Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

PLEASE HELP!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

PLEASE HELP!

Unread postby maxmodder » May 13th, 2021, 4:41 pm

I think my PC may have malware on it as it is acting very slow.

Here are my logs:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-05-2021
Ran by ADMIN1 (administrator) on DESKTOP-55LO2T2 (TOSHIBA Satellite C55D-A) (13-05-2021 15:50:00)
Running from C:\Users\ADMIN1\Downloads
Loaded Profiles: defaultuser0 & ADMIN1
Platform: Windows 10 Home Version 2004 19041.928 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Alcohol Soft -> Alcohol Soft Development Team) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAHCIServiceEx.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe <3>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(Dynabook Inc. -> Dynabook Inc.) C:\Windows\System32\DriverStore\FileRepository\tossrvctl.inf_amd64_4d5c54c80b005163\DSDFunctionKeyCtlService.exe <2>
(Dynabook Inc. -> Dynabook Inc.) C:\Windows\System32\DriverStore\FileRepository\tossrvctl.inf_amd64_4d5c54c80b005163\dynabookSystemService.exe
(Dynabook Inc. -> Dynabook Inc.) C:\Windows\System32\DriverStore\FileRepository\tossrvctl.inf_amd64_4d5c54c80b005163\RMService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <20>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\ADMIN1\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2103.17603.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Open Source Developer, Robin Krom -> Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(StarWind Software) [File not signed] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [527792 2017-08-09] (Open Source Developer, Robin Krom -> Greenshot)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [118496 2021-04-27] (Avast Software s.r.o. -> AVAST Software)
HKU\S-1-5-21-2576262883-1117608598-2240509490-1001\...\Run: [Discord] => C:\Users\ADMIN1\AppData\Local\Discord\app-0.0.307\Discord.exe [91023672 2020-08-04] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-2576262883-1117608598-2240509490-1001\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [39376 2015-03-12] (Alcohol Soft -> Alcohol Soft Development Team)
HKU\S-1-5-21-2576262883-1117608598-2240509490-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\ADMIN1\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-2576262883-1117608598-2240509490-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\ADMIN1\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-2576262883-1117608598-2240509490-1001\...\RunOnce: [Uninstall 21.062.0328.0001\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\ADMIN1\AppData\Local\Microsoft\OneDrive\21.062.0328.0001\amd64"
HKU\S-1-5-21-2576262883-1117608598-2240509490-1001\...\RunOnce: [Uninstall 21.062.0328.0001] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\ADMIN1\AppData\Local\Microsoft\OneDrive\21.062.0328.0001"
HKLM\...\Windows x64\Print Processors\Canon MX420 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDAM.DLL [29696 2010-09-20] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ FAX Language Monitor MX420 series: C:\WINDOWS\system32\CNCALAM.DLL [302080 2010-10-21] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MX420 series: C:\WINDOWS\system32\CNMLMAM.DLL [374784 2010-09-20] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\90.0.4430.212\Installer\chrmstp.exe [2021-05-13] (Google LLC -> Google LLC)
Startup: C:\Users\ADMIN1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2020-01-06]
ShortcutTarget: MEGAsync.lnk -> C:\Users\ADMIN1\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited -> Mega Limited)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1B114F82-5847-4F3A-88D0-04385DC5BFF0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-01-16] (Google Inc -> Google Inc.)
Task: {25A90C3C-36A7-4BFC-8C40-02DA1B012251} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-01-16] (Google Inc -> Google Inc.)
Task: {3CCEE3EF-9C40-43EB-98A3-14388A3235E4} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\WINDOWS\system32\EOSNotify.exe
Task: {47077005-7DB4-4D88-BEA4-858088FC4C02} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [4699872 2021-04-27] (Avast Software s.r.o. -> AVAST Software)
Task: {4BA33777-77FC-4EA1-90C3-4053AD7B8C90} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1790184 2021-04-29] (Avast Software s.r.o. -> Avast Software)
Task: {9866CFDD-265E-4C7A-9D74-76BDA1D99710} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16161536 2015-07-23] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {ACBB689E-60CA-4534-B1E2-98D6C892BAA8} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-2576262883-1117608598-2240509490-1001 => C:\Users\ADMIN1\AppData\Local\MEGAsync\MEGAupdater.exe [1303800 2020-10-05] (Mega Limited -> Mega Limited)
Task: {FDB4BDA5-9D84-45E1-B35C-A11FDE27B8A8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{3356762a-cd99-4f3f-a21f-cfbf5c6bc8ad}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{8c8a0904-dd39-45ea-83ab-830b796575a3}: [DhcpNameServer] 192.168.0.1

