computer lagging/freezing. – Virus, Trojan, Spyware, and Malware Removal Help | #itsecurity | #infosec


not sure if virus or just hardware dying? i’ve been dealing with this for a few months. if too many programs are playing, it freezes/lags, videos skip. gotten a lot worse since yesterday. have to shut down computer by pushing power button. turned it off for a few hours to give it a rest and still acting up a bit

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-05-2021

Ran by Owner (administrator) on DESKTOP-3GINQIN (Dell Inc. Latitude E7440) (23-05-2021 06:33:49)

Running from C:UsersOwnerDownloadsFRST-OlderVersion

Loaded Profiles: Owner

Platform: Windows 10 Pro Version 20H2 19042.985 (X64) Language: English (United States)

Default browser: “C:Program Files (x86)AVAST SoftwareBrowserApplicationAvastBrowser.exe” –single-argument %1

Boot Mode: Normal

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Adobe Inc. -> Adobe Inc.) C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe

(ALPS ALPINE CO., LTD. -> ALPSALPINE Co., Ltd.) C:Program FilesDellTPadApMsgFwd.exe

(ALPS ALPINE CO., LTD. -> ALPSALPINE Co., Ltd.) C:Program FilesDellTPadApntEx.exe

(ALPS ALPINE CO., LTD. -> ALPSALPINE Co., Ltd.) C:Program FilesDellTPadApoint.exe

(ALPS ALPINE CO., LTD. -> ALPSALPINE Co., Ltd.) C:Program FilesDellTPadHidMonitorSvc.exe

(ALPS ELECTRIC CO., LTD. -> ALPSALPINE CO., LTD.) C:Program FilesDellTPadhidfind.exe

(Apple Inc.) C:Program FilesWindowsAppsAppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqaAMDS64AppleMobileDeviceProcess.exe

(Avast Software s.r.o. -> AVAST Software) C:Program Files (x86)AVAST SoftwareBrowserUpdate1.8.1065.0AvastBrowserCrashHandler.exe

(Avast Software s.r.o. -> AVAST Software) C:Program Files (x86)AVAST SoftwareBrowserUpdate1.8.1065.0AvastBrowserCrashHandler64.exe

(Avast Software s.r.o. -> AVAST Software) C:Program Files (x86)AVAST SoftwareBrowserUpdateAvastBrowserUpdate.exe

(Google LLC -> Google LLC) C:Program Files (x86)GoogleChromeApplicationchrome.exe <24>

(Intel Corporation -> ) C:WindowsSystem32igfxTray.exe

(Intel Corporation -> Intel Corporation) C:WindowsSystem32igfxCUIService.exe

(Intel Corporation -> Intel Corporation) C:WindowsSystem32igfxEM.exe

(Intel Corporation -> Intel Corporation) C:WindowsSystem32igfxHK.exe

(Intel® Rapid Storage Technology -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositoryiastorac.inf_amd64_ecb9604542bb4ba6RstMwService.exe

(Intel® Wireless Connectivity Solutions -> Intel Corporation) C:WindowsSystem32ibtsiva.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsImmersiveControlPanelSystemSettings.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32dllhost.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32MoUsoCoreWorker.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32oobeUserOOBEBroker.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32smartscreen.exe

(Microsoft Windows Publisher -> Microsoft Corporation) C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2104.14-0MsMpEng.exe

(Microsoft Windows Publisher -> Microsoft Corporation) C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2104.14-0NisSrv.exe

(Opera Software AS -> Opera Software) C:UsersOwnerAppDataLocalProgramsOpera76.0.4017.123opera.exe <24>

(Opera Software AS -> Opera Software) C:UsersOwnerAppDataLocalProgramsOpera76.0.4017.123opera_crashreporter.exe

(Realtek Semiconductor Corp -> Realtek Semiconductor) C:Program FilesRealtekAudioHDARAVBg64.exe <3>

(Realtek Semiconductor Corp -> Realtek Semiconductor) C:Program FilesRealtekAudioHDARtkAudioService64.exe

