Here are my logs:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-05-2021
Ran by ADMIN1 (administrator) on DESKTOP-55LO2T2 (TOSHIBA Satellite C55D-A) (13-05-2021 15:50:00)
Running from C:\Users\ADMIN1\Downloads
Loaded Profiles: defaultuser0 & ADMIN1
Platform: Windows 10 Home Version 2004 19041.928 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Alcohol Soft -> Alcohol Soft Development Team) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAHCIServiceEx.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe <3>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(Dynabook Inc. -> Dynabook Inc.) C:\Windows\System32\DriverStore\FileRepository\tossrvctl.inf_amd64_4d5c54c80b005163\DSDFunctionKeyCtlService.exe <2>
(Dynabook Inc. -> Dynabook Inc.) C:\Windows\System32\DriverStore\FileRepository\tossrvctl.inf_amd64_4d5c54c80b005163\dynabookSystemService.exe
(Dynabook Inc. -> Dynabook Inc.) C:\Windows\System32\DriverStore\FileRepository\tossrvctl.inf_amd64_4d5c54c80b005163\RMService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <20>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\ADMIN1\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2103.17603.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Open Source Developer, Robin Krom -> Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(StarWind Software) [File not signed] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [527792 2017-08-09] (Open Source Developer, Robin Krom -> Greenshot)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [118496 2021-04-27] (Avast Software s.r.o. -> AVAST Software)
HKU\S-1-5-21-2576262883-1117608598-2240509490-1001\...\Run: [Discord] => C:\Users\ADMIN1\AppData\Local\Discord\app-0.0.307\Discord.exe [91023672 2020-08-04] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-2576262883-1117608598-2240509490-1001\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [39376 2015-03-12] (Alcohol Soft -> Alcohol Soft Development Team)
HKU\S-1-5-21-2576262883-1117608598-2240509490-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\ADMIN1\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-2576262883-1117608598-2240509490-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\ADMIN1\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-2576262883-1117608598-2240509490-1001\...\RunOnce: [Uninstall 21.062.0328.0001\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\ADMIN1\AppData\Local\Microsoft\OneDrive\21.062.0328.0001\amd64"
HKU\S-1-5-21-2576262883-1117608598-2240509490-1001\...\RunOnce: [Uninstall 21.062.0328.0001] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\ADMIN1\AppData\Local\Microsoft\OneDrive\21.062.0328.0001"
HKLM\...\Windows x64\Print Processors\Canon MX420 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDAM.DLL [29696 2010-09-20] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ FAX Language Monitor MX420 series: C:\WINDOWS\system32\CNCALAM.DLL [302080 2010-10-21] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MX420 series: C:\WINDOWS\system32\CNMLMAM.DLL [374784 2010-09-20] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\90.0.4430.212\Installer\chrmstp.exe [2021-05-13] (Google LLC -> Google LLC)
Startup: C:\Users\ADMIN1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2020-01-06]
ShortcutTarget: MEGAsync.lnk -> C:\Users\ADMIN1\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited -> Mega Limited)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1B114F82-5847-4F3A-88D0-04385DC5BFF0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-01-16] (Google Inc -> Google Inc.)
Task: {25A90C3C-36A7-4BFC-8C40-02DA1B012251} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-01-16] (Google Inc -> Google Inc.)