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\ADMIN1\AppData\Local\Microsoft\Edge\User Data\Default [2021-05-13]

FireFox:
========
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-04-27] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2576262883-1117608598-2240509490-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\ADMIN1\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-04-02] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

Chrome:
=======
CHR Profile: C:\Users\ADMIN1\AppData\Local\Google\Chrome\User Data\Default [2021-05-13]
CHR Extension: (Slides) - C:\Users\ADMIN1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-01-16]
CHR Extension: (Docs) - C:\Users\ADMIN1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-01-16]
CHR Extension: (Google Drive) - C:\Users\ADMIN1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-29]
CHR Extension: (YouTube) - C:\Users\ADMIN1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-01-16]
CHR Extension: (Sheets) - C:\Users\ADMIN1\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-01-16]
CHR Extension: (Google Docs Offline) - C:\Users\ADMIN1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-04-29]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\ADMIN1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2021-05-05]
CHR Extension: (Avast Online Security) - C:\Users\ADMIN1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2021-02-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ADMIN1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Gmail) - C:\Users\ADMIN1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-29]
CHR Extension: (Chrome Media Router) - C:\Users\ADMIN1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-04-29]
CHR Profile: C:\Users\ADMIN1\AppData\Local\Google\Chrome\User Data\System Profile [2021-01-07]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [7894040 2021-04-27] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [606944 2021-04-27] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe [356064 2021-04-27] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [56920 2021-04-27] (Avast Software s.r.o. -> AVAST Software)
S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [39376 2015-03-12] (Alcohol Soft -> Alcohol Soft Development Team)
R2 AxVirtualAHCISrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAHCIServiceEx.exe [105888 2019-06-12] (Alcohol Soft -> Alcohol Soft Development Team)
R2 DSDFunctionKeyCtlService; C:\WINDOWS\System32\DriverStore\FileRepository\tossrvctl.inf_amd64_4d5c54c80b005163\DSDFunctionKeyCtlService.exe [615776 2021-02-22] (Dynabook Inc. -> Dynabook Inc.)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
R2 TSDSettingService; C:\WINDOWS\System32\DriverStore\FileRepository\tossrvctl.inf_amd64_4d5c54c80b005163\dynabookSystemService.exe [44767048 2021-02-22] (Dynabook Inc. -> Dynabook Inc.)
S2 TSDTabletControlService; C:\WINDOWS\System32\DriverStore\FileRepository\tossrvctl.inf_amd64_4d5c54c80b005163\TOSTABSYSSVC.exe [296272 2021-02-22] (Dynabook Inc. -> Dynabook Inc.)
R2 TSDWirelessLEDCtlService; C:\WINDOWS\System32\DriverStore\FileRepository\tossrvctl.inf_amd64_4d5c54c80b005163\RMService.exe [446248 2021-02-22] (Dynabook Inc. -> Dynabook Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2001.10-0\NisSrv.exe [3285864 2020-02-28] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2001.10-0\MsMpEng.exe [103168 2020-02-28] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [35664 2021-04-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [212192 2021-04-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [365024 2021-04-27] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [250336 2021-04-27] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [99288 2021-04-27] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [17352 2021-04-27] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [41296 2021-04-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [180448 2021-04-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [522384 2021-04-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [107792 2021-04-27] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [82872 2021-04-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [850632 2021-04-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [467720 2021-04-27] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [215352 2021-04-27] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [326992 2021-04-27] (Avast Software s.r.o. -> AVAST Software)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R3 FwLnk; C:\WINDOWS\System32\drivers\FwLnk.sys [17920 2015-05-21] (Microsoft Windows Hardware Compatibility Publisher -> TOSHIBA Corporation)
R0 sptd2; C:\WINDOWS\System32\Drivers\sptd2.sys [203296 2020-11-12] (Disc Soft Ltd -> Duplex Secure Ltd)
S3 STTub30; C:\WINDOWS\System32\Drivers\STTub30.sys [44184 2012-07-20] (STMicroelectronics -> STMicroelectronics)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [47816 2020-07-21] (Dynabook Inc. -> Dynabook Inc.)
R1 TosSrvCtlDrv; C:\WINDOWS\System32\DriverStore\FileRepository\tossrvctl.inf_amd64_4d5c54c80b005163\TosSrvCtlDrv.sys [25816 2021-02-22] (Dynabook Inc. -> Dynabook Inc.)
S0 TVALZ; C:\WINDOWS\System32\drivers\TVALZ_O.SYS [46088 2019-04-30] (Dynabook Inc. -> Dynabook Inc.)
R0 TVALZ_O; C:\WINDOWS\System32\drivers\TVALZ_O.SYS [46088 2019-04-30] (Dynabook Inc. -> Dynabook Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45960 2020-02-28] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [376544 2020-02-28] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [53984 2020-02-28] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-13 15:01 - 2021-05-13 15:15 - 000026179 _____ C:\Users\ADMIN1\Downloads\Addition.txt
2021-05-13 14:51 - 2021-05-13 15:52 - 000018561 _____ C:\Users\ADMIN1\Downloads\FRST.txt
2021-05-13 14:50 - 2021-05-13 15:51 - 000000000 ____D C:\FRST
2021-05-13 14:49 - 2021-05-13 14:49 - 002299392 _____ (Farbar) C:\Users\ADMIN1\Downloads\FRST64.exe
