Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Is my laptop hacked?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Is my laptop hacked?

Unread postby rbd » August 29th, 2019, 5:38 pm

Oh, and regarding the extensions... whenever it's the time to reinstall them, I can reinstall NoScript but the other ones no idea how to get them back (particularly the one from avast as I think it come directly from the AV program)
rbd
Regular Member
 
Posts: 101
Joined: November 3rd, 2011, 10:05 pm
Advertisement
Register to Remove

Re: Is my laptop hacked?

Unread postby rbd » August 29th, 2019, 8:34 pm

Hi mAL,

I've been playing around. I don't know what got me to try it, but I just happened to find out that if I do Shift+Delete (instead of Delete only, as I used to do before) I can delete websites from the history directly from the address bar. Weird!
Out of pure luck!!! :D

Now that this issue is solved, can you please help me with reinstating all my add-ons and extensions, then continue with my original request to check whether my laptop is ok or has any evidence of messing about.

Thanks.

rbd
rbd
Regular Member
 
Posts: 101
Joined: November 3rd, 2011, 10:05 pm

Re: Is my laptop hacked?

Unread postby rbd » August 31st, 2019, 3:50 pm

Can someone from the forum please help.

My helper mAL has been hepful so far and I appreciate he might be busy with other things. It's a forum run on a volunteer basis, and people may have important commitments or emergencies happening in their life. We're all human beings after all. I totally understand this. I am very thankful for the existence of this forum and the help received so far.
I would just like to have Firefox restored with all the extensions/add-ons back please (if it is now the time to restore them). And if possible, complete the check on my laptop and router to see if everything is fine, as per my initial post. I haven't been able to do much in the last 3 days, so if some other forum helper could help out, it would be really useful.

I'm sorry to having to ask for this.

Thank you so much in advance,
rbd
rbd
Regular Member
 
Posts: 101
Joined: November 3rd, 2011, 10:05 pm

Re: Is my laptop hacked?

Unread postby mAL_rEm018 » August 31st, 2019, 3:54 pm

Hi rbd,

I will post my instructions within the hour. I sincerely apologize for any inconvenience my being slow in replying may have caused to you.

Regards,
mAL
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Is my laptop hacked?

Unread postby rbd » August 31st, 2019, 4:04 pm

Hi mAL,

No problem. Thank you again for your help.

rbd
rbd
Regular Member
 
Posts: 101
Joined: November 3rd, 2011, 10:05 pm

Re: Is my laptop hacked?

Unread postby mAL_rEm018 » August 31st, 2019, 4:09 pm

Hi rbd,

I would like to see a fresh set of FRST log. It will give me a good idea of which Firefox extensions we need to reinstall as some of them may have automatically been installed. At the same time I will check again for any signs of "modification", but I haven't seen any so far.

  • Right-click on FRST64.exe and select Run as administrator.
  • The tool might update. Please allow it to do so.
  • Select Scan.
  • When the scan is over two windows will open, FRST.txt and Addition.txt.
  • Please post the contents of both logs in your next reply.


-----------------------------------------
In your next reply, I would like to see..
  • FRST.txt
  • Addition.txt

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Is my laptop hacked?

Unread postby rbd » August 31st, 2019, 4:39 pm

Hi mAL

Here are the posts.

