WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93121 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Slow internet

Started by jensaxel , Jul 19 2021 05:32 AM

Slow Internet

This topic is locked

17 replies to this topic

#1 jensaxel

Authentic Member

Authentic Member
179 posts

Posted 19 July 2021 - 05:32 AM

I'm experiencing slower and slower internet - no matter the network.

I use a Toshiba Satellite with Windows 8 64-bit.

None of my other devices don't have a similar problem.

Thanks

Jens

Advertisements

Register to Remove

#2 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 19 July 2021 - 04:38 PM

Farbar Recovery Scan Tool (FRST) Scan

Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
Right-Click FRST.exe / FRST64.exe and select Run as administrator to run the programme.
Click Yes to the disclaimer.
Ensure the Addition.txt box is checked.
Click the Scan button and let the programme run.
Upon completion, click OK, then OK on the Addition.txt pop up screen.
Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.

(Scan times will vary from one system to another. Sometimes the scan may appear to hang and you may even see a message that says, Program not responding. Most likely that will be temporary and the scan will resume on its own. It is not unusual for a complete scan to take up to10 minutes or even longer depending on what the scan is finding.)

Sometimes the angels fly close enough to you that you can hear the flutter of their wings...

MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#3 jensaxel

Authentic Member

Authentic Member
179 posts

Posted 21 July 2021 - 04:45 AM

FRST.txt:

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\..\Interfaces\{18E4DFDC-04A3-4E40-907E-EDD714196A29}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{4D531E49-F340-40EE-B258-49D80CA3493B}: [NameServer] 100.120.104.1
Tcpip\..\Interfaces\{863AF362-1F5D-4050-AEAE-4C0F18139CCE}: [DhcpNameServer] 192.168.100.1

Edge:
=======
Edge Profile: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default [2021-03-26]

FireFox:
========
FF DefaultProfile: 32ja86do.default
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\32ja86do.default [2021-07-21]
FF Homepage: Mozilla\Firefox\Profiles\32ja86do.default -> hxxps://www.google.com
FF Notifications: Mozilla\Firefox\Profiles\32ja86do.default -> hxxps://www.facebook.com
FF Extension: (Facebook Container) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\32ja86do.default\Extensions\@contain-facebook.xpi [2021-05-07]
FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\32ja86do.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2021-07-10]
FF Extension: (Avast Online Security) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\32ja86do.default\Extensions\wrc@avast.com.xpi [2020-04-17] [UpdateUrl:hxxps://firefoxext.avcdn.net/firefoxext/avast/aos/update.json]
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-07-24] (Nero AG -> Nero AG)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-06-27] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3096548613-1792463396-622639421-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\user\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-04-29] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

Chrome:
=======
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2021-07-18]
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Extension: (Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-06-10]
CHR Extension: (Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-06-10]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-06-10]
CHR Extension: (Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-06-10]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-06-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-06-10]
CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-06-10]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2020-03-27] (Apple Inc. -> Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [8249936 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [625432 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [1381656 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe [373528 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [56912 2021-05-31] (Avast Software s.r.o. -> AVAST Software)
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-13] () [File not signed]
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [190784 2019-12-27] (Huawei Technologies Co., Ltd. -> ) [File not signed]
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] (HUAWEI Technologies Co., Ltd. -> )
R2 LDrvSvc; c:\program files (x86)\ostotosoft\drivertalent\LDrvSvc.dll [1812056 2019-09-16] (OSTOTO CO. LIMITED -> )
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [655712 2011-12-23] (HUAWEI Technologies Co., Ltd. -> )
R2 SecureLine; C:\Program Files\Avast Software\SecureLine VPN\VpnSvc.exe [8700696 2021-07-07] (Avast Software s.r.o. -> AVAST Software)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [114656 2012-08-14] (Toshiba Europe GmbH -> Toshiba Europe GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2018-10-28] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [112144 2021-05-18] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [23240 2015-08-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [216928 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [366616 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [250392 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [99352 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [41352 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [182600 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [524400 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [107848 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [82912 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [851192 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [471920 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [215384 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R3 aswTap; C:\WINDOWS\system32\DRIVERS\aswTap.sys [53904 2018-09-05] (AVAST Software s.r.o. -> The OpenVPN Project)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [327536 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R3 athr; C:\WINDOWS\system32\DRIVERS\athwbx.sys [3858944 2013-10-24] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros Communications, Inc.)
S3 ew_hwusbdev; C:\WINDOWS\system32\DRIVERS\ew_hwusbdev.sys [117248 2010-07-27] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18944 2019-12-27] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 ew_usbenumfilter; C:\WINDOWS\System32\drivers\ew_usbenumfilter.sys [13952 2010-03-20] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 huawei_cdcacm; C:\WINDOWS\system32\DRIVERS\ew_jucdcacm.sys [98304 2012-02-03] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R3 huawei_enumerator; C:\WINDOWS\System32\drivers\ew_jubusenum.sys [87040 2012-02-03] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\WINDOWS\System32\drivers\ew_juextctrl.sys [28672 2012-02-03] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 huawei_wwanecm; C:\WINDOWS\system32\DRIVERS\ew_juwwanecm.sys [229376 2012-02-03] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2019-12-27] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON CORPORATION -> PEGATRON)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166760 2020-04-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [32624 2013-08-19] (TOSHIBA CORPORATION -> Windows ® Win 7 DDK provider)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2018-10-28] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2018-10-28] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2018-10-28] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-07-21 12:30 - 2021-07-21 12:32 - 000011147 _____ C:\Users\user\Desktop\FRST.txt
2021-07-21 12:28 - 2021-07-21 12:30 - 000000000 ____D C:\FRST
2021-07-21 12:16 - 2021-07-21 12:20 - 002300416 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2021-07-09 10:58 - 2021-07-09 10:58 - 000000000 ____D C:\Users\user\Documents\Jessica
2021-07-04 13:09 - 2021-07-04 13:09 - 000388608 _____ (Trend Micro Inc.) C:\Users\user\Downloads\HijackThis(2).exe
2021-06-30 22:52 - 2021-06-30 22:52 - 000216654 _____ C:\Users\user\Documents\Multa trafico june 21.odt
2021-06-29 11:11 - 2021-06-29 11:11 - 000339736 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2021-06-29 11:11 - 2021-06-29 11:11 - 000215384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2021-06-29 10:32 - 2021-06-29 10:32 - 000437413 _____ C:\Users\user\Downloads\boarding-pass(1).pdf
2021-06-25 13:16 - 2021-06-25 10:28 - 000057127 _____ C:\Users\user\Documents\ATP blanket.pdf
2021-06-24 13:34 - 2021-06-24 13:34 - 000001254 _____ C:\Users\Public\Desktop\Ashampoo ZIP Free.lnk
2021-06-24 13:34 - 2021-06-24 13:34 - 000000000 ____D C:\WINDOWS\SysWOW64\Skins
2021-06-24 13:34 - 2021-06-24 13:34 - 000000000 ____D C:\WINDOWS\SysWOW64\Sfxs
2021-06-24 13:34 - 2021-06-24 13:34 - 000000000 ____D C:\WINDOWS\SysWOW64\lang
2021-06-24 13:34 - 2021-06-24 13:34 - 000000000 ____D C:\WINDOWS\SysWOW64\Icons
2021-06-24 13:34 - 2021-06-24 13:34 - 000000000 ____D C:\WINDOWS\SysWOW64\HELP
2021-06-24 13:34 - 2021-06-24 13:34 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-06-24 13:34 - 2021-06-24 13:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2021-06-24 13:34 - 2021-06-24 13:34 - 000000000 ____D C:\ProgramData\Ashampoo
2021-06-24 13:34 - 2021-06-24 13:34 - 000000000 ____D C:\Program Files (x86)\Ashampoo
2021-06-24 13:29 - 2021-06-24 13:29 - 025913688 _____ (Ashampoo GmbH & Co. KG ) C:\Users\user\Downloads\ashampoo_zip_free_18811.exe
2021-06-24 13:24 - 2021-06-24 15:45 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-06-23 09:33 - 2021-06-23 09:33 - 000000000 ____D C:\Users\user\Documents\Santander
2021-06-23 09:33 - 2021-03-08 14:24 - 000261303 _____ C:\Users\user\Documents\Keyboard.odt
2021-06-23 09:33 - 2021-03-08 14:13 - 000074293 _____ C:\Users\user\Documents\Pianos_keyboard_with_notes.svg

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-07-21 12:31 - 2019-01-30 13:26 - 000000000 ____D C:\ProgramData\Mozilla
2021-07-21 12:30 - 2018-10-14 20:36 - 000000000 ____D C:\Users\user\AppData\LocalLow\Mozilla
2021-07-21 12:17 - 2018-11-23 20:20 - 000000000 ____D C:\Program Files (x86)\Google
2021-07-21 12:11 - 2019-11-26 17:04 - 000000000 ____D C:\Program Files\CCleaner
2021-07-21 12:09 - 2019-01-29 11:19 - 000000000 ____D C:\Users\user\AppData\Local\CrashDumps
2021-07-21 12:01 - 2021-04-08 17:36 - 000003938 _____ C:\WINDOWS\system32\Tasks\Avast SecureLine VPN Update
2021-07-21 12:00 - 2013-08-22 16:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-07-21 11:51 - 2018-11-23 15:12 - 000000000 ____D C:\Users\user\AppData\Local\AVAST Software
2021-07-19 13:58 - 2020-08-02 22:25 - 000020794 _____ C:\Users\user\Documents\A.odt
2021-07-19 12:51 - 2013-08-22 15:36 - 000000000 ____D C:\WINDOWS\Inf
2021-07-18 15:54 - 2013-08-22 17:36 - 000000000 ____D C:\WINDOWS\rescache
2021-07-16 10:33 - 2021-06-10 18:06 - 000003534 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-07-16 10:33 - 2021-06-10 18:06 - 000003406 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-07-14 13:02 - 2019-04-15 12:30 - 001515008 ___SH C:\Users\user\Desktop\Thumbs.db
2021-07-14 12:59 - 2018-11-23 15:06 - 000000000 ____D C:\ProgramData\AVAST Software
2021-07-14 12:58 - 2013-08-22 16:44 - 000362968 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-07-14 12:49 - 2013-08-22 17:36 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-07-14 12:32 - 2012-07-26 09:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-07-14 12:26 - 2018-10-19 13:51 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-07-14 12:20 - 2018-10-19 13:50 - 133422552 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-07-14 11:30 - 2018-06-05 15:23 - 000003598 _____ C:\WINDOWS\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3096548613-1792463396-622639421-1001
2021-07-14 10:46 - 2018-12-17 11:05 - 000002050 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-07-10 18:12 - 2019-03-19 17:19 - 000016400 _____ C:\Users\user\Documents\Ord.ods
2021-07-10 12:12 - 2014-11-21 04:13 - 001822472 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-07-10 12:12 - 2014-11-21 03:24 - 000805262 _____ C:\WINDOWS\system32\perfh00A.dat
2021-07-10 12:12 - 2014-11-21 03:24 - 000164164 _____ C:\WINDOWS\system32\perfc00A.dat
2021-07-09 11:02 - 2013-08-22 15:25 - 000262144 ___SH C:\WINDOWS\system32\config\BBI
2021-07-09 10:59 - 2013-08-22 17:36 - 000000000 ___RD C:\WINDOWS\ToastData
2021-07-09 10:50 - 2019-11-26 17:04 - 000004128 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-07-09 10:49 - 2019-05-27 17:04 - 000004168 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2021-07-04 13:08 - 2018-12-01 16:01 - 000000000 ____D C:\Users\user\Documents\MuseScore2
2021-07-04 13:01 - 2018-12-10 10:48 - 000198656 ___SH C:\Users\user\Documents\Thumbs.db
2021-07-02 11:12 - 2020-12-10 12:47 - 000036120 _____ (Avast Software) C:\WINDOWS\system32\icarus_rvrt.exe
2021-06-29 11:11 - 2020-10-22 10:07 - 000182600 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2021-06-29 11:11 - 2020-04-15 10:01 - 000524400 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys
2021-06-29 11:11 - 2019-01-14 21:53 - 000366616 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2021-06-29 11:11 - 2019-01-10 18:05 - 000250392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2021-06-29 11:11 - 2019-01-10 18:05 - 000099352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2021-06-29 11:11 - 2018-11-23 15:10 - 000851192 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2021-06-29 11:11 - 2018-11-23 15:10 - 000471920 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2021-06-29 11:11 - 2018-11-23 15:10 - 000327536 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2021-06-29 11:11 - 2018-11-23 15:10 - 000216928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2021-06-29 11:11 - 2018-11-23 15:10 - 000107848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2021-06-29 11:11 - 2018-11-23 15:10 - 000082912 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2021-06-29 11:11 - 2018-11-23 15:10 - 000041352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2021-06-29 09:35 - 2021-06-10 18:07 - 000002199 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-06-25 15:03 - 2020-06-27 16:01 - 000000000 ____D C:\Users\user\AppData\Roaming\Spotify
2021-06-25 13:25 - 2020-04-29 16:03 - 000000000 ____D C:\Users\user\AppData\Local\Spotify
2021-06-24 15:47 - 2018-10-31 23:54 - 000000000 ____D C:\Program Files (x86)\NCH Software
2021-06-24 15:45 - 2018-10-14 20:36 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-06-24 13:34 - 2018-10-14 20:36 - 000000947 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-06-24 13:30 - 2018-10-31 23:54 - 000000000 ____D C:\ProgramData\NCH Software
2021-06-24 13:25 - 2018-10-31 23:54 - 000000000 ____D C:\WINDOWS\system32\Tasks\NCH Software

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

LastRegBack: 2021-07-14 18:46
==================== End of FRST.txt ========================

Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-07-2021 01
Ran by user (21-07-2021 12:37:55)
Running from C:\Users\user\Desktop
Windows 8.1 (Update) (X64) (2018-10-28 17:37:18)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrador (S-1-5-21-3096548613-1792463396-622639421-500 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-3096548613-1792463396-622639421-1005 - Limited - Enabled)
Invitado (S-1-5-21-3096548613-1792463396-622639421-501 - Limited - Disabled)
user (S-1-5-21-3096548613-1792463396-622639421-1001 - Administrator - Enabled) => C:\Users\user

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {5078598A-1FA2-C888-AA5F-A9C66537DB12}
FW: Avast Antivirus (Enabled) {D322394B-73F7-C65E-BBB0-3B81E063D6D4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.005.20058 - Adobe Systems Incorporated)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{6CF0CAEE-54B6-4D84-A055-3AF110F189D3}) (Version: 8.4 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{8B127943-89E7-4691-A7A4-D05807920A84}) (Version: 8.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A394C41-FBA7-4930-85FC-3A973B34E6C6}) (Version: 13.5.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Ashampoo ZIP Free (HKLM-x32\...\{0A11EA01-5173-F4C2-0973-35C932D5C674}_is1) (Version: 1.0.7 - Ashampoo GmbH & Co. KG)
Atheros Bluetooth Filter Driver Package (HKLM\...\{026B819B-4D60-4C8B-892D-33A0D8666F60}) (Version: 2.0.0.3 - Nombre de su organización)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
Avast Premium Security (HKLM-x32\...\Avast Antivirus) (Version: 21.5.2470 - Avast Software)
Avast SecureLine VPN (HKLM\...\Avast SecureLine) (Version: 5.12.5611.2566 - Avast Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.82 - Piriform)
Core Temp 1.17.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.17.1 - ALCPU)
Driver Talent (HKLM-x32\...\{29FE44D7-BC89-4188-8B0E-F6BA073C15A5}_is1) (Version: 7.1.28.92 - OSToto Co., Ltd.)
Express Rip CD Ripper Software (HKLM-x32\...\ExpressRip) (Version: 3.00 - NCH Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 91.0.4472.124 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.13 - Google LLC) Hidden
HiSuite (HKLM-x32\...\Hi Suite) (Version: 10.0.1.100 - )
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33268) (Version: 3.6.1.33268.15 - Intel)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
IrfanView 4.57 (64-bit) (HKLM\...\IrfanView64) (Version: 4.57 - Irfan Skiljan)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 88.0.705.81 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office Language Interface Pack 2010 - Català (HKLM-x32\...\{95140000-00FF-0403-0000-0000000FF1CE}) (Version: 14.0.4763.1020 - Microsoft Corporation)
Microsoft Office Language Interface Pack 2010 - Euskara (HKLM-x32\...\{95140000-00FF-042D-0000-0000000FF1CE}) (Version: 14.0.4763.1028 - Microsoft Corporation)
Microsoft Office Language Interface Pack 2010 - Galego (HKLM-x32\...\{95140000-00FF-0456-0000-0000000FF1CE}) (Version: 14.0.4763.1028 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 23.007.09.02.26 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 89.0.2 (x64 en-GB) (HKLM\...\Mozilla Firefox 89.0.2 (x64 en-GB)) (Version: 89.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 62.0.3 - Mozilla)
MuseScore 2 (HKLM-x32\...\{7D01160E-D30F-4E88-8872-4A0A0A782E2E}) (Version: 2.3.2 - Werner Schweer and Others)
MuseScore 3 (HKLM\...\{3316B71D-89FC-4EB1-95CA-8111C38A3182}) (Version: 3.2.3.7635 - Werner Schweer and Others)
Nero 12 Essentials Toshiba (HKLM-x32\...\{BA8958DC-ADD7-41E5-8436-5883C7E871C7}) (Version: 12.0.00400 - Nero AG)
OpenOffice 4.1.6 (HKLM-x32\...\{16E4FF6B-31E8-4037-B627-D87CF872E32B}) (Version: 4.16.9790 - Apache Software Foundation)
Premium Sound HD (HKLM\...\{94F03B8E-CB73-4653-AFE9-79112C01FED2}) (Version: 1.12.4600 - SRS Labs, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6794 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Signal 1.39.6 (HKU\S-1-5-21-3096548613-1792463396-622639421-1001\...\7d96caee-06e6-597c-9f2f-c7bb2e0948b4) (Version: 1.39.6 - Open Whisper Systems)
Skype version 8.68 (HKLM-x32\...\Skype_is1) (Version: 8.68 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3096548613-1792463396-622639421-1001\...\Spotify) (Version: 1.1.61.583.gad060c66 - Spotify AB)
Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 7.45 - NCH Software)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.3 - Synaptics Incorporated)
Telegram Desktop version 2.7.1 (HKU\S-1-5-21-3096548613-1792463396-622639421-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 2.7.1 - Telegram FZ-LLC)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.0007.00002 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6415 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6425 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.10 - TOSHIBA)
Toshiba Password Utility (HKLM-x32\...\InstallShield_{6D35FF17-A8B3-43D3-917E-5A1F2C3FB628}) (Version: 2.00.930 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
Toshiba Places Icon Utility (HKLM\...\{C991A8C4-307C-4FDD-8AAE-A1BF44881E95}) (Version: 2.1.1 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.2.00 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{B75F194E-4C55-4D80-86C8-7FFB29B29984}) (Version: 4.1.3.0 - Toshiba Client Solutions Co., Ltd.)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0012 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.2.1 - Toshiba Europe GmbH)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.1.0.12-A - Toshiba Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.10 - VideoLAN)
Welcome App (Start-up experience) (HKLM-x32\...\{828175FA-7307-4DBF-95AD-9CEE086B6F45}) (Version: 12.0.13000 - Nero AG) Hidden
Zoom (HKU\S-1-5-21-3096548613-1792463396-622639421-1001\...\ZoomUMX) (Version: 5.0 - Zoom Video Communications, Inc.)