2021-05-05 11:41 - 2021-05-05 11:41 - 000000000 ____D C:\Users\ADMIN1\AppData\Local\ElevatedDiagnostics
2021-04-27 20:07 - 2021-04-27 20:07 - 000339680 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2021-04-27 20:07 - 2021-04-27 20:07 - 000215352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2021-04-19 11:29 - 2021-04-19 11:29 - 000011357 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-04-19 11:27 - 2021-04-19 11:27 - 001823304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-04-19 11:26 - 2021-04-19 11:26 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-13 15:54 - 2019-02-12 12:20 - 000000000 ____D C:\Users\ADMIN1\AppData\Local\CrashDumps
2021-05-13 15:49 - 2020-09-02 04:47 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-05-13 15:49 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-05-13 15:46 - 2019-01-16 23:54 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-05-13 15:46 - 2019-01-16 23:54 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-05-13 15:46 - 2019-01-16 23:54 - 000002260 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-05-13 15:08 - 2019-01-17 02:35 - 000000000 ___RD C:\Users\ADMIN1\OneDrive
2021-05-13 15:07 - 2020-09-02 05:33 - 000003382 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2576262883-1117608598-2240509490-1001
2021-05-13 15:07 - 2020-09-02 04:50 - 000002370 _____ C:\Users\ADMIN1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-05-13 14:59 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-05-13 14:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-05-13 14:58 - 2020-07-04 00:30 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-05-13 14:58 - 2020-07-04 00:30 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-05-13 14:58 - 2020-07-04 00:30 - 000002276 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-05-13 14:53 - 2019-01-19 19:43 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-05-13 14:50 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF
2021-05-13 14:40 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-05-13 14:35 - 2020-09-02 05:33 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2021-05-13 14:35 - 2020-09-02 05:12 - 000795738 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-05-13 14:29 - 2019-01-17 02:31 - 000000000 ____D C:\Users\ADMIN1\AppData\Local\Packages
2021-05-13 14:29 - 2019-01-17 00:01 - 000000000 ____D C:\ProgramData\AVAST Software
2021-05-13 14:28 - 2020-09-02 05:33 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-05-13 14:28 - 2020-09-02 04:47 - 000008192 ___SH C:\DumpStack.log.tmp
2021-05-10 12:24 - 2019-12-07 05:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-05-10 12:24 - 2019-01-17 00:20 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2021-04-27 20:07 - 2020-10-29 14:43 - 000180448 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2021-04-27 20:07 - 2020-04-16 09:08 - 000522384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys
2021-04-27 20:07 - 2019-12-07 05:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-04-27 20:07 - 2019-01-17 00:03 - 000467720 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2021-04-27 20:07 - 2019-01-17 00:03 - 000326992 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2021-04-27 20:07 - 2019-01-17 00:03 - 000250336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2021-04-27 20:07 - 2019-01-17 00:03 - 000107792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2021-04-27 20:07 - 2019-01-17 00:03 - 000099288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2021-04-27 20:07 - 2019-01-17 00:03 - 000082872 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2021-04-27 20:07 - 2019-01-17 00:03 - 000041296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2021-04-27 20:07 - 2019-01-17 00:03 - 000017352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
2021-04-27 20:06 - 2019-01-17 00:03 - 000850632 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2021-04-27 20:06 - 2019-01-17 00:03 - 000365024 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2021-04-27 20:06 - 2019-01-17 00:03 - 000212192 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2021-04-27 20:06 - 2019-01-17 00:03 - 000035664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2021-04-26 13:35 - 2020-09-02 05:33 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-04-26 13:35 - 2020-09-02 05:33 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-04-21 15:06 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-04-20 18:24 - 2020-09-02 05:33 - 000003418 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-04-20 18:24 - 2020-09-02 05:33 - 000003294 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-04-20 05:56 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-04-19 17:43 - 2020-09-02 04:47 - 000441392 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-04-19 17:39 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-04-19 17:39 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-04-19 17:39 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-04-19 17:39 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-04-19 17:39 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-04-19 17:39 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-04-19 17:39 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-04-19 17:39 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-04-19 17:39 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-04-19 17:39 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-04-19 17:39 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-04-19 17:39 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-04-19 11:27 - 2016-07-16 08:58 - 000414044 __RSH C:\bootmgr
2021-04-19 11:25 - 2020-09-02 04:52 - 002877440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-04-19 10:42 - 2019-01-17 03:49 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-04-19 10:34 - 2019-01-17 03:49 - 131963968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories ========