Task: {3CCEE3EF-9C40-43EB-98A3-14388A3235E4} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\WINDOWS\system32\EOSNotify.exe
Task: {47077005-7DB4-4D88-BEA4-858088FC4C02} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [4699872 2021-04-27] (Avast Software s.r.o. -> AVAST Software)
Task: {4BA33777-77FC-4EA1-90C3-4053AD7B8C90} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1790184 2021-04-29] (Avast Software s.r.o. -> Avast Software)
Task: {9866CFDD-265E-4C7A-9D74-76BDA1D99710} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16161536 2015-07-23] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {ACBB689E-60CA-4534-B1E2-98D6C892BAA8} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-2576262883-1117608598-2240509490-1001 => C:\Users\ADMIN1\AppData\Local\MEGAsync\MEGAupdater.exe [1303800 2020-10-05] (Mega Limited -> Mega Limited)
Task: {FDB4BDA5-9D84-45E1-B35C-A11FDE27B8A8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{3356762a-cd99-4f3f-a21f-cfbf5c6bc8ad}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{8c8a0904-dd39-45ea-83ab-830b796575a3}: [DhcpNameServer] 192.168.0.1
Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\ADMIN1\AppData\Local\Microsoft\Edge\User Data\Default [2021-05-13]
FireFox:
========
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-04-27] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2576262883-1117608598-2240509490-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\ADMIN1\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-04-02] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
Chrome:
=======
CHR Profile: C:\Users\ADMIN1\AppData\Local\Google\Chrome\User Data\Default [2021-05-13]
CHR Extension: (Slides) - C:\Users\ADMIN1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-01-16]
CHR Extension: (Docs) - C:\Users\ADMIN1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-01-16]
CHR Extension: (Google Drive) - C:\Users\ADMIN1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-29]
CHR Extension: (YouTube) - C:\Users\ADMIN1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-01-16]
CHR Extension: (Sheets) - C:\Users\ADMIN1\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-01-16]
CHR Extension: (Google Docs Offline) - C:\Users\ADMIN1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-04-29]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\ADMIN1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2021-05-05]
CHR Extension: (Avast Online Security) - C:\Users\ADMIN1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2021-02-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ADMIN1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Gmail) - C:\Users\ADMIN1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-29]
CHR Extension: (Chrome Media Router) - C:\Users\ADMIN1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-04-29]
CHR Profile: C:\Users\ADMIN1\AppData\Local\Google\Chrome\User Data\System Profile [2021-01-07]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [7894040 2021-04-27] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [606944 2021-04-27] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe [356064 2021-04-27] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [56920 2021-04-27] (Avast Software s.r.o. -> AVAST Software)
S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [39376 2015-03-12] (Alcohol Soft -> Alcohol Soft Development Team)
R2 AxVirtualAHCISrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAHCIServiceEx.exe [105888 2019-06-12] (Alcohol Soft -> Alcohol Soft Development Team)
R2 DSDFunctionKeyCtlService; C:\WINDOWS\System32\DriverStore\FileRepository\tossrvctl.inf_amd64_4d5c54c80b005163\DSDFunctionKeyCtlService.exe [615776 2021-02-22] (Dynabook Inc. -> Dynabook Inc.)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
R2 TSDSettingService; C:\WINDOWS\System32\DriverStore\FileRepository\tossrvctl.inf_amd64_4d5c54c80b005163\dynabookSystemService.exe [44767048 2021-02-22] (Dynabook Inc. -> Dynabook Inc.)
S2 TSDTabletControlService; C:\WINDOWS\System32\DriverStore\FileRepository\tossrvctl.inf_amd64_4d5c54c80b005163\TOSTABSYSSVC.exe [296272 2021-02-22] (Dynabook Inc. -> Dynabook Inc.)
R2 TSDWirelessLEDCtlService; C:\WINDOWS\System32\DriverStore\FileRepository\tossrvctl.inf_amd64_4d5c54c80b005163\RMService.exe [446248 2021-02-22] (Dynabook Inc. -> Dynabook Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2001.10-0\NisSrv.exe [3285864 2020-02-28] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2001.10-0\MsMpEng.exe [103168 2020-02-28] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [35664 2021-04-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [212192 2021-04-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [365024 2021-04-27] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [250336 2021-04-27] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [99288 2021-04-27] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [17352 2021-04-27] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [41296 2021-04-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [180448 2021-04-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [522384 2021-04-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [107792 2021-04-27] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [82872 2021-04-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [850632 2021-04-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [467720 2021-04-27] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [215352 2021-04-27] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [326992 2021-04-27] (Avast Software s.r.o. -> AVAST Software)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R3 FwLnk; C:\WINDOWS\System32\drivers\FwLnk.sys [17920 2015-05-21] (Microsoft Windows Hardware Compatibility Publisher -> TOSHIBA Corporation)
R0 sptd2; C:\WINDOWS\System32\Drivers\sptd2.sys [203296 2020-11-12] (Disc Soft Ltd -> Duplex Secure Ltd)
S3 STTub30; C:\WINDOWS\System32\Drivers\STTub30.sys [44184 2012-07-20] (STMicroelectronics -> STMicroelectronics)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [47816 2020-07-21] (Dynabook Inc. -> Dynabook Inc.)