Packages:
=========
- Games App - -> C:\Program Files\WindowsApps\WildTangentGames.-GamesApp-_1.0.3.28_x86__qt5r5pa5dyg8m [2018-10-30] (WildTangent Games)
Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_3.1.2.8_neutral__343d40qqvtj1t [2018-10-30] (Amazon.com)
eBay -> C:\Program Files\WindowsApps\eBayInc.eBay_1.6.0.34_neutral__1618n3s9xq8tw [2018-10-30] (eBay, Inc)
Evernote Touch -> C:\Program Files\WindowsApps\Evernote.Evernote_3.3.0.102_x86__q4d96b2w5wcc2 [2018-10-30] (Evernote)
Fresh Paint -> C:\Program Files\WindowsApps\Microsoft.FreshPaint_2.0.15133.0_x86__8wekyb3d8bbwe [2018-10-30] (Microsoft Corporation)
Games -> C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_2.0.139.0_x64__8wekyb3d8bbwe [2014-11-21] (Microsoft Corporation) [MS Ad]
McAfee® Central for Toshiba -> C:\Program Files\WindowsApps\McAfeeInc.04.McAfeeSecurityAdvisorforToshiba_5.0.170.1_x64__m0mgz90br52t0 [2018-10-30] (McAfee_Incorporated)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_2.11.1807.1002_x86__8wekyb3d8bbwe [2018-10-30] (Microsoft Studios) [MS Ad]
MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2018-10-30] (Microsoft Corporation) [MS Ad]
MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2018-10-30] (Microsoft Corporation) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_3.0.4.344_x64__8wekyb3d8bbwe [2018-10-30] (Microsoft Corporation) [MS Ad]
MSN News -> C:\Program Files\WindowsApps\Microsoft.BingNews_3.0.4.344_x64__8wekyb3d8bbwe [2018-11-08] (Microsoft Corporation) [MS Ad]
MSN Sport -> C:\Program Files\WindowsApps\Microsoft.BingSports_3.0.4.345_x64__8wekyb3d8bbwe [2018-10-30] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2018-10-30] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.4.350_x64__8wekyb3d8bbwe [2018-10-30] (Microsoft Corporation) [MS Ad]
Music -> C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2.6.672.0_x64__8wekyb3d8bbwe [2018-10-30] (Microsoft Corporation) [MS Ad]
My Toshiba -> C:\Program Files\WindowsApps\EnnovaResearch.ToshibaPlaces_2.2.38.0_x64__3s2an63h56yee [2018-10-30] (Ennova Research)
Skitch Touch -> C:\Program Files\WindowsApps\Evernote.Skitch_2.4.2000.1918_neutral__q4d96b2w5wcc2 [2018-10-30] (Evernote)
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c [2018-10-30] (Skype) [MS Ad]
TOSHIBA Media Player by sMedio TrueLink+ -> C:\Program Files\WindowsApps\sMedioforToshiba.TOSHIBAMediaPlayerbysMedioTrueLin_3.1.1.33_x64__679ekb9hp1h62 [2018-10-30] (sMedio)
Video -> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2.6.446.0_x64__8wekyb3d8bbwe [2018-10-30] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3096548613-1792463396-622639421-1001_Classes\CLSID\{00000001-0E3A-4123-8B32-4B68A91E104A}\Shell\Open\Command -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDICommandInvoker.exe (Toshiba Corporation) [File not signed]
CustomCLSID: HKU\S-1-5-21-3096548613-1792463396-622639421-1001_Classes\CLSID\{00000001-0E3A-4123-8B32-4B68A91E104A}\InprocServer32 -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIBasePlace.dll (Toshiba Corporation) [File not signed]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-06-29] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-06-29] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1-x32: [ASZipF] -> {e03d3e68-0f44-3d45-b15f-bcfd8a8b4c7e} => C:\Program Files (x86)\Ashampoo\Ashampoo ZIP Free\ASZSHLEXT.DLL [2021-04-06] (Ashampoo GmbH & Co. KG -> Ashampoo GmbH)
ContextMenuHandlers1: [ASZipF64] -> {e03d3e78-0f44-3d45-b15f-bcfd8a8b4c7e} => C:\Program Files (x86)\Ashampoo\Ashampoo ZIP Free\ASZSHLEXT64.DLL [2021-04-06] (Ashampoo GmbH & Co. KG -> Ashampoo GmbH)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-06-29] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-06-29] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll [2015-11-18] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6-x32: [ASZipF] -> {e03d3e68-0f44-3d45-b15f-bcfd8a8b4c7e} => C:\Program Files (x86)\Ashampoo\Ashampoo ZIP Free\ASZSHLEXT.DLL [2021-04-06] (Ashampoo GmbH & Co. KG -> Ashampoo GmbH)
ContextMenuHandlers6: [ASZipF64] -> {e03d3e78-0f44-3d45-b15f-bcfd8a8b4c7e} => C:\Program Files (x86)\Ashampoo\Ashampoo ZIP Free\ASZSHLEXT64.DLL [2021-04-06] (Ashampoo GmbH & Co. KG -> Ashampoo GmbH)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-06-29] (Avast Software s.r.o. -> AVAST Software)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2018-12-19 22:36 - 2009-06-22 20:42 - 000043008 _____ () [File not signed] C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll
2018-12-19 22:36 - 2009-01-10 12:32 - 000011362 _____ () [File not signed] C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll
2018-12-19 22:36 - 2010-05-14 11:57 - 002415104 _____ () [File not signed] C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll
2018-12-19 22:36 - 2010-02-10 16:10 - 001148416 _____ () [File not signed] C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll
2018-12-19 22:36 - 2010-02-10 16:06 - 000398336 _____ () [File not signed] C:\ProgramData\Mobile Partner\OnlineUpdate\QtXml4.dll
2018-12-19 22:36 - 2011-12-23 09:52 - 000843264 _____ () [File not signed] C:\ProgramData\Mobile Partner\OnlineUpdate\QueryStrategy.dll
2012-07-19 09:53 - 2012-07-19 09:53 - 000265728 _____ (TOSHIBA Corporation) [File not signed] C:\Program Files\TOSHIBA\Hotkey\TCrdMain.dll
2012-08-09 01:54 - 2012-08-09 01:54 - 000042496 _____ (Toshiba Corporation) [File not signed] C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDesktopEventCaptor.dll
2012-08-09 01:54 - 2012-08-09 01:54 - 000052224 _____ (Toshiba Corporation) [File not signed] C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIBasePlace.dll
2012-08-09 01:54 - 2012-08-09 01:54 - 000014336 _____ (Toshiba Corporation) [File not signed] C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIPlaceFileEntity.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-3096548613-1792463396-622639421-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/
HKU\S-1-5-21-3096548613-1792463396-622639421-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
SearchScopes: HKU\S-1-5-21-3096548613-1792463396-622639421-1001 -> DefaultScope {11F6C88A-3D38-4537-9C21-044713EE4251} URL =
SearchScopes: HKU\S-1-5-21-3096548613-1792463396-622639421-1001 -> {11F6C88A-3D38-4537-9C21-044713EE4251} URL =
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2019-01-04 15:56 - 000000825 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\AMD\ATI.ACE\Core-Static
HKU\S-1-5-21-3096548613-1792463396-622639421-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\user\Pictures\IMG-20200209-WA0006.jpg
DNS Servers: 100.120.104.1 - 192.168.8.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-3096548613-1792463396-622639421-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3096548613-1792463396-622639421-1001\...\StartupApproved\Run: => "Skype for Desktop"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E6F4A1EE-5690-4998-9D52-C9AB52AC3AE3}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{447844BA-D830-4907-B288-F80130BB0926}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{3BC49049-5129-4134-A995-EDEC9DDFF008}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{2C679CB5-3558-4A8D-8081-750A8FD43249}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{37C2FD65-1F08-40D3-BFA9-8FFC5A2C2310}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{0318D7DA-F46B-4813-B51F-113A02477E7A}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe => No File
FirewallRules: [{675005CE-C805-4DF1-9CD8-F28E17E01DF7}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe => No File
FirewallRules: [{EAACE44F-886A-4241-9273-68BD0E1F4F2E}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe (Nero AG -> Nero AG)
FirewallRules: [{A8EFDF76-5248-4AB8-B8B7-7A33B87AF729}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe (Nero AG -> Nero AG)
FirewallRules: [TCP Query User{7785BDB2-B291-45C1-857B-F89663190D7B}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{DF3E4BD8-62B1-45A0-825B-CBD068764393}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{71197E4E-D1A8-4812-A2CB-D23C4D320C3B}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\user\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{ADF09BE7-03C1-43B5-974E-0EB9E12AD964}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\user\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{69A41315-40CD-4BB4-8089-95A662F4205E}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0B599EF3-EA6A-46DE-A8F6-0E35522F927D}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2B731508-7E9D-439B-914B-3F7D0A97EBB0}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe (Life Guarder Software Company Limited -> OSToto Co., Ltd.)
FirewallRules: [{22165F7C-1F5D-4AA9-8ED2-4DC00AD08F76}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\LDrvSvc.dll (OSTOTO CO. LIMITED -> )
FirewallRules: [{CA7217B9-BA54-4B7C-8E89-7EA9D98875E7}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\download\MiniThunderPlatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司)
FirewallRules: [{E52AA336-6A15-4DDE-A94E-398F184E6BC8}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DTLService.exe => No File
FirewallRules: [{75EBEEB2-269E-45F9-BD9D-E27C0AA45ED0}] => (Allow) C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{F7686C36-922B-4850-B149-C8355A362402}] => (Allow) C:\Users\user\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{43BD1648-8F87-4ECB-A772-930285571572}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B0A7AC39-AED3-4C9F-8774-87228E280320}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{97925B05-C725-4971-898F-D3E7104B7DB5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3881C86B-5763-4DAF-9316-3BEF4AEDB133}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{53658A34-50DA-4A25-90C0-AB2D981251D9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{45BB39A7-772C-4F04-B0A1-B97DE8F0AB90}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9A35365A-69CC-4EEB-8C55-790276E51668}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1B7DC46F-85B5-4FCB-83FE-E9E5A737EA99}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{064DB973-6E60-428E-84DB-3021587250F4}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

09-07-2021 10:33:52 Instalador de Módulos de Windows
14-07-2021 11:30:56 Windows Update

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (07/21/2021 12:08:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cnext.exe, version: 10.1.1.1522, time stamp: 0x56d0b595
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process ID: 0x1404
Faulting application start time: 0x01d77e17a55aee6b
Faulting application path: C:\Program Files\AMD\CNext\CNext\cnext.exe
Faulting module path: unknown
Report ID: a64c6a41-ea0b-11eb-8130-20689dde5791
Faulting package full name:
Faulting package-relative application ID:

Error: (07/21/2021 11:23:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cnext.exe, version: 10.1.1.1522, time stamp: 0x56d0b595
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process ID: 0xec0
Faulting application start time: 0x01d77e11604075ed
Faulting application path: C:\Program Files\AMD\CNext\CNext\cnext.exe
Faulting module path: unknown
Report ID: 51f92866-ea05-11eb-812f-20689dde5791
Faulting package full name:
Faulting package-relative application ID:

Error: (07/19/2021 07:11:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cnext.exe, version: 10.1.1.1522, time stamp: 0x56d0b595
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process ID: 0x1be4
Faulting application start time: 0x01d77cc0705c2232
Faulting application path: C:\Program Files\AMD\CNext\CNext\cnext.exe
Faulting module path: unknown
Report ID: 61a4e7ed-e8b4-11eb-812f-20689dde5791
Faulting package full name:
Faulting package-relative application ID:

Error: (07/19/2021 02:04:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cnext.exe, version: 10.1.1.1522, time stamp: 0x56d0b595
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process ID: 0x1158
Faulting application start time: 0x01d77c958dd0ef64
Faulting application path: C:\Program Files\AMD\CNext\CNext\cnext.exe
Faulting module path: unknown
Report ID: 7f05e47a-e889-11eb-812f-20689dde5791
Faulting package full name:
Faulting package-relative application ID:

Error: (07/19/2021 12:56:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cnext.exe, version: 10.1.1.1522, time stamp: 0x56d0b595
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process ID: 0x2724
Faulting application start time: 0x01d77c8c1386e91a
Faulting application path: C:\Program Files\AMD\CNext\CNext\cnext.exe
Faulting module path: unknown
Report ID: 0935a501-e880-11eb-812f-20689dde5791
Faulting package full name:
Faulting package-relative application ID:

Error: (07/19/2021 11:02:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cnext.exe, version: 10.1.1.1522, time stamp: 0x56d0b595
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process ID: 0x17d8
Faulting application start time: 0x01d77c7c055a3576
Faulting application path: C:\Program Files\AMD\CNext\CNext\cnext.exe
Faulting module path: unknown
Report ID: 0050207b-e870-11eb-812f-20689dde5791
Faulting package full name:
Faulting package-relative application ID:

Error: (07/18/2021 08:04:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6734

Error: (07/18/2021 08:04:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6734

System errors:
=============
Error: (07/21/2021 12:34:46 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Mozilla Maintenance Service service terminated with the following error:
Incorrect function.

Error: (07/21/2021 12:06:58 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel® Management and Security Application User Notification Service service did not respond on starting.

Error: (07/21/2021 12:01:56 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Administrador de configuración de dispositivos service did not respond on starting.

Error: (07/21/2021 12:00:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Mobile Partner. OUC service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (07/21/2021 12:00:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Mobile Partner. OUC service to connect.

Error: (07/21/2021 12:00:07 PM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT AUTHORITY)
Description: The system watchdog timer was triggered.

Error: (07/21/2021 12:00:18 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:18:09 on ‎21/‎07/‎2021 was unexpected.

Error: (07/19/2021 03:33:43 PM) (Source: DCOM) (EventID: 10010) (User: cash)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

==================== Memory info ===========================

BIOS: Insyde Corp. 6.10 09/24/2012
Motherboard: Intel PLCSF8
Processor: Intel® Core™ i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 60%
Total physical RAM: 4047.22 MB
Available physical RAM: 1600.12 MB
Total Virtual: 5263.22 MB
Available Virtual: 2103.46 MB

==================== Drives ================================

Drive c: (TI30982400B) (Fixed) (Total:455.7 GB) (Free:354.48 GB) NTFS

\\?\Volume{606b5995-fde3-11e1-9d90-c6ea722139c3}\ (System) (Fixed) (Total:0.44 GB) (Free:0.15 GB) NTFS
\\?\Volume{2db8cd36-e82e-488b-a335-1be4ef20498f}\ () (Fixed) (Total:0.44 GB) (Free:0.1 GB) NTFS
\\?\Volume{11bd8423-1c76-4af8-bf8a-6c057748f438}\ () (Fixed) (Total:0.34 GB) (Free:0.31 GB) NTFS
\\?\Volume{57ecd512-5b4a-40e4-9f14-b01a0ddabfde}\ (Recovery) (Fixed) (Total:8.46 GB) (Free:0.65 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 13D313D3)

Partition: GPT.

==================== End of Addition.txt =======================

#4 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 21 July 2021 - 06:14 AM

I want you to read over the below link and think about removing DriverTalent.
https://forums.malwa...comment-1276059

~~
Certain parts of your FRST log were omitted or cut off so for right now we will get started because I have lack of time.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-05-2021 <== example

==================== Registry (Whitelisted) =================== <== example

==================== Scheduled Tasks (Whitelisted) ============ <== example

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~``

Start Farbar Recovery Scan Tool with Administrator privileges
(Right click on the FRST icon and select Run as administrator)

highlight on the text below and select Copy.
beginning with Start:: and finishing with End::
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Highlight the entire content of the quote box below and select Copy.

