Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-05-2020 01
Ran by user (administrator) on D-HQHKC5J (Dell Inc. OptiPlex 390) (23-05-2020 07:58:12)
Running from C:\Users\user\Desktop
Loaded Profiles: user
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe <2>
(Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <10>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\CCM\CcmExec.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\CCM\SCNotification.exe
(Microsoft Windows Hardware Compatibility Publisher -> PixArt Imaging Incorporation) C:\Windows\PixArt\Pac207\Monitor.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2015-05-27] (Conexant Systems, Inc.) [File not signed]
HKLM\...\Run: [Monitor] => C:\Windows\PixArt\PAC207\Monitor.exe [319488 2006-11-03] (Microsoft Windows Hardware Compatibility Publisher -> PixArt Imaging Incorporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [108728 2020-05-21] (Avast Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645648 2019-10-05] (Oracle America, Inc. -> Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05232020075640742\...\RunOnce: [Microsoft Security Client] => C:\Program Files\Microsoft Security Client\msseces.exe /UpdateAndQuickScan /OpenWebPageOnClose
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05232020075640742\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2016-04-22] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2501339640-696855395-2274928616-2129034-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05232020075642874\Software\Policies\...\system: [ExcludeProfileDirs] AppData\Roaming\Microsoft\Credentials;AppData\Roaming\Microsoft\Crypto;AppData\Roaming\Microsoft\Protect;AppData\Roaming\Microsoft\SystemCertificates;Application Data\Microsoft\Crypto;Application Data (the data entry has 64 more characters).
HKU\S-1-5-21-2985094146-353643522-339492997-1000\...\Run: [GoogleChromeAutoLaunch_4E874A737D5662A34EBBEADB3A9C4A09] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
HKU\S-1-5-21-2985094146-353643522-339492997-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2985094146-353643522-339492997-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05232020075641821\...\Run: [GoogleChromeAutoLaunch_4E874A737D5662A34EBBEADB3A9C4A09] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
HKU\S-1-5-21-2985094146-353643522-339492997-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05232020075641821\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [Microsoft Security Client] => C:\Program Files\Microsoft Security Client\msseces.exe /UpdateAndQuickScan /OpenWebPageOnClose
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2016-04-22] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.138\Installer\chrmstp.exe [2020-05-08] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast Cleanup Premium.lnk [2019-09-14]
ShortcutTarget: Avast Cleanup Premium.lnk -> C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe (AVAST Software s.r.o. -> AVAST Software)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {16D33B63-509A-407D-B679-043602EB40A1} - System32\Tasks\{FCFFC128-F7E1-4DCA-A695-133412AD9A39} => C:\Windows\system32\pcalua.exe -a C:\Users\user\Downloads\Techgzone_0xc000007b.exe -d C:\Users\user\Downloads
Task: {2280FEDB-456E-4BB0-A064-EC1DFB8B9F5B} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1660520 2020-02-29] (Avast Software s.r.o. -> Avast Software)
Task: {2E0DCE9F-0783-478D-8C82-D5E1B0300F91} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-05-21] (Adobe Inc. -> Adobe)
Task: {3D3324EB-88A1-4CBB-A471-3BB220DDCE42} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
Task: {422E83B3-46B3-4983-8D0E-B367E841123D} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
Task: {46E6552B-BBC6-48CC-A518-D12BF799B5AD} - System32\Tasks\{E5DC6700-732B-4B28-A164-DD6878843A64} => C:\Windows\system32\pcalua.exe -a "C:\Users\user\Downloads\Love Tree_content_add_PHOTOBOOKS (RapidStudio Support's conflicted copy 2016-12-29).exe" -d C:\Users\user\Downloads
Task: {4FC9CE6C-4FAB-476D-93A5-EAFED5E7558B} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_371_Plugin.exe [1458232 2020-05-21] (Adobe Inc. -> Adobe)
Task: {552EC433-4970-4F6B-95DA-51D7560F8FCD} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3339472 2020-05-21] (Avast Software s.r.o. -> AVAST Software)
Task: {5AE42F02-6C70-4DDC-A44E-AF523152A18A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-05-18] (Google Inc -> Google Inc.)
