Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-06-2021
Ran by El phenomeno (administrator) on LENOVO (LENOVO 20C600HDZA) (10-06-2021 06:39:24)
Running from C:\Users\user\Desktop
Loaded Profiles: El phenomeno
Platform: Windows 10 Home Version 20H2 19042.928 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\Remote Mouse\RemoteMouseService.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserCrashHandler.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserCrashHandler64.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(Conexant Systems, Inc. -> Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Corel Corporation -> WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Disc Soft Ltd -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe <3>
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\123.4.4832\QtWebEngineProcess.exe <3>
(Fortemedia Inc -> ) C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Google LLC -> ) C:\Program Files\Google\Drive File Stream\48.0.13.0\crashpad_handler.exe <2>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <9>
(Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\48.0.13.0\GoogleDriveFS.exe <7>
(Huawei Technologies Co.,Ltd. -> ) C:\ProgramData\MobileBrServ\mbbService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(LAVASOFT SOFTWARE CANADA INC -> ) C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
(L'Aventure Multimedia) [File not signed] C:\Program Files (x86)\Micro Application\38 Dictionnaires et Recueils de Correspondance\MediaDico38.exe
(L'Aventure Multimedia) [File not signed] C:\Program Files (x86)\Micro Application\38 Dictionnaires et Recueils de Correspondance\RAC38.exe
(Lenovo -> Lenovo) C:\Windows\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe
(LENOVO -> Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(LENOVO -> Lenovo.) C:\Windows\System32\LPlatSvc.exe <2>
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.Service.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.ServiceHelper.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files\McAfee\TrueKey\McTkSchedulerService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\user\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.925_none_e76d4f6f260a683e\TiWorker.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(remotemouse.net) [File not signed] C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
(RemoteMouse.net) [File not signed] C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Tonec Inc. -> Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Tonec Inc.) [File not signed] C:\Program Files (x86)\Internet Download Manager\IDMan.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] (Fortemedia Inc -> )
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [935104 2014-11-25] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [1878016 2017-04-21] (WinZip) [File not signed]
HKLM\...\Run: [WinZip PreLoader] => C:\Program Files\WinZip\WzPreloader.exe [124360 2017-04-21] (Corel Corporation -> WinZip Computing, S.L.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [122592 2021-06-10] (Avast Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [8172320 2021-05-22] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc. -> Apple Inc.)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\48.0.13.0\GoogleDriveFS.exe [58172896 2021-05-24] (Google LLC -> Google, Inc.)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\48.0.13.0\GoogleDriveFS.exe [58172896 2021-05-24] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-4079815856-2642852288-1539777573-1001\...\Run: [DAEMON Tools Ultra Agent] => C:\Program Files\DAEMON Tools Ultra\DTAgent.exe [4343488 2016-06-24] (Disc Soft Ltd -> Disc Soft Ltd)
HKU\S-1-5-21-4079815856-2642852288-1539777573-1001\...\Run: [MediaDICO38] => C:\Program Files (x86)\Micro Application\38 Dictionnaires et Recueils de Correspondance\LMD38.exe [252416 2007-05-24] (L'Aventure Multimedia) [File not signed]
HKU\S-1-5-21-4079815856-2642852288-1539777573-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4096056 2018-03-01] (Tonec Inc.) [File not signed]
HKU\S-1-5-21-4079815856-2642852288-1539777573-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [8520168 2021-03-16] (LAVASOFT SOFTWARE CANADA INC -> Lavasoft)
HKU\S-1-5-21-4079815856-2642852288-1539777573-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [34612864 2021-06-07] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-4079815856-2642852288-1539777573-1001\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\48.0.13.0\GoogleDriveFS.exe [58172896 2021-05-24] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-4079815856-2642852288-1539777573-1001\...\MountPoints2: {7a78e305-ad27-11eb-a3fa-38b1db7fba0e} - "G:\OnePlus_setup.exe" /s