Start::
CloseProcesses:
CreateRestorePoint:
SearchScopes: HKU\S-1-5-21-3096548613-1792463396-622639421-1001 -> DefaultScope {11F6C88A-3D38-4537-9C21-044713EE4251} URL =
SearchScopes: HKU\S-1-5-21-3096548613-1792463396-622639421-1001 -> {11F6C88A-3D38-4537-9C21-044713EE4251} URL =
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File
FirewallRules: [{E6F4A1EE-5690-4998-9D52-C9AB52AC3AE3}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{447844BA-D830-4907-B288-F80130BB0926}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{3BC49049-5129-4134-A995-EDEC9DDFF008}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{0318D7DA-F46B-4813-B51F-113A02477E7A}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe => No File
FirewallRules: [{675005CE-C805-4DF1-9CD8-F28E17E01DF7}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe => No File
FirewallRules: [{E52AA336-6A15-4DDE-A94E-398F184E6BC8}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DTLService.exe => No File
FirewallRules: [{F7686C36-922B-4850-B149-C8355A362402}] => (Allow) C:\Users\user\AppData\Roaming\Zoom\bin\airhost.exe => No File
EmptyTemp:
C:\Windows\Temp\*.*
End::

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Start FRST (FRST64) with Administrator privileges
Press the Fix button. FRST will process the lines copied above from the clipboard.
When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Run Malwarebytes Anti-Malware

You may have Malwarebytes Anti-Malware installed but if not, you can download it from here:

run the program
click on the ‘Dashboard’ to make sure everything is up to date, (it is not necessary to upgrade to the premium version of MBAM)
click on the ‘Scan’ tab, (directly below the Dashboard tab)
select the Threat Scan option
slick the Scan Now button
Threat Scan will begin
when the scan has completed and if malware was found, click the Quarantine Selected button to allow MBAM to quarantine what was found
if prompted to restart the computer, close all other programs and click Yes to restart your computer
once you are back at your desktop, open MBAM once more
click on the ‘Reports’ tab
double-click on the most recent Scan Report
click on Export, then Copy to Clipboard

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.
you can download AdwCleaner here: https://malwarebytes.com/adwcleaner

run AdwCleaner by clicking on Scan Now
when it has finished, leave everything that was found checked, (ticked), then click on Clean and Repair
if it asks to reboot, allow the reboot
on reboot, click on View Log File; please attach the content of the log to your next reply.

============================================

Please post these 3 logs when finished.

#5 jensaxel

Authentic Member

Authentic Member
179 posts

Posted 22 July 2021 - 03:42 AM

What I posted from FARBAR was the files, as they came out. They do go from Start to End in both files - I don't know..

Here are the logfiles:

Fixlog.txt:

Fix result of Farbar Recovery Scan Tool (x64) Version: 19-07-2021 01
Ran by user (21-07-2021 21:52:53) Run:2
Running from C:\Users\user\Desktop
Loaded Profiles: user
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
SearchScopes: HKU\S-1-5-21-3096548613-1792463396-622639421-1001 -> DefaultScope {11F6C88A-3D38-4537-9C21-044713EE4251} URL =
SearchScopes: HKU\S-1-5-21-3096548613-1792463396-622639421-1001 -> {11F6C88A-3D38-4537-9C21-044713EE4251} URL =
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File
FirewallRules: [{E6F4A1EE-5690-4998-9D52-C9AB52AC3AE3}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{447844BA-D830-4907-B288-F80130BB0926}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{3BC49049-5129-4134-A995-EDEC9DDFF008}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{0318D7DA-F46B-4813-B51F-113A02477E7A}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe => No File
FirewallRules: [{675005CE-C805-4DF1-9CD8-F28E17E01DF7}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe => No File
FirewallRules: [{E52AA336-6A15-4DDE-A94E-398F184E6BC8}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DTLService.exe => No File
FirewallRules: [{F7686C36-922B-4850-B149-C8355A362402}] => (Allow) C:\Users\user\AppData\Roaming\Zoom\bin\airhost.exe => No File
EmptyTemp:
C:\Windows\Temp\*.*

*****************

Processes closed successfully.
Restore point was successfully created.
"HKU\S-1-5-21-3096548613-1792463396-622639421-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => not found
HKU\S-1-5-21-3096548613-1792463396-622639421-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{11F6C88A-3D38-4537-9C21-044713EE4251} => not found
HKLM\Software\Classes\PROTOCOLS\Filter\application/x-mfe-ipt => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E6F4A1EE-5690-4998-9D52-C9AB52AC3AE3}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{447844BA-D830-4907-B288-F80130BB0926}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3BC49049-5129-4134-A995-EDEC9DDFF008}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0318D7DA-F46B-4813-B51F-113A02477E7A}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{675005CE-C805-4DF1-9CD8-F28E17E01DF7}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E52AA336-6A15-4DDE-A94E-398F184E6BC8}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F7686C36-922B-4850-B149-C8355A362402}" => not found

=========== "C:\Windows\Temp\*.*" ==========

not found

========= End -> "C:\Windows\Temp\*.*" ========

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 3159160 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 37703184 B
Edge => 0 B
Firefox => 158077644 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 4106623 B
systemprofile32 => 4106751 B
LocalService => 5654963 B
NetworkService => 5654963 B
user => 385957951 B

RecycleBin => 361494001 B
EmptyTemp: => 929.2 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 21:55:27 ====

Malwarebytes:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 22/07/2021
Scan Time: 10:54
Log File: 6959c1c4-eaca-11eb-ab87-00ff4d531e49.json

-Software Information-
Version: 3.8.3.2965
Components Version: 1.0.613
Update Package Version: 1.0.22138
Licence: Trial

-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: cash\user

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 251985
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 5 min, 7 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

(end)

Malwarebytes:

# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build:    06-29-2021
# Database: 2021-06-29.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    07-22-2021
# Duration: 00:00:23
# OS:       Windows 8.1
# Cleaned: 33
# Failed:   0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\Program Files (x86)\OSTotoSoft
Deleted       C:\ProgramData\DRIVERTALENT
Deleted       C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DRIVER TALENT
Deleted       C:\Users\user\AppData\Roaming\DRIVERTALENT

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\OSTotoSoft
Deleted       HKLM\Software\Wow6432Node\OSTotoSoft
Deleted       HKLM\Software\Wow6432Node\\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|DRIVERTALENT.EXE

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted       Preinstalled.HPCleanFLC   File   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
Deleted       Preinstalled.TOSHIBADesktopAssist   Folder   C:\Program Files\TOSHIBA\TOSHIBA DESKTOP ASSIST
Deleted       Preinstalled.TOSHIBADesktopAssist   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{95CCACF0-010D-45F0-82BF-858643D8BC02}
Deleted       Preinstalled.TOSHIBAPCHealthMonitor   Folder   C:\Program Files\TOSHIBA\TPHM
Deleted       Preinstalled.TOSHIBAPCHealthMonitor   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|TosWaitSrv
Deleted       Preinstalled.TOSHIBAPCHealthMonitor   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Run|TosWaitSrv
Deleted       Preinstalled.TOSHIBAPCHealthMonitor   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}
Deleted       Preinstalled.TOSHIBAPasswordUtility   Folder   C:\Program Files (x86)\TOSHIBA\PASSWORD UTILITY
Deleted       Preinstalled.TOSHIBAPasswordUtility   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|TPUReg
Deleted       Preinstalled.TOSHIBAPasswordUtility   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|TPUReg
Deleted       Preinstalled.TOSHIBAPasswordUtility   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{6D35FF17-A8B3-43D3-917E-5A1F2C3FB628}
Deleted       Preinstalled.TOSHIBAPasswordUtility   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{6D35FF17-A8B3-43D3-917E-5A1F2C3FB628}
Deleted       Preinstalled.TOSHIBASystemSettings   Folder   C:\Program Files (x86)\TOSHIBA\SYSTEM SETTING
Deleted       Preinstalled.TOSHIBASystemSettings   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|TCrdMain
Deleted       Preinstalled.TOSHIBASystemSettings   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|TODDMain
Deleted       Preinstalled.TOSHIBASystemSettings   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|TSleepSrv
Deleted       Preinstalled.TOSHIBASystemSettings   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Run|TCrdMain
Deleted       Preinstalled.TOSHIBASystemSettings   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Run|TODDMain
Deleted       Preinstalled.TOSHIBASystemSettings   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Run|TSleepSrv
Deleted       Preinstalled.TOSHIBASystemSettings   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{05A55927-DB9B-4E26-BA44-828EBFF829F0}
Deleted       Preinstalled.TOSHIBATEMPRO   Folder   C:\Program Files (x86)\TOSHIBA TEMPRO
Deleted       Preinstalled.TOSHIBATEMPRO   Registry   HKLM\Software\Classes\CLSID\{F1999956-6CC2-4912-990F-F3E26C88D250}
Deleted       Preinstalled.TOSHIBATEMPRO   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{F76F5214-83A8-4030-80C9-1EF57391D72A}
Deleted       Preinstalled.TOSHIBAUtilities   Folder   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\UTILITIES
Deleted       Preinstalled.ToshibaWildTangentGamesBundle   Folder   C:\Program Files (x86)\TOSHIBA GAMES
Deleted       Preinstalled.ToshibaWildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGameProvider-toshiba-genres

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [5103 octets] - [22/07/2021 11:22:44]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

#6 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 22 July 2021 - 05:47 AM

Please download Emsisoft Emergency Kit and save it to your desktop.

Double-click on EmsisoftEmergencyKit.exe to install and create a shortcut on the desktop.
Leave all settings as they are and click Accept & Extract. A folder named EEK will be created in the root of the drive (usually C:\) as shown here.
After extraction an Emsisoft Emergency Kit window will open. Under "Run Directly:" click Emergency Kit Scanner.

.
When asked to run an online update, click Yes.

.
When the update is finished, click the Back to Security Status link in the left corner.
On the main screen click the Scan PC button.
Select Smart Scan, then click the Scan button.
When the scan is finished, click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.

.
Click the View Report button and in the Reports window double-click on the most recent log. Logs are named as follows: a2scan_Date-Time.txt (YYMODY) and saved to C:\EEK\bin\Reports\.
Alternatively you can click Export and save the log to your Desktop, then open by double-clicking on it.
Copy and paste the contents of that logfile in your next reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I think Avast antivirus is interfering with Farbar tools running so we can attempt to work through that.

Locate Farbar Recovery Scan Tool right click on that and select delete

We're going to attempt a new download and temporarily disable Avast to let it run.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
AVAST
Right-click on the avast! icon in system tray.
Select avast! shields control and there will be options to disable avast for 10 minutes, 1 hour, until the computer is restarted or permanently.
Remember to activate it again after you download a new version of Farbar Recovery Tool and have scanned for 2 new logs.

If Windows Defender jumps in there to block it click on allow.

Farbar Recovery Scan Tool (FRST) Scan

Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
Right-Click FRST.exe / FRST64.exe and select Run as administrator to run the programme.
Click Yes to the disclaimer.
Ensure the Addition.txt box is checked.
Click the Scan button and let the programme run.
Upon completion, click OK, then OK on the Addition.txt pop up screen.
Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.
(Scan times will vary from one system to another. Sometimes the scan may appear to hang and you may even see a message that says, Program not responding. Most likely that will be temporary and the scan will resume on its own. It is not unusual for a complete scan to take up to10 minutes or even longer depending on what the scan is finding.)

Also tell me how the computer is at the moment.

#7 jensaxel

Authentic Member

Authentic Member
179 posts

Posted 22 July 2021 - 07:59 AM

Hi

I couldn't find disable like you described it. What I did was enable passive mode.. Seems like some parts are still missing.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-07-2021 01
Ran by user (administrator) on CASH (TOSHIBA SATELLITE L850-1MP) (22-07-2021 15:46:01)
Running from C:\Users\user\Downloads
Loaded Profiles: user
Platform: Windows 8.1 (Update) (X64) Language: Spanish (Spain, International Sort) -> English (United Kingdom)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe <2>
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe <4>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\SecureLine VPN\Vpn.exe <4>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\SecureLine VPN\VpnSvc.exe
(Avast Software s.r.o. -> The OpenVPN Project) C:\Program Files\AVAST Software\SecureLine VPN\OpenVPN\openvpn.exe
(Dynabook Inc. -> Toshiba Client Solutions Co., Ltd.) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Huawei Technologies Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(HUAWEI Technologies Co., Ltd. -> ) C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel® Upgrade Service -> Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.19991_none_fa0fb7959b4c8c91\TiWorker.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <7>
(Nero AG -> Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(SRS Labs, Inc. -> SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Toshiba Client Solutions Co.,Ltd. -> Toshiba Client Solutions Co., Ltd.) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Toshiba) [File not signed] C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13261456 2012-12-10] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-07-27] (SRS Labs, Inc. -> SRS Labs, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [123672 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-14] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4926664 2016-02-26] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ToshibaDynamicIconUtility] => C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [1498624 2012-08-09] (Toshiba) [File not signed]
HKLM-x32\...\Run: [TPUReg(x86)] => "C:\Program Files\TOSHIBA\Password Utility\TosPU.exe" /Retimes
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-08-02] (Intel® Services Manager -> Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767688 2015-11-18] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKU\S-1-5-21-3096548613-1792463396-622639421-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [91016584 2021-01-15] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-3096548613-1792463396-622639421-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35062912 2021-07-16] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-3096548613-1792463396-622639421-1001\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe [5550304 2021-06-27] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-3096548613-1792463396-622639421-1001\...\MountPoints2: D - "D:\SetupVMB.exe"
HKU\S-1-5-21-3096548613-1792463396-622639421-1001\...\MountPoints2: {28ac443b-d51f-11e8-be79-20689dde5791} - "D:\INSTALL_ADB_RNDIS\install.exe"
HKU\S-1-5-21-3096548613-1792463396-622639421-1001\...\MountPoints2: {4dc8fd87-36a9-11e9-be88-20689dde5791} - "D:\INSTALL_ADB_RNDIS\install.exe"
HKU\S-1-5-21-3096548613-1792463396-622639421-1001\...\MountPoints2: {7234bd49-5417-11eb-bf3a-20689dde5791} - "D:\SetupVMB.exe"
HKU\S-1-5-21-3096548613-1792463396-622639421-1001\...\MountPoints2: {9bb6d9f5-fe44-11e8-be80-20689dde5791} - "D:\AutoRun.exe"
HKU\S-1-5-21-3096548613-1792463396-622639421-1001\...\MountPoints2: {9bb6da55-fe44-11e8-be80-20689dde5791} - "D:\AutoRun.exe"
HKU\S-1-5-21-3096548613-1792463396-622639421-1001\...\MountPoints2: {9bb6db6f-fe44-11e8-be80-20689dde5791} - "D:\AutoRun.exe"
HKU\S-1-5-21-3096548613-1792463396-622639421-1001\...\MountPoints2: {9e69da68-9a19-11eb-8050-806e6f6e6963} - "D:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3096548613-1792463396-622639421-1001\...\MountPoints2: {f1b68522-c733-11e9-be96-20689dde5791} - "D:\INSTALL_ADB_RNDIS\install.exe"
HKU\S-1-5-21-3096548613-1792463396-622639421-1001\...\MountPoints2: {fb9554ae-8d57-11ea-bec0-20689dde5791} - "D:\HiSuiteDownLoader.exe"
HKLM\...\Print\Monitors\HP E311 Status Monitor: C:\WINDOWS\system32\hpinkstsE311LM.dll [392200 2019-03-15] (HP Inc -> HP Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast SecureLine VPN.lnk [2021-07-08]
ShortcutTarget: Avast SecureLine VPN.lnk -> C:\Program Files\AVAST Software\SecureLine VPN\Vpn.exe (Avast Software s.r.o. -> AVAST Software)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0AD891A7-CA46-48A1-A111-CC7EA872C5F1} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\DADUpdater.exe
Task: {24D77932-104A-4139-ACB0-B36870DD1464} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [10219208 2016-02-26] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {38D7D090-AF57-4351-87AD-B19CA27163FA} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4f47-879B-29A80C355D61}
Task: {410335D0-A642-4490-9CBE-7ED9ECAD8C99} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-07-16] (Piriform Software Ltd -> Piriform)
Task: {48405723-F55C-43D3-95A2-D0AAB298763A} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
Task: {530ED39C-1CFB-4E2E-885A-6748545F9836} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {577C5994-F0F7-4917-B18E-5F97C95B8B3B} - System32\Tasks\Avast SecureLine VPN Update => C:\Program Files\Avast Software\SecureLine VPN\VpnUpdate.exe [1199384 2021-07-07] (Avast Software s.r.o. -> AVAST Software)
Task: {70E582D5-9145-4FA9-B396-75BA09DF45CC} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1790184 2021-04-29] (Avast Software s.r.o. -> Avast Software)
Task: {76CE2FDE-B36C-4FB4-B597-54719FC45256} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {791B938B-9F9B-41C2-97F0-E3B89CCE2F72} - System32\Tasks\NCH Software\ExpressZipSevenDays => C:\Program Files (x86)\NCH Software\ExpressZip\ExpressZip.exe
Task: {7971E0A9-E52F-4EDE-8E38-DA97276C9E05} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [697744 2019-07-25] (Dynabook Inc. -> Toshiba Client Solutions Co., Ltd.)
Task: {852B9459-9F99-4054-B313-591A069CED2D} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe
Task: {9B5BDD76-725E-410C-8107-34A9F64814BE} - System32\Tasks\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [697744 2019-07-25] (Dynabook Inc. -> Toshiba Client Solutions Co., Ltd.)
Task: {9F987563-C5F7-4732-88FA-A90FECD22718} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\Adobe Acrobat Update Task" /ENABLE
Task: {9F987563-C5F7-4732-88FA-A90FECD22718} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\AMD Updater" /ENABLE
Task: {9F987563-C5F7-4732-88FA-A90FECD22718} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\CCleaner Update" /ENABLE
Task: {9F987563-C5F7-4732-88FA-A90FECD22718} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\CCleanerSkipUAC" /ENABLE
Task: {9F987563-C5F7-4732-88FA-A90FECD22718} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore" /ENABLE
Task: {9F987563-C5F7-4732-88FA-A90FECD22718} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA" /ENABLE
Task: {9F987563-C5F7-4732-88FA-A90FECD22718} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineCore" /ENABLE
Task: {9F987563-C5F7-4732-88FA-A90FECD22718} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(8): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineUA" /ENABLE
Task: {9F987563-C5F7-4732-88FA-A90FECD22718} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(9): schtasks.exe -> /Change /TN "\Optimize Start Menu Cache Files-S-1-5-21-3096548613-1792463396-622639421-500" /ENABLE
Task: {9F987563-C5F7-4732-88FA-A90FECD22718} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(10): schtasks.exe -> /Change /TN "\Service Station" /ENABLE
Task: {9F987563-C5F7-4732-88FA-A90FECD22718} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(11): schtasks.exe -> /Change /TN "\User_Feed_Synchronization-{474AA12F-9F71-4F77-8AFE-47190BD7ED8D}" /ENABLE
Task: {9F987563-C5F7-4732-88FA-A90FECD22718} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(12): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
Task: {AE1ABAFE-A668-466A-A247-F98E2536C134} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [4903192 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
Task: {B6D4CBEE-12E5-4CF4-8FB3-85A74BB101C9} - System32\Tasks\Avast Software\Avast SecureLine VPN Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-vpn\icarus.exe [6098200 2021-07-02] (Avast Software s.r.o. -> Avast Software)
Task: {B9C468A9-C420-41D4-92FC-148567F5DFDA} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [682424 2021-07-21] (Mozilla Corporation -> Mozilla Foundation)
Task: {C208BA4B-0975-4FEA-BC54-304B587FB900} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDfE067B1}
Task: {C35760E2-ECE9-46AD-8EEA-1EE063D277FC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [29136000 2021-07-16] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {C76C110B-09D0-4B2F-88B7-EB454014B5DF} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {E4CC410C-9E3B-4D32-A23D-B8CCDA923EBA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {F2647E32-FCF9-4510-95CD-DB21A7837878} - System32\Tasks\Avast Software\Avast SecureLine VPN Bug Report => C:\Program Files\Avast Software\SecureLine VPN\AvBugReport.exe [4755224 2021-07-07] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 11 --programpath "C:\Program Files\Avast Software\SecureLine VPN" --configpath "C:\ProgramData\Avast Software\SecureLine VPN" --path "C:\ProgramData\Avast Software\SecureLine VPN\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --guid bb8f92ff-a334-4dd1-bf2d-3cb9d177299e
Task: {F27F4D82-BFF7-48BE-A4CB-770761A8D1DB} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
"C:\Windows\System32\Tasks\McAfee\McAfee Idle Detection Task" was unlocked. <==== ATTENTION
Task: {F75A67FE-796E-449B-80CA-363F2DAE9968} - System32\Tasks\McAfee\McAfee Idle Detection Task => {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5}