Task: {6EBF27C6-5766-47B8-A043-03482F95D21F} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Health Evaluation => C:\Windows\CCM\ccmeval.exe [910008 2013-09-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {83A2B6D1-9E7B-400B-A481-1ECAC95ED543} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Idle Detection => {4ca7a766-13d8-4652-8016-b01a03117903}
Task: {9866499A-F9A4-4282-8F9F-05279B62C59E} - System32\Tasks\{6C95F641-0844-440E-936C-6F9A61D34E9D} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\AviSynth\Uninstall.exe"
Task: {A4F8843F-1417-4E4B-8CD5-155180CDB66D} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_371_pepper.exe [1454136 2020-05-21] (Adobe Inc. -> Adobe)
Task: {A713C41D-A26B-4893-ADCF-9C09525F0920} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-05-18] (Google Inc -> Google Inc.)
Task: {EAE34642-FEE0-4B43-8A39-9A7FB666DCDA} - System32\Tasks\{1EB9C7A0-3CDF-4190-B599-9F960EE4DAE7} => C:\Windows\system32\pcalua.exe -a C:\Users\user\AppData\Local\Temp\jre-8u101-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {FE91FBB5-8104-4518-9F1C-3DB6C1C0BAAD} - System32\Tasks\Avast Cleanup Update => C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe [1659000 2019-09-14] (AVAST Software s.r.o. -> AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Avast Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{3754F336-68F1-4495-8815-41F870833DF0}: [DhcpNameServer] 192.168.8.1 192.168.8.1

Internet Explorer:
==================
HKU\S-1-5-21-2501339640-696855395-2274928616-2129034-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05232020075642874\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-2501339640-696855395-2274928616-2129034-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05232020075642874\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://dsvcentral.dsv.com
HKU\S-1-5-21-2501339640-696855395-2274928616-2129034-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05232020075642874\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://dsvcentral.dsv.com
HKU\S-1-5-21-2985094146-353643522-339492997-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-za/?ocid=iehp
HKU\S-1-5-21-2985094146-353643522-339492997-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05232020075641821\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-za/?ocid=iehp
HKU\S-1-5-21-2985094146-353643522-339492997-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05232020075642779\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-za/?ocid=iehp
URLSearchHook: [S-1-5-21-2501339640-696855395-2274928616-2174556-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05232020075642942] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKU\S-1-5-21-2985094146-353643522-339492997-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05232020075642779 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_231\bin\ssv.dll [2019-10-18] (Oracle America, Inc. -> Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_231\bin\jp2ssv.dll [2019-10-18] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\ssv.dll [2019-10-18] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\jp2ssv.dll [2019-10-18] (Oracle America, Inc. -> Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_371.dll [2020-05-21] (Adobe Inc. -> )
FF Plugin: @java.com/DTPlugin,version=11.231.2 -> C:\Program Files\Java\jre1.8.0_231\bin\dtplugin\npDeployJava1.dll [2019-10-18] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.231.2 -> C:\Program Files\Java\jre1.8.0_231\bin\plugin2\npjp2.dll [2019-10-18] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_371.dll [2020-05-21] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2016-02-19] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @java.com/DTPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\dtplugin\npDeployJava1.dll [2019-10-18] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\plugin2\npjp2.dll [2019-10-18] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin ProgramFiles/Appdata: C:\Users\user\AppData\Roaming\mozilla\plugins\npatgpc.dll [2020-03-26]

Chrome:
=======
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2020-05-23]
CHR Extension: (Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-24]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-24]
CHR Extension: (Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-04-21]
CHR Extension: (Youtube Downloader) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\glpiomfohibbgeedfmcnahlanpehojdd [2018-07-02]
