Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-05-2023 01 Ran by Maffu (administrator) on SILENCE (ASUS All Series) (08-05-2023 14:59:17) Running from C:\Users\Maffu\Desktop\FRST64.exe Loaded Profiles: Maffu Platform: Microsoft Windows 10 Home Version 22H2 19045.2728 (X64) Language: English (United Kingdom) Default browser: Chrome Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe <4> (C:\Program Files\AVAST Software\Avast\AvastSvc.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe (C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ai.exe (C:\Program Files\Tablet\Pen\Pen_Tablet.exe ->) (Wacom Technology Corp. -> Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe (C:\Program Files\Tablet\Pen\Pen_TouchService.exe ->) (Wacom Technology Corp. -> Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe <7> (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (explorer.exe ->) (Figma, Inc. -> ) C:\Users\Maffu\AppData\Local\FigmaAgent\figma_agent.exe (explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <23> (explorer.exe ->) (Leosoft EOOD -> Leosoft) C:\Program Files (x86)\Eye Saver\Eye Saver.exe (explorer.exe ->) (Native Instruments GmbH -> Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\NTK\NTKDaemon.exe (explorer.exe ->) (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectMonitor.exe (explorer.exe ->) (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectUI.exe (services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (services.exe ->) (ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe (services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe (services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe (services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe (services.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (services.exe ->) (Native Instruments GmbH -> Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (services.exe ->) (Native Instruments GmbH -> Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHostIntegrationAgent.exe (services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvmdsig.inf_amd64_4f59e6a85c826a86\Display.NvContainer\NVDisplay.Container.exe <2> (services.exe ->) (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe (services.exe ->) (Private Internet Access, Inc. -> ) C:\Program Files\Private Internet Access\pia-service.exe (services.exe ->) (Synology Inc. -> ) C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe (services.exe ->) (voidtools -> ) C:\Program Files\Everything\Everything.exe <2> (services.exe ->) (Wacom Technology Corp. -> Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe <2> (services.exe ->) (Wacom Technology Corp. -> Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchService.exe (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2> (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [2241312 2019-01-26] (voidtools -> ) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [220056 2023-04-12] (Avast Software s.r.o. -> AVAST Software) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [11327200 2023-05-02] (Dropbox, Inc -> Dropbox, Inc.) HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION HKU\S-1-5-21-2763654447-502089044-3427749853-1001\...\Run: [Eye Saver] => C:\Program Files (x86)\Eye Saver\Eye Saver.exe [2624376 2023-01-10] (Leosoft EOOD -> Leosoft) HKU\S-1-5-21-2763654447-502089044-3427749853-1001\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-2763654447-502089044-3427749853-1001\...\Run: [Microsoft.Lists] => C:\Users\Maffu\AppData\Local\Microsoft\OneDrive\23.081.0416.0001\Microsoft.SharePoint.exe [555400 2023-05-04] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-2763654447-502089044-3427749853-1001\...\Run: [Figma Agent] => C:\Users\Maffu\AppData\Local\FigmaAgent\figma_agent.exe [6116928 2023-04-11] (Figma, Inc. -> ) HKU\S-1-5-21-2763654447-502089044-3427749853-1001\...\Run: [Amazon Music Helper] => C:\Users\Maffu\AppData\Local\Amazon Music\Amazon Music Helper.exe [2107496 2023-04-13] (Amazon.com Services LLC -> Amazon.com Services LLC) HKU\S-1-5-18\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [24729176 2022-04-04] (Plex, Inc. -> Plex, Inc.) HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\Windows\system32\AdobePDF.dll [203936 2022-10-16] (Adobe Inc. -> Adobe Systems Inc) HKLM\Software\...\Authentication\Credential Providers: [AutorunsDisabled] -> HKLM\Software\...