(Realtek Semiconductor Corp -> Realtek Semiconductor) C:Program FilesRealtekAudioHDARtkNGUI64.exe

 

==================== Registry (Whitelisted) ===================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM…Run: [RtHDVCpl] => C:Program FilesRealtekAudioHDARtkNGUI64.exe [8474880 2015-05-27] (Realtek Semiconductor Corp -> Realtek Semiconductor)

HKLM…Run: [RtHDVBg] => C:Program FilesRealtekAudioHDARAVBg64.exe [1403800 2015-05-27] (Realtek Semiconductor Corp -> Realtek Semiconductor)

HKLM…Run: [Apoint] => C:Program FilesDellTPadApoint.exe [779152 2019-12-12] (ALPS ALPINE CO., LTD. -> ALPSALPINE Co., Ltd.)

HKUS-1-5-21-850940307-2662099542-345136612-1001…Run: [AvastBrowserAutoLaunch_2EF41AAE0EFA048B29BD0C1048B2D149] => C:Program Files (x86)AVAST SoftwareBrowserApplicationAvastBrowser.exe [2229072 2021-04-27] (Avast Software s.r.o. -> AVAST Software)

HKUS-1-5-21-850940307-2662099542-345136612-1001…Run: [Opera Browser Assistant] => C:UsersOwnerAppDataLocalProgramsOperaassistantbrowser_assistant.exe [4042904 2021-05-12] (Opera Software AS -> Opera Software)

HKLMSoftwareMicrosoftActive SetupInstalled Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:Program Files (x86)GoogleChromeApplication90.0.4430.212Installerchrmstp.exe [2021-05-12] (Google LLC -> Google LLC)

HKLMSoftwareMicrosoftActive SetupInstalled Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:Program Files (x86)AVAST SoftwareBrowserApplication90.0.9316.94Installerchrmstp.exe [2021-04-28] (Avast Software s.r.o. -> AVAST Software)

 

==================== Scheduled Tasks (Whitelisted) ============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {20DC251F-546C-49C6-962B-74F6FABA1B0D} – System32TasksOpera scheduled Autoupdate 1582408457 => C:UsersOwnerAppDataLocalProgramsOperalauncher.exe [2199704 2021-05-12] (Opera Software AS -> Opera Software)

Task: {22E16472-25AC-4F3E-B44A-C5BE501F6113} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Scheduled Scan => C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2104.14-0MpCmdRun.exe [595288 2021-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {24BBDBAC-9C00-4EE8-82E5-A3BB1B88ED7F} – System32TasksGoogleUpdateTaskMachineCore => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [155432 2020-01-29] (Google Inc -> Google LLC)

Task: {3EDF23D6-9787-4D36-80D8-6AE1CC13B2DD} – System32TasksAvastUpdateTaskMachineUA => C:Program Files (x86)AVAST SoftwareBrowserUpdateAvastBrowserUpdate.exe [194200 2021-01-26] (Avast Software s.r.o. -> AVAST Software)

Task: {4E29A0DE-ED3E-4D1C-9704-CDEFDCC25E51} – System32TasksAdobe Acrobat Update Task => C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)

Task: {57FFC957-5F41-4532-B1BE-F56BBFAA7199} – System32TasksRtHDVBg_PushButton => C:Program FilesRealtekAudioHDARAVBg64.exe [1403800 2015-05-27] (Realtek Semiconductor Corp -> Realtek Semiconductor)

Task: {5BD489D5-49D5-4C9E-BF1E-A4C345E9A8D3} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Cache Maintenance => C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2104.14-0MpCmdRun.exe [595288 2021-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {70943D43-B175-4381-BF61-E6DB88CDEC64} – System32TasksOpera scheduled assistant Autoupdate 1582754112 => C:UsersOwnerAppDataLocalProgramsOperalauncher.exe [2199704 2021-05-12] (Opera Software AS -> Opera Software) -> –scheduledautoupdate –component-name=assistant –component-path=”C:UsersOwnerAppDataLocalProgramsOperaassistant” $(Arg0)

