Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-09-2023 Ran by William (administrator) on WISC (Dell Inc. Inspiron 5547) (17-09-2023 16:15:49) Running from C:\Users\William\Downloads\FRST64.exe Loaded Profiles: William Platform: Microsoft Windows 10 Home Version 22H2 19045.3208 (X64) Language: English (United States) Default browser: Chrome Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Brother Industries, Ltd. -> Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (C:\Program Files (x86)\Common Files\iMyFone\Components\Resident\LocalService.exe ->) (Shenzhen iMyFone Technology Co., Ltd -> ) C:\Program Files (x86)\Common Files\iMyFone\Components\Resident\MFResident.exe (C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe ->) (Brother Industries, Ltd. -> Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe (C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe <2> (C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <3> (C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (C:\Program Files\TechSmith\Snagit 2020\Snagit32.exe ->) () [File not signed] C:\Program Files\TechSmith\Snagit 2020\crashpad_handler.exe <2> (C:\Program Files\TechSmith\Snagit 2020\Snagit32.exe ->) (TechSmith Corporation -> TechSmith Corporation) C:\Program Files\TechSmith\Snagit 2020\SnagitEditor.exe (C:\Program Files\TechSmith\Snagit 2020\Snagit32.exe ->) (TechSmith Corporation -> TechSmith Corporation) C:\Program Files\TechSmith\Snagit 2020\SnagPriv.exe (C:\Windows\SoftwareDistribution\Download\Install\UpdatePlatform.amd64fre.exe ->) () [File not signed] C:\Windows\Temp\08C5ACF5-B8BD-43EB-94DB-F2D8935D1CF9\MpSigStub.exe (explorer.exe ->) (Compal Electronics, Inc. -> Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe (explorer.exe ->) (Google LLC -> ) C:\Program Files\Google\Drive File Stream\80.0.1.0\crashpad_handler.exe <3> (explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <41> (explorer.exe ->) (Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\80.0.1.0\GoogleDriveFS.exe <7> (explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <5> (explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE (explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe (explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (explorer.exe ->) (TechSmith Corporation -> TechSmith Corporation) C:\Program Files\TechSmith\Snagit 2020\Snagit32.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleCrashHandler64.exe (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\MpCmdRun.exe <2> (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\MsMpEng.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <23> (services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (services.exe ->) (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe (services.exe ->) (Entertainment Experience LLC -> ) C:\Program Files\TrueColor\TrueColorALS.exe (services.exe ->) (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (services.exe ->) (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (services.exe ->) (Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (services.exe ->) (Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe (services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe (services.exe ->) (Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (services.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (services.exe ->) (Shenzhen iMyFone Technology Co., Ltd -> ) C:\Program Files (x86)\Common Files\iMyFone\Components\Resident\LocalService.exe (services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (services.exe ->) (TechSmith Corporation -> TechSmith Corporation) C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe (services.exe ->) (Wondershare Technology Group Co.,Ltd -> Wondershare) C:\ProgramData\Wondershare\Service\InstallAssistService.exe (svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 -> ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2334.2.0_x64__cv1g1gvanyjgm\WhatsApp.exe (svchost.exe ->) (CyberLink -> CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (svchost.