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\48.0.13.0\GoogleDriveFS.exe [58172896 2021-05-24] (Google LLC -> Google, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\91.0.4472.101\Installer\chrmstp.exe [2021-06-09] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\91.0.9927.78\Installer\chrmstp.exe [2021-06-10] (Avast Software s.r.o. -> AVAST Software)
HKLM\Software\...\Authentication\Credential Providers: [{B7724AE5-1135-4889-8A5F-CA98BE6CA1ED}] -> C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.CredentialProvider.dll [2019-03-09] (McAfee, Inc. -> McAfee, LLC.)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter" "C:\Program Files\McAfee\TrueKey\McAfeeTrueKeyPasswordFilter"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\InstallFilter.exe.lnk [2017-03-03] <==== ATTENTION
ShortcutTarget: InstallFilter.exe.lnk -> C:\Windows\VID_054c&PID_0268\InstallFilter.exe () [File not signed] <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08334933-1BF4-4389-8A8C-29699EDAF7C8} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22939528 2020-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {16EF9690-9CF9-44C2-A1BA-239A8F649FED} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [3982744 2020-12-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {3C30FE0C-EE41-439A-B3C8-C05BF33B1821} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {41087D3E-D865-4350-8424-FC58DB64F3C9} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {4B5C563C-59A6-4AD1-A0DD-9E3FFFFC7D0B} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-10-25] (Dropbox, Inc -> Dropbox, Inc.)
Task: {570B1A2E-2911-43CD-A953-48117EB62874} - System32\Tasks\WinZip Update Notifier => C:\Program Files\WinZip\WZUpdateNotifier.exe [1878016 2017-04-21] (WinZip) [File not signed]
Task: {5EAF30EE-EAB2-4532-912C-27DFC1506B15} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4639280 2018-12-02] (McAfee, Inc. -> McAfee, Inc.)
Task: {6097787B-CAD6-4FDA-B30E-608119915776} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [4362840 2016-09-23] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {80B3E9E7-C0DF-49A5-A895-172C947F7005} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-06-10] (Avast Software s.r.o. -> AVAST Software)
Task: {88AF23A4-3EBB-46C1-BE0C-D7C689A0EB9F} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-10-25] (Dropbox, Inc -> Dropbox, Inc.)
Task: {8CBD8027-7604-4063-ABC7-D74BE0D4C148} - System32\Tasks\Lenovo\Power Manager\Uninstall task => C:\WINDOWS\SysWOW64\PowerMgrInst.exe [62152 2020-12-20] (Lenovo -> )
Task: {8DA7BB3F-F31D-4F52-A4FC-C5B598A89CB3} - System32\Tasks\Lenovo\Power Manager\Background monitor => C:\WINDOWS\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe [112840 2020-12-20] (Lenovo -> Lenovo)
Task: {9C1C80DF-C74C-4FC4-9CBC-A4B63411E65E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [28985472 2021-06-07] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {AC29B2A7-57E1-42DC-BC33-FFD9FE38EEA9} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2277640 2021-05-31] (Avast Software s.r.o. -> AVAST Software)
Task: {B2FC995B-AA75-43AE-B91C-0ADB1FBBE37D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-03-22] (Google Inc -> Google Inc.)
Task: {B5337A26-52DA-4403-B80D-B470775FD400} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1790184 2021-06-09] (Avast Software s.r.o. -> Avast Software)
Task: {B6E68B03-ED67-4E00-AC34-CFC1CBA8EA59} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [3982744 2020-12-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {BD39D9C9-5CDB-417E-83C2-AFC18C35EAB3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [563000 2015-08-27] (Apple Inc. -> Apple Inc.)
Task: {C07CCECD-E038-418F-8487-8AD503768C3D} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [117600 2020-12-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {C0B1F47F-D1C9-4BF5-A94C-0940FCA61A84} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-06-10] (Avast Software s.r.o. -> AVAST Software)
Task: {C3AA716D-963E-4FFB-83ED-304E11F1C14E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22939528 2020-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {D7125F87-ECC2-4075-A3B7-D8A0492440D3} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-06-07] (Piriform Software Ltd -> Piriform)
Task: {DB0EA0D6-5C8A-4592-A543-3A1B424CAFAB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-03-22] (Google Inc -> Google Inc.)