Task: {A34CF35D-317F-48A5-8FDC-048E8D175460} – System32TasksAvast Secure Browser Heartbeat Task (Hourly) => C:Program Files (x86)AVAST SoftwareBrowserApplicationAvastBrowser.exe [2229072 2021-04-27] (Avast Software s.r.o. -> AVAST Software)

Task: {AD093D23-1424-4EA1-B767-53BBAB3D15E6} – System32TasksEOSv3 Scheduler onLogOn => C:UsersOwnerDesktopesetonlinescanner_enu.exe [11697056 2021-05-09] (ESET, spol. s r.o. -> ESET)

Task: {B8FA1942-96A1-479D-916D-0443EB1BCF61} – System32TasksGoogleUpdateTaskMachineUA => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [155432 2020-01-29] (Google Inc -> Google LLC)

Task: {C1C3DD03-5560-4971-8246-4D0D4246AF42} – System32TasksAvast Secure Browser Heartbeat Task (Logon) => C:Program Files (x86)AVAST SoftwareBrowserApplicationAvastBrowser.exe [2229072 2021-04-27] (Avast Software s.r.o. -> AVAST Software)

Task: {CB79B279-3639-4CFB-BF67-2E07512E6BE0} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Cleanup => C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2104.14-0MpCmdRun.exe [595288 2021-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {CBF65983-7548-44CC-B48B-61CF87F7D4A0} – System32TasksEOSv3 Scheduler onTime => C:UsersOwnerDesktopesetonlinescanner_enu.exe [11697056 2021-05-09] (ESET, spol. s r.o. -> ESET)

Task: {D7FA2D84-EB6C-45D5-9584-B0E35CC9248C} – System32TasksAvastUpdateTaskMachineCore => C:Program Files (x86)AVAST SoftwareBrowserUpdateAvastBrowserUpdate.exe [194200 2021-01-26] (Avast Software s.r.o. -> AVAST Software)

Task: {FA108B77-A21D-4307-B1D8-12FB8812D4E4} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Verification => C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2104.14-0MpCmdRun.exe [595288 2021-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

TcpipParameters: [DhcpNameServer] 192.168.1.1

Tcpip..Interfaces{3d1489f3-1cde-4eae-b4cd-2a3af2d6e0f9}: [DhcpNameServer] 192.168.1.1

Tcpip..Interfaces{81cd3285-2bbd-4ba0-8e76-63276511b8aa}: [DhcpNameServer] 192.168.42.129

 

Edge: 

=======

DownloadDir: C:UsersOwnerDownloads

Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsHostExtensionsAutoFormFill [not found]

Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsBookViewer [not found]

Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsHostExtensionsLearningTools [not found]

Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsHostExtensionsPinJSAPI [not found]

Edge DefaultProfile: Default

Edge Profile: C:UsersOwnerAppDataLocalMicrosoftEdgeUser DataDefault [2021-05-21]

Edge DownloadDir: Default -> C:UsersOwnerDownloads

Edge Extension: (Bitwarden – Free Password Manager) – C:UsersOwnerAppDataLocalMicrosoftEdgeUser DataDefaultExtensionsjbkfoedolllekgbhcbcoahefnbanhhlh [2021-05-21]

 

FireFox:

========

FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=3 -> C:Program Files (x86)AVAST SoftwareBrowserUpdate1.8.1065.0npAvastBrowserUpdate3.dll [2021-01-26] (Avast Software s.r.o. -> AVAST Software)

FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=9 -> C:Program Files (x86)AVAST SoftwareBrowserUpdate1.8.1065.0npAvastBrowserUpdate3.dll [2021-01-26] (Avast Software s.r.o. -> AVAST Software)

FF Plugin-x32: Adobe Reader -> C:Program Files (x86)AdobeAcrobat Reader DCReaderAIRnppdf32.dll [2021-04-27] (Adobe Inc. -> Adobe Systems Inc.)