\Authentication\Credential Provider Filters: [AutorunsDisabled] -> Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2022-11-06] Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NIHardwareAccessibilityHelper.exe.lnk [2023-01-15] ShortcutTarget: NIHardwareAccessibilityHelper.exe.lnk -> C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareAccessibilityHelper.exe (Native Instruments GmbH -> Native Instruments GmbH) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NTKDaemon.lnk [2021-09-03] ShortcutTarget: NTKDaemon.lnk -> C:\Program Files\Common Files\Native Instruments\NTK\NTKDaemon.exe (Native Instruments GmbH -> Native Instruments GmbH) Startup: C:\Users\Maffu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2022-10-08] HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {11F110E5-3636-434C-9BF1-77CA3817F448} - System32\Tasks\GoogleUpdateTaskMachineUA{94E9F92D-0F3C-4D4E-AE18-BC433213574A} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler (No File) Task: {20649B48-37F5-45EA-99BB-0E0B5CA64FFC} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [4885912 2023-04-12] (Avast Software s.r.o. -> AVAST Software) Task: {24CB270D-C5D4-4CF2-9FB2-08D304676238} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564152 2023-04-03] (Adobe Inc. -> Adobe Inc.) Task: {3FF28928-667A-4490-867E-0B4F90F58392} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-11] (Dropbox, Inc -> Dropbox, Inc.) Task: {4E4EC02C-4CA6-4276-B7CE-9AAE5526FC05} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-11] (Dropbox, Inc -> Dropbox, Inc.) Task: {628151AB-C62F-4A8E-8391-76C855D368B6} - System32\Tasks\CorelUpdateHelperTaskCore => c:\Program Files (x86)\Corel\CUH\v2\CUH.exe [1662200 2019-02-27] (Corel Corporation -> Corel Corporation) Task: {7099DC4F-2C68-4AFC-BC14-A856B073A415} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [714568 2022-11-04] (Mozilla Corporation -> Mozilla Foundation) Task: {74241E54-C9B4-4B88-B1F4-92629E04C655} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26301352 2023-04-14] (Microsoft Corporation -> Microsoft Corporation) Task: {75D1290A-8665-4F8D-B0F8-B8510E9D3F47} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [168840 2023-04-14] (Microsoft Corporation -> Microsoft Corporation) Task: {ABFE4EFD-ACDB-4C74-BDA5-1391A0B584F4} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [3826320 2023-04-14] (Microsoft Corporation -> Microsoft Corporation) Task: {BB99C98B-459A-40AA-934C-B320E321A31E} - System32\Tasks\GoogleUpdateTaskMachineCore{7A02C385-8D26-41D7-806B-BC90EB10767C} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c (No File) Task: {BC77FBE7-A61C-4505-90AC-EB82E9F9B74A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26301352 2023-04-14] (Microsoft Corporation -> Microsoft Corporation) Task: {C304E83E-78F2-44D0-A601-2C0A1A841857} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144320 2023-04-14] (Microsoft Corporation -> Microsoft Corporation) Task: {D97AC45D-999C-4446-9554-8638146A7F07} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144320 2023-04-14] (Microsoft Corporation -> Microsoft Corporation) Task: {E0431F55-4A82-4112-AF44-EC16EF674FD6} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2135448 2023-04-14] (Avast Software s.r.o. -> Avast Software) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100 Tcpip\..\Interfaces\{1258121e-1d5e-4039-b8e2-3ea5a2276bda}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{1258121e-1d5e-4039-b8e2-3ea5a2276bda}: [DhcpNameServer] 194.168.4.100 194.168.8.100 Tcpip\..\Interfaces\{9dde2ad5-cde8-4373-8434-6c202281e342}: [DhcpNameServer] 194.168.4.100 194.168.8.100 Tcpip\..\Interfaces\{fe6503f5-6908-4cf6-82d3-d5b4e5cc2f38}: [DhcpNameServer] 192.168.162.156 Edge: ======= Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found] Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found] Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found] Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found] Edge Profile: C:\Users\Maffu\AppData\Local\Microsoft\Edge\User Data\Default [2023-05-07] Edge DownloadDir: Default -> D:\Downloads FireFox: ======== FF DefaultProfile: ew8reyw7.default FF ProfilePath: C:\Users\Maffu\AppData\Roaming\Mozilla\Firefox\Profiles\ew8reyw7.default [2022-11-06] FF ProfilePath: C:\Users\Maffu\AppData\Roaming\Mozilla\Firefox\Profiles\oqk4d9fa.default-release [2023-05-07] FF Homepage: Mozilla\Firefox\Profiles\oqk4d9fa.default-release -> hxxps://www.google.co.uk FF Extension: (Adblock Plus - free ad blocker) - C:\Users\Maffu\AppData\Roaming\Mozilla\Firefox\Profiles\oqk4d9fa.default-release\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2022-12-13] FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi FF Extension: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2021-02-01] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-04-14] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-04-04] (Adobe Inc. -> Adobe Systems Inc.) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2022-06-19] (Adobe Inc. -> Adobe Systems) FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2019-08-19] (Citrix Systems, Inc. -> Citrix Systems, Inc.) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google Inc -> Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.281.2 -> C:\Program Files (x86)\Java\jre1.8.0_281\bin\dtplugin\npDeployJava1.dll [2021-03-16] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.281.2 -> C:\Program Files (x86)\Java\jre1.8.0_281\bin\plugin2\npjp2.dll [2021-03-16] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2023-04-14] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-04-14] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=3 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2020-01-18] (Brave Software, Inc. -> BraveSoftware Inc.) FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=9 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2020-01-18] (Brave Software, Inc. -> BraveSoftware Inc.) FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll [2011-04-20] (Wacom, Inc.) [File not signed] FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.1 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2011-05-31] (Wacom) [File not signed] FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2022-06-19] (Adobe Inc. -> Adobe Systems) FF Plugin HKU\S-1-5-21-2763654447-502089044-3427749853-1001: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2011-05-31] (Wacom) [File not signed] Chrome: ======= CHR Profile: C:\Users\Maffu\AppData\Local\Google\Chrome\User Data\Default [2023-05-08] CHR NewTab: Default -> Active:"chrome-extension://icpgjfneehieebagbmdbhnlpiopdcmna/main.html" CHR Extension: (ColorZilla) - C:\Users\Maffu\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2022-11-06] CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Maffu\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2023-04-26] CHR Extension: (Wikiwand: Wikipedia Modernized) - C:\Users\Maffu\AppData\Local\Google\Chrome\User Data\Default\Extensions\emffkefkbkpkgpdeeooapgaicgmcbolj [2022-11-09] CHR Extension: (IronVest) - C:\Users\Maffu\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2023-04-03] CHR Extension: (Disable Download Bar) - C:\Users\Maffu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjdldigdojpjlmphnogmcmhojfadfmem [2023-02-05] CHR Extension: (TinEye Reverse Image Search) - C:\Users\Maffu\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2023-02-20] CHR Extension: (New Tab Redirect) - C:\Users\Maffu\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna [2022-12-11] CHR Extension: (Page Ruler) - C:\Users\Maffu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcbmcnpepaddcedmjdcmhbekjhbfnlff [2022-12-14] CHR Extension: (Disable JavaScript) - C:\Users\Maffu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfpdlihdedhlmhlbgooailmfhahieoem [2022-11-06] CHR Extension: (Behind The Overlay) - C:\Users\Maffu\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljipkdpcjbmhkdjjmbbaggebcednbbme [2022-11-06] CHR Extension: (Image Rotate Context) - C:\Users\Maffu\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbfblhpconbgpgmphhlonlcbnmebdeme [2022-11-16] CHR Extension: (Foxish live RSS) - C:\Users\Maffu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhdikhnaigcdlamenbgkmllgmfnngoi [2022-11-07] CHR Extension: (Chrome Web Store Payments) - C:\Users\Maffu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-11-06] CHR Extension: (Stylebot) - C:\Users\Maffu\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiaejidbmkiecgbjeifoejpgmdaleoha [2023-01-30] CHR Extension: (WebP / Avif image converter) - C:\Users\Maffu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbcfbdlbkdfobidmdoondbgdfpjolhci [2022-11-29] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] Brave: ======= BRA Profile: C:\Users\Maffu\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2022-08-03] BRA DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}&t=brave BRA DefaultSearchKeyword: Default -> :d BRA DefaultSuggestURL: Default -> hxxps://ac.duckduckgo.com/ac/?q={searchTerms}&type=list BRA Extension: (Brave Local Data Files Updater) - C:\Users\Maffu\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2020-01-18] BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\Maffu\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2020-01-19] BRA Extension: (Brave Tor Client Updater (Windows)) - C:\Users\Maffu\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb [2020-01-18] BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\Maffu\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2020-01-18] StartMenuInternet: Brave - C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-04-03] (Adobe Inc. -> Adobe Inc.) S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [919328 2022-06-19] (Adobe Inc. -> Adobe Inc.) S4 