FRST post:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2019
Ran by Administrator1 (administrator) on TOSHIBA (TOSHIBA SATELLITE PRO C50-A-1KH) (31-08-2019 21:30:29)
Running from C:\Users\Administrator1\Desktop
Loaded Profiles: Administrator1 (Available Profiles: Administrator1 & Pietro & Rahil & Guest)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [996192 2013-05-21] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [595840 2012-03-03] (TOSHIBA CORPORATION -> )
HKLM\...\Run: [BatteryManager] => C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayIcon.exe [293760 2013-08-13] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1562032 2012-02-29] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-12-15] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2012-04-12] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-10] (Toshiba Europe GmbH -> Toshiba Europe GmbH)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [150992 2013-10-11] (Toshiba Europe GmbH -> Toshiba Europe GmbH)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2778864 2014-08-06] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [269192 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [301880 2018-11-15] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [DTS Sound] => C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\APO3GUI.exe [1471296 2013-06-01] (DTS, Inc. -> DTS, Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-08-15] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-02] (TOSHIBA CORPORATION -> TOSHIBA CORPORATION)
HKLM-x32\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [374784 2013-01-17] (Alcor Micro Corp.) [File not signed]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\...\Drivers32: [vidc.H264] => C:\Windows\SysWOW64\TH264Codec.dll [356352 2012-11-12] (TDP5) [File not signed]
HKLM\...\Drivers32: [VIDC.MPG4] => C:\Windows\SysWOW64\Mpg4c32.dll [413760 2012-11-12] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [VIDC.MP42] => C:\Windows\SysWOW64\Mpg4c32.dll [413760 2012-11-12] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [VIDC.MP43] => C:\Windows\SysWOW64\Mpg4c32.dll [413760 2012-11-12] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [VIDC.TVTA] => C:\Windows\SysWOW64\TVTACodec.dll [90112 2012-11-12] (tvt) [File not signed]
HKLM\...\Drivers32: [VIDC.TVTX] => C:\Windows\SysWOW64\TVTXTDEC.DLL [282624 2012-11-12] (tvt) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\XVIDVFW.DLL [114688 2012-11-12] (tvt) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.132\Installer\chrmstp.exe [2019-08-27] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\...\Authentication\Credential Providers: [{3AFF1C30-4959-4c2f-8BED-E6E81E39F57A}] -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtCp.dll [2012-02-02] (TOSHIBA CORPORATION -> TOSHIBA CORPORATION)
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk [2019-07-15]
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION -> TOSHIBA CORPORATION.)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {073279F4-799C-4F07-96EE-2BE10C720FAE} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {090B8C91-D5C6-48DE-A9EC-F6A1D3B8955C} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2045832 2019-08-20] (AVAST Software s.r.o. -> AVAST Software)
Task: {146333AA-166F-4CBE-956A-BDF9B888674D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-11-24] (Google Inc -> Google Inc.)
Task: {2FE6EA4F-8EF6-4454-AD92-F7121A71B652} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-11-24] (Google Inc -> Google Inc.)
Task: {3C37FED5-BE30-462C-91A0-8984D3E48477} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [117296 2019-08-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {417E333C-16B5-4A70-8AA4-8B373A654AE1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1236048 2019-07-24] (Adobe Inc. -> Adobe Systems)
Task: {4807DA5E-23F6-494E-9DC9-53F288DB48A0} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1428624 2019-08-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {499CB95E-D5F8-4106-88E7-E48B898D322F} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1569912 2019-08-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {4AF96650-A8E5-4460-9181-4F46AF77A17E} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [117296 2019-08-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {4BBFE095-9051-4C2A-B878-762E9D8E2F06} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27367016 2019-08-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {5E05F8A2-7A76-46C9-A643-561B50E681F3} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_238_Plugin.exe [1457208 2019-08-17] (Adobe Inc. -> Adobe)
Task: {5EC73ED3-350E-490E-BA00-D5048E923C2E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27367016 2019-08-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {A2136B53-4922-464B-8841-BCF9E8475611} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-08-17] (Adobe Inc. -> Adobe)
Task: {B52D0FF5-BF38-45F2-B2C9-D2990C72BC37} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {B6A1C5CB-B095-48A6-B1F5-2D4FDD7059EF} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {C58BD3E8-91DF-49D8-B29B-F5C6612F576A} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3940232 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
Task: {CE6EAAA2-FB84-41D9-9DD6-815F64C0F9CD} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1428624 2019-08-31] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{4D779444-73DC-46D2-BB79-D871AC6C29CF}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{78BDAA79-C3A1-4667-8655-49D6221C5566}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-2246960787-3754121387-607372831-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TEJB
HKU\S-1-5-21-2246960787-3754121387-607372831-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TEJB
HKU\S-1-5-21-2246960787-3754121387-607372831-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://toshiba.eu/symbaloo_b
SearchScopes: HKU\S-1-5-21-2246960787-3754121387-607372831-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-06-26] (Microsoft Corporation -> Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2019-08-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2019-08-31] (Microsoft Corporation -> Microsoft Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} hxxp://192.168.0.220/WebClient.exe
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File