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxext.exe (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2307.4.0_x64__8wekyb3d8bbwe\CalculatorApp.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\InputMethod\CHT\ChtIME.exe <2> (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (wuauclt.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\UpdatePlatform.amd64fre.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-08-04] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-04] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5789512 2014-01-15] (Compal Electronics, Inc. -> Dell Inc.) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-31] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) HKLM\...\Run: [TrueColor UI] => C:\Program Files\TrueColor\TrueColorUI.exe [18785776 2014-04-30] (Entertainment Experience LLC -> Entertainment Experience) HKLM\...\Run: [TechSmithSnagit] => C:\Program Files\TechSmith\Snagit 2020\Snagit32.exe [9486816 2020-07-23] (TechSmith Corporation -> TechSmith Corporation) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3955888 2015-09-01] (Synaptics Incorporated -> Synaptics Incorporated) HKLM\...\Run: [] => [X] HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [146584 2017-11-07] (Brother Industries, Ltd. -> Brother Industries, Ltd.) HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.) [File not signed] HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink -> CyberLink) HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2012-06-14] (CyberLink -> CyberLink) HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe [234000 2012-06-14] (CyberLink -> CyberLink Corp.) HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc. -> Nuance Communications, Inc.) HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc. -> Nuance Communications, Inc.) HKLM-x32\...\Run: [] => [X] HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\80.0.1.0\GoogleDriveFS.exe [55747872 2023-09-17] (Google LLC -> Google, Inc.) HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\80.0.1.0\GoogleDriveFS.exe [55747872 2023-09-17] (Google LLC -> Google, Inc.) HKU\S-1-5-21-1711854232-1882592926-4052355929-1001\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\80.0.1.0\GoogleDriveFS.exe [55747872 2023-09-17] (Google LLC -> Google, Inc.) HKU\S-1-5-21-1711854232-1882592926-4052355929-1001\...\Run: [Power2GoExpress] => [X] HKU\S-1-5-21-1711854232-1882592926-4052355929-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler (No File) HKU\S-1-5-21-1711854232-1882592926-4052355929-1001\...\Run: [ProtonVPN] => C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.exe [7958112 2022-04-12] (Proton Technologies AG -> ) HKU\S-1-5-21-1711854232-1882592926-4052355929-1001\...\Run: [] => [X] HKU\S-1-5-21-1711854232-1882592926-4052355929-1001\...\Run: [MicrosoftEdgeAutoLaunch_EE213862BE90D094A66B18E1372843D4] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4107728 2023-08-25] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-1711854232-1882592926-4052355929-1001\...\MountPoints2: {ce89b8dd-3653-11ec-82c3-3417eb6d4c5f} - "E:\DTVP_Launcher.exe" HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\80.0.1.0\GoogleDriveFS.exe [55747872 2023-09-17] (Google LLC -> Google, Inc.) HKLM\...\Print\Monitors\PDF-XChange Lite Port Monitor: C:\WINDOWS\system32\pxcpmL.dll [719848 2022-04-13] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.) HKLM\...\Print\Monitors\PDF-XChange Standard Port Monitor: C:\WINDOWS\system32\pxcpm.dll [957184 2022-09-27] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.) HKLM\Software\Microsoft\Active Setup\Installed Components: [{48F69C39-1356-4A7B-A899-70E3539D4982}] -> C:\Program Files (x86)\AVG\Browser\Application\115.0.21984.172\Installer\chrmstp.exe [2023-08-15] (AVG Technologies USA, LLC -> AVG Technologies) HKLM\Software\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\116.0.5845.97\Installer\chrmstp.exe [2023-08-22] (Google LLC -> Google LLC) HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 13.lnk [2021-09-20] ShortcutTarget: Snagit 13.lnk -> C:\Program Files (x86)\TechSmith\Snagit 13\Snagit32.exe (TechSmith