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\..\Interfaces\{18E4DFDC-04A3-4E40-907E-EDD714196A29}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{4D531E49-F340-40EE-B258-49D80CA3493B}: [NameServer] 100.120.80.1
Tcpip\..\Interfaces\{863AF362-1F5D-4050-AEAE-4C0F18139CCE}: [DhcpNameServer] 192.168.100.1

Edge:
=======
Edge Profile: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default [2021-03-26]

FireFox:
========
FF DefaultProfile: 32ja86do.default
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\32ja86do.default [2021-07-22]
FF Homepage: Mozilla\Firefox\Profiles\32ja86do.default -> hxxps://www.google.com
FF Notifications: Mozilla\Firefox\Profiles\32ja86do.default -> hxxps://www.facebook.com
FF Extension: (Facebook Container) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\32ja86do.default\Extensions\@contain-facebook.xpi [2021-05-07]
FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\32ja86do.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2021-07-10]
FF Extension: (Avast Online Security) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\32ja86do.default\Extensions\wrc@avast.com.xpi [2020-04-17] [UpdateUrl:hxxps://firefoxext.avcdn.net/firefoxext/avast/aos/update.json]
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-07-24] (Nero AG -> Nero AG)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-06-27] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3096548613-1792463396-622639421-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\user\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-04-29] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2020-03-27] (Apple Inc. -> Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [8249936 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [625432 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R3 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [1381656 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe [373528 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [56912 2021-05-31] (Avast Software s.r.o. -> AVAST Software)
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [190784 2019-12-27] (Huawei Technologies Co., Ltd. -> ) [File not signed]
S2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] (HUAWEI Technologies Co., Ltd. -> )
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [655712 2011-12-23] (HUAWEI Technologies Co., Ltd. -> )
R2 SecureLine; C:\Program Files\Avast Software\SecureLine VPN\VpnSvc.exe [8700696 2021-07-07] (Avast Software s.r.o. -> AVAST Software)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2018-10-28] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [112144 2021-05-18] (Microsoft Corporation -> Microsoft Corporation)
S2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [X]
S3 TemproMonitoringService; "C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe" [X]
S3 TPCHSrv; "C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [23240 2015-08-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [216928 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R3 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [366616 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R3 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [250392 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R3 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [99352 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R3 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [41352 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [182600 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R3 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [524400 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R3 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [107848 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [82912 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R3 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [851192 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [471920 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R3 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [215384 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R3 aswTap; C:\WINDOWS\system32\DRIVERS\aswTap.sys [53904 2018-09-05] (AVAST Software s.r.o. -> The OpenVPN Project)
R3 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [327536 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R3 athr; C:\WINDOWS\system32\DRIVERS\athwbx.sys [3858944 2013-10-24] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros Communications, Inc.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2021-07-22] (Malwarebytes Corporation -> Malwarebytes)
S3 ew_hwusbdev; C:\WINDOWS\system32\DRIVERS\ew_hwusbdev.sys [117248 2010-07-27] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18944 2019-12-27] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 ew_usbenumfilter; C:\WINDOWS\System32\drivers\ew_usbenumfilter.sys [13952 2010-03-20] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 huawei_cdcacm; C:\WINDOWS\system32\DRIVERS\ew_jucdcacm.sys [98304 2012-02-03] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R3 huawei_enumerator; C:\WINDOWS\System32\drivers\ew_jubusenum.sys [87040 2012-02-03] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\WINDOWS\System32\drivers\ew_juextctrl.sys [28672 2012-02-03] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 huawei_wwanecm; C:\WINDOWS\system32\DRIVERS\ew_juwwanecm.sys [229376 2012-02-03] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2019-12-27] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2021-07-22] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [224408 2021-07-22] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2021-07-22] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2021-07-22] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [116832 2021-07-22] (Malwarebytes Corporation -> Malwarebytes)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166760 2020-04-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [32624 2013-08-19] (TOSHIBA CORPORATION -> Windows ® Win 7 DDK provider)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2018-10-28] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2018-10-28] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2018-10-28] (Microsoft Windows -> Microsoft Corporation)
U3 aswbdisk; no ImagePath
S2 PEGAGFN; \??\C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-07-22 15:46 - 2021-07-22 15:47 - 000027242 _____ C:\Users\user\Downloads\FRST.txt
2021-07-22 15:44 - 2021-07-22 15:47 - 000000000 ____D C:\FRST
2021-07-22 15:44 - 2021-07-22 15:44 - 002300416 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2021-07-22 15:34 - 2021-07-22 15:35 - 000000000 ____D C:\Users\user\Desktop\EEK
2021-07-22 15:17 - 2021-07-22 15:17 - 000000000 ____D C:\ProgramData\Emsisoft
2021-07-22 15:13 - 2021-07-22 15:34 - 000000000 ____D C:\EEK
2021-07-22 14:38 - 2021-07-22 15:11 - 300881336 _____ C:\Users\user\Downloads\EmsisoftEmergencyKit.exe
2021-07-22 11:51 - 2021-07-22 11:51 - 000224408 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-07-22 11:51 - 2021-07-22 11:51 - 000116832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-07-22 11:51 - 2021-07-22 11:51 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-07-22 11:49 - 2021-07-22 11:49 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-07-22 11:31 - 2021-07-22 11:31 - 000000000 ____D C:\Users\user\Desktop\AdwCleaner
2021-07-22 11:22 - 2021-07-22 11:26 - 000000000 ____D C:\AdwCleaner
2021-07-22 11:21 - 2021-07-22 11:21 - 008553680 _____ (Malwarebytes) C:\Users\user\Downloads\adwcleaner_8.3.0.exe
2021-07-22 11:20 - 2021-07-22 11:21 - 000000000 ____D C:\Users\user\Desktop\Malwarebytes
2021-07-22 11:16 - 2021-07-22 11:16 - 000199768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-07-22 10:53 - 2021-07-22 10:53 - 000000000 ____D C:\Users\user\AppData\Local\mbam
2021-07-22 10:52 - 2021-07-22 10:52 - 000000000 ____D C:\Users\user\AppData\Local\mbamtray
2021-07-22 10:49 - 2021-07-22 11:16 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-07-22 10:49 - 2021-07-22 10:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2021-07-22 10:49 - 2021-07-22 10:49 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-07-22 10:49 - 2021-07-22 10:49 - 000000000 ____D C:\Program Files\Malwarebytes
2021-07-22 10:46 - 2021-07-22 10:47 - 064333800 _____ (Malwarebytes ) C:\Users\user\Downloads\mb3-setup-1878.1878-3.8.3.2965.exe
2021-07-21 22:08 - 2021-07-22 14:40 - 000000000 ____D C:\Users\user\Desktop\FRST64
2021-07-21 21:41 - 2021-07-21 21:41 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-07-21 13:29 - 2021-07-21 21:59 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-07-09 10:58 - 2021-07-09 10:58 - 000000000 ____D C:\Users\user\Documents\Jessica
2021-07-04 13:09 - 2021-07-04 13:09 - 000388608 _____ (Trend Micro Inc.) C:\Users\user\Downloads\HijackThis(2).exe
2021-06-30 22:52 - 2021-06-30 22:52 - 000216654 _____ C:\Users\user\Documents\Multa trafico june 21.odt
2021-06-29 11:11 - 2021-06-29 11:11 - 000339736 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2021-06-29 11:11 - 2021-06-29 11:11 - 000215384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2021-06-29 10:32 - 2021-06-29 10:32 - 000437413 _____ C:\Users\user\Downloads\boarding-pass(1).pdf
2021-06-25 13:16 - 2021-06-25 10:28 - 000057127 _____ C:\Users\user\Documents\ATP blanket.pdf
2021-06-24 13:34 - 2021-06-24 13:34 - 000001254 _____ C:\Users\Public\Desktop\Ashampoo ZIP Free.lnk
2021-06-24 13:34 - 2021-06-24 13:34 - 000000000 ____D C:\WINDOWS\SysWOW64\Skins
2021-06-24 13:34 - 2021-06-24 13:34 - 000000000 ____D C:\WINDOWS\SysWOW64\Sfxs
2021-06-24 13:34 - 2021-06-24 13:34 - 000000000 ____D C:\WINDOWS\SysWOW64\lang
2021-06-24 13:34 - 2021-06-24 13:34 - 000000000 ____D C:\WINDOWS\SysWOW64\Icons
2021-06-24 13:34 - 2021-06-24 13:34 - 000000000 ____D C:\WINDOWS\SysWOW64\HELP
2021-06-24 13:34 - 2021-06-24 13:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2021-06-24 13:34 - 2021-06-24 13:34 - 000000000 ____D C:\ProgramData\Ashampoo
2021-06-24 13:34 - 2021-06-24 13:34 - 000000000 ____D C:\Program Files (x86)\Ashampoo
2021-06-24 13:29 - 2021-06-24 13:29 - 025913688 _____ (Ashampoo GmbH & Co. KG ) C:\Users\user\Downloads\ashampoo_zip_free_18811.exe
2021-06-23 09:33 - 2021-06-23 09:33 - 000000000 ____D C:\Users\user\Documents\Santander
2021-06-23 09:33 - 2021-03-08 14:24 - 000261303 _____ C:\Users\user\Documents\Keyboard.odt
2021-06-23 09:33 - 2021-03-08 14:13 - 000074293 _____ C:\Users\user\Documents\Pianos_keyboard_with_notes.svg

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-07-22 14:40 - 2019-01-29 11:19 - 000000000 ____D C:\Users\user\AppData\Local\CrashDumps
2021-07-22 14:36 - 2019-01-30 13:26 - 000000000 ____D C:\ProgramData\Mozilla
2021-07-22 14:35 - 2019-11-26 17:04 - 000000000 ____D C:\Program Files\CCleaner
2021-07-22 14:35 - 2018-10-14 20:36 - 000000000 ____D C:\Users\user\AppData\LocalLow\Mozilla
2021-07-22 12:41 - 2018-06-05 15:23 - 000003598 _____ C:\WINDOWS\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3096548613-1792463396-622639421-1001
2021-07-22 12:22 - 2019-03-19 17:19 - 000016537 _____ C:\Users\user\Documents\Ord.ods
2021-07-22 11:52 - 2019-05-27 17:04 - 000004168 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2021-07-22 11:49 - 2018-11-23 15:06 - 000000000 ____D C:\ProgramData\AVAST Software
2021-07-22 11:48 - 2021-04-08 17:36 - 000003938 _____ C:\WINDOWS\system32\Tasks\Avast SecureLine VPN Update
2021-07-22 11:48 - 2013-08-22 16:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-07-22 11:26 - 2012-08-28 02:15 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
2021-07-22 11:26 - 2012-08-28 02:15 - 000000000 ____D C:\Program Files\TOSHIBA
2021-07-22 11:26 - 2012-08-28 02:15 - 000000000 ____D C:\Program Files (x86)\TOSHIBA
2021-07-22 11:21 - 2019-11-26 17:04 - 000003870 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-07-21 23:06 - 2013-08-22 15:36 - 000000000 ____D C:\WINDOWS\Inf
2021-07-21 21:59 - 2018-10-14 20:36 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-07-21 21:56 - 2013-08-22 15:25 - 000262144 ___SH C:\WINDOWS\system32\config\BBI
2021-07-21 21:54 - 2020-02-13 15:17 - 000000000 ____D C:\Users\user\AppData\LocalLow\Temp
2021-07-21 21:41 - 2018-10-14 20:36 - 000000947 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-07-21 12:48 - 2018-11-23 20:20 - 000000000 ____D C:\Program Files (x86)\Google
2021-07-21 11:51 - 2018-11-23 15:12 - 000000000 ____D C:\Users\user\AppData\Local\AVAST Software
2021-07-19 13:58 - 2020-08-02 22:25 - 000020794 _____ C:\Users\user\Documents\A.odt
2021-07-18 15:54 - 2013-08-22 17:36 - 000000000 ____D C:\WINDOWS\rescache
2021-07-14 13:02 - 2019-04-15 12:30 - 001515008 ___SH C:\Users\user\Desktop\Thumbs.db
2021-07-14 12:58 - 2013-08-22 16:44 - 000362968 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-07-14 12:49 - 2013-08-22 17:36 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-07-14 12:32 - 2012-07-26 09:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-07-14 12:26 - 2018-10-19 13:51 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-07-14 12:20 - 2018-10-19 13:50 - 133422552 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-07-14 10:46 - 2018-12-17 11:05 - 000002050 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-07-10 12:12 - 2014-11-21 04:13 - 001822472 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-07-10 12:12 - 2014-11-21 03:24 - 000805262 _____ C:\WINDOWS\system32\perfh00A.dat
2021-07-10 12:12 - 2014-11-21 03:24 - 000164164 _____ C:\WINDOWS\system32\perfc00A.dat
2021-07-09 10:59 - 2013-08-22 17:36 - 000000000 ___RD C:\WINDOWS\ToastData
2021-07-04 13:08 - 2018-12-01 16:01 - 000000000 ____D C:\Users\user\Documents\MuseScore2
2021-07-04 13:01 - 2018-12-10 10:48 - 000198656 ___SH C:\Users\user\Documents\Thumbs.db
2021-07-02 11:12 - 2020-12-10 12:47 - 000036120 _____ (Avast Software) C:\WINDOWS\system32\icarus_rvrt.exe
2021-06-29 11:11 - 2020-10-22 10:07 - 000182600 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2021-06-29 11:11 - 2020-04-15 10:01 - 000524400 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys
2021-06-29 11:11 - 2019-01-14 21:53 - 000366616 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2021-06-29 11:11 - 2019-01-10 18:05 - 000250392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2021-06-29 11:11 - 2019-01-10 18:05 - 000099352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2021-06-29 11:11 - 2018-11-23 15:10 - 000851192 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2021-06-29 11:11 - 2018-11-23 15:10 - 000471920 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2021-06-29 11:11 - 2018-11-23 15:10 - 000327536 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2021-06-29 11:11 - 2018-11-23 15:10 - 000216928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2021-06-29 11:11 - 2018-11-23 15:10 - 000107848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2021-06-29 11:11 - 2018-11-23 15:10 - 000082912 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2021-06-29 11:11 - 2018-11-23 15:10 - 000041352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2021-06-25 15:03 - 2020-06-27 16:01 - 000000000 ____D C:\Users\user\AppData\Roaming\Spotify
2021-06-25 13:25 - 2020-04-29 16:03 - 000000000 ____D C:\Users\user\AppData\Local\Spotify
2021-06-24 15:47 - 2018-10-31 23:54 - 000000000 ____D C:\Program Files (x86)\NCH Software
2021-06-24 13:30 - 2018-10-31 23:54 - 000000000 ____D C:\ProgramData\NCH Software
2021-06-24 13:25 - 2018-10-31 23:54 - 000000000 ____D C:\WINDOWS\system32\Tasks\NCH Software