FireFox:
========
FF DefaultProfile: d38hhm6w.default-1566943191455
FF ProfilePath: C:\Users\Administrator1\AppData\Roaming\Mozilla\Firefox\Profiles\jv6yb4nm.default-release-1567124582797 [2019-08-31]
FF DownloadDir: C:\Users\Administrator1\Desktop
FF ProfilePath: C:\Users\Administrator1\AppData\Roaming\Mozilla\Firefox\Profiles\d38hhm6w.default-1566943191455 [2019-08-29]
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_32_0_0_238.dll [2019-08-17] (Adobe Inc. -> )
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_238.dll [2019-08-17] (Adobe Inc. -> )
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-12] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-12] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-04-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-07-31] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Administrator1\AppData\Local\Google\Chrome\User Data\Default [2019-08-29]
CHR Extension: (Slides) - C:\Users\Administrator1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-05-12]
CHR Extension: (Docs) - C:\Users\Administrator1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-05-12]
CHR Extension: (Google Drive) - C:\Users\Administrator1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-24]
CHR Extension: (YouTube) - C:\Users\Administrator1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-24]
CHR Extension: (Google Search) - C:\Users\Administrator1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-24]
CHR Extension: (Sheets) - C:\Users\Administrator1\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-05-12]
CHR Extension: (Google Docs Offline) - C:\Users\Administrator1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-09]
CHR Extension: (IE Tab) - C:\Users\Administrator1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2019-08-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-12]
CHR Extension: (Gmail) - C:\Users\Administrator1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-15]
CHR Extension: (Chrome Media Router) - C:\Users\Administrator1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-17]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc. -> Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6797008 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [414976 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11568224 2019-08-24] (Microsoft Corporation -> Microsoft Corporation)
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [16720 2013-06-01] (DTS, Inc. -> )
R2 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [162824 2010-09-10] (PEGATRON CORPORATION -> )
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Trusted Connect Service -> Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [92792 2007-11-06] (CACE TECHNOLOGIES, LLC -> CACE Technologies)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [332800 2013-04-25] (IDT, Inc.) [File not signed]
R2 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH -> Toshiba Europe GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmUStor; C:\windows\System32\drivers\AmUStor.SYS [118184 2018-05-14] (Alcorlink Corp. -> )
R0 aswArDisk; C:\windows\System32\drivers\aswArDisk.sys [37320 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\windows\System32\drivers\aswArPot.sys [209256 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\windows\System32\drivers\aswbidsdriver.sys [263224 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\windows\System32\drivers\aswbidsh.sys [206056 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\windows\System32\drivers\aswbuniv.sys [61688 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
R1 aswHdsKe; C:\windows\System32\drivers\aswHdsKe.sys [279336 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\windows\System32\drivers\aswKbd.sys [42504 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\windows\System32\drivers\aswMonFlt.sys [168896 2019-08-13] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\windows\System32\drivers\aswRdr2.sys [112520 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\windows\System32\drivers\aswRvrt.sys [88160 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\windows\System32\drivers\aswSnx.sys [1030784 2019-08-13] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\windows\System32\drivers\aswSP.sys [477288 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\windows\System32\drivers\aswStm.sys [225816 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\windows\System32\drivers\aswVmm.sys [387688 2019-08-13] (AVAST Software s.r.o. -> AVAST Software)
R3 athr; C:\windows\System32\DRIVERS\athrx.sys [4022272 2013-10-25] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros Communications, Inc.)
R0 iaStorF; C:\windows\System32\DRIVERS\iaStorF.sys [28656 2013-03-11] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
R3 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [275232 2019-08-31] (Malwarebytes Corporation -> Malwarebytes)
S3 NPF; C:\windows\System32\drivers\npf.sys [40464 2007-11-06] (CACE TECHNOLOGIES, LLC -> CACE Technologies)
R3 SmbDrvI; C:\windows\System32\DRIVERS\Smb_driver_Intel.sys [33008 2013-05-03] (Synaptics Incorporated -> Synaptics Incorporated)
R3 STHDA; C:\windows\System32\DRIVERS\stwrt64.sys [546304 2013-04-25] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
S3 USBAAPL64; C:\windows\System32\Drivers\usbaapl64.sys [54784 2016-03-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-31 21:30 - 2019-08-31 21:30 - 000000000 ____D C:\Users\Administrator1\Desktop\FRST-OlderVersion
2019-08-31 20:18 - 2019-08-31 20:18 - 000275232 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamswissarmy.sys
2019-08-31 10:20 - 2019-08-31 10:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Strumenti di Microsoft Office
2019-08-29 22:29 - 2019-08-29 22:29 - 000000907 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-08-29 22:29 - 2019-08-29 22:29 - 000000895 _____ C:\Users\Public\Desktop\Firefox.lnk
2019-08-29 22:29 - 2019-08-29 22:29 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-08-29 22:29 - 2019-08-29 22:29 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-08-27 22:59 - 2019-08-30 01:23 - 000000000 ____D C:\Users\Administrator1\Desktop\Old Firefox Data
2019-08-27 22:55 - 2019-08-27 22:55 - 000000000 ____D C:\Users\Rahil\AppData\Roaming\Mozilla
2019-08-27 22:55 - 2019-08-27 22:55 - 000000000 ____D C:\Users\Rahil\AppData\LocalLow\Mozilla
2019-08-27 22:55 - 2019-08-27 22:55 - 000000000 ____D C:\Users\Rahil\AppData\Local\Mozilla
2019-08-27 22:54 - 2019-08-27 22:54 - 000157106 _____ C:\Users\Pietro\Desktop\bookmarks-2019-08-27 Pietro.json
2019-08-27 22:51 - 2019-08-27 22:51 - 000023720 _____ C:\Users\Administrator1\Desktop\bookmarks-2019-08-27 Admin.json
2019-08-21 00:37 - 2019-08-21 00:39 - 000001826 _____ C:\Users\Administrator1\Desktop\Fixlog.txt
2019-08-20 00:56 - 2019-08-20 00:56 - 000001230 _____ C:\Users\Administrator1\Desktop\MBAM Log.txt
2019-08-20 00:37 - 2019-08-20 00:37 - 000002246 _____ C:\Users\Administrator1\Desktop\Tweaking.com - Registry Backup.lnk
2019-08-20 00:37 - 2019-08-20 00:37 - 000000000 ____D C:\RegBackup
2019-08-20 00:34 - 2019-08-20 00:34 - 005766144 _____ (Tweaking.com) C:\Users\Administrator1\Desktop\tweaking.com_registry_backup_setup.exe
2019-08-19 02:39 - 2019-08-31 10:20 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2019-08-19 02:39 - 2019-08-31 10:20 - 000002427 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2019-08-19 02:39 - 2019-08-31 10:20 - 000002423 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2019-08-19 02:39 - 2019-08-31 10:20 - 000002412 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2019-08-19 02:39 - 2019-08-31 10:20 - 000002411 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2019-08-19 02:39 - 2019-08-31 10:20 - 000002383 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2019-08-19 02:39 - 2019-08-31 10:20 - 000002367 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2019-08-17 10:39 - 2019-08-17 10:41 - 000034095 _____ C:\Users\Administrator1\Desktop\Addition.txt
2019-08-17 10:33 - 2019-08-31 21:35 - 000023706 _____ C:\Users\Administrator1\Desktop\FRST.txt
2019-08-17 10:32 - 2019-08-31 21:30 - 000000000 ____D C:\FRST
2019-08-17 10:31 - 2019-08-20 00:36 - 000001328 _____ C:\Users\Administrator1\Desktop\post.txt
2019-08-17 10:27 - 2019-08-31 21:30 - 001615360 _____ (Farbar) C:\Users\Administrator1\Desktop\FRST64.exe
2019-08-13 19:44 - 2019-08-13 19:44 - 000001838 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-08-13 19:44 - 2019-08-13 19:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-08-13 19:44 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\windows\system32\Drivers\mbae64.sys
2019-08-13 07:39 - 2019-08-31 09:27 - 000212992 _____ C:\windows\system32\ClickToRun_Pipeline16