Corporation -> TechSmith Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WSAndroidAppHelper.lnk [2022-10-21] ShortcutTarget: WSAndroidAppHelper.lnk -> C:\Program Files (x86)\Wondershare\drfone\Addins\SocialApps\WSAndroidAppHelper.exe (No File) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WSAppHelper.lnk [2022-10-21] ShortcutTarget: WSAppHelper.lnk -> C:\Program Files (x86)\Wondershare\drfone\Addins\SocialApps\WSAppHelper.exe (No File) Startup: C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RT-Updater.lnk [2020-08-15] ShortcutTarget: RT-Updater.lnk -> C:\Program Files (x86)\Ross-Tech\VCDS\VCDS.exe () [File not signed] HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0856B427-8129-40AD-850F-5E43B60219D7} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {17753107-6AFB-4F39-A021-94FE2E0321BA} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {34F544AA-91B9-40FD-917C-F4BFE720B9F8} - \PCDEventLauncherTask -> No File <==== ATTENTION Task: {3827666B-086E-4886-B92B-3FBD0E39FA8B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {3B7D4840-927B-41D4-94EF-144B1431479D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {47337B40-E0BE-47BB-B4C1-C28A37455D1F} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {656717BF-3EE5-4229-97BD-DF6540EABAE8} - \PCDoctorBackgroundMonitorTask -> No File <==== ATTENTION Task: {A22694E3-0124-47D6-9DFF-07D485D7789F} - \SystemToolsDailyTest -> No File <==== ATTENTION Task: {A49A7402-2BC4-4AA3-90E9-3333B4DD0B29} - \WPD\SqmUpload_S-1-5-21-1711854232-1882592926-4052355929-1001 -> No File <==== ATTENTION Task: {BED74B6C-F1D1-442D-B881-F15343F8C301} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {02228A00-5B52-48F2-A062-8DD26FA807E9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1566200 2023-08-02] (Adobe Inc. -> Adobe Inc.) Task: {98F5C47C-7037-4181-BF98-7F59550EAFC5} - System32\Tasks\AVG Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe [3358576 2023-08-04] (AVG Technologies USA, LLC -> AVG Technologies) Task: {5D34A618-0A01-44CE-A789-DE4E13B944A5} - System32\Tasks\AVG Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe [3358576 2023-08-04] (AVG Technologies USA, LLC -> AVG Technologies) Task: {B96139E2-D14C-4821-9F66-864B2A4E7117} - System32\Tasks\AVGUpdateTaskMachineCore => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [209224 2022-12-13] (AVG Technologies USA, LLC -> AVG Technologies) Task: {5D64F803-ADE4-4FD9-8A1D-DF38A007688A} - System32\Tasks\AVGUpdateTaskMachineUA => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [209224 2022-12-13] (AVG Technologies USA, LLC -> AVG Technologies) Task: {0B37F8C0-8985-41E3-B3E5-A62C1A8C600D} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe [5308592 2023-07-30] (Microsoft Windows -> Microsoft Corporation) Task: {2E51153F-BFEF-47EB-AD65-205279DC130A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-03-25] (Google Inc -> Google Inc.) Task: {696E0B6F-5B3C-454C-8530-B430FE2959AC} - System32\Tasks\GoogleUpdateTaskMachineCore1d57958dbfc8652 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-03-25] (Google Inc -> Google Inc.) Task: {58756D50-D7D8-454C-8032-CFA27C68B0F9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-03-25] (Google Inc -> Google Inc.) Task: {9255C797-5329-4D0A-97C0-781D7901587D} - System32\Tasks\GoogleUpdateTaskMachineUA1d57958dc26f949 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-03-25] (Google Inc -> Google Inc.) Task: {51E17FDD-AA68-4E31-8DEB-2EAFD86CDB09} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26913760 2023-09-01] (Microsoft Corporation -> Microsoft Corporation) Task: {150D22F2-C3FD-4566-BBBE-B639D5FB1C85} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26913760 2023-09-01] (Microsoft Corporation -> Microsoft Corporation) Task: {DE7DE309-38C0-412A-A785-31C85A3B38A6} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158664 2023-09-17] (Microsoft Corporation -> Microsoft Corporation) Task: {1BF852A8-EAD6-4F85-B53F-9914BBEA7F8B} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158664 2023-09-17] (Microsoft Corporation -> Microsoft Corporation) Task: {32E6EC1C-8DEC-45BF-9278-A96E109CC40C} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [167864 2023-08-08] (Microsoft Corporation -> Microsoft Corporation) Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371} Task: {29B1BF2E-E25C-4A28-882B-1D8DDB06E109} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA} Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE} Task: {6A0590AD-9E38-40BF-892E-6A387C4E58F7} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistant => %windir%\UpdateAssistant\UpdateAssistant.exe Task: {9E06EED2-6E45-456B-BC3F-B7B222D58034} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistantAllUsersRun => %windir%\UpdateAssistant\UpdateAssistant.exe Task: {20CD4EE5-6D27-4563-BE32-F38B626FF65A} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistantCalendarRun => %windir%\UpdateAssistant\UpdateAssistant.exe Task: {AA69960E-5BB2-4EC3-87F7-388A09D10732} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistantWakeupRun => %windir%\UpdateAssistant\UpdateAssistant.exe Task: {DB15BD27-34A5-4B6F-AF54-6891AF92E980} - System32\Tasks\Microsoft\Windows\WaaSMedic\MaintenanceWork => {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32} Task: {E540A869-2A81-4A95-B706-529C1479AD10} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\MpCmdRun.exe [1596320 2023-08-18] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {D90B33DB-F75C-418B-9AD5-B75606BBD00D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\MpCmdRun.exe [1596320 2023-08-18] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {8E8F558A-6C04-4939-BB5E-5D1B00640662} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\MpCmdRun.exe [1596320 2023-08-18] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {63784F60-8F71-49C5-9937-29E674728B93} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\MpCmdRun.exe [1596320 2023-08-18] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => %SystemRoot%\System32\AutoWorkplace.exe join (No File) Task: {C47380F9-4173-48B0-97D8-916021821ED8} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2012-06-14] (CyberLink -> CyberLink) Task: {27A73461-F29E-455D-8558-57E38C7C7A29} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [675232 2023-09-17] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate Task: {722255C6-2A98-476A-A631-DDF95805ADD7} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [722336 2023-09-17] (Mozilla Corporation -> Mozilla Foundation) Task: {1CED2FD4-BD55-488A-B664-0F0AAEEBED0A} - System32\Tasks\NCH Software\PhotoPadDowngrade => C:\Program Files (x86)\NCH Software\PhotoPad\photopad.exe [6827688 2023-01-23] (NCH Software, Inc. -> NCH Software) Task: {0FD4B3C3-6A66-400C-8A5A-F808B4E1B3A0} - System32\Tasks\NCH Software\PhotoPadSevenDays => C:\Program Files (x86)\NCH Software\PhotoPad\PhotoPad.exe [6827688 2023-01-23] (NCH Software, Inc. -> NCH Software) Task: {B3CEB0F0-69D8-4F1C-A894-C45171B549A7} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3955888 2015-09-01] (Synaptics Incorporated -> Synaptics Incorporated) Task: {9776BE67-732B-45BF-B8BF-D6371E5EEFFE} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [71232 2016-09-06] (TechSmith Corporation -> TechSmith Corporation) Task: {14EAFFF8-DB0C-4876-94BA-08B1AC72CB3F} - System32\Tasks\WpsExternal_William_20230730181644 => C:\Users\William\AppData\Local\Kingsoft\WPS Office\11.2.0.11537\office6\wpscloudsvr.exe [1065864 2023-07-30] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) -> /wpscloudlaunch /run_plugin /plugin_name=ktaskschdtool /plugin_entry=ktaskschdtool.dll /task=wpsexternal /launchtask /ver=1.0 /start_from=task_external Task: {7071630F-2DFC-466D-AA58-31758A80D8CF} - System32\Tasks\WpsUpdateTask_William => C:\Users\William\AppData\Local\Kingsoft\WPS Office\11.2.0.11537\office6\wpsupdate.exe [174472 2023-07-30] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 207.164.234.129 Tcpip\..\Interfaces\{419698ca-8b5f-4af8-9212-1d67fa5abe04}: [DhcpNameServer] 192.168.2.1 207.164.234.129 Tcpip\..