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3863256 2022-07-27] (Adobe Inc. -> Adobe Systems, Incorporated) S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3701464 2022-07-27] (Adobe Inc. -> Adobe Systems, Incorporated) R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-03] (ASUSTeK Computer Inc. -> ) S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [8808344 2023-04-12] (Avast Software s.r.o. -> AVAST Software) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [583064 2023-04-12] (Avast Software s.r.o. -> AVAST Software) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [2079128 2023-04-12] (Avast Software s.r.o. -> AVAST Software) R2 avast! Tools; C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe [584088 2023-04-12] (Avast Software s.r.o. -> AVAST Software) R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [56912 2021-05-26] (Avast Software s.r.o. -> AVAST Software) S4 AvtCachedService; C:\WINDOWS\system32\AvtCachedService.exe [160768 2020-09-18] () [File not signed] S4 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157320 2020-01-18] (Brave Software, Inc. -> BraveSoftware Inc.) S4 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157320 2020-01-18] (Brave Software, Inc. -> BraveSoftware Inc.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12512768 2023-04-14] (Microsoft Corporation -> Microsoft Corporation) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-11] (Dropbox, Inc -> Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-11] (Dropbox, Inc -> Dropbox, Inc.) R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46824 2023-05-02] (Dropbox, Inc -> Dropbox, Inc.) S3 EABackgroundService; C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe [11069032 2023-04-24] (Electronic Arts, Inc. -> Electronic Arts) S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [811496 2022-11-20] (EasyAntiCheat Oy -> Epic Games, Inc) S4 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934352 2022-07-11] (Epic Games Inc. -> Epic Games, Inc.) R2 Everything; C:\Program Files\Everything\Everything.exe [2241312 2019-01-26] (voidtools -> ) S4 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [343808 2022-05-12] (FUTUREMARK INC -> Futuremark) S4 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [152576 2022-08-27] (SurfRight B.V. -> SurfRight B.V.) S4 LogiFacecamService; C:\Program Files\Logitech\LogiCapture\bin\Service\LogiFacecamService.exe [497568 2021-04-08] (Logitech Inc -> Logitech) R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [10877288 2022-07-05] (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd) S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9098608 2023-05-02] (Malwarebytes Inc. -> Malwarebytes) R2 NIHostIntegrationAgent; C:\Program Files\Common Files\Native Instruments\Hardware\NIHostIntegrationAgent.exe [24607464 2022-08-05] (Native Instruments GmbH -> Native Instruments GmbH) S3 OfficeSvcManagerAddons; C:\WINDOWS\system32\dllhost.exe /Processid:{2CA2E202-932F-4BA2-8771-195BB86398F5} [21312 2020-11-06] (Microsoft Windows -> Microsoft Corporation) S4 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [573016 2022-04-04] (Plex, Inc. -> Plex, Inc.) R2 PrivateInternetAccessService; C:\Program Files\Private Internet Access\pia-service.exe [1254368 2022-04-04] (Private Internet Access, Inc. -> ) S3 PrivateInternetAccessWireguard; C:\Program Files\Private Internet Access\pia-wgservice.exe [4452184 2022-04-04] (Private Internet Access, Inc. -> ) S4 PSI_SVC_2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (Arvato Digital Services Canada Inc -> arvato digital services llc) S4 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (Arvato Digital Services Canada Inc -> arvato digital services llc) S4 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [2458576 2022-07-17] (Rockstar Games, Inc. -> Rockstar Games) R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [253912 2019-08-06] (Synology Inc. -> ) S4 wampapache64; d:\wamp64\bin\apache\apache2.4.27\bin\httpd.exe [29184 2017-07-07] (Apache Software Foundation) [File not signed] S4 wampmariadb64; d:\wamp64\bin\mariadb\mariadb10.2.8\bin\mysqld.exe [14545920 2017-08-17] () [File not signed] S4 wampmysqld64; d:\wamp64\bin\mysql\mysql5.7.19\bin\mysqld.exe [39496704 2017-06-22] () [File not signed] S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation) S4 WirelessBackupService; C:\Program Files (x86)\Wondershare\Wondershare Dr.Fone\Addins\Backup\WirelessBackupService.exe [3099096 2022-04-15] (Wondershare Technology Group Co.,Ltd -> ) S4 Wondershare InstallAssist; C:\ProgramData\Wondershare\Service\InstallAssistService.exe [262880 2022-03-17] (Wondershare Technology Co.,Ltd -> Wondershare) S4 DFWSIDService; C:\Program Files (x86)\Wondershare\Wondershare