FF Plugin HKUS-1-5-21-850940307-2662099542-345136612-1001: @zoom.us/ZoomVideoPlugin -> C:UsersOwnerAppDataRoamingZoombinnpzoomplugin.dll [2020-05-22] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

 

Chrome: 

=======

CHR Profile: C:UsersOwnerAppDataLocalGoogleChromeUser DataDefault [2021-05-23]

CHR Session Restore: Default -> is enabled.

CHR Extension: (Adblock Plus – free ad blocker) – C:UsersOwnerAppDataLocalGoogleChromeUser DataDefaultExtensionscfhdojbkjhnklbpkdaibdccddilifddb [2021-05-20]

CHR Extension: (Chrome Web Store Payments) – C:UsersOwnerAppDataLocalGoogleChromeUser DataDefaultExtensionsnmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]

CHR Extension: (Bitwarden – Free Password Manager) – C:UsersOwnerAppDataLocalGoogleChromeUser DataDefaultExtensionsnngceckbapebfimnlniiiahkandclblb [2021-05-16]

CHR Extension: (Chrome Media Router) – C:UsersOwnerAppDataLocalGoogleChromeUser DataDefaultExtensionspkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-04-29]

 

Opera: 

=======

OPR Profile: C:UsersOwnerAppDataRoamingOpera SoftwareOpera Stable [2021-05-23]

OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}

OPR Extension: (Bitwarden – Free Password Manager) – C:UsersOwnerAppDataRoamingOpera SoftwareOpera StableExtensionsccnckbpmaceehanjmeomladnmlffdjgn [2021-03-28]

OPR Extension: (Rich Hints Agent) – C:UsersOwnerAppDataRoamingOpera SoftwareOpera StableExtensionsenegjkbbakeegngfapepobipndnebkdk [2021-05-16]

OPR Extension: (Popup Blocker (strict)) – C:UsersOwnerAppDataRoamingOpera SoftwareOpera StableExtensionsjabcemjkhjfpkhakphioakkhcnbgeomm [2020-02-22]

OPR Extension: (Adblock Plus – free ad blocker) – C:UsersOwnerAppDataRoamingOpera SoftwareOpera StableExtensionsoidhhegpmlfpoeialbgcdocjalghfpkp [2021-05-20]

 

==================== Services (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AdobeARMservice; C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)

R2 ApHidMonitorService; C:Program FilesDellTPadHidMonitorSvc.exe [114960 2019-12-12] (ALPS ALPINE CO., LTD. -> ALPSALPINE Co., Ltd.)

S2 avast; C:Program Files (x86)AVAST SoftwareBrowserUpdateAvastBrowserUpdate.exe [194200 2021-01-26] (Avast Software s.r.o. -> AVAST Software)

S3 avastm; C:Program Files (x86)AVAST SoftwareBrowserUpdateAvastBrowserUpdate.exe [194200 2021-01-26] (Avast Software s.r.o. -> AVAST Software)

S3 AvastSecureBrowserElevationService; C:Program Files (x86)AVAST SoftwareBrowserApplication90.0.9316.94elevation_service.exe [1396968 2021-04-27] (Avast Software s.r.o. -> AVAST Software)

S3 Sense; C:Program FilesWindows Defender Advanced Threat ProtectionMsSense.exe [5393288 2021-05-13] (Microsoft Windows Publisher -> Microsoft Corporation)

R3 WdNisSvc; C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2104.14-0NisSrv.exe [2599328 2021-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 WinDefend; C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2104.14-0MsMpEng.exe [128376 2021-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)

 

===================== Drivers (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 BthA2dp; C:WINDOWSSystem32driversBthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]

R3 DellRbtn; C:WINDOWSSystem32driversDellRbtn.sys [29160 2018-07-27] (Dell Inc -> OSR Open Systems Resources, Inc.)