Task: {DC1E661E-084B-4D5A-94A4-8F2E3791ABF0} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [117600 2020-12-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {E0358E62-072B-4271-80EB-AD4B43B5EA68} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2277640 2021-05-31] (Avast Software s.r.o. -> AVAST Software)
Task: {FA86CF79-3DD7-4B96-AFD3-91F92137D892} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4808928 2021-06-09] (Avast Software s.r.o. -> AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 208.77.22.203 us-east-033.whiskergalaxy.com #added by Windscribe, do not modify.
Tcpip\Parameters: [DhcpNameServer] 192.168.43.105
Tcpip\..\Interfaces\{25a27047-dbfa-4f91-829d-1ae50e30e8ac}: [DhcpNameServer] 192.168.43.105
Tcpip\..\Interfaces\{a229cc9b-f4b9-453e-af60-aa0f17bc0ad1}: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Profile: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default [2021-06-09]

FireFox:
========
FF DefaultProfile: 453chwzm.default-1490340932945
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\453chwzm.default-1490340932945 [2021-06-10]
FF Homepage: Mozilla\Firefox\Profiles\453chwzm.default-1490340932945 -> hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10440__180527
FF NewTab: Mozilla\Firefox\Profiles\453chwzm.default-1490340932945 -> hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10440__180527
FF Extension: (Avast Online Security) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\453chwzm.default-1490340932945\Extensions\wrc@avast.com.xpi [2019-05-06]
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [not found]
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [not found]
FF Extension: (No Name) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [not found]
FF ProfilePath: C:\Users\user\AppData\Roaming\Linterweb\Okawix\Profiles\kj33gww7.default [2017-10-29]
FF HKU\S-1-5-21-4079815856-2642852288-1539777573-1001\...\Firefox\Extensions: [mozilla_cc3@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi
FF Extension: (IDM Integration Module) - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi [2018-02-28] [UpdateUrl:hxxps://data.internetdownloadmanager.com/idmmzcc3/update.json]
FF HKU\S-1-5-21-4079815856-2642852288-1539777573-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-12-20] [Legacy]
FF HKU\S-1-5-21-4079815856-2642852288-1539777573-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\user\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\user\AppData\Roaming\IDM\idmmzcc5 [2019-04-09] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-19] (Adobe Systems Incorporated -> )
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-19] (Adobe Systems Incorporated -> )
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2020-12-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-12-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=3 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [2021-06-10] (Avast Software s.r.o. -> AVAST Software)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=9 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [2021-06-10] (Avast Software s.r.o. -> AVAST Software)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-05-28] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2021-06-10]
CHR Notifications: Default -> hxxps://get.cryptobrowser.site; hxxps://mail.google.com
CHR NewTab: Default -> Not-active:"chrome-extension://jlmilpphhoonfclkcaakafcmkgfalkhl/newtab.html"
CHR Extension: (Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-15]
CHR Extension: (Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-15]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-17]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-22]
CHR Extension: (Adobe Acrobat) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-04-03]
CHR Extension: (Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-15]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-04-30]
CHR Extension: (CryptoTab START) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlmilpphhoonfclkcaakafcmkgfalkhl [2020-11-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-23]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-17]
CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-06-09]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2018-03-01]
CHR HKU\S-1-5-21-4079815856-2642852288-1539777573-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2018-03-01]

Opera:
=======
OPR Profile: C:\Users\user\AppData\Roaming\Opera Software\Opera Stable [2021-06-10]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2021-03-16]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
S3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [8151120 2021-06-10] (Avast Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-06-10] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [622816 2021-06-09] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [370400 2021-06-09] (Avast Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-06-10] (Avast Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\91.0.9927.78\elevation_service.exe [1421288 2021-05-31] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2021-06-09] (Avast Software s.r.o. -> AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9057136 2020-11-04] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-10-25] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-10-25] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44328 2021-05-22] (Dropbox, Inc -> Dropbox, Inc.)