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

LastRegBack: 2021-07-22 12:41
==================== End of FRST.txt ========================

Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-07-2021 01
Ran by user (22-07-2021 15:48:27)
Running from C:\Users\user\Downloads
Windows 8.1 (Update) (X64) (2018-10-28 17:37:18)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrador (S-1-5-21-3096548613-1792463396-622639421-500 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-3096548613-1792463396-622639421-1005 - Limited - Enabled)
Invitado (S-1-5-21-3096548613-1792463396-622639421-501 - Limited - Disabled)
user (S-1-5-21-3096548613-1792463396-622639421-1001 - Administrator - Enabled) => C:\Users\user

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {5078598A-1FA2-C888-AA5F-A9C66537DB12}
FW: Avast Antivirus (Enabled) {D322394B-73F7-C65E-BBB0-3B81E063D6D4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.005.20058 - Adobe Systems Incorporated)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{6CF0CAEE-54B6-4D84-A055-3AF110F189D3}) (Version: 8.4 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{8B127943-89E7-4691-A7A4-D05807920A84}) (Version: 8.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A394C41-FBA7-4930-85FC-3A973B34E6C6}) (Version: 13.5.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Ashampoo ZIP Free (HKLM-x32\...\{0A11EA01-5173-F4C2-0973-35C932D5C674}_is1) (Version: 1.0.7 - Ashampoo GmbH & Co. KG)
Atheros Bluetooth Filter Driver Package (HKLM\...\{026B819B-4D60-4C8B-892D-33A0D8666F60}) (Version: 2.0.0.3 - Nombre de su organización)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
Avast Premium Security (HKLM-x32\...\Avast Antivirus) (Version: 21.5.2470 - Avast Software)
Avast SecureLine VPN (HKLM\...\Avast SecureLine) (Version: 5.12.5611.2566 - Avast Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.83 - Piriform)
Core Temp 1.17.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.17.1 - ALCPU)
Express Rip CD Ripper Software (HKLM-x32\...\ExpressRip) (Version: 3.00 - NCH Software)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.13 - Google LLC) Hidden
HiSuite (HKLM-x32\...\Hi Suite) (Version: 10.0.1.100 - )
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33268) (Version: 3.6.1.33268.15 - Intel)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
IrfanView 4.57 (64-bit) (HKLM\...\IrfanView64) (Version: 4.57 - Irfan Skiljan)
Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 88.0.705.81 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office Language Interface Pack 2010 - Català (HKLM-x32\...\{95140000-00FF-0403-0000-0000000FF1CE}) (Version: 14.0.4763.1020 - Microsoft Corporation)
Microsoft Office Language Interface Pack 2010 - Euskara (HKLM-x32\...\{95140000-00FF-042D-0000-0000000FF1CE}) (Version: 14.0.4763.1028 - Microsoft Corporation)
Microsoft Office Language Interface Pack 2010 - Galego (HKLM-x32\...\{95140000-00FF-0456-0000-0000000FF1CE}) (Version: 14.0.4763.1028 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 23.007.09.02.26 - Huawei Technologies Co.,Ltd)
Mozilla Firefox (x64 en-GB) (HKLM\...\Mozilla Firefox 90.0.1 (x64 en-GB)) (Version: 90.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 62.0.3 - Mozilla)
MuseScore 2 (HKLM-x32\...\{7D01160E-D30F-4E88-8872-4A0A0A782E2E}) (Version: 2.3.2 - Werner Schweer and Others)
MuseScore 3 (HKLM\...\{3316B71D-89FC-4EB1-95CA-8111C38A3182}) (Version: 3.2.3.7635 - Werner Schweer and Others)
Nero 12 Essentials Toshiba (HKLM-x32\...\{BA8958DC-ADD7-41E5-8436-5883C7E871C7}) (Version: 12.0.00400 - Nero AG)
OpenOffice 4.1.6 (HKLM-x32\...\{16E4FF6B-31E8-4037-B627-D87CF872E32B}) (Version: 4.16.9790 - Apache Software Foundation)
Premium Sound HD (HKLM\...\{94F03B8E-CB73-4653-AFE9-79112C01FED2}) (Version: 1.12.4600 - SRS Labs, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6794 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Signal 1.39.6 (HKU\S-1-5-21-3096548613-1792463396-622639421-1001\...\7d96caee-06e6-597c-9f2f-c7bb2e0948b4) (Version: 1.39.6 - Open Whisper Systems)
Skype version 8.68 (HKLM-x32\...\Skype_is1) (Version: 8.68 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3096548613-1792463396-622639421-1001\...\Spotify) (Version: 1.1.61.583.gad060c66 - Spotify AB)
Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 7.45 - NCH Software)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.3 - Synaptics Incorporated)
Telegram Desktop version 2.7.1 (HKU\S-1-5-21-3096548613-1792463396-622639421-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 2.7.1 - Telegram FZ-LLC)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6415 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6425 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.10 - TOSHIBA)
Toshiba Places Icon Utility (HKLM\...\{C991A8C4-307C-4FDD-8AAE-A1BF44881E95}) (Version: 2.1.1 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.2.00 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{B75F194E-4C55-4D80-86C8-7FFB29B29984}) (Version: 4.1.3.0 - Toshiba Client Solutions Co., Ltd.)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0012 - Toshiba Corporation)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.1.0.12-A - Toshiba Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.10 - VideoLAN)
Welcome App (Start-up experience) (HKLM-x32\...\{828175FA-7307-4DBF-95AD-9CEE086B6F45}) (Version: 12.0.13000 - Nero AG) Hidden
Zoom (HKU\S-1-5-21-3096548613-1792463396-622639421-1001\...\ZoomUMX) (Version: 5.0 - Zoom Video Communications, Inc.)

Packages:
=========
- Games App - -> C:\Program Files\WindowsApps\WildTangentGames.-GamesApp-_1.0.3.28_x86__qt5r5pa5dyg8m [2018-10-30] (WildTangent Games)
Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_3.1.2.8_neutral__343d40qqvtj1t [2018-10-30] (Amazon.com)
eBay -> C:\Program Files\WindowsApps\eBayInc.eBay_1.6.0.34_neutral__1618n3s9xq8tw [2018-10-30] (eBay, Inc)
Evernote Touch -> C:\Program Files\WindowsApps\Evernote.Evernote_3.3.0.102_x86__q4d96b2w5wcc2 [2018-10-30] (Evernote)
Fresh Paint -> C:\Program Files\WindowsApps\Microsoft.FreshPaint_2.0.15133.0_x86__8wekyb3d8bbwe [2018-10-30] (Microsoft Corporation)
Games -> C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_2.0.139.0_x64__8wekyb3d8bbwe [2014-11-21] (Microsoft Corporation) [MS Ad]
McAfee® Central for Toshiba -> C:\Program Files\WindowsApps\McAfeeInc.04.McAfeeSecurityAdvisorforToshiba_5.0.170.1_x64__m0mgz90br52t0 [2018-10-30] (McAfee_Incorporated)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_2.11.1807.1002_x86__8wekyb3d8bbwe [2018-10-30] (Microsoft Studios) [MS Ad]
MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2018-10-30] (Microsoft Corporation) [MS Ad]
MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2018-10-30] (Microsoft Corporation) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_3.0.4.344_x64__8wekyb3d8bbwe [2018-10-30] (Microsoft Corporation) [MS Ad]
MSN News -> C:\Program Files\WindowsApps\Microsoft.BingNews_3.0.4.344_x64__8wekyb3d8bbwe [2018-11-08] (Microsoft Corporation) [MS Ad]
MSN Sport -> C:\Program Files\WindowsApps\Microsoft.BingSports_3.0.4.345_x64__8wekyb3d8bbwe [2018-10-30] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2018-10-30] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.4.350_x64__8wekyb3d8bbwe [2018-10-30] (Microsoft Corporation) [MS Ad]
Music -> C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2.6.672.0_x64__8wekyb3d8bbwe [2018-10-30] (Microsoft Corporation) [MS Ad]
My Toshiba -> C:\Program Files\WindowsApps\EnnovaResearch.ToshibaPlaces_2.2.38.0_x64__3s2an63h56yee [2018-10-30] (Ennova Research)
Skitch Touch -> C:\Program Files\WindowsApps\Evernote.Skitch_2.4.2000.1918_neutral__q4d96b2w5wcc2 [2018-10-30] (Evernote)
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c [2018-10-30] (Skype) [MS Ad]
TOSHIBA Media Player by sMedio TrueLink+ -> C:\Program Files\WindowsApps\sMedioforToshiba.TOSHIBAMediaPlayerbysMedioTrueLin_3.1.1.33_x64__679ekb9hp1h62 [2018-10-30] (sMedio)
Video -> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2.6.446.0_x64__8wekyb3d8bbwe [2018-10-30] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3096548613-1792463396-622639421-1001_Classes\CLSID\{00000001-0E3A-4123-8B32-4B68A91E104A}\Shell\Open\Command -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDICommandInvoker.exe (Toshiba Corporation) [File not signed]
CustomCLSID: HKU\S-1-5-21-3096548613-1792463396-622639421-1001_Classes\CLSID\{00000001-0E3A-4123-8B32-4B68A91E104A}\InprocServer32 -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIBasePlace.dll (Toshiba Corporation) [File not signed]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-06-29] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-06-29] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1-x32: [ASZipF] -> {e03d3e68-0f44-3d45-b15f-bcfd8a8b4c7e} => C:\Program Files (x86)\Ashampoo\Ashampoo ZIP Free\ASZSHLEXT.DLL [2021-04-06] (Ashampoo GmbH & Co. KG -> Ashampoo GmbH)
ContextMenuHandlers1: [ASZipF64] -> {e03d3e78-0f44-3d45-b15f-bcfd8a8b4c7e} => C:\Program Files (x86)\Ashampoo\Ashampoo ZIP Free\ASZSHLEXT64.DLL [2021-04-06] (Ashampoo GmbH & Co. KG -> Ashampoo GmbH)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-06-29] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-06-29] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll [2015-11-18] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6-x32: [ASZipF] -> {e03d3e68-0f44-3d45-b15f-bcfd8a8b4c7e} => C:\Program Files (x86)\Ashampoo\Ashampoo ZIP Free\ASZSHLEXT.DLL [2021-04-06] (Ashampoo GmbH & Co. KG -> Ashampoo GmbH)
ContextMenuHandlers6: [ASZipF64] -> {e03d3e78-0f44-3d45-b15f-bcfd8a8b4c7e} => C:\Program Files (x86)\Ashampoo\Ashampoo ZIP Free\ASZSHLEXT64.DLL [2021-04-06] (Ashampoo GmbH & Co. KG -> Ashampoo GmbH)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-06-29] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2018-12-19 22:36 - 2009-06-22 20:42 - 000043008 _____ () [File not signed] C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll
2018-12-19 22:36 - 2009-01-10 12:32 - 000011362 _____ () [File not signed] C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll
2018-12-19 22:36 - 2010-05-14 11:57 - 002415104 _____ () [File not signed] C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll
2018-12-19 22:36 - 2010-02-10 16:10 - 001148416 _____ () [File not signed] C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll
2018-12-19 22:36 - 2010-02-10 16:06 - 000398336 _____ () [File not signed] C:\ProgramData\Mobile Partner\OnlineUpdate\QtXml4.dll
2018-12-19 22:36 - 2011-12-23 09:52 - 000843264 _____ () [File not signed] C:\ProgramData\Mobile Partner\OnlineUpdate\QueryStrategy.dll
2015-11-18 01:52 - 2015-11-18 01:52 - 000004608 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiamenu.dll
2012-08-09 01:54 - 2012-08-09 01:54 - 000042496 _____ (Toshiba Corporation) [File not signed] C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDesktopEventCaptor.dll
2012-08-09 01:54 - 2012-08-09 01:54 - 000052224 _____ (Toshiba Corporation) [File not signed] C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIBasePlace.dll
2012-08-09 01:54 - 2012-08-09 01:54 - 000014336 _____ (Toshiba Corporation) [File not signed] C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIPlaceFileEntity.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-3096548613-1792463396-622639421-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/
HKU\S-1-5-21-3096548613-1792463396-622639421-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2019-01-04 15:56 - 000000825 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\AMD\ATI.ACE\Core-Static
HKU\S-1-5-21-3096548613-1792463396-622639421-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\user\Pictures\IMG-20200209-WA0006.jpg
DNS Servers: 100.120.80.1 - 192.168.8.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-3096548613-1792463396-622639421-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3096548613-1792463396-622639421-1001\...\StartupApproved\Run: => "Skype for Desktop"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2C679CB5-3558-4A8D-8081-750A8FD43249}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{37C2FD65-1F08-40D3-BFA9-8FFC5A2C2310}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{EAACE44F-886A-4241-9273-68BD0E1F4F2E}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe (Nero AG -> Nero AG)
FirewallRules: [{A8EFDF76-5248-4AB8-B8B7-7A33B87AF729}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe (Nero AG -> Nero AG)
FirewallRules: [TCP Query User{7785BDB2-B291-45C1-857B-F89663190D7B}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{DF3E4BD8-62B1-45A0-825B-CBD068764393}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{71197E4E-D1A8-4812-A2CB-D23C4D320C3B}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\user\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{ADF09BE7-03C1-43B5-974E-0EB9E12AD964}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\user\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{69A41315-40CD-4BB4-8089-95A662F4205E}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0B599EF3-EA6A-46DE-A8F6-0E35522F927D}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2B731508-7E9D-439B-914B-3F7D0A97EBB0}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe => No File
FirewallRules: [{22165F7C-1F5D-4AA9-8ED2-4DC00AD08F76}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\LDrvSvc.dll => No File
FirewallRules: [{CA7217B9-BA54-4B7C-8E89-7EA9D98875E7}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\download\MiniThunderPlatform.exe => No File
FirewallRules: [{75EBEEB2-269E-45F9-BD9D-E27C0AA45ED0}] => (Allow) C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{43BD1648-8F87-4ECB-A772-930285571572}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B0A7AC39-AED3-4C9F-8774-87228E280320}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{97925B05-C725-4971-898F-D3E7104B7DB5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3881C86B-5763-4DAF-9316-3BEF4AEDB133}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{53658A34-50DA-4A25-90C0-AB2D981251D9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{45BB39A7-772C-4F04-B0A1-B97DE8F0AB90}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9A35365A-69CC-4EEB-8C55-790276E51668}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

==================== Restore Points =========================

21-07-2021 21:46:00 Restore Point Created by FRST
21-07-2021 21:53:08 Restore Point Created by FRST
22-07-2021 11:25:09 AdwCleaner_BeforeCleaning_22/07/2021_11:25:08

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (07/22/2021 02:39:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cnext.exe, version: 10.1.1.1522, time stamp: 0x56d0b595
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process ID: 0x1f34
Faulting application start time: 0x01d77ef5f9b9997f
Faulting application path: C:\Program Files\AMD\CNext\CNext\cnext.exe
Faulting module path: unknown
Report ID: ebce8164-eae9-11eb-8132-20689dde5791
Faulting package full name:
Faulting package-relative application ID:

Error: (07/22/2021 11:55:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cnext.exe, version: 10.1.1.1522, time stamp: 0x56d0b595
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process ID: 0x160c
Faulting application start time: 0x01d77edefea400f8
Faulting application path: C:\Program Files\AMD\CNext\CNext\cnext.exe
Faulting module path: unknown
Report ID: f6e859be-ead2-11eb-8132-20689dde5791
Faulting package full name:
Faulting package-relative application ID:

Error: (07/22/2021 11:52:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamtray.exe, version: 3.1.0.1840, time stamp: 0x5d5c13ae
Faulting module name: KERNELBASE.dll, version: 6.3.9600.20065, time stamp: 0x60caca5d
Exception code: 0xc0000142
Fault offset: 0x0009d322
Faulting process ID: 0x1208
Faulting application start time: 0x01d77edf35838459
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Faulting module path: KERNELBASE.dll
Report ID: 7b811f91-ead2-11eb-8132-20689dde5791
Faulting package full name:
Faulting package-relative application ID:

Error: (07/22/2021 10:45:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cnext.exe, version: 10.1.1.1522, time stamp: 0x56d0b595
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process ID: 0x21b0
Faulting application start time: 0x01d77ed53045b0f0
Faulting application path: C:\Program Files\AMD\CNext\CNext\cnext.exe
Faulting module path: unknown
Report ID: 21dcc7f1-eac9-11eb-8131-20689dde5791
Faulting package full name:
Faulting package-relative application ID:

Error: (07/21/2021 10:07:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cnext.exe, version: 10.1.1.1522, time stamp: 0x56d0b595
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process ID: 0x164c
Faulting application start time: 0x01d77e6b43dc2062
Faulting application path: C:\Program Files\AMD\CNext\CNext\cnext.exe
Faulting module path: unknown
Report ID: 35b57c5b-ea5f-11eb-8131-20689dde5791
Faulting package full name:
Faulting package-relative application ID:

Error: (07/21/2021 10:06:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SMG4FDE.tmp version 8.0.0.2 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 15d8

Start Time: 01d77e6bbf926e7d

Termination Time: 46

Application Path: C:\Users\user\AppData\Local\Temp\SMG4FDE.tmp\SMG4FDE.tmp

Report Id: 15b9fe58-ea5f-11eb-8131-20689dde5791

Faulting package full name:

Faulting package-relative application ID:

Error: (07/21/2021 09:45:59 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Acceso denegado.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operación:
Recopilando datos del escritor

Contexto:
Id. de clase del escritor: {e8132975-6f93-4464-a53e-1050253ae220}
Nombre del escritor: System Writer
Id. de instancia del escritor: {70397eea-1cc6-4c9d-9736-5935b4a06757}

Error: (07/21/2021 09:45:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cnext.exe, version: 10.1.1.1522, time stamp: 0x56d0b595
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process ID: 0x1c94
Faulting application start time: 0x01d77e683e7035d6
Faulting application path: C:\Program Files\AMD\CNext\CNext\cnext.exe
Faulting module path: unknown
Report ID: 30623356-ea5c-11eb-8130-20689dde5791
Faulting package full name:
Faulting package-relative application ID:

System errors:
=============
Error: (07/22/2021 03:32:14 PM) (Source: DCOM) (EventID: 10010) (User: cash)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.