R0 stdcfltn; C:WINDOWSSystem32DRIVERSstdcfltn.sys [23216 2015-01-09] (STMicroelectronics -> ST Microelectronics)

S0 WdBoot; C:WINDOWSSystem32driverswdWdBoot.sys [49560 2021-05-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)

R0 WdFilter; C:WINDOWSSystem32driverswdWdFilter.sys [421112 2021-05-14] (Microsoft Windows -> Microsoft Corporation)

R3 WdNisDrv; C:WINDOWSSystem32driverswdWdNisDrv.sys [73960 2021-05-14] (Microsoft Windows -> Microsoft Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One month (created) (Whitelisted) =========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2021-05-13 23:22 – 2021-05-13 23:22 – 002755584 _____ (Microsoft Corporation) C:WINDOWSSysWOW64mshtml.tlb

2021-05-13 23:22 – 2021-05-13 23:22 – 002755584 _____ (Microsoft Corporation) C:WINDOWSsystem32mshtml.tlb

2021-05-13 23:22 – 2021-05-13 23:22 – 001687040 _____ C:WINDOWSsystem32libcrypto.dll

2021-05-13 23:22 – 2021-05-13 23:22 – 001314120 _____ (Microsoft Corporation) C:WINDOWSsystem32SecConfig.efi

2021-05-13 23:22 – 2021-05-13 23:22 – 001163776 _____ C:WINDOWSsystem32MBR2GPT.EXE

2021-05-13 23:22 – 2021-05-13 23:22 – 000700928 _____ C:WINDOWSsystem32FsNVSDeviceSource.dll

2021-05-13 23:22 – 2021-05-13 23:22 – 000157184 _____ C:WINDOWSsystem32uwfcsp.dll

2021-05-13 23:22 – 2021-05-13 23:22 – 000153600 _____ C:WINDOWSsystem32uwfcfgmgmt.dll

2021-05-13 23:22 – 2021-05-13 23:22 – 000011351 _____ C:WINDOWSsystem32DrtmAuthTxt.wim

2021-05-13 23:21 – 2021-05-13 23:21 – 000060928 _____ C:WINDOWSsystem32runexehelper.exe

2021-05-13 21:41 – 2021-05-13 21:41 – 001823816 _____ (Microsoft Corporation) C:WINDOWSsystem32winload.efi

2021-05-13 21:41 – 2021-05-13 21:41 – 001393504 _____ (Microsoft Corporation) C:WINDOWSsystem32winresume.efi

2021-05-13 18:40 – 2021-05-13 18:40 – 000165888 _____ C:WINDOWSsystem32DataStoreCacheDumpTool.exe

2021-05-13 18:40 – 2021-05-13 18:40 – 000013312 _____ C:WINDOWSsystem32agentactivationruntimestarter.exe

2021-05-07 22:45 – 2021-05-07 22:59 – 000000000 ____D C:UsersOwnerDesktopsloppybleep

2021-04-25 23:32 – 2021-04-25 23:32 – 000003386 _____ C:WINDOWSsystem32TasksMicrosoftEdgeUpdateTaskMachineCore1d72f542500ba19

 

==================== One month (modified) ==================

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2021-05-23 06:36 – 2020-02-02 00:27 – 000000000 ____D C:FRST

2021-05-23 06:33 – 2020-02-21 01:26 – 000000000 ____D C:UsersOwnerDownloadsFRST-OlderVersion

2021-05-23 06:33 – 2019-12-07 05:13 – 000000000 ____D C:WINDOWSINF

2021-05-23 06:32 – 2019-12-07 05:14 – 000000000 ____D C:ProgramDataregid.1991-06.com.microsoft

2021-05-23 05:36 – 2020-01-29 19:52 – 000000180 _____ C:WINDOWSsystem32{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat

2021-05-23 05:36 – 2020-01-29 19:52 – 000000000 __SHD C:UsersOwnerIntelGraphicsProfiles