R3 Disc Soft Ultra Bus Service; C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe [1449664 2016-06-24] (Disc Soft Ltd -> Disc Soft Ltd)
R2 LPlatSvc; C:\WINDOWS\system32\LPlatSvc.exe [710144 2016-11-07] (LENOVO -> Lenovo.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7391408 2021-06-09] (Malwarebytes Inc -> Malwarebytes)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [242264 2015-09-23] (Huawei Technologies Co.,Ltd. -> )
R2 RemoteMouseService; C:\Program Files (x86)\Remote Mouse\RemoteMouseService.exe [11264 2019-02-25] () [File not signed]
R2 TrueKey; C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.Service.exe [421432 2019-03-09] (McAfee, Inc. -> McAfee, LLC.)
R2 TrueKeyScheduler; C:\Program Files\McAfee\TrueKey\McTkSchedulerService.exe [421432 2019-03-09] (McAfee, Inc. -> McAfee, LLC.)
R2 TrueKeyServiceHelper; C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.ServiceHelper.exe [194168 2019-03-09] (McAfee, Inc. -> McAfee, LLC.)
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [28136 2021-03-16] (LAVASOFT SOFTWARE CANADA INC -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.10-0\NisSrv.exe [2599312 2021-05-11] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.10-0\MsMpEng.exe [128376 2021-05-11] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [35664 2021-06-09] (Avast Software s.r.o. -> AVAST Software)
S3 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [216360 2021-06-09] (Avast Software s.r.o. -> AVAST Software)
S3 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [365536 2021-06-09] (Avast Software s.r.o. -> AVAST Software)
S3 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [250336 2021-06-09] (Avast Software s.r.o. -> AVAST Software)
S3 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [99296 2021-06-09] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [17328 2021-06-09] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
S3 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [41296 2021-06-09] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [180944 2021-06-09] (Avast Software s.r.o. -> AVAST Software)
S3 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [522864 2021-06-10] (Avast Software s.r.o. -> AVAST Software)
S3 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [107792 2021-06-09] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [82856 2021-06-09] (Avast Software s.r.o. -> AVAST Software)
S3 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [851144 2021-06-09] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [471352 2021-06-09] (Avast Software s.r.o. -> AVAST Software)
S3 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [215336 2021-06-09] (Avast Software s.r.o. -> AVAST Software)
S3 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [326976 2021-06-09] (Avast Software s.r.o. -> AVAST Software)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [199128 2021-06-09] (Malwarebytes Inc -> Malwarebytes)
S3 GF0268; C:\WINDOWS\System32\drivers\GF0268.sys [16368 2010-06-22] (Shenzhen My-power Technology Co.,Ltd -> Windows (R) Server 2003 DDK provider)
R1 googledrivefs3301; C:\WINDOWS\System32\DRIVERS\googledrivefs3301.sys [132456 2020-11-24] (Google LLC -> Google, Inc.)
R1 googledrivefs3460; C:\WINDOWS\System32\DRIVERS\googledrivefs3460.sys [389600 2021-05-24] (Google LLC -> Google, Inc.)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220752 2021-06-09] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-06-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198888 2021-06-10] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2021-06-10] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-06-09] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\SysWOW64\Drivers\mbamswissarmy.sys [38224 2010-01-07] (Malwarebytes Corporation -> Malwarebytes Corporation)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [156880 2021-06-10] (Malwarebytes Inc -> Malwarebytes)
S3 MpKsl1cc60715; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9A0286DA-0CA3-49F8-8060-35677B296CDB}\MpKslDrv.sys [107744 2021-06-08] (Microsoft Windows -> Microsoft Corporation)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