Dr.Fone\WsidService.exe [X] S4 ElevationService; C:\Program Files (x86)\Wondershare\Wondershare Dr.Fone\Addins\Backup\ElevationService.exe [X] S4 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X] S4 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X] R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvmdsig.inf_amd64_4f59e6a85c826a86\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvmdsig.inf_amd64_4f59e6a85c826a86\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem S4 WsDrvInst; C:\Program Files (x86)\Wondershare\Wondershare Dr.Fone\Addins\Repair\DriverInstall.exe [X] ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.) S4 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-03] (ASUSTeK Computer Inc. -> ) R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [235424 2023-04-12] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software) R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [391808 2023-04-12] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software) R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [297840 2023-04-12] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software) R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [95960 2023-04-12] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software) R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [25576 2022-10-13] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software) R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [39608 2023-04-12] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software) R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [269464 2023-04-25] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software) R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [557096 2023-04-12] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software) R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [105208 2023-04-12] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software) R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [80376 2023-04-12] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software) R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [942952 2023-04-12] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software) R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [702784 2023-04-12] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software) S2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [212640 2023-04-12] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software) R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [319568 2023-04-12] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software) R3 bomebus; C:\WINDOWS\System32\drivers\bomebus.sys [56376 2018-05-16] (Bome Software GmbH & Co.KG -> Bome Software GmbH & Co. KG) R3 busenum; C:\WINDOWS\System32\drivers\busenum.sys [57824 2012-08-03] (Synology Inc. -> Windows (R) Win 7 DDK provider) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2022-08-09] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 ka6avs; C:\WINDOWS\System32\Drivers\ka6avs.sys [358480 2012-02-22] (NATIVE INSTRUMENTS GmbH -> Native Instruments GmbH) R3 ka6usb_svc; C:\WINDOWS\System32\Drivers\ka6usb.sys [82000 2012-02-22] (NATIVE INSTRUMENTS GmbH -> Native Instruments GmbH) S3 LGSHidFilt; C:\WINDOWS\system32\DRIVERS\LGSHidFilt.Sys [64280 2018-10-05] (Logitech -> Logitech Inc.) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-08-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) S3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [192960 2022-08-09] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) S3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [74704 2022-08-09] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2022-08-09] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) S3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [181992 2022-08-17] (Malwarebytes Inc. -> Malwarebytes) R2 mi2c; C:\WINDOWS\system32\drivers\mi2c.sys [20784 2023-02-02] (AOC International (Europe) GmbH -> Nicomsoft Ltd.) S3 nika6audio; C:\WINDOWS\System32\Drivers\nika6audio.sys [375720 2015-09-09] (NATIVE INSTRUMENTS GmbH -> Native Instruments GmbH) S4 NIWinCDEmu; C:\WINDOWS\System32\drivers\NIWinCDEmu.sys [111696 2019-02-18] (NATIVE INSTRUMENTS GmbH -> ) U5 PROCMON24; C:\Windows\System32\Drivers\PROCMON24.sys [80256 2023-05-01] (Microsoft Windows Hardware Compatibility Publisher -> Sysinternals - www.sysinternals.com) S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [36824 2020-07-13] (MICRO-STAR INTERNATIONAL CO., LTD. -> ) S3 SnapCameraVirtualDevice; C:\WINDOWS\System32\drivers\SnapCameraVirtualDevice.sys [2800232 2022-04-12] (Snap Inc. -> Windows (R) Win 7 DDK provider) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [50720 