2019-01-17 01:19 - 2019-01-17 01:19 - 000000017 _____ () C:\Users\ADMIN1\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================




Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-05-2021
Ran by ADMIN1 (13-05-2021 15:57:06)
Running from C:\Users\ADMIN1\Downloads
Windows 10 Home Version 2004 19041.928 (X64) (2020-09-02 09:35:40)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

ADMIN1 (S-1-5-21-2576262883-1117608598-2240509490-1001 - Administrator - Enabled) => C:\Users\ADMIN1
Administrator (S-1-5-21-2576262883-1117608598-2240509490-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2576262883-1117608598-2240509490-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-2576262883-1117608598-2240509490-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-2576262883-1117608598-2240509490-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2576262883-1117608598-2240509490-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 18.06 (x64) (HKLM\...\7-Zip) (Version: 18.06 - Igor Pavlov)
Acoustica MP3 To Wave Converter PLUS (HKLM-x32\...\Acoustica MP3 To Wave Converter PLUS) (Version: 2.6 b25 - Acoustica, Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.001.20155 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{FE3EC7E3-39A4-E7A5-63C5-03068F3B0118}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AnyBurn (HKLM-x32\...\AnyBurn) (Version: 5.1 - Power Software Ltd)
Arduino (HKLM-x32\...\Arduino) (Version: 1.8.9 - Arduino LLC)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 21.3.2459 - Avast Software)
Canon MX420 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX420_series) (Version: - )
Discord (HKU\S-1-5-21-2576262883-1117608598-2240509490-1001\...\Discord) (Version: 0.0.308 - Discord Inc.)
EaseUS MobiMover 4.9 (HKLM-x32\...\EaseUS MobiMover_is1) (Version: - EaseUS)
Eddie - OpenVPN UI (HKLM-x32\...\AirVPN) (Version: - AirVPN - hxxps://airvpn.org)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 90.0.4430.212 - Google LLC)
Greenshot 1.2.10.6 (HKLM\...\Greenshot_is1) (Version: 1.2.10.6 - Greenshot)
JDownloader 2 (HKU\S-1-5-21-2576262883-1117608598-2240509490-1001\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
MediaHuman Audio Converter version 1.9.7 (HKLM-x32\...\MHAudioConverter_is1) (Version: 1.9.7 - MediaHuman)
MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 90.0.818.56 - Microsoft Corporation)
Microsoft Office Professional 2007 (HKLM-x32\...\PROR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2576262883-1117608598-2240509490-1001\...\OneDriveSetup.exe) (Version: 21.073.0411.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
OEM Application Profile (HKLM-x32\...\{77A90BCD-4667-3CA8-E4B0-741A58CF1D9F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
OpenShot Video Editor version 2.5.1 (HKLM\...\{4BB0DCDC-BC24-49EC-8937-72956C33A470}_is1) (Version: 2.5.1 - OpenShot Studios, LLC)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.16299.31241 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7564 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7601.30130 - Realtek Semiconductor Corp.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.4.3.38 - Synaptics Incorporated)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
UpdateAssistant (HKLM\...\{EC4F72E8-52FE-454E-B70F-DBE5C0FA44C5}) (Version: 1.20.0.0 - Microsoft Corporation) Hidden
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 4.1 - Sysprogs)
Zoom (HKU\S-1-5-21-2576262883-1117608598-2240509490-1001\...\ZoomUMX) (Version: 4.6 - Zoom Video Communications, Inc.)

Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-06] (Autodesk Inc.)
Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_3.1.0.0_neutral__6e5tt8cgb93ep [2021-02-19] (Canon Inc.)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa [2021-04-27] (Apple Inc.) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-18] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-18] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.4072.0_x64__8wekyb3d8bbwe [2021-04-21] (Microsoft Studios) [MS Ad]
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-03-22] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\ADMIN1\AppData\Local\MEGAsync\ShellExtX64.dll [2020-10-05] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\ADMIN1\AppData\Local\MEGAsync\ShellExtX64.dll [2020-10-05] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\ADMIN1\AppData\Local\MEGAsync\ShellExtX64.dll [2020-10-05] (Mega Limited -> )
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-04-27] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\ADMIN1\AppData\Local\MEGAsync\ShellExtX64.dll [2020-10-05] (Mega Limited -> )
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\ADMIN1\AppData\Local\MEGAsync\ShellExtX64.dll [2020-10-05] (Mega Limited -> )
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\ADMIN1\AppData\Local\MEGAsync\ShellExtX64.dll [2020-10-05] (Mega Limited -> )
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-04-27] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-12-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-04-27] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1-x32: [M2WShlExMenu] -> {DC6FA7E0-6666-11D5-8CE2-444553540000} => C:\Program Files (x86)\Acoustica MP3 To Wave Converter PLUS\M2WShlEx.dll [2009-04-24] (Acoustica) [File not signed]
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\ADMIN1\AppData\Local\MEGAsync\ShellExtX64.dll [2020-10-05] (Mega Limited -> )
ContextMenuHandlers1: [WinCDEmu] -> {D0E37FD2-F675-426F-B09A-2CF37BA46FD5} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU) [File not signed]
ContextMenuHandlers2-x32: [AlcoholShellEx] -> {32020A01-506E-484D-A2A8-BE3CF17601C3} => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxShlex.dll [2014-09-06] (Alcohol Soft -> Alcohol Soft Development Team)
ContextMenuHandlers2: [AlcoholShellEx64] -> {AF67B665-D752-424E-9A03-C7C218F2844F} => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxShlEx64.dll [2014-09-06] (Alcohol Soft -> Alcohol Soft Development Team)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\ADMIN1\AppData\Local\MEGAsync\ShellExtX64.dll [2020-10-05] (Mega Limited -> )
ContextMenuHandlers2: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU) [File not signed]
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-04-27] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\ADMIN1\AppData\Local\MEGAsync\ShellExtX64.dll [2020-10-05] (Mega Limited -> )
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-12-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\ADMIN1\AppData\Local\MEGAsync\ShellExtX64.dll [2020-10-05] (Mega Limited -> )
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-12-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-04-27] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6-x32: [MP3ToWave] -> {DC6FA7E0-6666-11D5-8CE2-444553540000} => C:\Program Files (x86)\Acoustica MP3 To Wave Converter PLUS\M2WShlEx.dll [2009-04-24] (Acoustica) [File not signed]
ContextMenuHandlers6: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU) [File not signed]

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\ADMIN1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2004-01-29] (Microsoft Corporation) [File not signed]
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2004-01-29] (Microsoft Corporation) [File not signed]
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2004-01-29] (Microsoft Corporation) [File not signed]
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2004-01-29] (Microsoft Corporation) [File not signed]
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2004-01-29] (Microsoft Corporation) [File not signed]
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2004-01-29] (Microsoft Corporation) [File not signed]