S3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [54896 2018-07-13] (Windscribe Limited -> The OpenVPN Project)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49560 2021-05-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [421112 2021-05-11] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [73960 2021-05-11] (Microsoft Windows -> Microsoft Corporation)
U3 aswbdisk; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-06-10 06:38 - 2021-06-10 06:40 - 000000000 ____D C:\FRST
2021-06-10 06:28 - 2021-06-10 06:28 - 000198888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-06-10 06:28 - 2021-06-10 06:28 - 000156880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-06-10 06:28 - 2021-06-10 06:28 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-06-10 06:22 - 2021-06-10 06:28 - 000016731 _____ C:\Users\user\Desktop\Fixlog.txt
2021-06-10 06:02 - 2021-06-10 06:02 - 000072487 _____ C:\Users\user\Desktop\Shortcut.txt
2021-06-10 05:58 - 2021-06-10 06:02 - 000057801 _____ C:\Users\user\Desktop\Addition.txt
2021-06-10 05:54 - 2021-06-10 06:40 - 000032592 _____ C:\Users\user\Desktop\FRST.txt
2021-06-10 03:37 - 2021-05-24 12:39 - 000389600 _____ (Google, Inc.) C:\WINDOWS\system32\Drivers\googledrivefs3460.sys
2021-06-10 00:28 - 2021-06-10 00:29 - 002300416 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2021-06-10 00:07 - 2021-06-10 00:07 - 000003856 _____ C:\WINDOWS\system32\Tasks\Avast Secure Browser Heartbeat Task (Hourly)
2021-06-10 00:07 - 2021-06-10 00:07 - 000003272 _____ C:\WINDOWS\system32\Tasks\Avast Secure Browser Heartbeat Task (Logon)
2021-06-10 00:07 - 2021-06-10 00:07 - 000002574 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2021-06-10 00:07 - 2021-06-10 00:07 - 000002539 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
2021-06-10 00:07 - 2021-06-10 00:07 - 000002539 _____ C:\ProgramData\Desktop\Avast Secure Browser.lnk
2021-06-10 00:05 - 2021-06-10 00:05 - 000003456 _____ C:\WINDOWS\system32\Tasks\AvastUpdateTaskMachineUA
2021-06-10 00:05 - 2021-06-10 00:05 - 000003332 _____ C:\WINDOWS\system32\Tasks\AvastUpdateTaskMachineCore
2021-06-10 00:05 - 2021-06-10 00:05 - 000000000 ____D C:\Program Files (x86)\AVAST Software
2021-06-10 00:03 - 2021-06-10 00:07 - 000000000 ____D C:\Users\user\AppData\Local\Avast Software
2021-06-10 00:02 - 2021-06-10 00:02 - 000002164 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2021-06-10 00:02 - 2021-06-10 00:02 - 000002152 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2021-06-10 00:02 - 2021-06-10 00:02 - 000002152 _____ C:\ProgramData\Desktop\Avast Free Antivirus.lnk
2021-06-10 00:02 - 2021-06-10 00:02 - 000000000 ____D C:\Users\user\AppData\Roaming\Avast Software
2021-06-09 23:59 - 2021-06-09 23:59 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2021-06-09 23:58 - 2021-06-10 06:33 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2021-06-09 23:58 - 2021-06-10 01:03 - 000522864 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys
2021-06-09 23:58 - 2021-06-09 23:58 - 000471352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2021-06-09 23:58 - 2021-06-09 23:58 - 000339680 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2021-06-09 23:58 - 2021-06-09 23:58 - 000326976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2021-06-09 23:58 - 2021-06-09 23:58 - 000250336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2021-06-09 23:58 - 2021-06-09 23:58 - 000215336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2021-06-09 23:58 - 2021-06-09 23:58 - 000180944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2021-06-09 23:58 - 2021-06-09 23:58 - 000107792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2021-06-09 23:58 - 2021-06-09 23:58 - 000099296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2021-06-09 23:58 - 2021-06-09 23:58 - 000082856 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2021-06-09 23:58 - 2021-06-09 23:58 - 000041296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2021-06-09 23:58 - 2021-06-09 23:58 - 000017328 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