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-31 21:30 - 2016-11-17 00:16 - 000000000 ____D C:\Users\Administrator1\AppData\LocalLow\Mozilla
2019-08-31 21:22 - 2017-04-16 00:50 - 000004168 _____ C:\windows\System32\Tasks\Avast Emergency Update
2019-08-31 20:53 - 2015-09-06 15:40 - 000000000 ____D C:\Users\Pietro\Documents\Sport
2019-08-31 20:51 - 2016-11-18 21:41 - 000000000 ____D C:\Users\Pietro\AppData\LocalLow\Mozilla
2019-08-31 20:26 - 2009-07-14 05:45 - 000027568 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-08-31 20:26 - 2009-07-14 05:45 - 000027568 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-08-31 20:18 - 2009-07-14 06:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2019-08-31 10:25 - 2013-10-11 23:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-08-31 10:19 - 2013-10-11 23:03 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-08-29 22:26 - 2015-11-24 15:53 - 000000000 ____D C:\Users\Administrator1\AppData\Local\IE Tab
2019-08-27 22:47 - 2015-11-24 15:52 - 000002235 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-08-27 22:47 - 2015-11-24 15:52 - 000002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-08-25 19:17 - 2009-07-14 06:13 - 000781790 _____ C:\windows\system32\PerfStringBackup.INI
2019-08-25 19:17 - 2009-07-14 04:20 - 000000000 ____D C:\windows\inf
2019-08-25 01:06 - 2017-04-19 22:43 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-08-24 22:05 - 2015-11-26 03:02 - 000000000 ____D C:\Users\Pietro\AppData\Local\IE Tab
2019-08-21 00:42 - 2015-11-26 01:37 - 000000008 __RSH C:\ProgramData\ntuser.pol
2019-08-21 00:38 - 2009-07-14 04:20 - 000000000 ___HD C:\windows\system32\GroupPolicy
2019-08-21 00:38 - 2009-07-14 04:20 - 000000000 ____D C:\windows\SysWOW64\GroupPolicy
2019-08-20 00:37 - 2017-04-09 16:19 - 000053291 _____ C:\windows\Tweaking.com - Registry Backup Setup Log.txt
2019-08-17 10:48 - 2018-03-14 22:48 - 000004478 _____ C:\windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-08-17 10:48 - 2017-04-19 23:02 - 000842296 _____ (Adobe) C:\windows\SysWOW64\FlashPlayerApp.exe
2019-08-17 10:48 - 2017-04-19 23:02 - 000175160 _____ (Adobe) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-08-17 10:48 - 2017-04-19 23:02 - 000004324 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2019-08-17 10:48 - 2013-10-11 22:58 - 000000000 ____D C:\windows\SysWOW64\Macromed
2019-08-17 10:48 - 2013-10-11 22:58 - 000000000 ____D C:\windows\system32\Macromed
2019-08-13 19:56 - 2017-04-19 22:44 - 000004476 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2019-08-13 19:46 - 2014-09-06 16:02 - 000000000 ____D C:\ProgramData\TEMP
2019-08-13 19:46 - 2014-09-06 16:02 - 000000000 ____D C:\Program Files (x86)\SpywareBlaster
2019-08-13 19:34 - 2018-06-22 20:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2019-08-13 19:19 - 2019-07-04 23:21 - 000168896 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2019-08-13 19:19 - 2017-04-16 00:50 - 001030784 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2019-08-13 19:19 - 2017-04-16 00:50 - 000387688 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys
2019-08-13 07:45 - 2009-07-14 04:20 - 000000000 ____D C:\windows\system32\NDF
2019-08-13 00:30 - 2014-09-04 00:42 - 000000000 ____D C:\Users\Pietro\AppData\Local\CutePDF Writer