\Interfaces\{5223d69f-2f71-4668-81e5-89d01eb7eff8}: [DhcpNameServer] 192.168.2.1 207.164.234.129 Edge: ======= Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found] Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found] Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found] Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found] Edge DefaultProfile: Default Edge Profile: C:\Users\William\AppData\Local\Microsoft\Edge\User Data\Default [2023-09-17] Edge Extension: (Edge relevant text changes) - C:\Users\William\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-09-17] Edge HKLM\...\Edge\Extension: [djmbpijobamaimdblhkpclfnpkiogeoo] Edge HKLM-x32\...\Edge\Extension: [djmbpijobamaimdblhkpclfnpkiogeoo] FireFox: ======== FF DefaultProfile: 25rzu7lt.default FF ProfilePath: C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\25rzu7lt.default [2023-09-17] FF Homepage: Mozilla\Firefox\Profiles\25rzu7lt.default -> hxxps://accounts.google.com/info/sessionexpired?service=mail&continue=https%3A%2F%2Fmail.google.com%2Fmail%2F&flowName=GlifWebSignIn&flowEntry=AccountChooser&cid=1&TL=ADFpJfOrMbloag5QIOsyAEwy2u4Pj21sz550nvtLnqMw9km809i7-hWD061O7GNa FF Session Restore: Mozilla\Firefox\Profiles\25rzu7lt.default -> is enabled. FF Notifications: Mozilla\Firefox\Profiles\25rzu7lt.default -> hxxps://www.textnow.com; hxxps://mail.google.com FF Extension: (Custom Search Tool) - C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\25rzu7lt.default\Extensions\addon@customsearchtool.com.xpi [2022-10-19] [UpdateUrl:hxxps://home.customsearchtool.com/firefox/updates] FF Extension: (Cisco Webex Extension) - C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\25rzu7lt.default\Extensions\ciscowebexstart1@cisco.com.xpi [2022-07-22] FF Extension: (Adblock Plus - free ad blocker) - C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\25rzu7lt.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2023-07-30] FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-08-08] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2022-09-27] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.) FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2022-09-27] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.) FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2022-09-27] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.) FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-09-06] (Adobe Inc. -> Adobe Systems Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-18] (Intel® Identity Protection Technology Software -> Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-18] (Intel® Identity Protection Technology Software -> Intel Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2023-08-08] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-08-08] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2022-09-27] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2022-09-27] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2022-09-27] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @update.avgbrowser.com/AVG Browser;version=3 -> C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\npAvgBrowserUpdate3.dll [2022-12-13] (AVG Technologies USA, LLC -> AVG Technologies) FF Plugin-x32: @update.avgbrowser.com/AVG Browser;version=9 -> C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\npAvgBrowserUpdate3.dll [2022-12-13] (AVG Technologies USA, LLC -> AVG Technologies) FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2022-09-27] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.) FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2022-09-27] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.) FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2022-09-27] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.) FF Plugin HKU\S-1-5-21-1711854232-1882592926-4052355929-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2022-09-27] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.) FF Plugin HKU\S-1-5-21-1711854232-1882592926-4052355929-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2022-09-27] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.) FF Plugin HKU\S-1-5-21-1711854232-1882592926-4052355929-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2022-09-27] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.) FF