2021-06-09 23:58 - 2021-06-09 23:58 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2021-06-09 23:58 - 2021-06-09 23:57 - 000851144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2021-06-09 23:58 - 2021-06-09 23:57 - 000365536 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2021-06-09 23:58 - 2021-06-09 23:57 - 000216360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2021-06-09 23:58 - 2021-06-09 23:57 - 000035664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2021-06-09 23:25 - 2021-06-09 23:42 - 000335454 _____ C:\WINDOWS\ntbtlog.txt
2021-06-09 23:25 - 2021-06-09 23:39 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2021-06-09 20:08 - 2021-06-09 20:08 - 000000000 ____D C:\Program Files\Avast Software
2021-06-09 20:07 - 2021-06-09 20:07 - 000000000 ____D C:\Users\user\AppData\Local\mbam
2021-06-09 20:06 - 2021-06-09 23:49 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-06-09 20:06 - 2021-06-09 23:39 - 000220752 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-06-09 20:06 - 2021-06-09 20:06 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-06-09 20:06 - 2021-06-09 20:06 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-06-09 20:06 - 2021-06-09 20:06 - 000002021 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-06-09 20:06 - 2021-06-09 20:05 - 000199128 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-06-09 20:06 - 2021-06-09 20:05 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-06-09 20:03 - 2021-06-09 20:04 - 000232168 _____ (AVAST Software) C:\Users\user\Downloads\avast_free_antivirus_setup_online.exe
2021-06-09 20:01 - 2021-06-09 20:01 - 002080712 _____ (Malwarebytes) C:\Users\user\Downloads\MBSetup (1).exe
2021-06-09 19:57 - 2021-06-09 19:57 - 000000000 ____D C:\Program Files\Malwarebytes
2021-06-09 19:55 - 2021-06-09 19:56 - 002080712 _____ (Malwarebytes) C:\Users\user\Downloads\MBSetup.exe
2021-06-09 19:53 - 2021-06-09 19:53 - 000002323 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-06-09 19:53 - 2021-06-09 19:53 - 000002282 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-06-09 19:53 - 2021-06-09 19:53 - 000002282 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-06-08 21:45 - 2021-06-09 20:05 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-06-08 21:45 - 2021-06-08 21:45 - 000000000 ____D C:\Users\user\AppData\Roaming\Malwarebytes
2021-06-08 21:45 - 2021-06-08 21:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2021-06-08 21:45 - 2021-06-08 21:45 - 000000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2021-06-08 21:45 - 2010-01-07 16:07 - 000038224 _____ (Malwarebytes Corporation) C:\WINDOWS\SysWOW64\Drivers\mbamswissarmy.sys
2021-06-08 21:23 - 2021-06-08 21:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2021-06-07 18:22 - 2021-06-07 18:24 - 000000000 ____D C:\WINDOWS\Minidump
2021-05-22 14:52 - 2021-05-22 14:52 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2021-05-22 14:52 - 2021-05-22 14:52 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2021-05-22 14:52 - 2021-05-22 14:52 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2021-05-22 14:52 - 2021-05-22 14:52 - 000044328 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2021-05-12 09:01 - 2020-12-20 22:57 - 005408968 _____ (Lenovo Group Limited) C:\WINDOWS\SysWOW64\PWMTR32V.dll
2021-05-12 09:01 - 2020-12-20 22:57 - 002351304 _____ (Lenovo Group Limited) C:\WINDOWS\SysWOW64\EasyResume.exe
2021-05-12 09:01 - 2020-12-20 22:57 - 000158920 _____ (Lenovo) C:\WINDOWS\SysWOW64\InstHelper.dll
2021-05-12 09:01 - 2020-12-20 22:57 - 000090312 _____ (Lenovo) C:\WINDOWS\SysWOW64\EventLogger.dll
2021-05-12 09:01 - 2020-12-20 22:57 - 000062152 _____ () C:\WINDOWS\SysWOW64\PowerMgrInst.exe
2021-05-11 15:32 - 2021-05-23 09:54 - 000000000 ____D C:\Users\user\AppData\LocalLow\uTorrent

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-06-10 06:38 - 2016-11-05 23:19 - 000000000 ___RD C:\Users\user\OneDrive