CHR Extension: (GO Safe) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jibnjmimjnoglpnanmjjfjkpfaabojia [2020-03-19]
CHR Extension: (Cisco Webex Extension) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2020-03-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-06]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-22]
CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-22]
CHR HKLM-x32\...\Chrome\Extension: [ccjleegmemocfpghkhpjmiccjcacackp]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6350752 2020-05-21] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [348968 2020-05-21] (Avast Software s.r.o. -> AVAST Software)
S4 BBDemon; C:\Program Files (x86)\Dassault Systemes\B20\intel_a\code\bin\CATSysDemon.exe [36864 2009-09-26] (Dassault Systemes) [File not signed]
R2 CcmExec; C:\Windows\CCM\CcmExec.exe [1571000 2013-09-11] (Microsoft Corporation -> Microsoft Corporation)
R2 CleanupPSvc; C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe [10287216 2019-07-24] (AVAST Software s.r.o. -> AVAST Software)
S4 CmRcService; C:\Windows\CCM\RemCtrl\CmRcService.exe [577712 2015-04-01] (Microsoft Corporation -> Microsoft Corporation)
S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation -> Microsoft Corporation)
S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation -> Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6933272 2020-05-22] (Malwarebytes Inc -> Malwarebytes)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-11-14] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-11-14] (Hewlett-Packard) [File not signed]
S3 smstsmgr; C:\Windows\CCM\TSManager.exe [276152 2013-09-11] (Microsoft Corporation -> Microsoft Corporation)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
S2 avast; "C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /svc [X]
S3 avastm; "C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /medsvc [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37136 2020-05-21] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [205880 2020-05-21] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [234560 2020-05-21] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [178760 2020-05-21] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [60480 2020-05-21] (Avast Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42784 2020-05-21] (Avast Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [175704 2020-05-21] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\Windows\System32\drivers\aswNetHub.sys [501472 2020-05-21] (Avast Software s.r.o. -> AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [38152 2020-04-14] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [109272 2020-05-21] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84856 2020-05-21] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [851592 2020-05-21] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [460992 2020-05-21] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [235488 2020-05-21] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [319120 2020-05-21] (Avast Software s.r.o. -> AVAST Software)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [136040 2019-09-26] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-12-14] (Disc Soft Ltd -> Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-12-14] (Disc Soft Ltd -> Disc Soft Ltd)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2020-05-22] (Malwarebytes Corporation -> Malwarebytes)
R1 LUMDriver; C:\Windows\system32\drivers\LUMDriver.sys [24848 2018-05-10] (IBM Polska Sp. z o.o. -> IBM)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [214496 2020-05-22] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [195432 2020-05-22] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [73368 2020-05-22] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-05-22] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [112752 2020-05-22] (Malwarebytes Inc -> Malwarebytes)
S3 MSHUSBVideo; C:\Windows\System32\Drivers\nx6000.sys [31744 2010-12-02] (Hardware Group Test Cert -> Microsoft Corporation)
S3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [572416 2006-12-05] (Microsoft Windows Hardware Compatibility Publisher -> PixArt Imaging Inc.)
S3 prepdrvr; C:\Windows\System32\DRIVERS\prepdrv.sys [26984 2013-09-11] (Microsoft Corporation -> Microsoft Corporation)
S3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [254520 2017-03-15] (Microsoft Windows Hardware Compatibility Publisher -> QUALCOMM Incorporated)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Microsoft Windows Hardware Compatibility Publisher -> Research In Motion Limited)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [164992 2016-07-22] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [27136 2017-10-10] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
U1 aswbdisk; no ImagePath
S3 vpnva; system32\DRIVERS\vpnva64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-05-23 07:58 - 2020-05-23 07:59 - 000025404 _____ C:\Users\user\Desktop\FRST.txt
2020-05-22 21:40 - 2020-05-22 21:40 - 000195432 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2020-05-22 21:40 - 2020-05-22 21:40 - 000073368 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2020-05-22 21:39 - 2020-05-22 21:39 - 000112752 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2020-05-22 21:21 - 2020-05-22 22:53 - 000000000 ____D C:\Users\user\AppData\LocalLow\IGDump
2020-05-22 21:13 - 2020-05-22 21:13 - 000001920 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-05-22 21:13 - 2020-05-22 21:13 - 000001908 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-05-22 21:13 - 2020-05-22 21:13 - 000001908 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-05-22 21:13 - 2020-05-22 21:13 - 000000000 ____D C:\Users\user\AppData\Local\mbamtray
2020-05-22 21:13 - 2020-05-22 21:13 - 000000000 ____D C:\Users\user\AppData\Local\mbam
2020-05-22 21:12 - 2020-05-22 21:37 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2020-05-22 21:12 - 2020-05-22 21:12 - 000214496 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2020-05-22 21:12 - 2020-05-22 21:11 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2020-05-22 21:11 - 2020-05-22 21:11 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-05-22 21:10 - 2020-05-22 21:10 - 000000000 ____D C:\Program Files\Malwarebytes
2020-05-22 21:09 - 2020-05-22 21:09 - 001980016 _____ (Malwarebytes) C:\Users\user\Desktop\MBSetup.exe
2020-05-22 21:00 - 2020-05-22 21:00 - 000389104 _____ C:\Windows\system32\FNTCACHE.DAT
2020-05-22 21:00 - 2020-05-22 21:00 - 000000342 ____H C:\Windows\Tasks\Avast Emergency Update.job
2020-05-22 20:56 - 2020-05-22 20:58 - 000000000 ____D C:\AdwCleaner
2020-05-22 20:54 - 2020-05-22 20:54 - 008196784 _____ (Malwarebytes) C:\Users\user\Desktop\adwcleaner_8.0.4.exe
2020-05-22 20:50 - 2020-05-21 20:22 - 000337560 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2020-05-22 17:16 - 2020-05-23 07:58 - 000000000 ____D C:\FRST
2020-05-22 17:13 - 2020-05-22 17:14 - 002286080 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2020-05-21 21:24 - 2020-05-21 21:24 - 005177912 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2020-05-21 20:29 - 2020-05-21 20:23 - 000235488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2020-05-21 20:29 - 2020-05-21 20:23 - 000175704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2020-05-09 18:14 - 2020-05-09 18:14 - 000003274 _____ C:\Windows\system32\Tasks\{E5DC6700-732B-4B28-A164-DD6878843A64}
2020-05-09 18:12 - 2020-05-09 18:14 - 081549032 _____ C:\Users\user\Downloads\Seaside_content_add_PHOTOBOOKS.exe
2020-05-09 18:09 - 2020-05-09 18:10 - 067434216 _____ C:\Users\user\Downloads\Love Tree_content_add_PHOTOBOOKS (RapidStudio Support's conflicted copy 2016-12-29).exe
2020-05-04 12:55 - 2020-05-04 14:03 - 000000000 ____D C:\Users\user\Desktop\Print
2020-04-27 12:32 - 2020-04-27 15:25 - 000000000 ____D C:\Users\user\Desktop\New folder (2)
2020-04-25 12:18 - 2020-04-25 12:19 - 085144592 _____ C:\Users\user\Downloads\hp-laserjet-1020-drivers.exe

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-05-22 21:47 - 2009-07-14 06:45 - 000025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-05-22 21:47 - 2009-07-14 06:45 - 000025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-05-22 21:41 - 2015-05-27 11:15 - 000000568 _____ C:\Windows\SMSCFG.ini
2020-05-22 21:33 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-05-22 21:31 - 2018-01-26 20:32 - 000000000 ___HD C:\Program Files (x86)\~ProxyGate
2020-05-22 21:00 - 2017-12-14 20:27 - 000001963 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2020-05-22 21:00 - 2017-12-14 20:27 - 000001963 _____ C:\ProgramData\Desktop\Avast Free Antivirus.lnk
2020-05-22 21:00 - 2017-11-17 10:06 - 000000000 ____D C:\ProgramData\McAfee
2020-05-22 21:00 - 2016-05-04 21:11 - 000000000 ____D C:\Program Files\7-Zip