2021-05-23 00:02 – 2021-04-12 00:24 – 000000000 ____D C:UsersOwner

2021-05-22 23:44 – 2020-02-01 22:49 – 000004435 _____ C:UsersOwnerAppDataLocalkdenliverc

2021-05-22 23:27 – 2020-02-01 20:29 – 000000000 ____D C:UsersOwnerAppDataRoamingaudacity

2021-05-22 23:25 – 2021-04-12 00:31 – 000795738 _____ C:WINDOWSsystem32PerfStringBackup.INI

2021-05-22 21:40 – 2019-12-07 05:14 – 000000000 ___HD C:Program FilesWindowsApps

2021-05-22 21:40 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSAppReadiness

2021-05-22 20:34 – 2021-04-12 00:22 – 000000000 ____D C:WINDOWSsystem32SleepStudy

2021-05-22 18:34 – 2021-04-12 00:29 – 000000006 ____H C:WINDOWSTasksSA.DAT

2021-05-22 18:34 – 2021-04-12 00:22 – 000008192 ___SH C:DumpStack.log.tmp

2021-05-22 15:09 – 2020-06-18 03:20 – 000002438 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Edge.lnk

2021-05-22 15:09 – 2020-06-18 03:20 – 000002276 _____ C:UsersPublicDesktopMicrosoft Edge.lnk

2021-05-22 15:09 – 2020-06-18 03:20 – 000002276 _____ C:ProgramDataDesktopMicrosoft Edge.lnk

2021-05-21 13:59 – 2020-01-29 19:48 – 000000000 ____D C:UsersOwnerAppDataLocalPackages

2021-05-21 01:18 – 2021-04-12 00:29 – 000004460 _____ C:WINDOWSsystem32TasksOpera scheduled assistant Autoupdate 1582754112

2021-05-19 11:44 – 2020-02-04 19:09 – 000001272 _____ C:UsersOwnerDesktopESET Online Scanner.lnk

2021-05-19 11:44 – 2020-02-04 19:08 – 000001378 _____ C:UsersOwnerAppDataRoamingMicrosoftWindowsStart MenuProgramsESET Online Scanner.lnk

2021-05-17 18:05 – 2021-04-12 00:29 – 000004206 _____ C:WINDOWSsystem32TasksOpera scheduled Autoupdate 1582408457

2021-05-17 18:05 – 2020-02-22 17:54 – 000001405 _____ C:UsersOwnerAppDataRoamingMicrosoftWindowsStart MenuProgramsOpera Browser.lnk

2021-05-16 20:23 – 2019-12-07 05:03 – 000000000 ____D C:WINDOWSCbsTemp

2021-05-16 05:16 – 2019-12-07 05:14 – 000000000 ___RD C:WINDOWSImmersiveControlPanel

2021-05-16 05:13 – 2021-04-12 00:22 – 000291064 _____ C:WINDOWSsystem32FNTCACHE.DAT

2021-05-16 05:13 – 2019-12-07 05:54 – 000000000 ____D C:Program FilesWindows Defender Advanced Threat Protection

2021-05-16 05:13 – 2019-12-07 05:51 – 000000000 ____D C:WINDOWSsystem32OpenSSH

2021-05-16 05:13 – 2019-12-07 05:14 – 000000000 ___RD C:WINDOWSPrintDialog

2021-05-16 05:13 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSSysWOW64WinMetadata

2021-05-16 05:13 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSSysWOW64setup

2021-05-16 05:13 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSSysWOW64oobe

2021-05-16 05:13 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSSysWOW64lt-LT

2021-05-16 05:13 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSSysWOW64Dism

2021-05-16 05:13 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSSystemResources

2021-05-16 05:13 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSsystem32WinMetadata

2021-05-16 05:13 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSsystem32SystemResetPlatform

2021-05-16 05:13 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSsystem32setup

2021-05-16 05:13 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSsystem32oobe

2021-05-16 05:13 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSsystem32lt-LT

2021-05-16 05:13 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSsystem32Dism

2021-05-16 05:13 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSProvisioning

2021-05-16 05:13 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSPolicyDefinitions

2021-05-16 05:13 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSDiagTrack

2021-05-16 05:13 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSbcastdvr

2021-05-16 05:13 – 2019-12-07 05:03 – 000524288 _____ C:WINDOWSsystem32configBBI

2021-05-14 16:13 – 2020-01-29 07:45 – 000000000 ____D C:WINDOWSsystem32Driverswd

2021-05-13 23:29 – 2020-01-29 20:01 – 000002136 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsAcrobat Reader DC.lnk

2021-05-13 23:24 – 2019-12-07 05:54 – 000023552 _____ (Microsoft Corporation) C:WINDOWSsystem32OEMDefaultAssociations.dll

2021-05-13 18:21 – 2020-01-29 19:59 – 000000000 ____D C:WINDOWSsystem32MRT

2021-05-13 18:08 – 2020-01-29 19:59 – 132732536 ____C (Microsoft Corporation) C:WINDOWSsystem32MRT.exe

2021-05-13 06:14 – 2021-04-12 00:29 – 000003376 _____ C:WINDOWSsystem32TasksOneDrive Standalone Update Task-S-1-5-21-850940307-2662099542-345136612-1001

2021-05-13 06:14 – 2021-04-12 00:24 – 000002363 _____ C:UsersOwnerAppDataRoamingMicrosoftWindowsStart MenuProgramsOneDrive.lnk

2021-05-13 06:14 – 2020-01-29 19:51 – 000000000 ___RD C:UsersOwnerOneDrive

2021-05-12 16:33 – 2020-01-29 19:56 – 000002301 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle Chrome.lnk

2021-05-12 16:33 – 2020-01-29 19:56 – 000002260 _____ C:UsersPublicDesktopGoogle Chrome.lnk

2021-05-12 16:33 – 2020-01-29 19:56 – 000002260 _____ C:ProgramDataDesktopGoogle Chrome.lnk

2021-05-09 20:28 – 2020-02-04 19:08 – 011697056 _____ (ESET) C:UsersOwnerDesktopesetonlinescanner_enu.exe

2021-05-05 02:40 – 2020-04-04 15:35 – 000000000 ____D C:UsersOwnerAppDataLocalElevatedDiagnostics

2021-05-01 15:23 – 2020-03-02 19:00 – 000000000 ____D C:UsersOwnerDesktopmeme

2021-04-28 13:07 – 2020-03-31 22:35 – 000002498 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsAvast Secure Browser.lnk

2021-04-28 13:07 – 2020-03-31 22:35 – 000002463 _____ C:UsersPublicDesktopAvast Secure Browser.lnk

2021-04-28 13:07 – 2020-03-31 22:35 – 000002463 _____ C:ProgramDataDesktopAvast Secure Browser.lnk

2021-04-25 23:32 – 2021-04-12 00:29 – 000003480 _____ C:WINDOWSsystem32TasksMicrosoftEdgeUpdateTaskMachineUA

2021-04-23 04:43 – 2021-03-25 00:13 – 000000000 ___DC C:WINDOWSPanther

2021-04-23 01:04 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSsystem32NDF

 

==================== Files in the root of some directories ========

 

2020-02-01 22:49 – 2021-05-22 23:44 – 000004435 _____ () C:UsersOwnerAppDataLocalkdenliverc

2020-05-12 19:14 – 2020-05-12 19:14 – 000000017 _____ () C:UsersOwnerAppDataLocalresmon.resmoncfg

2020-02-01 22:49 – 2020-02-01 22:49 – 000000533 _____ () C:UsersOwnerAppDataLocaluser-places.xbel

2020-02-01 22:49 – 2020-02-01 22:49 – 000000000 _____ () C:UsersOwnerAppDataLocaluser-places.xbel.tbcache

 

==================== SigCheck ============================

 

(There is no automatic fix for files that do not pass verification.)

 

==================== End of FRST.txt ========================





Original Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

twenty six − = sixteen