2021-06-10 06:33 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-06-10 06:32 - 2021-05-04 23:39 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-06-10 06:30 - 2016-11-07 14:33 - 000000000 ____D C:\ProgramData\AVAST Software
2021-06-10 06:29 - 2019-05-06 11:20 - 000000000 ____D C:\Program Files\CCleaner
2021-06-10 06:27 - 2017-08-28 23:28 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2021-06-10 06:26 - 2021-05-04 23:39 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-06-10 06:26 - 2021-05-04 23:11 - 000008192 ___SH C:\DumpStack.log.tmp
2021-06-10 06:26 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-06-10 06:24 - 2016-11-03 22:37 - 000000000 ____D C:\Users\user\AppData\LocalLow\Temp
2021-06-10 06:07 - 2020-07-29 17:41 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-06-10 06:07 - 2020-07-29 17:41 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-06-10 06:07 - 2020-07-29 17:41 - 000002276 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-06-10 06:07 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-06-10 06:07 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-06-10 03:39 - 2021-03-03 05:28 - 000002064 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
2021-06-10 00:08 - 2017-07-12 09:05 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-06-09 23:58 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-06-09 23:49 - 2021-05-04 23:11 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-06-09 23:34 - 2019-05-01 08:12 - 000000000 ____D C:\Program Files\Artlantis Studio 4
2021-06-09 23:33 - 2017-07-28 21:15 - 000000000 ____D C:\ProgramData\WinZip
2021-06-09 23:22 - 2016-11-07 14:44 - 000000000 ____D C:\Users\user\AppData\Roaming\DMCache
2021-06-09 23:18 - 2019-06-03 09:38 - 000000000 ____D C:\Users\user\AppData\Local\CrashDumps
2021-06-09 20:18 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-06-09 20:06 - 2016-11-06 00:36 - 000000000 ____D C:\Users\user\AppData\Roaming\vlc
2021-06-09 19:53 - 2017-10-25 23:59 - 000000000 ____D C:\Program Files\Google
2021-06-08 21:24 - 2017-10-25 23:50 - 000000000 ____D C:\Program Files (x86)\Dropbox
2021-06-08 21:10 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-06-08 20:38 - 2021-05-05 07:29 - 000791060 _____ C:\WINDOWS\system32\perfh00C.dat
2021-06-08 20:38 - 2021-05-05 07:29 - 000149540 _____ C:\WINDOWS\system32\perfc00C.dat
2021-06-08 20:38 - 2021-05-04 23:31 - 001770906 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-06-08 20:38 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2021-06-08 19:55 - 2016-11-07 13:04 - 000000000 ____D C:\Users\user\AppData\LocalLow\Mozilla
2021-06-07 22:23 - 2017-03-22 11:13 - 000000000 ____D C:\Program Files (x86)\Google
2021-06-07 18:22 - 2021-05-04 23:11 - 000751995 ____N C:\WINDOWS\Minidump\060721-51546-01.dmp
2021-06-01 15:29 - 2020-11-17 11:40 - 000000000 ____D C:\Users\user\Documents\Pr├ęsentations
2021-05-28 16:12 - 2017-07-28 21:18 - 000000000 ____D C:\Users\user\AppData\Roaming\uTorrent
2021-05-23 09:53 - 2017-08-21 09:11 - 000000000 ____D C:\Users\user\Documents\Bandicam
2021-05-16 00:04 - 2021-04-29 07:28 - 000000000 ___DC C:\WINDOWS\Panther
2021-05-13 09:38 - 2016-11-08 02:17 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-05-13 09:33 - 2016-11-08 02:17 - 132732536 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-05-12 09:01 - 2020-08-23 09:15 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-05-11 14:59 - 2020-11-26 01:02 - 000000000 ____D C:\Users\user\AppData\Local\BitTorrentHelper
2021-05-11 14:05 - 2018-06-01 02:23 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-05-11 13:52 - 2021-05-04 23:39 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4079815856-2642852288-1539777573-1001
2021-05-11 13:52 - 2021-05-04 23:20 - 000002364 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-05-11 13:50 - 2017-07-21 20:13 - 000000575 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics

==================== Files in the root of some directories ========

2016-11-07 14:00 - 2021-05-04 23:16 - 001388432 _____ () C:\Users\Public\VOIP.dat

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================