R1 TosSrvCtlDrv; C:\WINDOWS\System32\DriverStore\FileRepository\tossrvctl.inf_amd64_4d5c54c80b005163\TosSrvCtlDrv.sys [25816 2021-02-22] (Dynabook Inc. -> Dynabook Inc.)
S0 TVALZ; C:\WINDOWS\System32\drivers\TVALZ_O.SYS [46088 2019-04-30] (Dynabook Inc. -> Dynabook Inc.)
R0 TVALZ_O; C:\WINDOWS\System32\drivers\TVALZ_O.SYS [46088 2019-04-30] (Dynabook Inc. -> Dynabook Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45960 2020-02-28] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [376544 2020-02-28] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [53984 2020-02-28] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-05-13 15:01 - 2021-05-13 15:15 - 000026179 _____ C:\Users\ADMIN1\Downloads\Addition.txt
2021-05-13 14:51 - 2021-05-13 15:52 - 000018561 _____ C:\Users\ADMIN1\Downloads\FRST.txt
2021-05-13 14:50 - 2021-05-13 15:51 - 000000000 ____D C:\FRST
2021-05-13 14:49 - 2021-05-13 14:49 - 002299392 _____ (Farbar) C:\Users\ADMIN1\Downloads\FRST64.exe
2021-05-05 11:41 - 2021-05-05 11:41 - 000000000 ____D C:\Users\ADMIN1\AppData\Local\ElevatedDiagnostics
2021-04-27 20:07 - 2021-04-27 20:07 - 000339680 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2021-04-27 20:07 - 2021-04-27 20:07 - 000215352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2021-04-19 11:29 - 2021-04-19 11:29 - 000011357 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-04-19 11:27 - 2021-04-19 11:27 - 001823304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-04-19 11:26 - 2021-04-19 11:26 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-05-13 15:54 - 2019-02-12 12:20 - 000000000 ____D C:\Users\ADMIN1\AppData\Local\CrashDumps
2021-05-13 15:49 - 2020-09-02 04:47 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-05-13 15:49 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-05-13 15:46 - 2019-01-16 23:54 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-05-13 15:46 - 2019-01-16 23:54 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-05-13 15:46 - 2019-01-16 23:54 - 000002260 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-05-13 15:08 - 2019-01-17 02:35 - 000000000 ___RD C:\Users\ADMIN1\OneDrive
2021-05-13 15:07 - 2020-09-02 05:33 - 000003382 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2576262883-1117608598-2240509490-1001
2021-05-13 15:07 - 2020-09-02 04:50 - 000002370 _____ C:\Users\ADMIN1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-05-13 14:59 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-05-13 14:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-05-13 14:58 - 2020-07-04 00:30 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-05-13 14:58 - 2020-07-04 00:30 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-05-13 14:58 - 2020-07-04 00:30 - 000002276 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-05-13 14:53 - 2019-01-19 19:43 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-05-13 14:50 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF
2021-05-13 14:40 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-05-13 14:35 - 2020-09-02 05:33 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2021-05-13 14:35 - 2020-09-02 05:12 - 000795738 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-05-13 14:29 - 2019-01-17 02:31 - 000000000 ____D C:\Users\ADMIN1\AppData\Local\Packages
2021-05-13 14:29 - 2019-01-17 00:01 - 000000000 ____D C:\ProgramData\AVAST Software
2021-05-13 14:28 - 2020-09-02 05:33 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-05-13 14:28 - 2020-09-02 04:47 - 000008192 ___SH C:\DumpStack.log.tmp
2021-05-10 12:24 - 2019-12-07 05:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-05-10 12:24 - 2019-01-17 00:20 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2021-04-27 20:07 - 2020-10-29 14:43 - 000180448 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2021-04-27 20:07 - 2020-04-16 09:08 - 000522384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys
2021-04-27 20:07 - 2019-12-07 05:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-04-27 20:07 - 2019-01-17 00:03 - 000467720 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2021-04-27 20:07 - 2019-01-17 00:03 - 000326992 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2021-04-27 20:07 - 2019-01-17 00:03 - 000250336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2021-04-27 20:07 - 2019-01-17 00:03 - 000107792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2021-04-27 20:07 - 2019-01-17 00:03 - 000099288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2021-04-27 20:07 - 2019-01-17 00:03 - 000082872 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2021-04-27 20:07 - 2019-01-17 00:03 - 000041296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2021-04-27 20:07 - 2019-01-17 00:03 - 000017352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
2021-04-27 20:06 - 2019-01-17 00:03 - 000850632 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2021-04-27 20:06 - 2019-01-17 00:03 - 000365024 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2021-04-27 20:06 - 2019-01-17 00:03 - 000212192 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2021-04-27 20:06 - 2019-01-17 00:03 - 000035664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2021-04-26 13:35 - 2020-09-02 05:33 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-04-26 13:35 - 2020-09-02 05:33 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-04-21 15:06 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-04-20 18:24 - 2020-09-02 05:33 - 000003418 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-04-20 18:24 - 2020-09-02 05:33 - 000003294 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-04-20 05:56 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-04-19 17:43 - 2020-09-02 04:47 - 000441392 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-04-19 17:39 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-04-19 17:39 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-04-19 17:39 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-04-19 17:39 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-04-19 17:39 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-04-19 17:39 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-04-19 17:39 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-04-19 17:39 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-04-19 17:39 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-04-19 17:39 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-04-19 17:39 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-04-19 17:39 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-04-19 11:27 - 2016-07-16 08:58 - 000414044 __RSH C:\bootmgr
2021-04-19 11:25 - 2020-09-02 04:52 - 002877440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-04-19 10:42 - 2019-01-17 03:49 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-04-19 10:34 - 2019-01-17 03:49 - 131963968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
==================== Files in the root of some directories ========
2019-01-17 01:19 - 2019-01-17 01:19 - 000000017 _____ () C:\Users\ADMIN1\AppData\Local\resmon.resmoncfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-05-2021
Ran by ADMIN1 (13-05-2021 15:57:06)
Running from C:\Users\ADMIN1\Downloads
Windows 10 Home Version 2004 19041.928 (X64) (2020-09-02 09:35:40)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
ADMIN1 (S-1-5-21-2576262883-1117608598-2240509490-1001 - Administrator - Enabled) => C:\Users\ADMIN1
Administrator (S-1-5-21-2576262883-1117608598-2240509490-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2576262883-1117608598-2240509490-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-2576262883-1117608598-2240509490-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-2576262883-1117608598-2240509490-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2576262883-1117608598-2240509490-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 18.06 (x64) (HKLM\...\7-Zip) (Version: 18.06 - Igor Pavlov)
Acoustica MP3 To Wave Converter PLUS (HKLM-x32\...\Acoustica MP3 To Wave Converter PLUS) (Version: 2.6 b25 - Acoustica, Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.001.20155 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{FE3EC7E3-39A4-E7A5-63C5-03068F3B0118}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AnyBurn (HKLM-x32\...\AnyBurn) (Version: 5.1 - Power Software Ltd)
Arduino (HKLM-x32\...\Arduino) (Version: 1.8.9 - Arduino LLC)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 21.3.2459 - Avast Software)
Canon MX420 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX420_series) (Version: - )
Discord (HKU\S-1-5-21-2576262883-1117608598-2240509490-1001\...\Discord) (Version: 0.0.308 - Discord Inc.)