Error: (07/22/2021 02:53:59 PM) (Source: DCOM) (EventID: 10010) (User: cash)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.

Error: (07/22/2021 12:41:35 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a42\SystemRoot\System32\Config\RegBack\SYSTEM

Error: (07/22/2021 11:51:46 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HWDeviceService64.exe service terminated unexpectedly. It has done this 1 time(s).

Error: (07/22/2021 11:49:53 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Administrador de configuración de dispositivos service did not respond on starting.

Error: (07/22/2021 11:48:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Mobile Partner. OUC service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (07/22/2021 11:48:50 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Mobile Partner. OUC service to connect.

Error: (07/22/2021 11:48:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The GFNEX Service service depends on the PEGAGFN service which failed to start because of the following error:
The system cannot find the path specified.

==================== Memory info ===========================

BIOS: Insyde Corp. 6.10 09/24/2012
Motherboard: Intel PLCSF8
Processor: Intel® Core™ i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 55%
Total physical RAM: 4047.22 MB
Available physical RAM: 1781.78 MB
Total Virtual: 5263.22 MB
Available Virtual: 2061.88 MB

==================== Drives ================================

Drive c: (TI30982400B) (Fixed) (Total:455.7 GB) (Free:356.78 GB) NTFS

\\?\Volume{606b5995-fde3-11e1-9d90-c6ea722139c3}\ (System) (Fixed) (Total:0.44 GB) (Free:0.15 GB) NTFS
\\?\Volume{2db8cd36-e82e-488b-a335-1be4ef20498f}\ () (Fixed) (Total:0.44 GB) (Free:0.1 GB) NTFS
\\?\Volume{11bd8423-1c76-4af8-bf8a-6c057748f438}\ () (Fixed) (Total:0.34 GB) (Free:0.31 GB) NTFS
\\?\Volume{57ecd512-5b4a-40e4-9f14-b01a0ddabfde}\ (Recovery) (Fixed) (Total:8.46 GB) (Free:0.65 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 13D313D3)

Partition: GPT.

==================== End of Addition.txt =======================

#8 jensaxel

Authentic Member

Authentic Member
179 posts

Posted 22 July 2021 - 08:27 AM

Hi again

Sorry - Ignore the last post. I found, where to disable Avast. Here are the new files:

frst.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-07-2021 01
Ran by user (administrator) on CASH (TOSHIBA SATELLITE L850-1MP) (22-07-2021 16:18:17)
Running from C:\Users\user\Downloads
Loaded Profiles: user
Platform: Windows 8.1 (Update) (X64) Language: Spanish (Spain, International Sort) -> English (United Kingdom)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe <2>
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe <4>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\SecureLine VPN\Vpn.exe <4>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\SecureLine VPN\VpnSvc.exe
(Avast Software s.r.o. -> The OpenVPN Project) C:\Program Files\AVAST Software\SecureLine VPN\OpenVPN\openvpn.exe
(Dynabook Inc. -> Toshiba Client Solutions Co., Ltd.) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Huawei Technologies Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(HUAWEI Technologies Co., Ltd. -> ) C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(HUAWEI Technologies Co., Ltd. -> Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel® Upgrade Service -> Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.19991_none_fa0fb7959b4c8c91\TiWorker.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <7>
(Nero AG -> Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(SRS Labs, Inc. -> SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Toshiba Client Solutions Co.,Ltd. -> Toshiba Client Solutions Co., Ltd.) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Toshiba) [File not signed] C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13261456 2012-12-10] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-07-27] (SRS Labs, Inc. -> SRS Labs, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [123672 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-14] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4926664 2016-02-26] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ToshibaDynamicIconUtility] => C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [1498624 2012-08-09] (Toshiba) [File not signed]
HKLM-x32\...\Run: [TPUReg(x86)] => "C:\Program Files\TOSHIBA\Password Utility\TosPU.exe" /Retimes
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-08-02] (Intel® Services Manager -> Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767688 2015-11-18] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKU\S-1-5-21-3096548613-1792463396-622639421-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [91016584 2021-01-15] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-3096548613-1792463396-622639421-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35062912 2021-07-16] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-3096548613-1792463396-622639421-1001\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe [5550304 2021-06-27] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-3096548613-1792463396-622639421-1001\...\MountPoints2: D - "D:\SetupVMB.exe"
HKU\S-1-5-21-3096548613-1792463396-622639421-1001\...\MountPoints2: {28ac443b-d51f-11e8-be79-20689dde5791} - "D:\INSTALL_ADB_RNDIS\install.exe"
HKU\S-1-5-21-3096548613-1792463396-622639421-1001\...\MountPoints2: {4dc8fd87-36a9-11e9-be88-20689dde5791} - "D:\INSTALL_ADB_RNDIS\install.exe"
HKU\S-1-5-21-3096548613-1792463396-622639421-1001\...\MountPoints2: {7234bd49-5417-11eb-bf3a-20689dde5791} - "D:\SetupVMB.exe"
HKU\S-1-5-21-3096548613-1792463396-622639421-1001\...\MountPoints2: {9bb6d9f5-fe44-11e8-be80-20689dde5791} - "D:\AutoRun.exe"
HKU\S-1-5-21-3096548613-1792463396-622639421-1001\...\MountPoints2: {9bb6da55-fe44-11e8-be80-20689dde5791} - "D:\AutoRun.exe"
HKU\S-1-5-21-3096548613-1792463396-622639421-1001\...\MountPoints2: {9bb6db6f-fe44-11e8-be80-20689dde5791} - "D:\AutoRun.exe"
HKU\S-1-5-21-3096548613-1792463396-622639421-1001\...\MountPoints2: {9e69da68-9a19-11eb-8050-806e6f6e6963} - "D:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3096548613-1792463396-622639421-1001\...\MountPoints2: {f1b68522-c733-11e9-be96-20689dde5791} - "D:\INSTALL_ADB_RNDIS\install.exe"
HKU\S-1-5-21-3096548613-1792463396-622639421-1001\...\MountPoints2: {fb9554ae-8d57-11ea-bec0-20689dde5791} - "D:\HiSuiteDownLoader.exe"
HKLM\...\Print\Monitors\HP E311 Status Monitor: C:\WINDOWS\system32\hpinkstsE311LM.dll [392200 2019-03-15] (HP Inc -> HP Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast SecureLine VPN.lnk [2021-07-08]
ShortcutTarget: Avast SecureLine VPN.lnk -> C:\Program Files\AVAST Software\SecureLine VPN\Vpn.exe (Avast Software s.r.o. -> AVAST Software)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0AD891A7-CA46-48A1-A111-CC7EA872C5F1} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\DADUpdater.exe
Task: {24D77932-104A-4139-ACB0-B36870DD1464} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [10219208 2016-02-26] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {38D7D090-AF57-4351-87AD-B19CA27163FA} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4f47-879B-29A80C355D61}
Task: {410335D0-A642-4490-9CBE-7ED9ECAD8C99} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-07-16] (Piriform Software Ltd -> Piriform)
Task: {48405723-F55C-43D3-95A2-D0AAB298763A} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
Task: {530ED39C-1CFB-4E2E-885A-6748545F9836} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {70E582D5-9145-4FA9-B396-75BA09DF45CC} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1790184 2021-04-29] (Avast Software s.r.o. -> Avast Software)
Task: {76CE2FDE-B36C-4FB4-B597-54719FC45256} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {791B938B-9F9B-41C2-97F0-E3B89CCE2F72} - System32\Tasks\NCH Software\ExpressZipSevenDays => C:\Program Files (x86)\NCH Software\ExpressZip\ExpressZip.exe
Task: {7971E0A9-E52F-4EDE-8E38-DA97276C9E05} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [697744 2019-07-25] (Dynabook Inc. -> Toshiba Client Solutions Co., Ltd.)
Task: {852B9459-9F99-4054-B313-591A069CED2D} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe
Task: {9B5BDD76-725E-410C-8107-34A9F64814BE} - System32\Tasks\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [697744 2019-07-25] (Dynabook Inc. -> Toshiba Client Solutions Co., Ltd.)
Task: {9F987563-C5F7-4732-88FA-A90FECD22718} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\Adobe Acrobat Update Task" /ENABLE
Task: {9F987563-C5F7-4732-88FA-A90FECD22718} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\AMD Updater" /ENABLE
Task: {9F987563-C5F7-4732-88FA-A90FECD22718} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\CCleaner Update" /ENABLE
Task: {9F987563-C5F7-4732-88FA-A90FECD22718} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\CCleanerSkipUAC" /ENABLE
Task: {9F987563-C5F7-4732-88FA-A90FECD22718} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore" /ENABLE
Task: {9F987563-C5F7-4732-88FA-A90FECD22718} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA" /ENABLE
Task: {9F987563-C5F7-4732-88FA-A90FECD22718} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineCore" /ENABLE
Task: {9F987563-C5F7-4732-88FA-A90FECD22718} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(8): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineUA" /ENABLE
Task: {9F987563-C5F7-4732-88FA-A90FECD22718} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(9): schtasks.exe -> /Change /TN "\Optimize Start Menu Cache Files-S-1-5-21-3096548613-1792463396-622639421-500" /ENABLE
Task: {9F987563-C5F7-4732-88FA-A90FECD22718} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(10): schtasks.exe -> /Change /TN "\Service Station" /ENABLE
Task: {9F987563-C5F7-4732-88FA-A90FECD22718} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(11): schtasks.exe -> /Change /TN "\User_Feed_Synchronization-{474AA12F-9F71-4F77-8AFE-47190BD7ED8D}" /ENABLE
Task: {9F987563-C5F7-4732-88FA-A90FECD22718} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(12): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
Task: {AE1ABAFE-A668-466A-A247-F98E2536C134} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [4903192 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
Task: {B6D4CBEE-12E5-4CF4-8FB3-85A74BB101C9} - System32\Tasks\Avast Software\Avast SecureLine VPN Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-vpn\icarus.exe [6098200 2021-07-02] (Avast Software s.r.o. -> Avast Software)
Task: {B9C468A9-C420-41D4-92FC-148567F5DFDA} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [682424 2021-07-21] (Mozilla Corporation -> Mozilla Foundation)
Task: {C208BA4B-0975-4FEA-BC54-304B587FB900} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDfE067B1}
Task: {C35760E2-ECE9-46AD-8EEA-1EE063D277FC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [29136000 2021-07-16] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {C575F244-A608-4B80-8DD6-8649726EBDB7} - System32\Tasks\Avast SecureLine VPN Update => C:\Program Files\Avast Software\SecureLine VPN\VpnUpdate.exe [1199384 2021-07-07] (Avast Software s.r.o. -> AVAST Software)
Task: {C76C110B-09D0-4B2F-88B7-EB454014B5DF} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {E4CC410C-9E3B-4D32-A23D-B8CCDA923EBA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {F2647E32-FCF9-4510-95CD-DB21A7837878} - System32\Tasks\Avast Software\Avast SecureLine VPN Bug Report => C:\Program Files\Avast Software\SecureLine VPN\AvBugReport.exe [4755224 2021-07-07] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 11 --programpath "C:\Program Files\Avast Software\SecureLine VPN" --configpath "C:\ProgramData\Avast Software\SecureLine VPN" --path "C:\ProgramData\Avast Software\SecureLine VPN\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --guid bb8f92ff-a334-4dd1-bf2d-3cb9d177299e
Task: {F27F4D82-BFF7-48BE-A4CB-770761A8D1DB} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
Task: {F75A67FE-796E-449B-80CA-363F2DAE9968} - System32\Tasks\McAfee\McAfee Idle Detection Task => {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5}

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\..\Interfaces\{18E4DFDC-04A3-4E40-907E-EDD714196A29}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{4D531E49-F340-40EE-B258-49D80CA3493B}: [NameServer] 100.120.80.1
Tcpip\..\Interfaces\{863AF362-1F5D-4050-AEAE-4C0F18139CCE}: [DhcpNameServer] 192.168.100.1

Edge:
=======
Edge Profile: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default [2021-03-26]

FireFox:
========
FF DefaultProfile: 32ja86do.default
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\32ja86do.default [2021-07-22]
FF Homepage: Mozilla\Firefox\Profiles\32ja86do.default -> hxxps://www.google.com
FF Notifications: Mozilla\Firefox\Profiles\32ja86do.default -> hxxps://www.facebook.com
FF Extension: (Facebook Container) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\32ja86do.default\Extensions\@contain-facebook.xpi [2021-05-07]
FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\32ja86do.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2021-07-10]
FF Extension: (Avast Online Security) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\32ja86do.default\Extensions\wrc@avast.com.xpi [2020-04-17] [UpdateUrl:hxxps://firefoxext.avcdn.net/firefoxext/avast/aos/update.json]
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-07-24] (Nero AG -> Nero AG)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-06-27] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3096548613-1792463396-622639421-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\user\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-04-29] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2020-03-27] (Apple Inc. -> Apple Inc.)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [8249936 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [625432 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [1381656 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe [373528 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [56912 2021-05-31] (Avast Software s.r.o. -> AVAST Software)
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [190784 2019-12-27] (Huawei Technologies Co., Ltd. -> ) [File not signed]
S2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] (HUAWEI Technologies Co., Ltd. -> )
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [655712 2011-12-23] (HUAWEI Technologies Co., Ltd. -> )
R2 SecureLine; C:\Program Files\Avast Software\SecureLine VPN\VpnSvc.exe [8700696 2021-07-07] (Avast Software s.r.o. -> AVAST Software)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2018-10-28] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [112144 2021-05-18] (Microsoft Corporation -> Microsoft Corporation)
S2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [X]
S3 TemproMonitoringService; "C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe" [X]
S3 TPCHSrv; "C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [23240 2015-08-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
S1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [216928 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [366616 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [250392 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [99352 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [41352 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [182600 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [524400 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [107848 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [82912 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [851192 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [471920 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
S2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [215384 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R3 aswTap; C:\WINDOWS\system32\DRIVERS\aswTap.sys [53904 2018-09-05] (AVAST Software s.r.o. -> The OpenVPN Project)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [327536 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R3 athr; C:\WINDOWS\system32\DRIVERS\athwbx.sys [3858944 2013-10-24] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros Communications, Inc.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2021-07-22] (Malwarebytes Corporation -> Malwarebytes)
S3 ew_hwusbdev; C:\WINDOWS\system32\DRIVERS\ew_hwusbdev.sys [117248 2010-07-27] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18944 2019-12-27] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 ew_usbenumfilter; C:\WINDOWS\System32\drivers\ew_usbenumfilter.sys [13952 2010-03-20] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 huawei_cdcacm; C:\WINDOWS\system32\DRIVERS\ew_jucdcacm.sys [98304 2012-02-03] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R3 huawei_enumerator; C:\WINDOWS\System32\drivers\ew_jubusenum.sys [87040 2012-02-03] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\WINDOWS\System32\drivers\ew_juextctrl.sys [28672 2012-02-03] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 huawei_wwanecm; C:\WINDOWS\system32\DRIVERS\ew_juwwanecm.sys [229376 2012-02-03] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2019-12-27] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2021-07-22] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [224408 2021-07-22] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2021-07-22] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2021-07-22] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [116832 2021-07-22] (Malwarebytes Corporation -> Malwarebytes)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166760 2020-04-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [32624 2013-08-19] (TOSHIBA CORPORATION -> Windows ® Win 7 DDK provider)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2018-10-28] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2018-10-28] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2018-10-28] (Microsoft Windows -> Microsoft Corporation)
U1 aswbdisk; no ImagePath
S2 PEGAGFN; \??\C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-07-22 16:16 - 2021-07-22 16:16 - 002300416 _____ (Farbar) C:\Users\user\Downloads\FRST64(1).exe
2021-07-22 16:08 - 2021-07-22 16:08 - 000224408 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-07-22 16:07 - 2021-07-22 16:07 - 000116832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-07-22 16:07 - 2021-07-22 16:07 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-07-22 16:06 - 2021-07-22 16:06 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-07-22 15:48 - 2021-07-22 16:00 - 000032233 _____ C:\Users\user\Downloads\Addition.txt
2021-07-22 15:46 - 2021-07-22 16:20 - 000027254 _____ C:\Users\user\Downloads\FRST.txt
2021-07-22 15:44 - 2021-07-22 16:19 - 000000000 ____D C:\FRST
2021-07-22 15:44 - 2021-07-22 15:44 - 002300416 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2021-07-22 15:34 - 2021-07-22 15:35 - 000000000 ____D C:\Users\user\Desktop\EEK
2021-07-22 15:17 - 2021-07-22 15:17 - 000000000 ____D C:\ProgramData\Emsisoft
2021-07-22 15:13 - 2021-07-22 15:34 - 000000000 ____D C:\EEK
2021-07-22 14:38 - 2021-07-22 15:11 - 300881336 _____ C:\Users\user\Downloads\EmsisoftEmergencyKit.exe
2021-07-22 11:31 - 2021-07-22 11:31 - 000000000 ____D C:\Users\user\Desktop\AdwCleaner
2021-07-22 11:22 - 2021-07-22 11:26 - 000000000 ____D C:\AdwCleaner
2021-07-22 11:21 - 2021-07-22 11:21 - 008553680 _____ (Malwarebytes) C:\Users\user\Downloads\adwcleaner_8.3.0.exe
2021-07-22 11:20 - 2021-07-22 11:21 - 000000000 ____D C:\Users\user\Desktop\Malwarebytes
2021-07-22 11:16 - 2021-07-22 11:16 - 000199768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-07-22 10:53 - 2021-07-22 10:53 - 000000000 ____D C:\Users\user\AppData\Local\mbam
2021-07-22 10:52 - 2021-07-22 10:52 - 000000000 ____D C:\Users\user\AppData\Local\mbamtray
2021-07-22 10:49 - 2021-07-22 11:16 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-07-22 10:49 - 2021-07-22 10:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2021-07-22 10:49 - 2021-07-22 10:49 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-07-22 10:49 - 2021-07-22 10:49 - 000000000 ____D C:\Program Files\Malwarebytes
2021-07-22 10:46 - 2021-07-22 10:47 - 064333800 _____ (Malwarebytes ) C:\Users\user\Downloads\mb3-setup-1878.1878-3.8.3.2965.exe
2021-07-21 21:41 - 2021-07-21 21:41 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-07-21 13:29 - 2021-07-21 21:59 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-07-09 10:58 - 2021-07-09 10:58 - 000000000 ____D C:\Users\user\Documents\Jessica
2021-07-04 13:09 - 2021-07-04 13:09 - 000388608 _____ (Trend Micro Inc.) C:\Users\user\Downloads\HijackThis(2).exe
2021-06-30 22:52 - 2021-06-30 22:52 - 000216654 _____ C:\Users\user\Documents\Multa trafico june 21.odt
2021-06-29 11:11 - 2021-06-29 11:11 - 000339736 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2021-06-29 11:11 - 2021-06-29 11:11 - 000215384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2021-06-29 10:32 - 2021-06-29 10:32 - 000437413 _____ C:\Users\user\Downloads\boarding-pass(1).pdf
2021-06-25 13:16 - 2021-06-25 10:28 - 000057127 _____ C:\Users\user\Documents\ATP blanket.pdf
2021-06-24 13:34 - 2021-06-24 13:34 - 000001254 _____ C:\Users\Public\Desktop\Ashampoo ZIP Free.lnk
2021-06-24 13:34 - 2021-06-24 13:34 - 000000000 ____D C:\WINDOWS\SysWOW64\Skins
2021-06-24 13:34 - 2021-06-24 13:34 - 000000000 ____D C:\WINDOWS\SysWOW64\Sfxs
2021-06-24 13:34 - 2021-06-24 13:34 - 000000000 ____D C:\WINDOWS\SysWOW64\lang
2021-06-24 13:34 - 2021-06-24 13:34 - 000000000 ____D C:\WINDOWS\SysWOW64\Icons
2021-06-24 13:34 - 2021-06-24 13:34 - 000000000 ____D C:\WINDOWS\SysWOW64\HELP
2021-06-24 13:34 - 2021-06-24 13:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2021-06-24 13:34 - 2021-06-24 13:34 - 000000000 ____D C:\ProgramData\Ashampoo
2021-06-24 13:34 - 2021-06-24 13:34 - 000000000 ____D C:\Program Files (x86)\Ashampoo
2021-06-24 13:29 - 2021-06-24 13:29 - 025913688 _____ (Ashampoo GmbH & Co. KG ) C:\Users\user\Downloads\ashampoo_zip_free_18811.exe
2021-06-23 09:33 - 2021-06-23 09:33 - 000000000 ____D C:\Users\user\Documents\Santander
2021-06-23 09:33 - 2021-03-08 14:24 - 000261303 _____ C:\Users\user\Documents\Keyboard.odt
2021-06-23 09:33 - 2021-03-08 14:13 - 000074293 _____ C:\Users\user\Documents\Pianos_keyboard_with_notes.svg