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) R3 tap-pia-0901; C:\WINDOWS\System32\drivers\tap-pia-0901.sys [39944 2020-01-27] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project) R3 teVirtualMIDI64; C:\WINDOWS\System32\drivers\teVirtualMIDI64.sys [53120 2019-12-07] (Tobias Erichsen -> Tobias Erichsen) S4 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2021-03-18] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.) R3 vmulti; C:\WINDOWS\System32\drivers\vmulti.sys [19600 2022-09-18] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation) S3 wintun; C:\WINDOWS\system32\DRIVERS\wintun.sys [38176 2022-04-09] (WireGuard LLC -> WireGuard LLC) S3 XSpltVid; C:\WINDOWS\system32\DRIVERS\XSpltVid.sys [122376 2021-08-24] (Microsoft Windows Hardware Compatibility Publisher -> SplitmediaLabs Limited) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2023-05-08 14:59 - 2023-05-08 14:59 - 000034811 _____ C:\Users\Maffu\Desktop\FRST.txt 2023-05-08 14:58 - 2023-05-08 14:59 - 002382848 _____ (Farbar) C:\Users\Maffu\Desktop\FRST64.exe 2023-05-07 22:06 - 2023-05-07 22:06 - 000002036 _____ C:\Users\Public\Desktop\Avast Premium Security.lnk 2023-05-07 22:06 - 2023-04-12 13:18 - 000313240 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2023-05-07 12:00 - 2023-05-08 14:59 - 000000000 ____D C:\FRST 2023-05-07 10:29 - 2023-05-07 10:29 - 000000000 ____D C:\Users\Maffu\.vscode-cli 2023-05-07 08:21 - 2023-05-07 08:21 - 000000211 _____ C:\Users\Maffu\Desktop\Marvel's Guardians of the Galaxy.url 2023-05-04 07:55 - 2023-05-07 22:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2023-05-04 07:54 - 2023-05-04 07:54 - 000000000 ____D C:\Users\Maffu\AppData\Local\DropboxUpdate 2023-05-02 14:59 - 2023-05-02 14:59 - 000046824 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe 2023-05-01 20:26 - 2023-05-07 08:35 - 000000000 ____D C:\cs50_Python 2023-05-01 19:56 - 2023-05-01 19:56 - 000000000 ____D C:\Users\Maffu\AppData\Local\pip 2023-05-01 19:26 - 2023-05-07 22:05 - 000000000 ____D C:\Users\Maffu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visual Studio Code 2023-05-01 19:26 - 2023-05-07 21:50 - 000000000 ____D C:\Users\Maffu\AppData\Roaming\Code 2023-05-01 19:26 - 2023-05-01 19:26 - 000000000 ____D C:\Users\Maffu\.vscode 2023-05-01 12:59 - 2023-05-01 12:59 - 000001269 _____ C:\Users\Maffu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Procmon64.lnk 2023-05-01 12:58 - 2023-05-07 22:05 - 000000000 ____D C:\Program Files\ProcessMonitor 2023-04-25 21:06 - 2023-04-25 21:06 - 000000000 ____D C:\Users\Maffu\AppData\Local\Tiny Tina's Wonderlands 2023-04-21 18:21 - 2023-04-21 18:21 - 000001266 _____ C:\Users\Maffu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Figma.lnk 2023-04-18 18:19 - 2023-04-18 18:19 - 000000000 ____D C:\Users\Maffu\AppData\LocalLow\Shedworks 2023-04-15 10:47 - 2023-04-15 10:47 - 000000000 ___HD C:\$WinREAgent ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2023-05-08 14:57 - 2020-09-27 07:50 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2023-05-08 14:07 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2023-05-08 13:48 - 2022-10-19 20:30 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task 2023-05-08 13:48 - 2022-03-02 10:54 - 000003062 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2763654447-502089044-3427749853-1001 2023-05-08 13:48 - 2022-03-02 10:54 - 000002858 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2763654447-502089044-3427749853-1001 2023-05-08 13:48 - 2021-07-15 20:53 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software 2023-05-08 10:57 - 2019-02-03 21:03 - 000000000 ____D C:\Users\Maffu\AppData\Roaming\Microsoft\Word 2023-05-08 10:51 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\registration 2023-05-08 10:50 - 2022-06-19 22:35 - 243250176 _____ C:\Users\Maffu\AppData\Local\SageThumbs.db3 2023-05-08 10:42 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2023-05-08 10:36 - 2022-05-25 20:14 - 000000000 ____D C:\Users\Maffu\AppData\Roaming\DropboxElectron 2023-05-08 10:36 - 2019-01-29 23:20 - 000000000 ____D C:\Users\Maffu\AppData\Local\Dropbox 2023-05-07 22:54 - 2019-01-29 20:02 - 000000000 ____D C:\ProgramData\NVIDIA 2023-05-07 22:53 - 2020-11-07 12:25 - 000000000 ____D C:\ProgramData\everythingDB 2023-05-07 22:53 - 2019-01-29 21:30 - 000000000 ____D C:\Users\Maffu\AppData\Roaming\Everything 2023-05-07 22:39 - 2021-02-03 11:15 - 000000000 ____D C:\Users\Maffu\AppData\Roaming\Signal 2023-05-07 22:10 - 2021-07-15 20:58 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2023-05-07 22:10 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF 2023-05-07 22:07 - 2019-01-29 20:03 - 000000000 ____D C:\ProgramData\AVAST Software 2023-05-07 22:06 - 2022-03-04 12:22 - 000002048 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Premium Security.lnk 2023-05-07 22:06 - 2021-07-15 20:53 - 000003990 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update 2023-05-07 22:06 - 2021-07-15 19:17 - 000000000 ____D C:\Users\Maffu 2023-05-07 22:06 - 2020-09-27 08:51 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2023-05-07 22:06 - 2020-09-27 07:50 - 000008192 ___SH C:\DumpStack.log.tmp 2023-05-07 22:06 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2023-05-07 22:06 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState 2023-05-07 22:06 - 2019-01-29 23:20 - 000000922 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job 2023-05-07 22:06 - 2019-01-29 23:20 - 000000918 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job 2023-05-07 22:05 - 2023-02-17 11:55 - 000000000 ____D C:\ProgramData\EA Desktop 2023-05-07 22:05 - 2023-01-30 09:59 - 000000000 ____D C:\Users\Maffu\Desktop\DT 2023-05-07 22:05 - 2023-01-05 00:50 - 000000000 ____D C:\Program Files\Calibre2 2023-05-07 22:05 - 2022-11-11 10:52 - 000000000 ____D C:\Program Files\Microsoft Network Monitor 3 2023-05-07 22:05 - 2022-11-06 17:43 - 000000000 ____D C:\Program Files\Mozilla Firefox 2023-05-07 22:05 - 2022-09-18 19:27 - 000000000 ____D C:\Users\Maffu\AppData\Roaming\GaomonTablet 2023-05-07 22:05 - 2022-07-15 23:00 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner 2023-05-07 22:05 - 2022-07-01 14:18 - 000000000 ____D C:\Program Files (x86)\Search Deflector 2023-05-07 22:05 - 2022-05-12 19:41 - 000000000 ____D C:\Program Files\PCHealthCheck 2023-05-07 22:05 - 2021-10-19 16:39 - 000000000 ____D C:\Program Files (x86)\AMP Font Viewer 2023-05-07 22:05 - 2021-09-13 08:05 - 000000000 ____D C:\Program Files\Default Programs Editor 2023-05-07 22:05 - 2020-09-16 19:20 - 000000000 ____D C:\Program Files (x86)\Audacity 2023-05-07 22:05 - 2020-08-26 17:38 - 000000000 ____D C:\Users\Maffu\AppData\Local\WhatsApp 2023-05-07 22:05 - 2020-04-01 14:53 - 000000000 ____D C:\Users\Maffu\AppData\Roaming\ICAClient 2023-05-07 22:05 - 2020-01-11 15:46 - 000000000 ____D C:\Program Files (x86)\SoundWire Server 2023-05-07 22:05 - 2019-12-29 18:05 - 000000000 ____D C:\Program Files (x86)\Pianissimo 2023-05-07 22:05 - 2019-11-09 23:23 - 000000000 ____D C:\Users\Maffu\AppData\Local\GitHubDesktop 2023-05-07 22:05 - 2019-11-09 13:39 - 000000000 ____D C:\Program Files\Kodi 2023-05-07 22:05 - 2019-11-03 15:22 - 000000000 ____D C:\Users\Maffu\AppData\Roaming\uTorrent 2023-05-07 22:05 - 2019-02-24 18:25 - 000000000 ____D C:\Program Files (x86)\ASIO4ALL v2 2023-05-07 22:05 - 2019-02-04 17:59 - 000000000 ____D C:\Program Files\FileZilla FTP Client 2023-05-07 22:05 - 2019-01-30 00:12 - 000000000 ____D C:\Program Files (x86)\Steam 2023-05-07 22:05 - 2019-01-29 23:23 - 000000000 ____D C:\Program Files (x86)\KeePass Password Safe 2 2023-05-07 22:05 - 2019-01-29 23:22 - 000000000 ___RD C:\Users\Maffu\Dropbox 2023-05-07 22:05 - 2019-01-29 21:30 - 000000000 ____D C:\Program Files\Everything 2023-05-07 22:02 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps 2023-05-07 21:50 - 2022-03-18 09:07 - 000000000 ____D C:\Users\Maffu\AppData\Roaming\Microsoft\Teams 2023-05-07 21:50 - 2020-04-01 14:53 - 000000000 ____D C:\Users\Maffu\AppData\Local\Citrix 2023-05-07 21:50 - 2019-02-01 20:48 - 000000000 ____D C:\Users\Maffu\AppData\Local\Plex Media Server 2023-05-07 21:47 - 2019-01-29 20:31 - 000000000 ____D C:\Users\Maffu\AppData\LocalLow\Mozilla 2023-05-07 13:14 - 2020-06-27 14:58 - 000000000 ____D C:\Users\Maffu\AppData\Local\D3DSCache 2023-05-06 15:36 - 2019-06-13 17:28 - 000000000 ____D C:\Users\Maffu\AppData\Roaming\calibre 2023-05-06 15:35 - 2019-06-13 17:31 - 000000000 ____D C:\Users\Maffu\AppData\Local\calibre-cache 2023-05-05 19:51 - 2023-02-17 11:55 - 000000000 ____D C:\Users\Maffu\AppData\Local\Origin 2023-05-04 16:33 - 2019-04-02 17:05 - 000000000 ____D C:\Users\Maffu\AppData\Roaming\Microsoft\Excel 2023-05-04 16:25 - 2021-05-27 17:30 - 000000000 ____D C:\Users\Maffu\AppData\Local\Avast Software 2023-05-04 15:47 - 2019-01-29 19:57 - 000000000 ____D C:\Users\Maffu\AppData\Local\Packages 2023-05-04 13:09 - 2022-03-02 10:54 - 000002379 _____ C:\Users\Maffu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2023-05-04 07:55 - 2019-01-29 23:20 - 000000000 ____D C:\Program Files (x86)\Dropbox 2023-05-03 22:47 - 2021-07-15 20:53 - 000003984 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA 2023-05-03 22:47 - 2021-07-15 20:53 - 000003752 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore 2023-05-01 19:32 - 2019-02-04 18:48 - 000000000 ____D C:\Users\Maffu\AppData\Roaming\npm-cache 2023-04-29 14:54 - 2019-05-26 16:23 - 000000000 ____D C:\ProgramData\Origin 2023-04-28 12:59 - 2020-04-01 