EaseUS MobiMover 4.9 (HKLM-x32\...\EaseUS MobiMover_is1) (Version: - EaseUS)
Eddie - OpenVPN UI (HKLM-x32\...\AirVPN) (Version: - AirVPN - hxxps://airvpn.org)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 90.0.4430.212 - Google LLC)
Greenshot 1.2.10.6 (HKLM\...\Greenshot_is1) (Version: 1.2.10.6 - Greenshot)
JDownloader 2 (HKU\S-1-5-21-2576262883-1117608598-2240509490-1001\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
MediaHuman Audio Converter version 1.9.7 (HKLM-x32\...\MHAudioConverter_is1) (Version: 1.9.7 - MediaHuman)
MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 90.0.818.56 - Microsoft Corporation)
Microsoft Office Professional 2007 (HKLM-x32\...\PROR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2576262883-1117608598-2240509490-1001\...\OneDriveSetup.exe) (Version: 21.073.0411.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
OEM Application Profile (HKLM-x32\...\{77A90BCD-4667-3CA8-E4B0-741A58CF1D9F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
OpenShot Video Editor version 2.5.1 (HKLM\...\{4BB0DCDC-BC24-49EC-8937-72956C33A470}_is1) (Version: 2.5.1 - OpenShot Studios, LLC)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.16299.31241 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7564 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7601.30130 - Realtek Semiconductor Corp.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.4.3.38 - Synaptics Incorporated)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
UpdateAssistant (HKLM\...\{EC4F72E8-52FE-454E-B70F-DBE5C0FA44C5}) (Version: 1.20.0.0 - Microsoft Corporation) Hidden
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 4.1 - Sysprogs)
Zoom (HKU\S-1-5-21-2576262883-1117608598-2240509490-1001\...\ZoomUMX) (Version: 4.6 - Zoom Video Communications, Inc.)
Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-06] (Autodesk Inc.)
Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_3.1.0.0_neutral__6e5tt8cgb93ep [2021-02-19] (Canon Inc.)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa [2021-04-27] (Apple Inc.) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-18] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-18] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.4072.0_x64__8wekyb3d8bbwe [2021-04-21] (Microsoft Studios) [MS Ad]
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-03-22] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\ADMIN1\AppData\Local\MEGAsync\ShellExtX64.dll [2020-10-05] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\ADMIN1\AppData\Local\MEGAsync\ShellExtX64.dll [2020-10-05] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\ADMIN1\AppData\Local\MEGAsync\ShellExtX64.dll [2020-10-05] (Mega Limited -> )
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-04-27] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\ADMIN1\AppData\Local\MEGAsync\ShellExtX64.dll [2020-10-05] (Mega Limited -> )
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\ADMIN1\AppData\Local\MEGAsync\ShellExtX64.dll [2020-10-05] (Mega Limited -> )
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\ADMIN1\AppData\Local\MEGAsync\ShellExtX64.dll [2020-10-05] (Mega Limited -> )
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-04-27] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-12-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-04-27] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1-x32: [M2WShlExMenu] -> {DC6FA7E0-6666-11D5-8CE2-444553540000} => C:\Program Files (x86)\Acoustica MP3 To Wave Converter PLUS\M2WShlEx.dll [2009-04-24] (Acoustica) [File not signed]
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\ADMIN1\AppData\Local\MEGAsync\ShellExtX64.dll [2020-10-05] (Mega Limited -> )
ContextMenuHandlers1: [WinCDEmu] -> {D0E37FD2-F675-426F-B09A-2CF37BA46FD5} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU) [File not signed]
ContextMenuHandlers2-x32: [AlcoholShellEx] -> {32020A01-506E-484D-A2A8-BE3CF17601C3} => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxShlex.dll [2014-09-06] (Alcohol Soft -> Alcohol Soft Development Team)
ContextMenuHandlers2: [AlcoholShellEx64] -> {AF67B665-D752-424E-9A03-C7C218F2844F} => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxShlEx64.dll [2014-09-06] (Alcohol Soft -> Alcohol Soft Development Team)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\ADMIN1\AppData\Local\MEGAsync\ShellExtX64.dll [2020-10-05] (Mega Limited -> )
ContextMenuHandlers2: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU) [File not signed]
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-04-27] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\ADMIN1\AppData\Local\MEGAsync\ShellExtX64.dll [2020-10-05] (Mega Limited -> )
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-12-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\ADMIN1\AppData\Local\MEGAsync\ShellExtX64.dll [2020-10-05] (Mega Limited -> )