==================== FLock ================

2013-12-06 12:52 C:\windows\CSC

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-04-18 22:10
==================== End of FRST.txt ============================

ADDITION post:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2019
Ran by Administrator1 (31-08-2019 21:35:44)
Running from C:\Users\Administrator1\Desktop
Windows 7 Professional Service Pack 1 (X64) (2014-04-21 18:53:52)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2246960787-3754121387-607372831-500 - Administrator - Disabled)
Administrator1 (S-1-5-21-2246960787-3754121387-607372831-1000 - Administrator - Enabled) => C:\Users\Administrator1
Guest (S-1-5-21-2246960787-3754121387-607372831-501 - Limited - Disabled) => C:\Users\Guest
Pietro (S-1-5-21-2246960787-3754121387-607372831-1001 - Limited - Enabled) => C:\Users\Pietro
Rahil (S-1-5-21-2246960787-3754121387-607372831-1007 - Limited - Enabled) => C:\Users\Rahil

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20040 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.238 - Adobe)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.238 - Adobe)
Alcor Micro USB Card Reader (HKLM-x32\...\{F08E6C0F-EF66-4E9B-B220-747F99FE0C15}) (Version: 4.4.1245.72462 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 4.4.1245.72462 - Alcor Micro Corp.)
Apple Application Support (32-bit) (HKLM-x32\...\{80B42CAA-28C0-4FBD-A46E-D61F45E2F9FC}) (Version: 7.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{466D00D0-E7DE-47C2-8FE5-54A8009F5850}) (Version: 7.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Atheros Bluetooth Filter Driver Package (HKLM\...\{65486209-5C54-439C-8383-8AC9BBE25932}) (Version: 2.0.0.9 - Qualcomm Atheros)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.6.2383 - AVAST Software)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v9.10.13(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
ControlCenter (HKLM-x32\...\{E5EDA1E6-5FDD-4B29-8399-6022B81C3A7C}) (Version: - )
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - Acro Software Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DTS Sound (HKLM-x32\...\{791692AD-63B2-4A87-A097-4E8DD3CE4BC9}) (Version: 1.00.0079 - DTS, Inc.)
Filzip 3.06 (HKLM-x32\...\Filzip 3.0.6.93_is1) (Version: 3.0.6 - Philipp Engel)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 76.0.3809.132 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
H264 Video Codec (HKLM-x32\...\H264) (Version: - T,DP5)
IDT Audio Driver (HKLM\...\{11424B27-C16B-4505-9667-82A10AD1B1DC}) (Version: 6.10.6472.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3293 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.4.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.1.28 - Intel Corporation)
iTunes (HKLM\...\{74291031-84BA-4A01-9B8A-1C17CDFB820D}) (Version: 12.9.2.6 - Apple Inc.)
Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.11929.20254 - Microsoft Corporation)
Microsoft Office 365 - it-it (HKLM\...\O365HomePremRetail - it-it) (Version: 16.0.11929.20254 - Microsoft Corporation)
Microsoft Office Proofing Tools 2013 - English (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Proofing Tools 2013 - Italiano (HKLM-x32\...\{90150000-001F-0410-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\OneDriveSetup.exe) (Version: 17.3.5951.0827 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 68.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 68.0.2 (x64 en-US)) (Version: 68.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 68.0.2 - Mozilla)
NVMS-1000 (HKLM-x32\...\{706F1178-8CDB-45E5-B05F-D1950D9D17DF}) (Version: 2.0.0.2 - )
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11929.20254 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11929.20254 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11929.20254 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11929.20254 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0410-0000-0000000FF1CE}) (Version: 16.0.11929.20254 - Microsoft Corporation) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.13 - Qualcomm Atheros Communications Inc.)