16:01 - 000000000 ____D C:\Users\Maffu\AppData\Roaming\Zoom 2023-04-26 15:41 - 2019-11-17 13:45 - 000000000 ____D C:\Users\Maffu\AppData\Roaming\Microsoft\QuickStyles 2023-04-26 12:01 - 2020-01-23 21:30 - 000000000 ____D C:\Users\Maffu\AppData\Roaming\Microsoft\PowerPoint 2023-04-25 19:50 - 2019-11-16 21:55 - 000000000 ____D C:\Users\Maffu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2023-04-25 11:54 - 2020-10-13 20:48 - 000269464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2023-04-24 14:59 - 2019-06-28 18:59 - 000000000 ____D C:\Users\Maffu\AppData\Local\Amazon Music 2023-04-24 14:32 - 2019-01-29 23:35 - 000000000 ____D C:\Users\Maffu\AppData\Roaming\KeePass 2023-04-21 18:22 - 2022-09-16 15:27 - 000000000 ____D C:\Users\Maffu\AppData\Roaming\Figma 2023-04-21 18:21 - 2022-09-16 15:27 - 000000000 ____D C:\Users\Maffu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Figma, Inc 2023-04-21 18:21 - 2022-09-16 15:26 - 000000000 ____D C:\Users\Maffu\AppData\Local\Figma 2023-04-21 17:03 - 2019-01-29 20:22 - 000000000 ____D C:\ProgramData\Package Cache 2023-04-21 17:02 - 2022-06-08 09:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith 2023-04-20 21:31 - 2019-02-04 17:56 - 000000000 ____D C:\Users\Maffu\AppData\Local\CrashDumps 2023-04-20 20:58 - 2021-11-20 21:24 - 000000000 ____D C:\Users\Maffu\AppData\LocalLow\E-Line Media 2023-04-20 18:26 - 2022-07-16 18:30 - 000000000 ____D C:\Program Files\Cyberpunk2077 2023-04-20 07:53 - 2023-01-10 22:57 - 000000000 ____D C:\Users\Maffu\AppData\Local\Leosoft 2023-04-20 07:53 - 2022-04-12 09:13 - 000000000 ____D C:\Program Files (x86)\Eye Saver 2023-04-16 20:57 - 2020-09-16 19:20 - 000000000 ____D C:\Users\Maffu\AppData\Roaming\audacity 2023-04-16 20:08 - 2020-09-14 20:42 - 000000000 ____D C:\Users\Maffu\AppData\Roaming\com.spitfireaudio 2023-04-16 20:08 - 2019-01-30 18:22 - 000000000 ____D C:\Users\Maffu\AppData\Local\Native Instruments 2023-04-16 20:07 - 2019-03-06 22:26 - 000000000 ____D C:\ProgramData\boost_interprocess 2023-04-16 12:35 - 2022-10-27 15:04 - 000002044 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller.lnk 2023-04-16 12:35 - 2022-10-19 20:30 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk 2023-04-15 10:51 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2023-04-14 18:06 - 2021-12-22 12:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools 2023-04-14 18:06 - 2019-02-03 21:02 - 000000000 ____D C:\Program Files\Microsoft Office 2023-04-12 13:18 - 2020-04-14 16:30 - 000557096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys 2023-04-12 13:18 - 2019-01-29 20:49 - 000942952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2023-04-12 13:18 - 2019-01-29 20:49 - 000702784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2023-04-12 13:18 - 2019-01-29 20:49 - 000391808 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys 2023-04-12 13:18 - 2019-01-29 20:49 - 000319568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys 2023-04-12 13:18 - 2019-01-29 20:49 - 000297840 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys 2023-04-12 13:18 - 2019-01-29 20:49 - 000235424 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys 2023-04-12 13:18 - 2019-01-29 20:49 - 000105208 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2023-04-12 13:18 - 2019-01-29 20:49 - 000095960 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys 2023-04-12 13:18 - 2019-01-29 20:49 - 000080376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys 2023-04-12 13:18 - 2019-01-29 20:49 - 000039608 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys ==================== Files in the root of some directories ======== 2022-01-13 10:11 - 2022-06-09 09:03 - 000000096 _____ () C:\Users\Maffu\AppData\Roaming\Camdata.ini 2022-01-13 10:11 - 2022-06-09 09:03 - 000000408 _____ () C:\Users\Maffu\AppData\Roaming\CamLayout.ini 2022-01-13 10:11 - 2022-06-09 09:03 - 000000408 _____ () C:\Users\Maffu\AppData\Roaming\CamShapes.ini 2022-01-13 10:11 - 2022-06-09 09:03 - 000004520 _____ () C:\Users\Maffu\AppData\Roaming\CamStudio.cfg 2020-02-02 14:59 - 2020-02-02 14:59 - 000000128 _____ () C:\Users\Maffu\AppData\Roaming\PUTTY.RND 2019-12-24 18:10 - 2022-06-01 11:47 - 000001456 _____ () C:\Users\Maffu\AppData\Local\Adobe Save for Web 13.0 Prefs 2019-02-13 22:00 - 2019-02-13 22:00 - 000000410 _____ () C:\Users\Maffu\AppData\Local\oobelibMkey.log 2020-01-26 14:57 - 2022-05-10 08:20 - 000000128 _____ () C:\Users\Maffu\AppData\Local\PUTTY.RND 2022-06-19 22:35 - 2023-05-08 10:50 - 243250176 _____ () C:\Users\Maffu\AppData\Local\SageThumbs.db3 2022-05-08 17:19 - 2023-04-16 20:08 - 000073179 _____ () C:\Users\Maffu\AppData\Local\wle.log ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ========================