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-07-22 16:13 - 2019-01-29 11:19 - 000000000 ____D C:\Users\user\AppData\Local\CrashDumps
2021-07-22 16:10 - 2019-11-26 17:04 - 000000000 ____D C:\Program Files\CCleaner
2021-07-22 16:07 - 2019-01-30 13:26 - 000000000 ____D C:\ProgramData\Mozilla
2021-07-22 16:06 - 2021-04-08 17:36 - 000003938 _____ C:\WINDOWS\system32\Tasks\Avast SecureLine VPN Update
2021-07-22 16:06 - 2018-11-23 15:06 - 000000000 ____D C:\ProgramData\AVAST Software
2021-07-22 16:06 - 2018-10-14 20:36 - 000000000 ____D C:\Users\user\AppData\LocalLow\Mozilla
2021-07-22 16:05 - 2013-08-22 16:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-07-22 12:41 - 2018-06-05 15:23 - 000003598 _____ C:\WINDOWS\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3096548613-1792463396-622639421-1001
2021-07-22 12:22 - 2019-03-19 17:19 - 000016537 _____ C:\Users\user\Documents\Ord.ods
2021-07-22 11:52 - 2019-05-27 17:04 - 000004168 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2021-07-22 11:26 - 2012-08-28 02:15 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
2021-07-22 11:26 - 2012-08-28 02:15 - 000000000 ____D C:\Program Files\TOSHIBA
2021-07-22 11:26 - 2012-08-28 02:15 - 000000000 ____D C:\Program Files (x86)\TOSHIBA
2021-07-22 11:21 - 2019-11-26 17:04 - 000003870 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-07-21 23:06 - 2013-08-22 15:36 - 000000000 ____D C:\WINDOWS\Inf
2021-07-21 21:59 - 2018-10-14 20:36 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-07-21 21:56 - 2013-08-22 15:25 - 000262144 ___SH C:\WINDOWS\system32\config\BBI
2021-07-21 21:54 - 2020-02-13 15:17 - 000000000 ____D C:\Users\user\AppData\LocalLow\Temp
2021-07-21 21:41 - 2018-10-14 20:36 - 000000947 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-07-21 12:48 - 2018-11-23 20:20 - 000000000 ____D C:\Program Files (x86)\Google
2021-07-21 11:51 - 2018-11-23 15:12 - 000000000 ____D C:\Users\user\AppData\Local\AVAST Software
2021-07-19 13:58 - 2020-08-02 22:25 - 000020794 _____ C:\Users\user\Documents\A.odt
2021-07-18 15:54 - 2013-08-22 17:36 - 000000000 ____D C:\WINDOWS\rescache
2021-07-14 13:02 - 2019-04-15 12:30 - 001515008 ___SH C:\Users\user\Desktop\Thumbs.db
2021-07-14 12:58 - 2013-08-22 16:44 - 000362968 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-07-14 12:49 - 2013-08-22 17:36 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-07-14 12:32 - 2012-07-26 09:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-07-14 12:26 - 2018-10-19 13:51 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-07-14 12:20 - 2018-10-19 13:50 - 133422552 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-07-14 10:46 - 2018-12-17 11:05 - 000002050 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-07-10 12:12 - 2014-11-21 04:13 - 001822472 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-07-10 12:12 - 2014-11-21 03:24 - 000805262 _____ C:\WINDOWS\system32\perfh00A.dat
2021-07-10 12:12 - 2014-11-21 03:24 - 000164164 _____ C:\WINDOWS\system32\perfc00A.dat
2021-07-09 10:59 - 2013-08-22 17:36 - 000000000 ___RD C:\WINDOWS\ToastData
2021-07-04 13:08 - 2018-12-01 16:01 - 000000000 ____D C:\Users\user\Documents\MuseScore2
2021-07-04 13:01 - 2018-12-10 10:48 - 000198656 ___SH C:\Users\user\Documents\Thumbs.db
2021-07-02 11:12 - 2020-12-10 12:47 - 000036120 _____ (Avast Software) C:\WINDOWS\system32\icarus_rvrt.exe
2021-06-29 11:11 - 2020-10-22 10:07 - 000182600 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2021-06-29 11:11 - 2020-04-15 10:01 - 000524400 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys
2021-06-29 11:11 - 2019-01-14 21:53 - 000366616 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2021-06-29 11:11 - 2019-01-10 18:05 - 000250392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2021-06-29 11:11 - 2019-01-10 18:05 - 000099352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2021-06-29 11:11 - 2018-11-23 15:10 - 000851192 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2021-06-29 11:11 - 2018-11-23 15:10 - 000471920 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2021-06-29 11:11 - 2018-11-23 15:10 - 000327536 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2021-06-29 11:11 - 2018-11-23 15:10 - 000216928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2021-06-29 11:11 - 2018-11-23 15:10 - 000107848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2021-06-29 11:11 - 2018-11-23 15:10 - 000082912 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2021-06-29 11:11 - 2018-11-23 15:10 - 000041352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2021-06-25 15:03 - 2020-06-27 16:01 - 000000000 ____D C:\Users\user\AppData\Roaming\Spotify
2021-06-25 13:25 - 2020-04-29 16:03 - 000000000 ____D C:\Users\user\AppData\Local\Spotify
2021-06-24 15:47 - 2018-10-31 23:54 - 000000000 ____D C:\Program Files (x86)\NCH Software
2021-06-24 13:30 - 2018-10-31 23:54 - 000000000 ____D C:\ProgramData\NCH Software
2021-06-24 13:25 - 2018-10-31 23:54 - 000000000 ____D C:\WINDOWS\system32\Tasks\NCH Software

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

LastRegBack: 2021-07-22 12:41
==================== End of FRST.txt ========================

- and addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-07-2021 01
Ran by user (22-07-2021 16:21:07)
Running from C:\Users\user\Downloads
Windows 8.1 (Update) (X64) (2018-10-28 17:37:18)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrador (S-1-5-21-3096548613-1792463396-622639421-500 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-3096548613-1792463396-622639421-1005 - Limited - Enabled)
Invitado (S-1-5-21-3096548613-1792463396-622639421-501 - Limited - Disabled)
user (S-1-5-21-3096548613-1792463396-622639421-1001 - Administrator - Enabled) => C:\Users\user

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Disabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {5078598A-1FA2-C888-AA5F-A9C66537DB12}
FW: Avast Antivirus (Disabled) {D322394B-73F7-C65E-BBB0-3B81E063D6D4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.005.20058 - Adobe Systems Incorporated)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{6CF0CAEE-54B6-4D84-A055-3AF110F189D3}) (Version: 8.4 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{8B127943-89E7-4691-A7A4-D05807920A84}) (Version: 8.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A394C41-FBA7-4930-85FC-3A973B34E6C6}) (Version: 13.5.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Ashampoo ZIP Free (HKLM-x32\...\{0A11EA01-5173-F4C2-0973-35C932D5C674}_is1) (Version: 1.0.7 - Ashampoo GmbH & Co. KG)
Atheros Bluetooth Filter Driver Package (HKLM\...\{026B819B-4D60-4C8B-892D-33A0D8666F60}) (Version: 2.0.0.3 - Nombre de su organización)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
Avast Premium Security (HKLM-x32\...\Avast Antivirus) (Version: 21.5.2470 - Avast Software)
Avast SecureLine VPN (HKLM\...\Avast SecureLine) (Version: 5.12.5611.2566 - Avast Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.83 - Piriform)
Core Temp 1.17.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.17.1 - ALCPU)
Express Rip CD Ripper Software (HKLM-x32\...\ExpressRip) (Version: 3.00 - NCH Software)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.13 - Google LLC) Hidden
HiSuite (HKLM-x32\...\Hi Suite) (Version: 10.0.1.100 - )
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33268) (Version: 3.6.1.33268.15 - Intel)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
IrfanView 4.57 (64-bit) (HKLM\...\IrfanView64) (Version: 4.57 - Irfan Skiljan)
Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 88.0.705.81 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office Language Interface Pack 2010 - Català (HKLM-x32\...\{95140000-00FF-0403-0000-0000000FF1CE}) (Version: 14.0.4763.1020 - Microsoft Corporation)
Microsoft Office Language Interface Pack 2010 - Euskara (HKLM-x32\...\{95140000-00FF-042D-0000-0000000FF1CE}) (Version: 14.0.4763.1028 - Microsoft Corporation)
Microsoft Office Language Interface Pack 2010 - Galego (HKLM-x32\...\{95140000-00FF-0456-0000-0000000FF1CE}) (Version: 14.0.4763.1028 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 23.007.09.02.26 - Huawei Technologies Co.,Ltd)
Mozilla Firefox (x64 en-GB) (HKLM\...\Mozilla Firefox 90.0.1 (x64 en-GB)) (Version: 90.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 62.0.3 - Mozilla)
MuseScore 2 (HKLM-x32\...\{7D01160E-D30F-4E88-8872-4A0A0A782E2E}) (Version: 2.3.2 - Werner Schweer and Others)
MuseScore 3 (HKLM\...\{3316B71D-89FC-4EB1-95CA-8111C38A3182}) (Version: 3.2.3.7635 - Werner Schweer and Others)
Nero 12 Essentials Toshiba (HKLM-x32\...\{BA8958DC-ADD7-41E5-8436-5883C7E871C7}) (Version: 12.0.00400 - Nero AG)
OpenOffice 4.1.6 (HKLM-x32\...\{16E4FF6B-31E8-4037-B627-D87CF872E32B}) (Version: 4.16.9790 - Apache Software Foundation)
Premium Sound HD (HKLM\...\{94F03B8E-CB73-4653-AFE9-79112C01FED2}) (Version: 1.12.4600 - SRS Labs, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6794 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Signal 1.39.6 (HKU\S-1-5-21-3096548613-1792463396-622639421-1001\...\7d96caee-06e6-597c-9f2f-c7bb2e0948b4) (Version: 1.39.6 - Open Whisper Systems)
Skype version 8.68 (HKLM-x32\...\Skype_is1) (Version: 8.68 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3096548613-1792463396-622639421-1001\...\Spotify) (Version: 1.1.61.583.gad060c66 - Spotify AB)
Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 7.45 - NCH Software)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.3 - Synaptics Incorporated)
Telegram Desktop version 2.7.1 (HKU\S-1-5-21-3096548613-1792463396-622639421-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 2.7.1 - Telegram FZ-LLC)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6415 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6425 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.10 - TOSHIBA)
Toshiba Places Icon Utility (HKLM\...\{C991A8C4-307C-4FDD-8AAE-A1BF44881E95}) (Version: 2.1.1 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.2.00 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{B75F194E-4C55-4D80-86C8-7FFB29B29984}) (Version: 4.1.3.0 - Toshiba Client Solutions Co., Ltd.)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0012 - Toshiba Corporation)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.1.0.12-A - Toshiba Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.10 - VideoLAN)
Welcome App (Start-up experience) (HKLM-x32\...\{828175FA-7307-4DBF-95AD-9CEE086B6F45}) (Version: 12.0.13000 - Nero AG) Hidden
Zoom (HKU\S-1-5-21-3096548613-1792463396-622639421-1001\...\ZoomUMX) (Version: 5.0 - Zoom Video Communications, Inc.)