Sculptris Alpha 6 (HKLM-x32\...\Sculptris Alpha 6 Alpha 6) (Version: Alpha 6 - Pixologic)
Skype version 8.50 (HKLM-x32\...\Skype_is1) (Version: 8.50 - Skype Technologies S.A.)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.51 - Synaptics Incorporated)
TOSHIBA Battery Check Utility (HKLM-x32\...\{5468E297-7EF8-4CB3-A091-F8714147793F}) (Version: 1.00.04.01 - Toshiba Client Solutions Co., Ltd.)
TOSHIBA Battery Manager (HKLM\...\{D7C7641F-0C96-4635-BFE1-29EBB3B05CC8}) (Version: 9.0.0.64 - Toshiba Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.12 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{F5AFF327-9B52-4E96-B5A0-BD2488A8EEC9}) (Version: 1.3.23.64 - TOSHIBA Corporation)
TOSHIBA Flash Cards (HKLM\...\{F5D089A2-3E02-4471-AA04-3C7B87A60BD4}) (Version: 9.0.01.6402 - Toshiba Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{2FD5D2C5-A7A1-4065-89BA-90542BF7CCD3}) (Version: 2.00.0029 - TOSHIBA)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.14 - TOSHIBA Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.14 - TOSHIBA)
TOSHIBA PC Diagnostic Tool (HKLM-x32\...\{F0794FA5-1809-4FC3-AA4E-48061281B5A2}) (Version: 9.0.0.6402 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.17.64 - TOSHIBA Corporation)
TOSHIBA Power Saver (HKLM\...\{4573FA6D-5FC1-4CA0-8D90-BAF9325B28ED}) (Version: 9.0.0.6404 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.7.52020010 - TOSHIBA CORPORATION)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.15.0 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\{119826A8-4EF6-4BE5-A88B-D2D81FA7CEE2}) (Version: 2.00.0011 - TOSHIBA)
TOSHIBA System Driver (HKLM\...\{46754F5B-B496-4BCA-87E5-84ACF27FCE0F}) (Version: 9.0.1.6401 - Toshiba Corporation)
TOSHIBA TEMPRO (HKLM-x32\...\{F082CB11-4794-4259-99A1-D91BA762AD15}) (Version: 3.35 - Toshiba Europe GmbH)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.7.1 - VideoLAN)
WebClient (HKLM-x32\...\WebClient) (Version: - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPcap 4.0.2 (HKLM-x32\...\WinPcapInst) (Version: 4.0.0.1040 - CACE Technologies)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1-x32: [Filzip] -> {B28C18DB-6816-4F31-9630-397683E3C2C3} => C:\Program Files (x86)\Filzip\fzshext.dll [2004-09-08] () [File not signed]
ContextMenuHandlers1: [tosBtShllExt] -> {6BEF3D0B-53F0-4b0d-B91C-C19ED3D4C9D1} => C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\TosBtShell.dll [2010-07-30] (TOSHIBA CORPORATION -> TOSHIBA)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [tosBtShllExt] -> {6BEF3D0B-53F0-4b0d-B91C-C19ED3D4C9D1} => C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\TosBtShell.dll [2010-07-30] (TOSHIBA CORPORATION -> TOSHIBA)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2013-09-03] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6-x32: [Filzip] -> {B28C18DB-6816-4F31-9630-397683E3C2C3} => C:\Program Files (x86)\Filzip\fzshext.dll [2004-09-08] () [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) ==============

2013-12-06 13:17 - 2013-08-15 23:34 - 000073728 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.dll
2015-12-03 01:51 - 2015-12-03 01:51 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\AppVIsvSubsystems32.dll
2015-12-03 01:51 - 2015-12-03 01:51 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\c2r32.dll
2011-12-15 00:04 - 2011-12-15 00:04 - 000150016 _____ (TOSHIBA Corporation) [File not signed] C:\Program Files\TOSHIBA\TPHM\TPCHCTL.dll
2011-12-15 00:03 - 2011-12-15 00:03 - 000109568 _____ (TOSHIBA Corporation) [File not signed] C:\Program Files\TOSHIBA\TPHM\TPCHMui.dll
2011-12-15 00:03 - 2011-12-15 00:03 - 000259584 _____ (TOSHIBA Corporation) [File not signed] C:\Program Files\TOSHIBA\TPHM\TReport.dll
2013-06-19 02:51 - 2013-06-19 02:51 - 000057344 _____ (TOSHIBA CORPORATION.) [File not signed] C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosCpsAPI.dll
2013-03-08 00:02 - 2013-03-08 00:02 - 000202752 _____ (TOSHIBA CORPORATION.) [File not signed] C:\windows\System32\tbtmon.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [252]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\1001movie.com -> 1001movie.com

