Program Files\Hewlett-Packard 2022-06-03 18:53 - 2015-07-23 00:29 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard 2022-06-03 18:53 - 2015-07-22 21:57 - 000000000 ___HD C:\hp 2022-06-03 18:52 - 2015-12-25 00:37 - 000000000 ____D C:\Users\eugeneandteresa\AppData\Roaming\Hewlett-Packard 2022-06-03 18:52 - 2015-12-25 00:37 - 000000000 ____D C:\Users\eugeneandteresa\AppData\Local\Hewlett-Packard 2022-06-03 08:27 - 2019-12-07 02:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2022-06-02 15:30 - 2016-04-27 12:10 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2022-06-02 15:30 - 2016-04-27 12:10 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2022-06-02 11:00 - 2018-07-10 12:39 - 000000000 ____D C:\ProgramData\Packages 2022-05-29 14:22 - 2020-08-26 20:05 - 000000000 ____D C:\Users\eugeneandteresa 2022-05-29 13:25 - 2019-12-07 02:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2022-05-28 18:46 - 2022-04-30 08:51 - 000002416 _____ C:\Users\eugeneandteresa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2022-05-28 18:46 - 2021-12-11 10:13 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3528544182-332038941-3401246441-1002 2022-05-28 18:46 - 2020-08-26 20:45 - 000003398 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3528544182-332038941-3401246441-1002 2022-05-28 18:41 - 2017-12-04 10:36 - 000000000 ____D C:\Users\eugeneandteresa\AppData\Local\Packages 2022-05-24 21:29 - 2019-12-07 02:13 - 000000000 ____D C:\WINDOWS\INF 2022-05-23 19:56 - 2016-07-04 12:26 - 000000000 ____D C:\ProgramData\HP 2022-05-15 08:55 - 2020-08-26 20:24 - 000934962 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2022-05-15 00:00 - 2020-08-26 20:01 - 000276080 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2022-05-14 23:56 - 2019-12-07 02:14 - 000000000 ___SD C:\WINDOWS\system32\UNP 2022-05-14 23:56 - 2019-12-07 02:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2022-05-14 23:56 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SystemResources 2022-05-14 23:56 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\migwiz 2022-05-14 23:56 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\bcastdvr 2022-05-14 23:56 - 2019-12-07 02:14 - 000000000 ____D C:\Program Files\Common Files\System 2022-05-14 00:01 - 2019-12-27 12:17 - 000000000 ____D C:\Users\eugeneandteresa\AppData\Local\ElevatedDiagnostics 2022-05-13 23:57 - 2015-12-25 11:40 - 000000000 ____D C:\WINDOWS\system32\MRT 2022-05-13 14:17 - 2015-12-25 11:39 - 145501456 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ========================