Plugin ProgramFiles/Appdata: C:\Users\William\AppData\Roaming\mozilla\plugins\npatgpc.dll [2019-05-29] Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\William\AppData\Local\Google\Chrome\User Data\Default [2023-09-17] CHR Notifications: Default -> hxxps://mail.google.com; hxxps://personal.hsbc.ca CHR Session Restore: Default -> is enabled. CHR Extension: (Google Docs Offline) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-17] CHR Extension: (Chrome Web Store Payments) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-01-22] CHR Profile: C:\Users\William\AppData\Local\Google\Chrome\User Data\Guest Profile [2022-07-14] CHR Profile: C:\Users\William\AppData\Local\Google\Chrome\User Data\System Profile [2023-04-01] CHR HKLM\...\Chrome\Extension: [blgipgnbmnikbdecnjmgckmndlkebhid] CHR HKU\S-1-5-21-1711854232-1882592926-4052355929-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] CHR HKLM-x32\...\Chrome\Extension: [blgipgnbmnikbdecnjmgckmndlkebhid] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-08-02] (Adobe Inc. -> Adobe Inc.) S2 avg; C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [209224 2022-12-13] (AVG Technologies USA, LLC -> AVG Technologies) S3 avgm; C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [209224 2022-12-13] (AVG Technologies USA, LLC -> AVG Technologies) S3 AVGSecureBrowserElevationService; C:\Program Files (x86)\AVG\Browser\Application\115.0.21984.172\elevation_service.exe [2037320 2023-08-04] (AVG Technologies USA, LLC -> AVG Technologies) S3 brlapi; C:\WINDOWS\brltty\bin\brltty.exe [847886 2019-10-15] (Microsoft Windows -> ) R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed] R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11817040 2023-09-01] (Microsoft Corporation -> Microsoft Corporation) R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed] R2 MFLocalService; C:\Program Files (x86)\Common Files\iMyFone\Components\Resident\LocalService.exe [56128 2022-06-29] (Shenzhen iMyFone Technology Co., Ltd -> ) S3 ProtonVPN Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe [122464 2022-04-12] (Proton Technologies AG -> ) S3 ProtonVPN Update Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe [65632 2022-04-12] (Proton Technologies AG -> ) S3 ProtonVPN WireGuard; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.WireGuardService.exe [50784 2022-04-12] (Proton Technologies AG -> ) R2 TechSmith Uploader Service; C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe [3661096 2015-09-14] (TechSmith Corporation -> TechSmith Corporation) R2 TrueColorALS; C:\Program Files\TrueColor\TrueColorALS.exe [89072 2014-04-30] (Entertainment Experience LLC -> ) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe [3121008 2023-09-17] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe [133688 2023-09-17] (Microsoft Windows Publisher -> Microsoft Corporation) R2 Wondershare InstallAssist; C:\ProgramData\Wondershare\Service\InstallAssistService.exe [277240 2022-09-15] (Wondershare Technology Group Co.,Ltd -> Wondershare) S2 DFWSIDService; C:\Program Files (x86)\Wondershare\drfone\WsidService.exe [X] S2 ElevationService; C:\Program Files (x86)\Wondershare\drfone\Addins\Recovery\ElevationService.exe [X] ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 clwvd; C:\WINDOWS\System32\drivers\clwvd.sys [31216 2012-06-14] (CyberLink -> CyberLink Corporation) R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [29160 2018-07-27] (Dell Inc -> OSR Open Systems Resources, Inc.) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) R1 googledrivefs31092; C:\WINDOWS\System32\DRIVERS\googledrivefs31092.sys [384600 2023-02-10] (Microsoft Windows Hardware Compatibility Publisher -> Google, Inc.) S3 ProtonVPNCallout; C:\Program Files (x86)\Proton Technologies\ProtonVPN\x64\Win10\ProtonVPN.CalloutDriver.sys [34176 2022-04-01] (Microsoft Windows Hardware Compatibility Publisher -> Proton Technologies AG) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) R3 tapprotonvpn; C:\WINDOWS\System32\drivers\tapprotonvpn.sys [49024 2022-04-01] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project) R3 UsbDk; C:\WINDOWS\System32\Drivers\UsbDk.sys [103128 2020-03-13] (Red Hat, Inc. -> Red Hat Inc.) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [55872 2023-09-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [574872 2023-09-17] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105864 2023-09-17] (Microsoft Windows -> Microsoft Corporation) R3 wintun; C:\WINDOWS\system32\DRIVERS\wintun.sys [29680 2022-05-14] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC) S3 WireGuard; C:\WINDOWS\System32\drivers\wireguard.sys [489368 2022-05-14] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC) U3 avgbdisk; no ImagePath S3 cpuz153; \??\C:\WINDOWS\temp\cpuz153\cpuz153_x64.sys [X] S3 MpKsl91c66e91; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{864CAC16-5AC6-4533-B62C-57CFA97F7083}\MpKslDrv.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2023-09-17 16:15 - 2023-09-17 16:22 - 000038889 _____ C:\Users\William\Downloads\FRST.txt 2023-09-17 16:15 - 2023-09-17 16:15 - 000000000 ____D C:\Users\William\Downloads\FRST-OlderVersion 2023-09-17 16:13 - 2023-09-17 16:18 - 000000000 ____D C:\FRST 2023-09-17 16:09 - 2023-09-17 16:09 - 000000000 ____D C:\Users\William\NCH Software Suite 2023-09-17 16:08 - 2023-09-17 16:15 - 002382848 _____ (Farbar) C:\Users\William\Downloads\FRST64.exe 2023-09-17 14:23 - 2023-09-17 14:23 - 000000000 ____D C:\Users\William\Documents\TotalAV 2023-09-17 14:19 - 2023-09-17 14:19 - 000000000 ____D C:\ProgramData\SecuritySuite 2023-09-17 14:18 - 2023-09-17 14:18 - 000000000 ____D C:\Users\William\AppData\Local\GUI 2023-09-17 12:48 - 2023-09-17 13:52 - 000000000 ____D C:\Program Files\Mozilla Firefox 2023-09-17 12:25 - 2023-09-17 12:25 - 000000000 ___HD C:\$WinREAgent 2023-08-22 17:36 - 2023-08-22 17:36 - 000000000 ____D C:\Program Files\AVG 2023-08-22 17:35 - 2023-08-22 18:12 - 000888600 _____ (Google LLC) C:\Users\Public\Documents\gcapi.dll ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2023-09-17 16:15 - 2018-03-20 22:18 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2023-09-17 16:09 - 2023-02-05 12:29 - 000001370 _____ C:\Users\Public\Desktop\NCH Suite.lnk 2023-09-17 16:09 - 2023-02-05 12:29 - 000001230 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoPad Image Editor.lnk 2023-09-17 16:09 - 2023-02-05 12:29 - 000001218 _____ C:\Users\Public\Desktop\PhotoPad Image Editor.lnk 2023-09-17 16:09 - 2021-12-23 01:20 - 000000000 ____D C:\WINDOWS\SystemTemp 2023-09-17 16:09 - 2020-11-26 01:32 - 000000000 ____D C:\WINDOWS\system32\Tasks\NCH Software 2023-09-17 16:09 - 2020-11-26 01:11 - 000000000 ____D C:\Users\William 2023-09-17 16:09 - 2018-03-25 21:11 - 000000000 ____D C:\Program Files (x86)\Google 2023-09-17 16:00 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2023-09-17 16:00 - 2016-07-24 12:24 - 000000000 ___RD C:\Users\William\OneDrive 2023-09-17 15:48 - 2022-02-11 10:25 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38 2023-09-17 15:39 - 2020-11-26 01:32 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task 2023-09-17 15:38 - 2022-10-11 19:37 - 000002080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk 2023-09-17 15:38 - 2022-10-11 19:37 - 000002068 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk 2023-09-17 15:31 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF 2023-09-17 15:27 - 2018-03-19 15:17 - 000000000 ____D C:\Program Files\Microsoft Office 2023-09-17 15:16 - 2016-07-24 16:48 - 000000000 __SHD C:\Users\William\IntelGraphicsProfiles 2023-09-17 15:16 - 2016-07-24 16:27 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2023-09-17 15:14 - 2020-11-26 01:32 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2023-09-17 15:14 - 2020-11-26 01:05 - 000008192 ___SH C:\DumpStack.log.tmp 2023-09-17 15:14 - 2019-12-07 05:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2023-09-17 15:12 - 2019-12-07 05:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2023-09-17 15:12 - 2018-03-19 15:32 - 000000000 ____D C:\Users\William\AppData\Roaming\Microsoft\Excel 2023-09-17 14:14 - 2021-09-20 12:37 - 000000000 ____D