There are 6091 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2019-01-05 18:58 - 000000036 _____ C:\windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\;C:\Program Files (x86)\Windows Live\Shared
HKU\S-1-5-21-2246960787-3754121387-607372831-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{ED0E5E14-C822-4331-B83C-081848F6852C}] => (Allow) C:\program files (x86)\toshiba\bluetooth toshiba stack\tosbtpcs.exe (TOSHIBA CORPORATION -> TOSHIBA CORPORATION)
FirewallRules: [{0DCF30F8-9976-4A13-A374-9F14D32AC006}] => (Allow) C:\program files (x86)\toshiba\bluetooth toshiba stack\tosbtpcs.exe (TOSHIBA CORPORATION -> TOSHIBA CORPORATION)
FirewallRules: [{D654BC83-80E5-41CD-B365-6BAED47921CD}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe No File
FirewallRules: [{77A4AEF1-83CE-43FD-B9AE-6DA6288B2E18}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe No File
FirewallRules: [{1F631B2B-5D98-401B-976B-85A785D1C9A5}] => (Allow) C:\Users\Administrator1\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe No File
FirewallRules: [{E776AB36-B620-4A00-8133-20441BBA7901}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1CDA2465-3886-4465-B515-6F0D6CEE8C3D}] => (Allow) LPort=2869
FirewallRules: [{A0BDDE8A-B7FE-4778-AFA6-EAE70D2C5B58}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{CE306CA1-5DC0-4815-8C6F-45808F475E70}C:\program files (x86)\controlcenter\controlcenter.exe] => (Allow) C:\program files (x86)\controlcenter\controlcenter.exe (TVT) [File not signed]
FirewallRules: [UDP Query User{19313C13-F158-455E-901A-FB144D55676F}C:\program files (x86)\controlcenter\controlcenter.exe] => (Allow) C:\program files (x86)\controlcenter\controlcenter.exe (TVT) [File not signed]
FirewallRules: [TCP Query User{18B3C83B-AE60-4FBD-9F43-9B4D13A1AB72}C:\program files (x86)\nvms-1000\nvms-1000 client\nvms-1000.exe] => (Allow) C:\program files (x86)\nvms-1000\nvms-1000 client\nvms-1000.exe () [File not signed]
FirewallRules: [UDP Query User{02A0693B-0043-41A4-99DB-429F45DD13A7}C:\program files (x86)\nvms-1000\nvms-1000 client\nvms-1000.exe] => (Allow) C:\program files (x86)\nvms-1000\nvms-1000 client\nvms-1000.exe () [File not signed]
FirewallRules: [{D560366C-E366-4326-8512-F1FF7B390939}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{37ED6C6D-9F64-4C18-9211-F0F6FA5C2B90}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A8AABE8D-A824-4343-A84B-F3BB9DACECE6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{EE8AD0C8-466D-41DD-BB34-D9FAB89EE781}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5F70F35E-0D60-48EC-A4A2-4B26F1623C84}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{54741927-6956-4A68-BB12-0DA3CE628E5D}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6F3C9541-5E7C-4D94-A3F9-BA0B957F40BF}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D3A1028E-5E31-4C2D-B7EC-8A2A22394DAA}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C641760E-FFE7-4099-B886-9D7A18643525}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{BCC40A2E-A4D2-426A-BA08-F32F83E8F8E6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{B9B6CA7D-517D-4D15-8557-E0442AE564C7}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{CF1414A9-2D56-400D-9641-AA0999A2BB14}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

16-06-2019 17:01:21 Windows Update
24-06-2019 02:44:49 Windows Update
10-07-2019 23:27:45 Windows Update
21-08-2019 00:37:55 Restore Point Created by FRST

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/31/2019 08:18:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/31/2019 10:26:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/31/2019 09:27:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/30/2019 07:59:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/29/2019 10:33:56 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (08/29/2019 10:23:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/29/2019 10:15:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/29/2019 07:42:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (08/31/2019 09:20:11 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.

Error: (08/29/2019 10:17:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (08/29/2019 10:17:29 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.

Error: (08/29/2019 07:40:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Avast Antivirus service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (08/29/2019 07:40:14 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Avast Antivirus service to connect.

Error: (08/29/2019 07:39:25 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 01:46:12 on ‎29/‎08/‎2019 was unexpected.

Error: (08/28/2019 10:49:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Audio Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (08/28/2019 10:49:44 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Audio Service service to connect.


Windows Defender:
===================================
Date: 2014-09-27 23:54:54.460
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{EFB0E6BC-BF83-4EAC-8611-3D60304AC533}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

CodeIntegrity:
===================================

Date: 2016-08-13 17:06:13.988
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-13 17:06:13.894
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-23 00:59:45.944
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-23 00:59:45.648
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-21 23:27:26.038
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-21 23:27:25.788
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-20 22:09:58.100
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-20 22:09:57.804
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

BIOS: TOSHIBA 1.40 08/19/2014
Motherboard: TOSHIBA PT10S
Processor: Intel(R) Core(TM) i3-4000M CPU @ 2.40GHz
Percentage of memory in use: 86%
Total physical RAM: 4008.05 MB
Available physical RAM: 555.78 MB
Total Virtual: 8014.25 MB
Available Virtual: 4443.44 MB

==================== Drives ================================

Drive c: (TI31224900A) (Fixed) (Total:453.87 GB) (Free:356.36 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{cd4b7444-5e6c-11e3-82f1-806e6f6e6963}\ (System) (Fixed) (Total:1.46 GB) (Free:1.21 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 628BBA91)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=453.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10.4 GB) - (Type=17)

==================== End of Addition.txt ============================
rbd
Regular Member
 
Posts: 101
Joined: November 3rd, 2011, 10:05 pm

Re: Is my laptop hacked?

Unread postby rbd » August 31st, 2019, 4:40 pm

They managed to fit in one post :)
rbd
Regular Member
 
Posts: 101
Joined: November 3rd, 2011, 10:05 pm

Re: Is my laptop hacked?

Unread postby mAL_rEm018 » September 1st, 2019, 6:59 am

Hi rbd,

Please click on the following link : Link

  • Click the + Add to Firefox button.
  • You will be asked for permission.
  • If you agree, select Add.
  • To make sure that the extension is fully installed, please restart Firefox.

Were you able to install the Avast toolbar?
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Is my laptop hacked?

Unread postby rbd » September 1st, 2019, 8:22 am

Hi mAL,

mAL_rEm018 wrote:Were you able to install the Avast toolbar?


Yes, all went well. And it also appears in the list of extensions.
rbd
Regular Member
 
Posts: 101
Joined: November 3rd, 2011, 10:05 pm

Re: Is my laptop hacked?

Unread postby mAL_rEm018 » September 3rd, 2019, 2:33 pm

Hi rbd,

I've looked at the scans and I don't see anything suspicious, so unless your computer is exhibiting any strange behaviour, I will give you the all clear.

Regards,
mAL
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Is my laptop hacked?

Unread postby rbd » September 3rd, 2019, 8:55 pm

Hi mAL,

Ok, thanks. That’s fine.

Regards,
rbd
rbd
Regular Member
 
Posts: 101
Joined: November 3rd, 2011, 10:05 pm

Re: Is my laptop hacked?

Unread postby mAL_rEm018 » September 6th, 2019, 3:02 pm

Hi rbd,

I have good news..your computer appears to be clean. :) Please follow the steps below and then you'll be all set to go.


To remove FRST, please do the following:
  • Navigate to the following location:
    C:\Users\Administrator1\Desktop\FRST64.exe
  • Rename FRST64.exe to Uninstall.exe
  • Please run Uninstall.exe
  • Your computer will reboot and automatically remove FRST from your computer

You mentioned earlier that you don't use Google Chrome. You might want to consider uninstalling it from your computer. If you want to do so, then the steps for doing so can be found below:

Removing a program in Windows 7
  • Click the Star Menu and select Control Panel.
  • Click Programs, then Programs and Features.
  • Select the following programs:
    Google Chrome
  • Select Uninstall.
  • When prompted select Yes.
  • Answer any questions attentively.
  • When the process is finished, please restart your computer.

You should also read and get acquainted with the following topic: COMPUTER SECURITY - a short guide to staying safer online , which goes into depth on how to keep your computer secure. I bookmarked it for easy reference and so should you.

I would really appreciate it if you could reply to this post to let me know that you've seen it, and I will close this topic.
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Is my laptop hacked?

Unread postby rbd » September 7th, 2019, 6:47 am

Hi mAL,

Thanks. I followed your instructions and read the post.
I didn’t uninstall Chrome because I still use it occasionally, so I prefer to keep it.
I’ll now install Windows and Avast updates.

Thanks for your help,
rbd
rbd
Regular Member
 
Posts: 101
Joined: November 3rd, 2011, 10:05 pm

Re: Is my laptop hacked?

Unread postby mAL_rEm018 » September 7th, 2019, 7:45 am

rbd wrote:Thanks for your help,

You're welcome. :)

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 284 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware