Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-08-2021 Ran by User (administrator) on LAPTOP-DDK31LC2 (LENOVO 82H8) (19-08-2021 19:03:11) Running from C:\Users\User\Desktop Loaded Profiles: User Platform: Windows 10 Home Version 20H2 19042.1165 (X64) Language: English (United States) Default browser: FF Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswEngSrv.exe (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe <4> (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_f75fa513cf0ccec1\esif_uf.exe (Lenovo -> Lenovo Group Ltd.) C:\Windows\System32\drivers\Lenovo\udc\Service\UDClientService.exe (Lenovo -> Lenovo Group Ltd.) C:\Windows\System32\drivers\Lenovo\udc\Service\UDCUserAgent.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <7> (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_85a48ee0cac1d3dd\RtkAudUService64.exe (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_85a48ee0cac1d3dd\RtkAudUService64.exe [1183968 2020-10-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [123672 2021-08-04] (Avast Software s.r.o. -> AVAST Software) HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3136136 2020-11-20] (Logitech Inc -> Logitech, Inc.) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6787856 2019-03-19] (Safer-Networking Ltd. -> Safer-Networking Ltd.) HKU\S-1-5-21-127966655-3041496052-59511839-1001\...\Run: [f.lux] => C:\Users\User\AppData\Local\FluxSoftware\Flux\flux.exe [1515848 2021-06-17] (F.lux Software LLC -> f.lux Software LLC) BootExecute: autocheck autochk * sdnclean64.exe HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {02185350-C8EE-4372-87FE-DFC43B9570F9} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23253888 2021-08-06] (Microsoft Corporation -> Microsoft Corporation) Task: {1833F1B9-133A-49F7-A7CB-6568882AD431} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [673720 2021-08-18] (Mozilla Corporation -> Mozilla Foundation) Task: {47F05EB9-C61B-415A-A7F6-4DEFDC6F0903} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4902680 2021-08-04] (Avast Software s.r.o. -> AVAST Software) Task: {55D4E56C-8E2B-4957-BF72-1C3ED62823E7} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\8df615b7-41a1-4623-8d91-270b1b007fb2 => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81896 2021-08-12] (Lenovo -> Lenovo Group Ltd.) Task: {62207DF2-9ECC-4767-98C7-1A09BCE4699A} - System32\Tasks\Lenovo\UDC\Lenovo UDC Monitor => C:\Windows\system32\drivers\lenovo\udc\data\InfBackup\UdcInfInstaller.exe [192928 2021-05-19] (Lenovo -> Lenovo Group Ltd.) Task: {7468AE31-4C72-4E5E-AE5D-00296054BE50} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32 Task: {7E1F847A-F389-466D-B862-1BCDB7B8E036} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [139112 2021-08-15] (Microsoft Corporation -> Microsoft Corporation) Task: {8AD1A74E-7EEC-4086-AD58-C71BE4AAAF41} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\3.7.19.0\ScheduleEventAction.exe [23968 2021-05-17] (Lenovo -> Lenovo Group Ltd.) Task: {8E9FBCD5-D6BF-400D-8537-CC000191D4DA} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\Windows\system32\ImController.InfInstaller.exe [62440 2021-08-12] (Lenovo -> Lenovo Group Ltd.) Task: {A3BD33B8-56DF-4ADE-AB3E-04546F8F7F68} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1790184 2021-05-28] (Avast Software s.r.o. -> Avast Software) Task: {A4270A50-DC5F-4848-AB65-8187D589205F} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService Task: {ACC2238A-BFCE-4A78-A83A-ABDDE75825AA} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\88f26295-8502-4cb0-8221-fbbcfc0665ba => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81896 2021-08-12] (Lenovo -> Lenovo Group Ltd.) Task: {ADB188C0-0405-4FF7-B0A6-EF4C5170A450} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService Task: {AF18DD2B-2C36-43AD-A934-0D8DC091D23E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23253888 2021-08-06] (Microsoft Corporation -> Microsoft Corporation) Task: {BA7327E5-4DA1-44BC-BF68-D86F6FEC5F14} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\895bd6fa-03f1-4f75-9957-f0d700b5d7ed => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81896 2021-08-12] (Lenovo -> Lenovo Group Ltd.) Task: {BD84955F-B66E-4F60-AFA7-5F6C304E1DAF} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\5f4c3a9d-5797-402d-a468-b0ceeb095e31 => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81896 2021-08-12] (Lenovo -> Lenovo Group Ltd.) Task: {BE3CDDE7-CB8A-43E2-947A-448ADF0DEE86} - System32\Tasks\Lenovo\UDC\Lenovo UDC Idle Monitor => C:\windows\system32\drivers\Lenovo\udc\Service\UDCUserAgent.exe [434608 2021-05-19] (Lenovo -> Lenovo Group Ltd.) Task: {CDCE6BD5-0E3D-4EAA-9024-8F2F8EF5A9A9} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [144456 2021-07-15] (Lenovo -> Lenovo Group Ltd.) Task: {E123B47B-126B-4D43-BFA9-326173FD5CF9} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [139112 2021-08-15] (Microsoft Corporation -> Microsoft Corporation) Task: {E650E7D5-4689-4E06-BEF5-5EB26A14C545} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe [314128 2018-05-02] (IObit Information Technology -> IObit) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{5da62158-9e67-49ae-83c7-40da4be9c5a8}: [DhcpNameServer] 150.213.1.3 Tcpip\..\Interfaces\{666ac231-0bd2-4651-861b-396d17dfcc9d}: [DhcpNameServer] 192.168.1.254 Edge: ======= Edge Profile: C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default [2021-08-19] FireFox: ======== FF DefaultProfile: dnxs5hjs.default FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\dnxs5hjs.default [2021-05-28] FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\59kfiq3z.default-release-1622672176047 [2021-08-19] FF DownloadDir: C:\Users\User\Desktop FF Homepage: Mozilla\Firefox\Profiles\59kfiq3z.default-release-1622672176047 -> hxxps://duckduckgo.com/ FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\59kfiq3z.default-release-1622672176047\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2021-08-16] FF Extension: (uBlock Origin) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\59kfiq3z.default-release-1622672176047\Extensions\uBlock0@raymondhill.net.xpi [2021-07-31] FF Extension: (Add-ons Search Detection) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\59kfiq3z.default-release-1622672176047\features\{717653e6-c955-4985-859f-3e3816ebaf8e}\addons-search-detection@mozilla.com.xpi [2021-08-13] FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2021-05-29] [not signed] FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-06-04] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-06-04] (Microsoft Corporation -> Microsoft Corporation) ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [8262736 2021-08-04] (Avast Software s.r.o. -> AVAST Software) R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [627480 2021-08-04] (Avast Software s.r.o. -> AVAST Software) R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [374552 2021-08-04] (Avast Software s.r.o. -> AVAST Software) R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2021-05-28] (Avast Software s.r.o. -> AVAST Software) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9142128 2021-08-05] (Microsoft Corporation -> Microsoft Corporation) S2 DolbyDAXAPI; C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_e9ebbe69987eef47\DAX3API.exe [2173912 2020-10-15] (Dolby Laboratories, Inc. -> Dolby Laboratories) S2 ElevocService; C:\Windows\System32\ElevocControlService.exe [147312 2020-11-16] (Microsoft Windows Hardware Compatibility Publisher -> ) S2 ImControllerService; C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81896 2021-08-12] (Lenovo -> Lenovo Group Ltd.) S2 IntelAudioService; C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_639c92dde0957139\\AS\\IAS\\IntelAudioService.exe [528232 2020-08-26] (Smart Sound Technology -> Intel) S2 LenovoFnAndFunctionKeys; C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_2fcf64020e032ea8\LenovoUtilityService.exe [531360 2021-02-23] (Lenovo -> Lenovo(beijing) Limited) S2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.7.19.0\LenovoVantageService.exe [28576 2021-05-17] (Lenovo -> Lenovo Group Ltd.) S2 LITSSVC; C:\Windows\System32\LNBITSSvc.exe [1817944 2020-09-10] (Lenovo -> Lenovo(beijing) Limited) R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7477704 2021-08-04] (Malwarebytes Inc -> Malwarebytes) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2747312 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4583240 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [940976 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.) R2 UDCService; C:\Windows\System32\drivers\Lenovo\udc\Service\UDClientService.exe [107952 2021-05-19] (Lenovo -> Lenovo Group Ltd.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [35720 2021-08-04] (Avast Software s.r.o. -> AVAST Software) R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [218976 2021-08-04] (Avast Software s.r.o. -> AVAST Software) R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [367640 2021-08-04] (Avast Software s.r.o. -> AVAST Software) R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [250392 2021-08-04] (Avast Software s.r.o. -> AVAST Software) R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [99352 2021-08-04] (Avast Software s.r.o. -> AVAST Software) R0 aswElam; C:\Windows\System32\drivers\aswElam.sys [17344 2021-08-04] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software) R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [41352 2021-08-04] (Avast Software s.r.o. -> AVAST Software) R1 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [184648 2021-08-04] (Avast Software s.r.o. -> AVAST Software) R1 aswNetHub; C:\Windows\System32\drivers\aswNetHub.sys [559816 2021-08-04] (Avast Software s.r.o. -> AVAST Software) R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [108408 2021-08-04] (Avast Software s.r.o. -> AVAST Software) R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [82904 2021-08-04] (Avast Software s.r.o. -> AVAST Software) R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [851704 2021-08-04] (Avast Software s.r.o. -> AVAST Software) R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [471920 2021-08-04] (Avast Software s.r.o. -> AVAST Software) R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [215392 2021-08-04] (Avast Software s.r.o. -> AVAST Software) R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [328568 2021-08-04] (Avast Software s.r.o. -> AVAST Software) S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2021-03-04] (Microsoft Corporation) [File not signed] R3 iaLPSS2_GPIO2_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_gpio2_tgl.inf_amd64_2d381b4e92c4580e\iaLPSS2_GPIO2_TGL.sys [129288 2020-06-04] (Intel Corporation -> Intel Corporation) R3 iaLPSS2_I2C_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_i2c_tgl.inf_amd64_18d252599a45c7f5\iaLPSS2_I2C_TGL.sys [198408 2020-06-04] (Intel Corporation -> Intel Corporation) R3 iaLPSS2_SPI_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_spi_tgl.inf_amd64_a377b182eb0b1769\iaLPSS2_SPI_TGL.sys [156936 2020-06-04] (Intel Corporation -> Intel Corporation) R3 iaLPSS2_UART2_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_uart2_tgl.inf_amd64_17edb8d819140063\iaLPSS2_UART2_TGL.sys [311560 2020-06-04] (Intel Corporation -> Intel Corporation) R0 iaStorVD; C:\Windows\System32\drivers\iaStorVD.sys [1431928 2020-10-28] (Intel(R) Rapid Storage Technology -> Intel Corporation) R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [220752 2021-08-19] (Malwarebytes Inc -> Malwarebytes) S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [19912 2021-05-28] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992 2021-08-04] (Malwarebytes Inc -> Malwarebytes) S0 Spybot3ELAM; C:\Windows\System32\drivers\Spybot3ELAM.sys [19904 2019-06-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Windows (R) Win 7 DDK provider) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2021-08-19 19:03 - 2021-08-19 19:04 - 000018722 _____ C:\Users\User\Desktop\FRST.txt 2021-08-19 18:26 - 2021-08-19 18:26 - 000000266 _____ C:\Users\User\Desktop\eset.txt 2021-08-19 15:16 - 2021-08-19 15:16 - 000001286 _____ C:\Users\User\Desktop\ESET Online Scanner.lnk 2021-08-19 15:15 - 2021-08-19 15:15 - 000001392 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk 2021-08-19 15:15 - 2021-08-19 15:15 - 000000000 ____D C:\Users\User\AppData\Local\ESET 2021-08-19 15:14 - 2021-08-19 15:14 - 011697056 _____ (ESET) C:\Users\User\Desktop\esetonlinescanner.exe 2021-08-19 14:51 - 2021-08-19 14:51 - 000220752 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2021-08-19 13:16 - 2021-08-19 15:09 - 000000000 ____D C:\AdwCleaner 2021-08-19 13:13 - 2021-08-19 13:15 - 008553680 _____ (Malwarebytes) C:\Users\User\Desktop\AdwCleaner.exe 2021-08-18 17:00 - 2021-08-18 17:00 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla 2021-08-18 14:09 - 2021-08-19 11:35 - 000000000 ____D C:\Program Files\Mozilla Firefox 2021-08-18 13:44 - 2021-08-19 19:03 - 000000000 ____D C:\FRST 2021-08-18 13:44 - 2021-08-18 13:44 - 000000000 ____D C:\Users\User\Desktop\FRST-OlderVersion 2021-08-18 13:43 - 2021-08-18 13:44 - 002300416 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe 2021-08-17 17:43 - 2021-08-04 22:47 - 000454574 ____R C:\Windows\system32\Drivers\etc\hosts.20210817-174359.backup 2021-08-17 12:41 - 2021-08-17 12:41 - 000000000 ____D C:\Users\Public\Documents\sun 2021-08-17 12:31 - 2021-08-17 12:31 - 000001181 _____ C:\Users\Public\Desktop\LibreOffice 7.1.lnk 2021-08-17 12:31 - 2021-08-17 12:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 7.1 2021-08-16 02:33 - 2021-08-16 02:33 - 000000000 ____D C:\Users\User\AppData\Roaming\Orneon 2021-08-16 02:33 - 2021-08-16 02:33 - 000000000 ____D C:\Users\User\AppData\Roaming\Macromedia 2021-08-14 20:44 - 2021-08-14 20:44 - 000001999 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Manager.lnk 2021-08-14 20:44 - 2021-08-14 20:44 - 000001987 _____ C:\Users\Public\Desktop\Game Manager.lnk 2021-08-14 20:44 - 2021-08-14 20:44 - 000001208 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\More Great Games.lnk 2021-08-14 20:38 - 2021-08-14 20:45 - 000000000 ____D C:\Program Files (x86)\bfgclient 2021-08-14 20:38 - 2021-08-14 20:38 - 000000000 ____D C:\ProgramData\Big Fish 2021-08-14 20:37 - 2021-08-16 02:32 - 000000000 ____D C:\BigFishCache 2021-08-14 19:31 - 2021-08-17 12:40 - 000000000 ____D C:\Users\User\Desktop\shortcuts 2021-08-13 03:10 - 2021-08-13 03:11 - 000000000 ____D C:\Program Files (x86)\The Agency of Anomalies - Mind Invasion 2021-08-13 03:10 - 2021-08-13 03:10 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Agency of Anomalies - Mind Invasion 2021-08-13 03:10 - 2021-08-13 03:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Agency of Anomalies - Mind Invasion 2021-08-13 03:09 - 2021-08-13 03:10 - 000000000 ____D C:\Program Files (x86)\The Agency of Anomalies - The Last Performance 2021-08-13 03:09 - 2021-08-13 03:09 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Agency of Anomalies - The Last Performance 2021-08-13 03:09 - 2021-08-13 03:09 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Agency of Anomalies - Cinderstone Orphanage 2021-08-13 03:09 - 2021-08-13 03:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Agency of Anomalies - The Last Performance 2021-08-13 03:09 - 2021-08-13 03:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Agency of Anomalies - Cinderstone Orphanage 2021-08-13 03:09 - 2021-08-13 03:09 - 000000000 ____D C:\Program Files (x86)\The Agency of Anomalies - Cinderstone Orphanage 2021-08-13 02:46 - 2021-08-13 02:47 - 000000000 ____D C:\Program Files (x86)\The Agency of Anomalies - Mystic Hospital 2021-08-13 02:46 - 2021-08-13 02:46 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Agency of Anomalies - Mystic Hospital 2021-08-13 02:46 - 2021-08-13 02:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Agency of Anomalies - Mystic Hospital 2021-08-11 20:38 - 2021-08-11 20:38 - 000000261 _____ C:\Users\User\Desktop\Religious and Inspirational Statuary Lucky Mojo Curio Co. Catalogue.URL 2021-08-10 17:55 - 2021-08-10 17:55 - 002755584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2021-08-10 17:55 - 2021-08-10 17:55 - 002755584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2021-08-10 17:55 - 2021-08-10 17:55 - 001333760 _____ C:\Windows\SysWOW64\TextInputMethodFormatter.dll 2021-08-10 17:55 - 2021-08-10 17:55 - 000011347 _____ C:\Windows\system32\DrtmAuthTxt.wim 2021-08-10 17:54 - 2021-08-10 17:54 - 001823280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2021-08-10 17:54 - 2021-08-10 17:54 - 001393480 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2021-08-10 17:53 - 2021-08-10 17:53 - 000288768 _____ C:\Windows\system32\Windows.Management.InprocObjects.dll 2021-08-10 17:32 - 2021-08-10 17:32 - 000000000 ___HD C:\$WinREAgent 2021-08-09 02:00 - 2021-08-09 02:00 - 000000000 ____D C:\Users\User\AppData\Roaming\Azuaz Games 2021-08-09 01:32 - 2021-08-09 01:32 - 000000000 ____D C:\Program Files\Reference Assemblies 2021-08-09 01:32 - 2021-08-09 01:32 - 000000000 ____D C:\Program Files\MSBuild 2021-08-09 01:32 - 2021-08-09 01:32 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies 2021-08-09 01:32 - 2021-08-09 01:32 - 000000000 ____D C:\Program Files (x86)\MSBuild 2021-08-04 22:47 - 2021-08-04 18:55 - 000454574 ____R C:\Windows\system32\Drivers\etc\hosts.20210804-224739.backup 2021-08-04 18:55 - 2021-08-04 18:55 - 000000000 ____D C:\Windows\system32\Tasks\Safer-Networking 2021-08-04 18:55 - 2019-12-07 04:12 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts.20210804-185538.backup 2021-08-04 18:45 - 2021-08-04 18:45 - 000248992 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2021-08-04 15:29 - 2021-08-04 15:28 - 000339736 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2021-08-04 15:29 - 2021-08-04 15:28 - 000215392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2021-08-19 18:57 - 2020-05-06 13:33 - 000000000 ____D C:\Windows\system32\SleepStudy 2021-08-19 15:11 - 2021-05-28 15:14 - 000000000 ____D C:\Users\User\AppData\LocalLow\Mozilla 2021-08-19 14:58 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2021-08-19 13:21 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps 2021-08-19 13:21 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\AppReadiness 2021-08-19 12:40 - 2021-05-28 16:41 - 000004264 _____ C:\Windows\system32\Tasks\Avast Emergency Update 2021-08-19 12:09 - 2021-05-28 16:44 - 000000000 ____D C:\Users\User\AppData\Local\Avast Software 2021-08-19 11:38 - 2021-05-28 16:38 - 000000000 ____D C:\ProgramData\Avast Software 2021-08-19 11:37 - 2021-05-29 03:28 - 000000000 __SHD C:\Users\User\IntelGraphicsProfiles 2021-08-19 11:36 - 2021-05-28 17:16 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2021-08-19 11:36 - 2021-03-04 23:55 - 000000000 ____D C:\ProgramData\Goodix 2021-08-19 11:36 - 2021-03-04 22:16 - 000000000 ___HD C:\Intel 2021-08-19 11:36 - 2020-05-06 13:33 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2021-08-19 11:36 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\ServiceState 2021-08-19 11:35 - 2021-06-02 17:37 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2021-08-19 11:35 - 2020-05-06 13:33 - 000008192 ___SH C:\DumpStack.log.tmp 2021-08-19 03:26 - 2019-12-07 04:03 - 000524288 _____ C:\Windows\system32\config\BBI 2021-08-19 03:25 - 2021-05-30 10:03 - 000000000 ____D C:\ProgramData\TEMP 2021-08-19 03:25 - 2021-05-29 10:09 - 000002704 _____ C:\Windows\system32\Tasks\SmartDefrag_AutoAnalyze 2021-08-19 03:25 - 2021-05-29 03:32 - 000002850 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-127966655-3041496052-59511839-1001 2021-08-19 03:25 - 2021-05-28 16:42 - 000000000 ____D C:\Windows\system32\Tasks\Avast Software 2021-08-19 03:25 - 2021-03-04 23:41 - 000002846 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-127966655-3041496052-59511839-500 2021-08-19 03:25 - 2021-03-04 23:23 - 000003408 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2021-08-19 03:25 - 2021-03-04 23:23 - 000003184 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2021-08-19 01:50 - 2021-06-01 00:41 - 000000000 ____D C:\Users\User\AppData\Local\CrashDumps 2021-08-18 17:00 - 2021-06-02 17:37 - 000000972 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2021-08-17 12:35 - 2020-05-06 13:33 - 000632536 _____ C:\Windows\system32\FNTCACHE.DAT 2021-08-17 12:31 - 2021-05-29 10:38 - 000000000 ____D C:\Program Files\LibreOffice 2021-08-16 22:56 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\LiveKernelReports 2021-08-16 22:45 - 2021-05-29 03:24 - 000000000 ____D C:\Users\User 2021-08-16 18:23 - 2021-05-29 03:24 - 000002415 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2021-08-16 17:32 - 2019-12-07 04:13 - 000000000 ____D C:\Windows\INF 2021-08-15 02:45 - 2021-03-04 23:33 - 000000000 ____D C:\Program Files\Microsoft Office 2021-08-14 03:42 - 2021-05-30 09:14 - 000000000 ____D C:\Program Files (x86)\Steam 2021-08-13 17:47 - 2021-03-04 23:23 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2021-08-13 03:10 - 2021-05-30 17:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2021-08-12 17:17 - 2020-05-06 13:41 - 000841126 _____ C:\Windows\system32\PerfStringBackup.INI 2021-08-12 10:55 - 2021-03-14 22:27 - 000108008 _____ (Lenovo Group Ltd.) C:\Windows\system32\WudfUpdate_02000.dll 2021-08-12 10:55 - 2021-03-14 22:27 - 000062440 _____ (Lenovo Group Ltd.) C:\Windows\system32\ImController.InfInstaller.exe 2021-08-12 10:55 - 2021-03-04 23:30 - 000108008 _____ (Lenovo Group Ltd.) C:\Windows\system32\ImController.CoInstaller.dll 2021-08-12 10:55 - 2021-03-04 22:47 - 000429944 _____ (Lenovo Group Limited) C:\Windows\system32\iMDriverHelper.dll 2021-08-10 18:10 - 2019-12-07 04:14 - 000000000 ___SD C:\Windows\system32\UNP 2021-08-10 18:10 - 2019-12-07 04:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel 2021-08-10 18:10 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\SysWOW64\Dism 2021-08-10 18:10 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\SystemResources 2021-08-10 18:10 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\oobe 2021-08-10 18:10 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\Dism 2021-08-10 18:10 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\ShellComponents 2021-08-10 18:10 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\bcastdvr 2021-08-10 18:10 - 2019-12-07 04:03 - 000000000 ____D C:\Windows\servicing 2021-08-10 18:07 - 2019-12-07 04:03 - 000000000 ____D C:\Windows\CbsTemp 2021-08-10 17:21 - 2021-05-30 14:19 - 000000000 ____D C:\Windows\system32\MRT 2021-08-10 17:17 - 2021-05-30 14:19 - 133215968 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2021-08-09 17:13 - 2021-05-29 03:28 - 000000000 ____D C:\Users\User\AppData\Local\Packages 2021-08-04 20:27 - 2021-05-28 17:16 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy 2021-08-04 19:35 - 2021-05-30 16:26 - 000000000 ____D C:\Users\User\Desktop\virus shit 2021-08-04 19:18 - 2021-05-29 10:07 - 000000000 ____D C:\Users\User\AppData\Roaming\IObit 2021-08-04 18:57 - 2021-05-29 10:09 - 000000000 ____D C:\ProgramData\ProductData 2021-08-04 18:49 - 2021-05-28 17:23 - 000002000 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2021-08-04 15:29 - 2019-12-07 04:14 - 000000000 ___HD C:\Windows\ELAMBKUP 2021-08-04 15:28 - 2021-05-28 16:41 - 000851704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2021-08-04 15:28 - 2021-05-28 16:41 - 000559816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetHub.sys 2021-08-04 15:28 - 2021-05-28 16:41 - 000471920 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2021-08-04 15:28 - 2021-05-28 16:41 - 000367640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys 2021-08-04 15:28 - 2021-05-28 16:41 - 000328568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2021-08-04 15:28 - 2021-05-28 16:41 - 000250392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys 2021-08-04 15:28 - 2021-05-28 16:41 - 000218976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys 2021-08-04 15:28 - 2021-05-28 16:41 - 000184648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2021-08-04 15:28 - 2021-05-28 16:41 - 000108408 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2021-08-04 15:28 - 2021-05-28 16:41 - 000099352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys 2021-08-04 15:28 - 2021-05-28 16:41 - 000082904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2021-08-04 15:28 - 2021-05-28 16:41 - 000041352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys 2021-08-04 15:28 - 2021-05-28 16:41 - 000035720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys 2021-08-04 15:28 - 2021-05-28 16:41 - 000017344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswElam.sys 2021-08-03 18:00 - 2021-05-28 15:00 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools 2021-08-02 15:53 - 2021-05-29 03:32 - 000000000 ___RD C:\Users\User\OneDrive 2021-07-31 19:14 - 2021-06-05 18:09 - 000029703 _____ C:\Users\User\Documents\Jay.odt 2021-07-28 22:32 - 2019-12-07 04:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2021-07-26 17:06 - 2021-03-04 23:30 - 000000000 ____D C:\Windows\TempInst ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ========================