C:\Users\William\AppData\Local\CrashDumps 2023-09-17 13:52 - 2020-11-26 01:05 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2023-09-17 13:52 - 2018-11-27 14:12 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2023-09-17 13:42 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2023-09-17 13:16 - 2018-11-27 14:12 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2023-09-17 13:06 - 2022-02-28 17:57 - 000000000 ____D C:\ProgramData\AVG 2023-09-17 13:05 - 2022-02-28 18:07 - 000000000 ____D C:\Users\William\AppData\Local\AVG 2023-09-17 12:10 - 2021-08-31 16:27 - 000002173 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk 2023-09-17 12:10 - 2021-08-31 16:27 - 000002015 _____ C:\Users\Default\Desktop\Google Slides.lnk 2023-09-17 12:10 - 2021-08-31 16:27 - 000002015 _____ C:\Users\Default\Desktop\Google Sheets.lnk 2023-09-17 12:10 - 2021-08-31 16:27 - 000002003 _____ C:\Users\Default\Desktop\Google Docs.lnk 2023-08-31 12:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2023-08-31 12:04 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps 2023-08-31 10:29 - 2020-06-18 18:49 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2023-08-31 10:29 - 2020-06-18 18:49 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2023-08-31 10:13 - 2020-10-01 23:06 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools 2023-08-31 10:08 - 2021-12-11 10:49 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1711854232-1882592926-4052355929-1001 2023-08-31 10:08 - 2020-11-26 01:32 - 000003362 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1711854232-1882592926-4052355929-1001 2023-08-31 10:08 - 2020-11-26 01:11 - 000002431 _____ C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2023-08-22 18:07 - 2021-05-12 13:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2023-08-22 18:06 - 2021-05-12 13:04 - 000000000 ____D C:\Program Files\7-Zip 2023-08-22 17:36 - 2022-09-11 10:12 - 000446204 _____ C:\WINDOWS\system32\prfh0404.dat 2023-08-22 17:36 - 2022-09-11 10:12 - 000138306 _____ C:\WINDOWS\system32\prfc0404.dat 2023-08-22 17:36 - 2020-11-26 01:23 - 001407590 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2023-08-22 17:29 - 2020-11-26 01:05 - 000487328 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2023-08-22 17:25 - 2022-09-11 10:11 - 000000000 ____D C:\WINDOWS\SysWOW64\zh-HANT 2023-08-22 17:25 - 2022-09-11 10:11 - 000000000 ____D C:\WINDOWS\system32\zh-HANT 2023-08-22 17:25 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2023-08-22 17:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata 2023-08-22 17:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup 2023-08-22 17:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2023-08-22 17:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemResources 2023-08-22 17:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata 2023-08-22 17:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\setup 2023-08-22 17:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates 2023-08-22 17:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\oobe 2023-08-22 17:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\migwiz 2023-08-22 17:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\es-MX 2023-08-22 17:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Dism 2023-08-22 17:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\DDFs 2023-08-22 17:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ShellExperiences 2023-08-22 17:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2023-08-22 17:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\bcastdvr 2023-08-22 17:14 - 2020-01-23 10:57 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2023-08-22 17:14 - 2020-01-23 10:57 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk ==================== Files in the root of some directories ======== 2023-02-05 12:47 - 2023-02-05 12:47 - 000385875 _____ () C:\Users\William\AppData\Roaming\PhotoPad.dmp ==================== FLock ============================== 2018-10-12 09:17 C:\WINDOWS\UpdateAssistant ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ========================