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-12-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-04-27] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6-x32: [MP3ToWave] -> {DC6FA7E0-6666-11D5-8CE2-444553540000} => C:\Program Files (x86)\Acoustica MP3 To Wave Converter PLUS\M2WShlEx.dll [2009-04-24] (Acoustica) [File not signed]
ContextMenuHandlers6: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU) [File not signed]
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\ADMIN1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default
==================== Loaded Modules (Whitelisted) =============
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2004-01-29] (Microsoft Corporation) [File not signed]
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2004-01-29] (Microsoft Corporation) [File not signed]
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2004-01-29] (Microsoft Corporation) [File not signed]
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2004-01-29] (Microsoft Corporation) [File not signed]
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2004-01-29] (Microsoft Corporation) [File not signed]
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2004-01-29] (Microsoft Corporation) [File not signed]
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2016-07-16 07:47 - 2016-07-16 07:45 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2576262883-1117608598-2240509490-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2576262883-1117608598-2240509490-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKU\S-1-5-21-2576262883-1117608598-2240509490-1001\...\StartupApproved\StartupFolder: => "MEGAsync.lnk"
HKU\S-1-5-21-2576262883-1117608598-2240509490-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-2576262883-1117608598-2240509490-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-2576262883-1117608598-2240509490-1001\...\StartupApproved\Run: => "Steam"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{3E585FB5-887A-4309-8A3C-5BABDF39868A}] => (Allow) C:\Program Files\OpenShot Video Editor\openshot-qt.exe (OpenShot Studios, LLC) [File not signed]
FirewallRules: [{1957AD5B-DEE1-45E5-BD02-E4A8676EE9AB}] => (Allow) C:\Users\ADMIN1\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{030068A7-BE22-481B-92EC-A0D384D36E9C}] => (Allow) C:\Users\ADMIN1\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{965173E0-7396-4DF4-B228-1972C01A644C}] => (Allow) C:\Users\ADMIN1\AppData\Local\Temp\7ZipSfx.000\bin\tools\aria2c.exe => No File
FirewallRules: [{D4EA0B1C-EC87-4F44-95BC-CBF0ACAA7988}] => (Allow) C:\Users\ADMIN1\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{86C5F6FD-9338-4084-8540-D0106765BC4F}] => (Allow) C:\Users\ADMIN1\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{FCB89731-165F-4AB9-B200-C7E755222EC3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{31E0FDDE-4C19-4489-B167-BB2CA3330271}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{A1C82ED5-B533-43F0-9D18-F862FEC66D69}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{90BD8BD0-9E9E-4A2C-A26B-A6E48B3A9325}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{0AE98CDA-1505-4449-83BA-434F10DC1FA5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\My Summer Car\mysummercar.exe => No File
FirewallRules: [{87DE24D8-7841-4313-AB75-98ADA331493B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\My Summer Car\mysummercar.exe => No File
FirewallRules: [{BA864E4B-C76A-4303-8640-45D8217D2081}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{FD15A6CC-1719-40DE-9753-4323B6B4D037}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [TCP Query User{76F9D408-7FA7-47B8-8442-97527CBEB9BB}C:\program files\windowsapps\arduinollc.arduinoide_1.8.21.0_x86__mdqgnx93n4wtt\java\bin\javaw.exe] => (Allow) C:\program files\windowsapps\arduinollc.arduinoide_1.8.21.0_x86__mdqgnx93n4wtt\java\bin\javaw.exe => No File
FirewallRules: [UDP Query User{BD0B8A60-C988-4ED9-9756-5E204116F64D}C:\program files\windowsapps\arduinollc.arduinoide_1.8.21.0_x86__mdqgnx93n4wtt\java\bin\javaw.exe] => (Allow) C:\program files\windowsapps\arduinollc.arduinoide_1.8.21.0_x86__mdqgnx93n4wtt\java\bin\javaw.exe => No File