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 07:47 - 2016-07-16 07:45 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2576262883-1117608598-2240509490-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2576262883-1117608598-2240509490-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-2576262883-1117608598-2240509490-1001\...\StartupApproved\StartupFolder: => "MEGAsync.lnk"
HKU\S-1-5-21-2576262883-1117608598-2240509490-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-2576262883-1117608598-2240509490-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-2576262883-1117608598-2240509490-1001\...\StartupApproved\Run: => "Steam"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{3E585FB5-887A-4309-8A3C-5BABDF39868A}] => (Allow) C:\Program Files\OpenShot Video Editor\openshot-qt.exe (OpenShot Studios, LLC) [File not signed]
FirewallRules: [{1957AD5B-DEE1-45E5-BD02-E4A8676EE9AB}] => (Allow) C:\Users\ADMIN1\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{030068A7-BE22-481B-92EC-A0D384D36E9C}] => (Allow) C:\Users\ADMIN1\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{965173E0-7396-4DF4-B228-1972C01A644C}] => (Allow) C:\Users\ADMIN1\AppData\Local\Temp\7ZipSfx.000\bin\tools\aria2c.exe => No File
FirewallRules: [{D4EA0B1C-EC87-4F44-95BC-CBF0ACAA7988}] => (Allow) C:\Users\ADMIN1\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{86C5F6FD-9338-4084-8540-D0106765BC4F}] => (Allow) C:\Users\ADMIN1\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{FCB89731-165F-4AB9-B200-C7E755222EC3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{31E0FDDE-4C19-4489-B167-BB2CA3330271}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{A1C82ED5-B533-43F0-9D18-F862FEC66D69}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{90BD8BD0-9E9E-4A2C-A26B-A6E48B3A9325}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{0AE98CDA-1505-4449-83BA-434F10DC1FA5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\My Summer Car\mysummercar.exe => No File
FirewallRules: [{87DE24D8-7841-4313-AB75-98ADA331493B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\My Summer Car\mysummercar.exe => No File
FirewallRules: [{BA864E4B-C76A-4303-8640-45D8217D2081}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{FD15A6CC-1719-40DE-9753-4323B6B4D037}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [TCP Query User{76F9D408-7FA7-47B8-8442-97527CBEB9BB}C:\program files\windowsapps\arduinollc.arduinoide_1.8.21.0_x86__mdqgnx93n4wtt\java\bin\javaw.exe] => (Allow) C:\program files\windowsapps\arduinollc.arduinoide_1.8.21.0_x86__mdqgnx93n4wtt\java\bin\javaw.exe => No File
FirewallRules: [UDP Query User{BD0B8A60-C988-4ED9-9756-5E204116F64D}C:\program files\windowsapps\arduinollc.arduinoide_1.8.21.0_x86__mdqgnx93n4wtt\java\bin\javaw.exe] => (Allow) C:\program files\windowsapps\arduinollc.arduinoide_1.8.21.0_x86__mdqgnx93n4wtt\java\bin\javaw.exe => No File
FirewallRules: [TCP Query User{59F65CC0-83DF-400A-9A80-2BDFDF0FA1D3}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [UDP Query User{83DDDB01-8C2F-417A-A776-6BF3166BDD9A}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [{DB7B23C7-16D8-4FAD-8E92-AB6348FF12A7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.74.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{66F3AF49-5CCF-4407-B82A-9B4DEFFE7ABF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.74.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{28EBCDDB-9928-46DA-BF0C-67BAF5407073}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.74.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{05713327-8E03-4F41-8792-E10FDB528470}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.74.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0AB4A2A6-D8AC-499A-BCD9-3900BF428B41}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3F9C2D1A-59AC-4C0C-A16D-D3C27FABCE72}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2B6A3A57-BDF9-44C0-A6E5-B74F4C008B5E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3E8A93D7-CAAE-4541-A0AD-09ECD0C25A5B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{CFFA0460-A26E-43EB-A697-8AEF7285B40A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{37A36CB6-80D9-4126-A952-479EC4C559BA}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{70932761-BD09-43DF-8608-2C782FD04CBC}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B6E58444-8707-480D-AEBB-88695EE1F843}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C68198A4-E4F8-42FB-ACA5-F59B3DB4A019}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:99.17 GB) (Free:65.04 GB) (66%)

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (05/13/2021 03:54:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.19041.928, time stamp: 0xbc61eb13
Faulting module name: ntdll.dll, version: 10.0.19041.928, time stamp: 0x9bed63d6
Exception code: 0xc0000374
Fault offset: 0x00000000000ff0b9
Faulting process id: 0x124c
Faulting application start time: 0x01d74825cb59114e
Faulting application path: C:\WINDOWS\Explorer.EXE
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: ee058f42-ac75-4997-9647-0f349451e55d
Faulting package full name:
Faulting package-relative application ID:

Error: (05/13/2021 03:19:39 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on New Volume (D:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (05/06/2021 11:44:18 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on New Volume (D:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (05/06/2021 11:44:07 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (05/03/2021 08:09:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: overseer.exe, version: 1.0.421.0, time stamp: 0x60898789
Faulting module name: overseer.exe, version: 1.0.421.0, time stamp: 0x60898789
Exception code: 0xc0000005
Fault offset: 0x0000000000030c85
Faulting process id: 0x2764
Faulting application start time: 0x01d74079aabfb548
Faulting application path: C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe
Faulting module path: C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe
Report Id: e3829388-6dc6-449b-bf87-8591eb696755
Faulting package full name:
Faulting package-relative application ID:

Error: (04/29/2021 11:41:06 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on New Volume (D:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (04/29/2021 11:40:56 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (04/22/2021 11:51:04 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on New Volume (D:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)


System errors:
=============
Error: (05/13/2021 02:32:37 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Delivery Optimization service hung on starting.

Error: (05/13/2021 02:27:40 PM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT AUTHORITY)
Description: The system watchdog timer was triggered.

Error: (05/10/2021 12:23:17 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-55LO2T2)
Description: The server Microsoft.Windows.ContentDeliveryManager_10.0.19041.423_neutral_neutral_cw5n1h2txyewy!Windows.Networking.BackgroundTransfer.Internal.NetworkChangeTask.ClassId.1 did not register with DCOM within the required timeout.

Error: (05/10/2021 12:23:17 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-55LO2T2)
Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.


CodeIntegrity:
===============
Date: 2021-05-13 15:53:25
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2021-05-13 15:20:31
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

BIOS: Insyde Corp. 1.80 01/27/2014
Motherboard: TOSHIBA Portable PC
Processor: AMD A6-5200 APU with Radeon(TM) HD Graphics
Percentage of memory in use: 82%
Total physical RAM: 3538.36 MB
Available physical RAM: 630.54 MB
Total Virtual: 4876.36 MB
Available Virtual: 687.36 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:99.17 GB) (Free:65.04 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (New Volume) (Fixed) (Total:598.63 GB) (Free:227.72 GB) NTFS

\\?\Volume{69d68ca8-0000-0000-0000-b0ca18000000}\ () (Fixed) (Total:0.83 GB) (Free:0.31 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 698.6 GB) (Disk ID: 69D68CA8)
Partition 1: (Active) - (Size=99.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=853 MB) - (Type=27)
Partition 3: (Not Active) - (Size=598.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================
maxmodder
Active Member
 
Posts: 2
Joined: May 13th, 2021, 4:38 pm
Advertisement
Register to Remove

Re: PLEASE HELP!

Unread postby pgmigg » June 1st, 2021, 6:27 pm

Hello maxmodder,

My apologies for the delay in getting to your topic. If you still need help, please make a fresh FSRT64.exe scan and post here your new FRST.txt
Addition.txt logs as you did in your initial post...


Thank you,
pgmigg
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5145
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: PLEASE HELP!

Unread postby maxmodder » June 1st, 2021, 8:13 pm

I'm all set. This can be closed.
maxmodder
Active Member
 
Posts: 2
Joined: May 13th, 2021, 4:38 pm

Re: PLEASE HELP!

Unread postby pgmigg » June 1st, 2021, 9:57 pm

As the problems seem to be resolved, this topic is now closed.
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5145
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 49 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware