Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-06-2020
Ran by Hwithyll (administrator) on HV551 (LENOVO 81V5) (06-06-2020 20:45:02)
Running from C:\Users\Hwithyll\Downloads
Loaded Profiles: Hwithyll
Platform: Windows 10 Home Version 1809 17763.973 (X64) Language: English (United States)
Default browser: "C:\Program Files\Tools\Mozilla\firefox.exe" -osint -url "%1"
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\Tools\AMD\CNext\CNext\AMDRSServ.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\Tools\AMD\CNext\CNext\RadeonSettings.exe
(Henry++) [File not signed] C:\Program Files\Tools\Simplewall\simplewall.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\NisSrv.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Tools\Mozilla\firefox.exe <6>
(ProtonVPN AG -> ) C:\Program Files (x86)\Tools\ProtonVPN\ProtonVPNService.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\Tools\SUPERAntiSpyware\SASCore64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [855528 2018-12-26] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKU\S-1-5-19\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
HKU\S-1-5-20\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
HKU\S-1-5-21-4195681536-1086729207-2622587325-1001\...\Run: [simplewall] => C:\Program Files\Tools\Simplewall\simplewall.exe [709120 2019-11-15] (Henry++) [File not signed]
HKU\S-1-5-21-4195681536-1086729207-2622587325-1001\...\MountPoints2: {0a414359-02fc-11ea-a21c-98fa9b04816a} - "E:\autorun.exe"
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {07B1C6AD-F774-4AD2-899C-5F62F16DF54F} - System32\Tasks\StartCN => C:\Program Files\Tools\AMD\CNext\CNext\cncmd.exe [61112 2019-10-23] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {29580861-654D-429B-AF96-26831AF828C2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8CE5A1FA-89B9-4BE7-A8A2-FE92C164170A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {90A64A8D-B3A5-429F-ACD3-C21F7B41F506} - System32\Tasks\StartDVR => C:\Program Files\Tools\AMD\CNext\CNext\RSServCmd.exe [68280 2019-10-23] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {AF1605AB-F1E7-4F95-A46C-89C780829ACD} - System32\Tasks\AMDInstallUEP => C:\Program Files\AMD\InstallUEP\AMDInstallUEP.exe [2356736 2019-04-15] () [File not signed]
Task: {D281CFFD-5A19-46A1-8DD2-83C5B8053C9F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E2EF803B-8EE2-4881-BDD3-AA8A10BB73B8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F593FA8E-7FA6-4D6D-A852-78592D1978B9} - System32\Tasks\Mozilla\Firefox Default Browser Agent DC7106893C83CC55 => C:\Program Files\Tools\Mozilla\default-browser-agent.exe [124112 2020-06-05] (Mozilla Corporation -> Mozilla Foundation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{5c83dcfa-9a5a-4004-8081-cbd11649829e}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Internet Explorer:
==================
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation -> Microsoft Corporation)
FireFox:
========
FF DefaultProfile: v23zpqjl.default
FF ProfilePath: C:\Users\Hwithyll\AppData\Roaming\Mozilla\Firefox\Profiles\v23zpqjl.default [2019-12-10]
FF ProfilePath: C:\Users\Hwithyll\AppData\Roaming\Mozilla\Firefox\Profiles\ffv8osyh.default-release [2020-06-06]
FF Homepage: Mozilla\Firefox\Profiles\ffv8osyh.default-release -> about:blank
FF Extension: (AdGuard AdBlocker) - C:\Users\Hwithyll\AppData\Roaming\Mozilla\Firefox\Profiles\ffv8osyh.default-release\Extensions\
adguardadblocker@adguard.com.xpi [2020-06-04]
FF Extension: (I don't care about cookies) - C:\Users\Hwithyll\AppData\Roaming\Mozilla\Firefox\Profiles\ffv8osyh.default-release\Extensions\
jid1-KKzOGWgsW3Ao4Q@jetpack.xpi [2020-05-25]
FF Extension: (English (GB) Language Pack) - C:\Users\Hwithyll\AppData\Roaming\Mozilla\Firefox\Profiles\ffv8osyh.default-release\Extensions\
langpack-en-GB@firefox.mozilla.org.xpi [2020-06-05]
FF Extension: (British English Dictionary (Marco Pinto)) - C:\Users\Hwithyll\AppData\Roaming\Mozilla\Firefox\Profiles\ffv8osyh.default-release\Extensions\
marcoagpinto@mail.telepac.pt.xpi [2020-05-28]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation -> Microsoft Corporation)