Packages:
=========
- Games App - -> C:\Program Files\WindowsApps\WildTangentGames.-GamesApp-_1.0.3.28_x86__qt5r5pa5dyg8m [2018-10-30] (WildTangent Games)
Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_3.1.2.8_neutral__343d40qqvtj1t [2018-10-30] (Amazon.com)
eBay -> C:\Program Files\WindowsApps\eBayInc.eBay_1.6.0.34_neutral__1618n3s9xq8tw [2018-10-30] (eBay, Inc)
Evernote Touch -> C:\Program Files\WindowsApps\Evernote.Evernote_3.3.0.102_x86__q4d96b2w5wcc2 [2018-10-30] (Evernote)
Fresh Paint -> C:\Program Files\WindowsApps\Microsoft.FreshPaint_2.0.15133.0_x86__8wekyb3d8bbwe [2018-10-30] (Microsoft Corporation)
Games -> C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_2.0.139.0_x64__8wekyb3d8bbwe [2014-11-21] (Microsoft Corporation) [MS Ad]
McAfee® Central for Toshiba -> C:\Program Files\WindowsApps\McAfeeInc.04.McAfeeSecurityAdvisorforToshiba_5.0.170.1_x64__m0mgz90br52t0 [2018-10-30] (McAfee_Incorporated)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_2.11.1807.1002_x86__8wekyb3d8bbwe [2018-10-30] (Microsoft Studios) [MS Ad]
MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2018-10-30] (Microsoft Corporation) [MS Ad]
MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2018-10-30] (Microsoft Corporation) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_3.0.4.344_x64__8wekyb3d8bbwe [2018-10-30] (Microsoft Corporation) [MS Ad]
MSN News -> C:\Program Files\WindowsApps\Microsoft.BingNews_3.0.4.344_x64__8wekyb3d8bbwe [2018-11-08] (Microsoft Corporation) [MS Ad]
MSN Sport -> C:\Program Files\WindowsApps\Microsoft.BingSports_3.0.4.345_x64__8wekyb3d8bbwe [2018-10-30] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2018-10-30] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.4.350_x64__8wekyb3d8bbwe [2018-10-30] (Microsoft Corporation) [MS Ad]
Music -> C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2.6.672.0_x64__8wekyb3d8bbwe [2018-10-30] (Microsoft Corporation) [MS Ad]
My Toshiba -> C:\Program Files\WindowsApps\EnnovaResearch.ToshibaPlaces_2.2.38.0_x64__3s2an63h56yee [2018-10-30] (Ennova Research)
Skitch Touch -> C:\Program Files\WindowsApps\Evernote.Skitch_2.4.2000.1918_neutral__q4d96b2w5wcc2 [2018-10-30] (Evernote)
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c [2018-10-30] (Skype) [MS Ad]
TOSHIBA Media Player by sMedio TrueLink+ -> C:\Program Files\WindowsApps\sMedioforToshiba.TOSHIBAMediaPlayerbysMedioTrueLin_3.1.1.33_x64__679ekb9hp1h62 [2018-10-30] (sMedio)
Video -> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2.6.446.0_x64__8wekyb3d8bbwe [2018-10-30] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3096548613-1792463396-622639421-1001_Classes\CLSID\{00000001-0E3A-4123-8B32-4B68A91E104A}\Shell\Open\Command -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDICommandInvoker.exe (Toshiba Corporation) [File not signed]
CustomCLSID: HKU\S-1-5-21-3096548613-1792463396-622639421-1001_Classes\CLSID\{00000001-0E3A-4123-8B32-4B68A91E104A}\InprocServer32 -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIBasePlace.dll (Toshiba Corporation) [File not signed]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-06-29] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-06-29] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1-x32: [ASZipF] -> {e03d3e68-0f44-3d45-b15f-bcfd8a8b4c7e} => C:\Program Files (x86)\Ashampoo\Ashampoo ZIP Free\ASZSHLEXT.DLL [2021-04-06] (Ashampoo GmbH & Co. KG -> Ashampoo GmbH)
ContextMenuHandlers1: [ASZipF64] -> {e03d3e78-0f44-3d45-b15f-bcfd8a8b4c7e} => C:\Program Files (x86)\Ashampoo\Ashampoo ZIP Free\ASZSHLEXT64.DLL [2021-04-06] (Ashampoo GmbH & Co. KG -> Ashampoo GmbH)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-06-29] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-06-29] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll [2015-11-18] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6-x32: [ASZipF] -> {e03d3e68-0f44-3d45-b15f-bcfd8a8b4c7e} => C:\Program Files (x86)\Ashampoo\Ashampoo ZIP Free\ASZSHLEXT.DLL [2021-04-06] (Ashampoo GmbH & Co. KG -> Ashampoo GmbH)
ContextMenuHandlers6: [ASZipF64] -> {e03d3e78-0f44-3d45-b15f-bcfd8a8b4c7e} => C:\Program Files (x86)\Ashampoo\Ashampoo ZIP Free\ASZSHLEXT64.DLL [2021-04-06] (Ashampoo GmbH & Co. KG -> Ashampoo GmbH)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-06-29] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2018-12-19 22:36 - 2009-06-22 20:42 - 000043008 _____ () [File not signed] C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll
2018-12-19 22:36 - 2009-01-10 12:32 - 000011362 _____ () [File not signed] C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll
2018-12-19 22:36 - 2010-05-14 11:57 - 002415104 _____ () [File not signed] C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll
2018-12-19 22:36 - 2010-02-10 16:10 - 001148416 _____ () [File not signed] C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll
2018-12-19 22:36 - 2010-02-10 16:06 - 000398336 _____ () [File not signed] C:\ProgramData\Mobile Partner\OnlineUpdate\QtXml4.dll
2018-12-19 22:36 - 2011-12-23 09:52 - 000843264 _____ () [File not signed] C:\ProgramData\Mobile Partner\OnlineUpdate\QueryStrategy.dll
2012-08-09 01:54 - 2012-08-09 01:54 - 000042496 _____ (Toshiba Corporation) [File not signed] C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDesktopEventCaptor.dll
2012-08-09 01:54 - 2012-08-09 01:54 - 000052224 _____ (Toshiba Corporation) [File not signed] C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIBasePlace.dll
2012-08-09 01:54 - 2012-08-09 01:54 - 000014336 _____ (Toshiba Corporation) [File not signed] C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIPlaceFileEntity.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-3096548613-1792463396-622639421-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/
HKU\S-1-5-21-3096548613-1792463396-622639421-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2019-01-04 15:56 - 000000825 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\AMD\ATI.ACE\Core-Static
HKU\S-1-5-21-3096548613-1792463396-622639421-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\user\Pictures\IMG-20200209-WA0006.jpg
DNS Servers: 100.120.80.1 - 192.168.8.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-3096548613-1792463396-622639421-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3096548613-1792463396-622639421-1001\...\StartupApproved\Run: => "Skype for Desktop"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2C679CB5-3558-4A8D-8081-750A8FD43249}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{37C2FD65-1F08-40D3-BFA9-8FFC5A2C2310}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{EAACE44F-886A-4241-9273-68BD0E1F4F2E}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe (Nero AG -> Nero AG)
FirewallRules: [{A8EFDF76-5248-4AB8-B8B7-7A33B87AF729}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe (Nero AG -> Nero AG)
FirewallRules: [TCP Query User{7785BDB2-B291-45C1-857B-F89663190D7B}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{DF3E4BD8-62B1-45A0-825B-CBD068764393}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{71197E4E-D1A8-4812-A2CB-D23C4D320C3B}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\user\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{ADF09BE7-03C1-43B5-974E-0EB9E12AD964}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\user\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{69A41315-40CD-4BB4-8089-95A662F4205E}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0B599EF3-EA6A-46DE-A8F6-0E35522F927D}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2B731508-7E9D-439B-914B-3F7D0A97EBB0}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe => No File
FirewallRules: [{22165F7C-1F5D-4AA9-8ED2-4DC00AD08F76}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\LDrvSvc.dll => No File
FirewallRules: [{CA7217B9-BA54-4B7C-8E89-7EA9D98875E7}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\download\MiniThunderPlatform.exe => No File
FirewallRules: [{75EBEEB2-269E-45F9-BD9D-E27C0AA45ED0}] => (Allow) C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{43BD1648-8F87-4ECB-A772-930285571572}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B0A7AC39-AED3-4C9F-8774-87228E280320}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{97925B05-C725-4971-898F-D3E7104B7DB5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3881C86B-5763-4DAF-9316-3BEF4AEDB133}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{53658A34-50DA-4A25-90C0-AB2D981251D9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{45BB39A7-772C-4F04-B0A1-B97DE8F0AB90}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9A35365A-69CC-4EEB-8C55-790276E51668}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

==================== Restore Points =========================

21-07-2021 21:46:00 Restore Point Created by FRST
21-07-2021 21:53:08 Restore Point Created by FRST
22-07-2021 11:25:09 AdwCleaner_BeforeCleaning_22/07/2021_11:25:08

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (07/22/2021 04:13:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cnext.exe, version: 10.1.1.1522, time stamp: 0x56d0b595
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process ID: 0x1494
Faulting application start time: 0x01d77f02fe675277
Faulting application path: C:\Program Files\AMD\CNext\CNext\cnext.exe
Faulting module path: unknown
Report ID: f74183fe-eaf6-11eb-8133-20689dde5791
Faulting package full name:
Faulting package-relative application ID:

Error: (07/22/2021 02:39:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cnext.exe, version: 10.1.1.1522, time stamp: 0x56d0b595
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process ID: 0x1f34
Faulting application start time: 0x01d77ef5f9b9997f
Faulting application path: C:\Program Files\AMD\CNext\CNext\cnext.exe
Faulting module path: unknown
Report ID: ebce8164-eae9-11eb-8132-20689dde5791
Faulting package full name:
Faulting package-relative application ID:

Error: (07/22/2021 11:55:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cnext.exe, version: 10.1.1.1522, time stamp: 0x56d0b595
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process ID: 0x160c
Faulting application start time: 0x01d77edefea400f8
Faulting application path: C:\Program Files\AMD\CNext\CNext\cnext.exe
Faulting module path: unknown
Report ID: f6e859be-ead2-11eb-8132-20689dde5791
Faulting package full name:
Faulting package-relative application ID:

Error: (07/22/2021 11:52:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamtray.exe, version: 3.1.0.1840, time stamp: 0x5d5c13ae
Faulting module name: KERNELBASE.dll, version: 6.3.9600.20065, time stamp: 0x60caca5d
Exception code: 0xc0000142
Fault offset: 0x0009d322
Faulting process ID: 0x1208
Faulting application start time: 0x01d77edf35838459
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Faulting module path: KERNELBASE.dll
Report ID: 7b811f91-ead2-11eb-8132-20689dde5791
Faulting package full name:
Faulting package-relative application ID:

Error: (07/22/2021 10:45:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cnext.exe, version: 10.1.1.1522, time stamp: 0x56d0b595
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process ID: 0x21b0
Faulting application start time: 0x01d77ed53045b0f0
Faulting application path: C:\Program Files\AMD\CNext\CNext\cnext.exe
Faulting module path: unknown
Report ID: 21dcc7f1-eac9-11eb-8131-20689dde5791
Faulting package full name:
Faulting package-relative application ID:

Error: (07/21/2021 10:07:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cnext.exe, version: 10.1.1.1522, time stamp: 0x56d0b595
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process ID: 0x164c
Faulting application start time: 0x01d77e6b43dc2062
Faulting application path: C:\Program Files\AMD\CNext\CNext\cnext.exe
Faulting module path: unknown
Report ID: 35b57c5b-ea5f-11eb-8131-20689dde5791
Faulting package full name:
Faulting package-relative application ID:

Error: (07/21/2021 10:06:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SMG4FDE.tmp version 8.0.0.2 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 15d8

Start Time: 01d77e6bbf926e7d

Termination Time: 46

Application Path: C:\Users\user\AppData\Local\Temp\SMG4FDE.tmp\SMG4FDE.tmp

Report Id: 15b9fe58-ea5f-11eb-8131-20689dde5791

Faulting package full name:

Faulting package-relative application ID:

Error: (07/21/2021 09:45:59 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Acceso denegado.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operación:
   Recopilando datos del escritor

Contexto:
   Id. de clase del escritor: {e8132975-6f93-4464-a53e-1050253ae220}
   Nombre del escritor: System Writer
   Id. de instancia del escritor: {70397eea-1cc6-4c9d-9736-5935b4a06757}

System errors:
=============
Error: (07/22/2021 04:08:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HWDeviceService64.exe service terminated unexpectedly. It has done this 1 time(s).

Error: (07/22/2021 04:07:36 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The aswbIDSAgent service terminated with the following service-specific error:
%%3758213661

Error: (07/22/2021 04:07:00 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Administrador de configuración de dispositivos service did not respond on starting.

Error: (07/22/2021 04:05:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Mobile Partner. OUC service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (07/22/2021 04:05:52 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Mobile Partner. OUC service to connect.

Error: (07/22/2021 04:05:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The GFNEX Service service depends on the PEGAGFN service which failed to start because of the following error:
The system cannot find the path specified.

Error: (07/22/2021 04:05:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The PEGAGFN service failed to start due to the following error:
The system cannot find the path specified.

Error: (07/22/2021 04:04:39 PM) (Source: NetBT) (EventID: 4300) (User: )
Description: The driver could not be created.

==================== Memory info ===========================

BIOS: Insyde Corp. 6.10 09/24/2012
Motherboard: Intel PLCSF8
Processor: Intel® Core™ i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 60%
Total physical RAM: 4047.22 MB
Available physical RAM: 1612.98 MB
Total Virtual: 5135.22 MB
Available Virtual: 2358.13 MB

==================== Drives ================================

Drive c: (TI30982400B) (Fixed) (Total:455.7 GB) (Free:356.97 GB) NTFS

\\?\Volume{606b5995-fde3-11e1-9d90-c6ea722139c3}\ (System) (Fixed) (Total:0.44 GB) (Free:0.15 GB) NTFS
\\?\Volume{2db8cd36-e82e-488b-a335-1be4ef20498f}\ () (Fixed) (Total:0.44 GB) (Free:0.1 GB) NTFS
\\?\Volume{11bd8423-1c76-4af8-bf8a-6c057748f438}\ () (Fixed) (Total:0.34 GB) (Free:0.31 GB) NTFS
\\?\Volume{57ecd512-5b4a-40e4-9f14-b01a0ddabfde}\ (Recovery) (Fixed) (Total:8.46 GB) (Free:0.65 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 13D313D3)

Partition: GPT.

==================== End of Addition.txt =======================

#9 jensaxel

Authentic Member

Authentic Member
179 posts

Posted 22 July 2021 - 08:48 AM

Computer's running better now - internet better, though not totally up to normal.

#10 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 22 July 2021 - 04:35 PM

I think Avast antivirus is bogging down your computer.

Disable Avast again and let's try to run the online scanner now.

While it's downloading and scanning out your computer do not do any web surfing or watch YouTube or or listen to online music
The computer needs to be still and allow this scanner to run. this can take anywhere to a few hours to several depends on how much you have on your computer.

Please download Emsisoft Emergency Kit and save it to your desktop.

Double-click on EmsisoftEmergencyKit.exe to install and create a shortcut on the desktop.
Leave all settings as they are and click Accept & Extract. A folder named EEK will be created in the root of the drive (usually C:\) as shown here.
After extraction an Emsisoft Emergency Kit window will open. Under "Run Directly:" click Emergency Kit Scanner.

.
When asked to run an online update, click Yes.

.
When the update is finished, click the Back to Security Status link in the left corner.
On the main screen click the Scan PC button.
Select Smart Scan, then click the Scan button.
When the scan is finished, click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.

.
Click the View Report button and in the Reports window double-click on the most recent log. Logs are named as follows: a2scan_Date-Time.txt (YYMODY) and saved to C:\EEK\bin\Reports\.
Alternatively you can click Export and save the log to your Desktop, then open by double-clicking on it.
Copy and paste the contents of that logfile in your next reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Advertisements

Register to Remove

#11 jensaxel

Authentic Member

Authentic Member
179 posts

Posted 22 July 2021 - 04:52 PM

All right - I'm not sure, what you want me to do. I ran Farbar with Avast disabled. Do you want me to run EEK again with Avast disabled?

#12 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 22 July 2021 - 05:17 PM

Yes, please Thats why I don't want you to do anything on the computer while it's downloading and scanning. Afterwards, re-enable Avast.

#13 jensaxel

Authentic Member

Authentic Member
179 posts

Posted 23 July 2021 - 04:32 AM

Hi so here goes

Emsisoft Emergency Kit - Version 2021.4
Last update: N/A
My own cash\user
CASH
Windows 8.1x64

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: ON
Scan archives: OFF
Scan mail archives: OFF
ADS Scan: ON
Direct disk access: OFF

Scan start:   23/07/2021 12:16:44

Scanned   91878
Found   0

Scan end:   23/07/2021 12:26:25
Scan time:   0:09:41

By the way, I don't find smart scan. I see 3 options: Quick scan, Malware scan and Custom scan. I have run the Malware Scan.

Jens

#14 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 23 July 2021 - 05:48 AM

You did good.

You may need to temporarily disable Avast once more to run the below script, remember to enable it when finished.

********************************************************************************************
Start Farbar Recovery Scan Tool with Administrator privileges
(Right click on the FRST icon and select Run as administrator)

highlight on the text below and select Copy.
beginning with Start:: and finishing with End::
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Highlight the entire content of the quote box below and select Copy.

Start::
CloseProcesses:
CreateRestorePoint:
FirewallRules: [{2B731508-7E9D-439B-914B-3F7D0A97EBB0}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe => No File
FirewallRules: [{22165F7C-1F5D-4AA9-8ED2-4DC00AD08F76}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\LDrvSvc.dll => No File
FirewallRules: [{CA7217B9-BA54-4B7C-8E89-7EA9D98875E7}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\download\MiniThunderPlatform.exe => No File
Task: {F27F4D82-BFF7-48BE-A4CB-770761A8D1DB} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
"C:\Windows\System32\Tasks\McAfee\McAfee Idle Detection Task" was unlocked. <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

EmptyTemp:
End::

How's the computer now.

#15 jensaxel

Authentic Member

Authentic Member
179 posts

Posted 24 July 2021 - 03:54 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 19-07-2021 01
Ran by user (24-07-2021 11:30:31) Run:1
Running from C:\Users\user\Downloads
Loaded Profiles: user
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
FirewallRules: [{2B731508-7E9D-439B-914B-3F7D0A97EBB0}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe => No File
FirewallRules: [{22165F7C-1F5D-4AA9-8ED2-4DC00AD08F76}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\LDrvSvc.dll => No File
FirewallRules: [{CA7217B9-BA54-4B7C-8E89-7EA9D98875E7}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\download\MiniThunderPlatform.exe => No File
Task: {F27F4D82-BFF7-48BE-A4CB-770761A8D1DB} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
"C:\Windows\System32\Tasks\McAfee\McAfee Idle Detection Task" was unlocked. <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
EmptyTemp:

*****************

Processes closed successfully.
Restore point was successfully created.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2B731508-7E9D-439B-914B-3F7D0A97EBB0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{22165F7C-1F5D-4AA9-8ED2-4DC00AD08F76}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CA7217B9-BA54-4B7C-8E89-7EA9D98875E7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F27F4D82-BFF7-48BE-A4CB-770761A8D1DB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F27F4D82-BFF7-48BE-A4CB-770761A8D1DB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\EOSNotify" => removed successfully
"C:\Windows\System32\Tasks\McAfee\McAfee Idle Detection Task" was unlocked. <==== ATTENTION" => not found
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 11869519 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 211930058 B
Edge => 0 B
Firefox => 543314177 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 37172 B
NetworkService => 37172 B
user => 37636855 B

RecycleBin => 1150824738 B
EmptyTemp: => 1.8 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 11:34:03 ====