FirewallRules: [TCP Query User{59F65CC0-83DF-400A-9A80-2BDFDF0FA1D3}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [UDP Query User{83DDDB01-8C2F-417A-A776-6BF3166BDD9A}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [{DB7B23C7-16D8-4FAD-8E92-AB6348FF12A7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.74.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{66F3AF49-5CCF-4407-B82A-9B4DEFFE7ABF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.74.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{28EBCDDB-9928-46DA-BF0C-67BAF5407073}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.74.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{05713327-8E03-4F41-8792-E10FDB528470}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.74.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0AB4A2A6-D8AC-499A-BCD9-3900BF428B41}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3F9C2D1A-59AC-4C0C-A16D-D3C27FABCE72}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2B6A3A57-BDF9-44C0-A6E5-B74F4C008B5E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3E8A93D7-CAAE-4541-A0AD-09ECD0C25A5B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{CFFA0460-A26E-43EB-A697-8AEF7285B40A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{37A36CB6-80D9-4126-A952-479EC4C559BA}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{70932761-BD09-43DF-8608-2C782FD04CBC}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B6E58444-8707-480D-AEBB-88695EE1F843}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C68198A4-E4F8-42FB-ACA5-F59B3DB4A019}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
ATTENTION: System Restore is disabled (Total:99.17 GB) (Free:65.04 GB) (66%)
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (05/13/2021 03:54:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.19041.928, time stamp: 0xbc61eb13
Faulting module name: ntdll.dll, version: 10.0.19041.928, time stamp: 0x9bed63d6
Exception code: 0xc0000374
Fault offset: 0x00000000000ff0b9
Faulting process id: 0x124c
Faulting application start time: 0x01d74825cb59114e
Faulting application path: C:\WINDOWS\Explorer.EXE
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: ee058f42-ac75-4997-9647-0f349451e55d
Faulting package full name:
Faulting package-relative application ID:
Error: (05/13/2021 03:19:39 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on New Volume (D:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
Error: (05/06/2021 11:44:18 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on New Volume (D:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
Error: (05/06/2021 11:44:07 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
Error: (05/03/2021 08:09:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: overseer.exe, version: 1.0.421.0, time stamp: 0x60898789
Faulting module name: overseer.exe, version: 1.0.421.0, time stamp: 0x60898789
Exception code: 0xc0000005
Fault offset: 0x0000000000030c85
Faulting process id: 0x2764
Faulting application start time: 0x01d74079aabfb548
Faulting application path: C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe
Faulting module path: C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe
Report Id: e3829388-6dc6-449b-bf87-8591eb696755
Faulting package full name:
Faulting package-relative application ID:
Error: (04/29/2021 11:41:06 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on New Volume (D:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
Error: (04/29/2021 11:40:56 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
Error: (04/22/2021 11:51:04 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on New Volume (D:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
System errors:
=============
Error: (05/13/2021 02:32:37 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Delivery Optimization service hung on starting.
Error: (05/13/2021 02:27:40 PM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT AUTHORITY)
Description: The system watchdog timer was triggered.
Error: (05/10/2021 12:23:17 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-55LO2T2)
Description: The server Microsoft.Windows.ContentDeliveryManager_10.0.19041.423_neutral_neutral_cw5n1h2txyewy!Windows.Networking.BackgroundTransfer.Internal.NetworkChangeTask.ClassId.1 did not register with DCOM within the required timeout.
Error: (05/10/2021 12:23:17 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-55LO2T2)
Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.
CodeIntegrity:
===============
Date: 2021-05-13 15:53:25
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
Date: 2021-05-13 15:20:31
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.
==================== Memory info ===========================
BIOS: Insyde Corp. 1.80 01/27/2014
Motherboard: TOSHIBA Portable PC
Processor: AMD A6-5200 APU with Radeon(TM) HD Graphics
Percentage of memory in use: 82%
Total physical RAM: 3538.36 MB
Available physical RAM: 630.54 MB
Total Virtual: 4876.36 MB
Available Virtual: 687.36 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:99.17 GB) (Free:65.04 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (New Volume) (Fixed) (Total:598.63 GB) (Free:227.72 GB) NTFS
\\?\Volume{69d68ca8-0000-0000-0000-b0ca18000000}\ () (Fixed) (Total:0.83 GB) (Free:0.31 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 698.6 GB) (Disk ID: 69D68CA8)
Partition 1: (Active) - (Size=99.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=853 MB) - (Type=27)
Partition 3: (Not Active) - (Size=598.6 GB) - (Type=07 NTFS)
==================== End of Addition.txt =======================