StartMenuInternet: Firefox-DC7106893C83CC55 - C:\Program Files\Tools\Mozilla\firefox.exe
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\Tools\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-31] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
S3 AMD External Events Utility; C:\WINDOWS\System32\DriverStore\FileRepository\u0347941.inf_amd64_1f3b4b494dc60019\B347949\atiesrxx.exe [509352 2019-10-24] (Advanced Micro Devices, Inc. -> AMD)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8615864 2020-04-15] (BattlEye Innovations e.K. -> )
S4 DolbyDAXAPI; C:\WINDOWS\system32\dolbyaposvc\DAX3API.exe [602768 2018-11-21] (Dolby Laboratories, Inc. -> )
S3 FMAPOService; C:\WINDOWS\System32\FMService64.exe [312912 2018-11-15] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
R2 ProtonVPN Service; C:\Program Files (x86)\Tools\ProtonVPN\ProtonVPNService.exe [99560 2019-10-21] (ProtonVPN AG -> )
R2 SynTPEnhService; C:\WINDOWS\System32\SynTPEnhService.exe [345520 2019-01-06] (Synaptics Incorporated -> Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 XperiaCompanionService; C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe [2548224 2020-02-27] (Sony) [File not signed]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 amdacpbus; C:\WINDOWS\System32\drivers\amdacpbus.sys [1386912 2019-09-17] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R3 amdacpksl; C:\WINDOWS\system32\drivers\amdacpksl.sys [352256 2018-12-26] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R3 amdgpio2; C:\WINDOWS\System32\drivers\amdgpio2.sys [34568 2018-11-12] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)
R3 amdi2c; C:\WINDOWS\System32\drivers\amdi2c.sys [60912 2019-01-08] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\u0347941.inf_amd64_1f3b4b494dc60019\B347949\atikmdag.sys [60658592 2019-10-24] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\u0347941.inf_amd64_1f3b4b494dc60019\B347949\atikmpag.sys [598440 2019-10-24] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdpsp; C:\WINDOWS\System32\drivers\amdpsp.sys [137688 2018-10-02] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [108152 2019-07-24] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [42256 2019-10-23] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [59360 2019-10-23] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 ProtonVPNSplitTunnelCalloutDriver; C:\Program Files (x86)\Tools\ProtonVPN\Resources\64-bit\win10\ProtonVPNSplitTunnelCalloutDriver.Sys [48664 2019-09-13] (Microsoft Windows Hardware Compatibility Publisher -> )
R1 SASDIFSV; C:\Program Files\Tools\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\Tools\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [41728 2019-01-06] (WDKTestCert myang,131801675084663740 -> Synaptics Incorporated)
S3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [42240 2019-01-06] (WDKTestCert myang,131801675084663740 -> Synaptics Incorporated)
R3 SynRMIHID; C:\WINDOWS\System32\drivers\SynRMIHID.sys [55648 2019-01-06] (WDKTestCert myang,131801675084663740 -> Synaptics Incorporated)
R3 SynTP; C:\WINDOWS\System32\drivers\SynTP.sys [757024 2019-01-06] (WDKTestCert myang,131801675084663740 -> Synaptics Incorporated)
S3 SynTPFilterHID; C:\WINDOWS\System32\drivers\SynTP.sys [757024 2019-01-06] (WDKTestCert myang,131801675084663740 -> Synaptics Incorporated)
R3 tapprotonvpn; C:\WINDOWS\System32\drivers\tapprotonvpn.sys [44976 2019-09-13] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [45664 2019-12-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [355760 2019-12-08] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2019-12-08] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ===================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-06-06 20:45 - 2020-06-06 20:45 - 000013044 _____ C:\Users\Hwithyll\Downloads\FRST.txt
2020-06-06 20:44 - 2020-06-06 20:45 - 000000000 ____D C:\FRST
2020-06-06 20:44 - 2020-06-06 20:44 - 000000000 ____D C:\Users\Hwithyll\Downloads\FRST-OlderVersion
2020-06-06 20:43 - 2020-06-06 20:44 - 002289152 _____ (Farbar) C:\Users\Hwithyll\Downloads\FRST64.exe
2020-06-06 14:50 - 2020-06-06 19:11 - 000000000 ____D C:\Users\Hwithyll\AppData\Roaming\vlc
2020-06-06 14:46 - 2020-06-06 14:46 - 000000902 _____ C:\Users\Public\Desktop\VLC media player.lnk
2020-06-06 14:46 - 2020-06-06 14:46 - 000000902 _____ C:\ProgramData\Desktop\VLC media player.lnk
2020-06-06 13:19 - 2020-06-06 13:24 - 042544720 _____ C:\Users\Hwithyll\Downloads\vlc-3.0.10-win64.exe
2020-06-05 12:55 - 2020-06-05 12:55 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2020-06-02 17:06 - 2020-06-02 17:06 - 000702658 _____ C:\Users\Hwithyll\Downloads\387-TS-4215-LS_HSA Cleaning Catering JD.pdf
2020-05-26 12:45 - 2020-05-26 12:45 - 040550000 _____ (AMD Inc.) C:\Users\Hwithyll\Downloads\radeon-software-adrenalin-2020-20.2.2-minimalsetup-200304_64bit.exe
2020-05-26 12:25 - 2020-05-26 12:25 - 000000000 ____D C:\Users\Hwithyll\Desktop\Update phone project
2020-05-26 12:23 - 2020-05-26 12:23 - 000002271 _____ C:\Users\Public\Desktop\Xperia Companion.lnk
2020-05-26 12:23 - 2020-05-26 12:23 - 000002271 _____ C:\ProgramData\Desktop\Xperia Companion.lnk
2020-05-26 12:23 - 2020-05-26 12:23 - 000000000 ____D C:\Users\Hwithyll\Documents\Sony
2020-05-26 12:23 - 2020-05-26 12:23 - 000000000 ____D C:\Users\Hwithyll\AppData\Roaming\Apple Computer
2020-05-26 12:23 - 2020-05-26 12:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2020-05-26 12:23 - 2020-05-26 12:23 - 000000000 ____D C:\Program Files\Sony
2020-05-26 12:23 - 2020-05-26 12:23 - 000000000 ____D C:\Program Files (x86)\Sony
2020-05-26 12:19 - 2020-05-26 12:20 - 082335312 _____ (Sony) C:\Users\Hwithyll\Downloads\XperiaCompanion.exe
2020-05-16 22:24 - 2020-05-26 14:56 - 000000347 _____ C:\Users\Hwithyll\Desktop\list.txt
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-06-06 20:38 - 2019-10-31 23:53 - 000000000 ____D C:\WINDOWS\INF
2020-06-06 20:38 - 2019-10-31 16:11 - 000840852 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-06-06 20:33 - 2019-11-20 12:01 - 000000000 ____D C:\Users\Hwithyll\AppData\LocalLow\Mozilla
2020-06-06 20:31 - 2019-11-05 23:38 - 000000000 ____D C:\Users\Hwithyll\Documents\888poker
2020-06-06 20:31 - 2019-10-31 23:55 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-06-06 20:31 - 2019-10-31 23:49 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-06-06 20:31 - 2019-10-31 16:06 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-06-06 20:22 - 2019-10-31 23:55 - 000000000 ____D C:\WINDOWS\system32\NDF
2020-06-06 20:03 - 2019-10-31 16:03 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-06-06 19:16 - 2019-12-04 14:23 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-06-06 17:48 - 2019-10-31 23:52 - 000000000 ____D C:\Users\Hwithyll\AppData\Roaming\audacity
2020-06-06 12:34 - 2020-03-08 10:22 - 000002434 _____ C:\Users\Hwithyll\Desktop\PrivvyBrowse.lnk
2020-06-05 12:55 - 2019-12-04 14:23 - 000001068 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-06-05 12:55 - 2019-10-31 16:32 - 000000000 ____D C:\Program Files\Tools
2020-06-04 18:34 - 2019-11-01 00:07 - 000000000 ____D C:\Users\Hwithyll\AppData\Roaming\tixati
2020-06-04 16:08 - 2019-12-12 10:19 - 000000000 ___RD C:\Users\Hwithyll\Desktop\Games
2020-06-02 14:07 - 2020-02-29 04:04 - 000000000 ____D C:\Users\Hwithyll\AppData\Local\Arma 3 Launcher
2020-06-02 12:49 - 2020-02-29 04:12 - 000000000 ____D C:\Users\Hwithyll\AppData\Local\Arma 3
2020-05-31 13:16 - 2019-12-18 00:49 - 000036408 _____ (Sysinternals -
www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2020-05-27 16:56 - 2019-10-31 16:15 - 000000000 ____D C:\Users\Hwithyll\AppData\Local\D3DSCache
2020-05-26 15:53 - 2019-10-30 20:21 - 000000000 ____D C:\Users\Hwithyll\Documents\Paradox Interactive
2020-05-26 12:45 - 2020-04-15 15:59 - 000000000 ____D C:\AMD
2020-05-26 12:23 - 2019-11-01 03:36 - 000000000 ____D C:\ProgramData\Package Cache
2020-05-26 12:00 - 2019-11-12 14:08 - 000000000 ____D C:\Users\Hwithyll\AppData\Roaming\ImageGlass
2020-05-25 22:26 - 2019-12-03 16:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2020-05-25 22:26 - 2019-10-31 23:49 - 000000000 ____D C:\WINDOWS\Panther
==================== Files in the root of some directories ========
2019-11-03 01:20 - 2020-01-19 17:51 - 000007616 _____ () C:\Users\Hwithyll\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================