2020-05-22 20:59 - 2017-12-14 20:20 - 000000000 ____D C:\ProgramData\AVAST Software
2020-05-22 20:14 - 2015-05-27 11:40 - 000001945 _____ C:\Windows\epplauncher.mif
2020-05-22 17:16 - 2016-04-19 20:34 - 000000000 ____D C:\Users\user\Documents\Outlook Files
2020-05-21 22:10 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2020-05-21 21:24 - 2017-10-21 11:57 - 000004474 _____ C:\Windows\system32\Tasks\Adobe Flash Player PPAPI Notifier
2020-05-21 21:24 - 2016-04-17 21:44 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2020-05-21 21:24 - 2016-04-17 21:44 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2020-05-21 21:24 - 2016-04-17 21:44 - 000004312 _____ C:\Windows\system32\Tasks\Adobe Flash Player Updater
2020-05-21 21:24 - 2016-04-17 21:43 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2020-05-21 21:24 - 2016-04-17 21:43 - 000000000 ____D C:\Windows\system32\Macromed
2020-05-21 20:39 - 2018-03-15 06:18 - 000004462 _____ C:\Windows\system32\Tasks\Adobe Flash Player NPAPI Notifier
2020-05-21 20:31 - 2017-12-03 19:45 - 000000888 _____ C:\Users\user\.jpview
2020-05-21 20:23 - 2020-04-14 18:37 - 000501472 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetHub.sys
2020-05-21 20:23 - 2018-10-20 03:38 - 000042784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2020-05-21 20:23 - 2017-12-14 20:26 - 000460992 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2020-05-21 20:23 - 2017-12-14 20:26 - 000319120 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2020-05-21 20:23 - 2017-12-14 20:26 - 000109272 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2020-05-21 20:23 - 2017-12-14 20:26 - 000084856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2020-05-21 20:21 - 2019-01-14 16:50 - 000234560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2020-05-21 20:21 - 2019-01-05 04:49 - 000178760 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2020-05-21 20:21 - 2019-01-05 04:49 - 000060480 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2020-05-21 20:21 - 2019-01-05 04:49 - 000037136 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
2020-05-21 20:21 - 2017-12-14 20:26 - 000851592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2020-05-21 20:21 - 2017-12-14 20:26 - 000205880 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2020-05-21 20:08 - 2017-12-14 20:27 - 000004168 _____ C:\Windows\system32\Tasks\Avast Emergency Update
2020-05-09 17:40 - 2019-03-24 18:21 - 000000000 ____D C:\Users\user\Desktop\photos
2020-05-09 17:38 - 2016-04-23 20:26 - 000000000 ____D C:\Users\user\AppData\Roaming\vlc
2020-05-09 12:07 - 2019-06-02 10:44 - 000000000 ____D C:\Users\user\AppData\Roaming\PrusaSlicer
2020-05-08 16:38 - 2018-05-18 20:43 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-05-08 16:38 - 2018-05-18 20:43 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-05-08 16:38 - 2018-05-18 20:43 - 000002183 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-05-07 20:18 - 2009-07-14 07:32 - 000000000 ____D C:\Windows\system32\FxsTmp
2020-05-03 10:59 - 2019-06-24 17:35 - 000000000 ____D C:\Users\user\Desktop\DESIRE
2020-05-01 17:54 - 2018-05-18 20:43 - 000003334 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2020-05-01 17:54 - 2018-05-18 20:43 - 000003206 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2020-05-01 17:54 - 2017-12-14 20:27 - 000000000 ____D C:\Windows\system32\Tasks\Avast Software
2020-05-01 17:54 - 2017-08-23 21:15 - 000003088 _____ C:\Windows\system32\Tasks\{6C95F641-0844-440E-936C-6F9A61D34E9D}
2020-05-01 17:54 - 2016-07-23 15:20 - 000003230 _____ C:\Windows\system32\Tasks\{1EB9C7A0-3CDF-4190-B599-9F960EE4DAE7}
2020-05-01 17:54 - 2016-05-07 12:59 - 000003144 _____ C:\Windows\system32\Tasks\{FCFFC128-F7E1-4DCA-A695-133412AD9A39}
2020-05-01 14:57 - 2018-11-01 22:30 - 000000000 _____ C:\Windows\system32\last.dump
2020-04-25 14:49 - 2016-10-25 20:58 - 000000000 ____D C:\Users\user\AppData\Local\ElevatedDiagnostics

==================== Files in the root of some directories ========

2018-05-18 20:25 - 2018-05-18 20:25 - 007649280 _____ () C:\Program Files (x86)\GUT770.tmp
2016-04-13 09:49 - 2016-04-13 09:49 - 000000093 _____ () C:\Users\user\AppData\Roaming\ARCompanion.log
2016-06-01 20:40 - 2016-06-01 20:40 - 000005858 _____ () C:\Users\user\AppData\Local\recently-used.xbel

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2020-05-21 21:48
==================== End of FRST.txt ========================