Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Reply
 
Topic Tools
  #1  
Old December 30th, 2020, 12:08 AM
bot96 bot96 is offline
Senior Member
 
Join Date: Jun 2012
Posts: 201
Cannot run combofix.

Hello to all,
I have used combofix many times in the past. right now i can not get it to run it even deletes itself. many Thanks to all. maybe someone can help me get this to run on my puter.
Reply With Quote


  #2  
Old December 30th, 2020, 12:42 AM
bot96 bot96 is offline
Senior Member
 
Join Date: Jun 2012
Posts: 201
firefox is slow to load and sometimes times out message shows up.
Reply With Quote
  #3  
Old December 31st, 2020, 03:22 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,147
Hi bot96,

Combofix is only meant to be run with the help of a malware removal person, and doesn't run on Windows 10 if that's what you have. But let's take a look.



For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to the desktop.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to the desktop.

Please run it and click Scan, post back with the 2 logfiles.
Reply With Quote
  #4  
Old December 31st, 2020, 10:50 PM
bot96 bot96 is offline
Senior Member
 
Join Date: Jun 2012
Posts: 201
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-12-2020
Ran by Bill (administrator) on BILL-PC (TOSHIBA Satellite C55-B) (31-12-2020 16:45:00)
Running from C:\Users\Bill\Downloads
Loaded Profiles: Bill
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe <3>
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intuit Inc.) [File not signed] C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Intuit, Inc. -> Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Intuit, Inc. -> Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoHook.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
Failed to access process -> csrss.exe
Failed to access process -> csrss.exe
Failed to access process -> unsecapp.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> WmiPrvSE.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3244360 2014-03-04] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1604168 2013-11-26] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [711040 2013-08-21] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [117352 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-09-17] (Intel Corporation -> Intel Corporation)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3792648 2019-02-22] (Intuit, Inc. -> Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-09-16] (Oracle America, Inc. -> Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3498834930-2541690638-1204314038-1000\Software\Policies\...\system: [disablecmd] 0
HKLM\...\Print\Monitors\HP C511 Status Monitor: C:\windows\system32\hpinkstsC511LM.dll [333496 2012-12-15] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP ENVY 4500 series): C:\windows\system32\HPDiscoPMC511.dll [763912 2014-07-21] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
HKLM\...\Print\Monitors\Toshiba Bluetooth Monitor: C:\windows\system32\tbtmon.dll [202752 2013-03-07] (TOSHIBA CORPORATION.) [File not signed]
HKLM\Software\...\Authentication\Credential Providers: [{3AFF1C30-4959-4c2f-8BED-E6E81E39F57A}] -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtCp.dll [2012-02-01] (TOSHIBA CORPORATION -> TOSHIBA CORPORATION)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2020-11-10]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit, Inc. -> Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2020-11-10]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc. -> Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2020-11-10]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2016\QBW32.EXE (Intuit, Inc. -> Intuit Inc.)
Startup: C:\Users\Bill\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup\Monitor Ink Alerts - HP ENVY 4500 series.lnk [2020-12-31]
ShortcutAndArgument: Monitor Ink Alerts - HP ENVY 4500 series.lnk -> C:\windows\system32\RunDll32.exe => "C:\Program Files\HP\HP ENVY 4500 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN4CN254VN05X4;CONNECTION=USB;MONITOR =1;
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {07BD661C-8CCE-4297-9F65-EDEF641302BB} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1741416 2020-11-09] (Avast Software s.r.o. -> Avast Software)
Task: {3B38BE87-AB2F-42F5-9683-01C5864737A0} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-02-24] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {74C7839B-9C97-4CA4-A9D9-D146655E62DA} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-12-08] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {9C7427AA-7B02-4D98-8439-FE55CE90E431} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
Task: {AFC47425-9E73-4F83-BF8B-C3E3C0F269F2} - System32\Tasks\{608911EE-8E32-4222-A756-6741AEC8B509} => C:\Unified_Android_Toolkit\ToolKit.exe [382464 2018-01-04] (SkipSoft Ltd -> SkipSoft Ltd) [File not signed]
Task: {C5C415D7-D07C-49BF-B0CD-2BE55C268C93} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [26896568 2020-12-08] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {C906ADDC-CED4-48F5-BE68-7FC205E37EB2} - System32\Tasks\{199D6C26-4AA8-4C24-BC3E-2206554D5800} => C:\Unified_Android_Toolkit\ToolKit.exe [382464 2018-01-04] (SkipSoft Ltd -> SkipSoft Ltd) [File not signed]
Task: {D8EFBA13-95B1-47A8-8A54-2134A92B7F4C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [250056 2020-11-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {EBE9EC74-2543-49FD-82D4-296A9DE813F7} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4621920 2020-12-16] (Avast Software s.r.o. -> AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.86.1
Tcpip\..\Interfaces\{CA6723CF-4502-44B2-BA46-EEF1E1E35062}: [DhcpNameServer] 192.168.86.1
Tcpip\..\Interfaces\{D50CDFAA-879D-4F62-8B34-003DCAD5A57C}: [DhcpNameServer] 192.168.42.129

Edge:
======
Edge Profile: C:\Users\Bill\AppData\Local\Microsoft\Edge\User Data\Default [2020-12-29]

FireFox:
========
FF DefaultProfile: 74j3dfas.default
FF ProfilePath: C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Prof iles\74j3dfas.default [2020-11-09]
FF ProfilePath: C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Prof iles\dfnhqdrp.default-release-1609205945268 [2020-12-31]
FF Homepage: Mozilla\Firefox\Profiles\dfnhqdrp.default-release-1609205945268 -> hxxps://duckduckgo.com/
FF Extension: (Facebook Container) - C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Prof iles\dfnhqdrp.default-release-1609205945268\Extensions\@contain-facebook.xpi [2020-12-28]
FF Extension: (Google Container) - C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Prof iles\dfnhqdrp.default-release-1609205945268\Extensions\@contain-google.xpi [2020-12-28]
FF Extension: (NoScript) - C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Prof iles\dfnhqdrp.default-release-1609205945268\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2020-12-28]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Prof iles\dfnhqdrp.default-release-1609205945268\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2020-12-28]
FF Plugin: @java.com/DTPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\dtplugin\npDeployJava1 .dll [2020-11-24] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\plugin2\npjp2.dll [2020-11-24] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default [2020-12-29]
CHR DefaultSearchURL: Default -> hxxps://www.saferbrowsing-search.com/search/?category=web&vert=private&s=w1pr&q={searchTerms}
CHR DefaultSearchKeyword: Default -> privacy
CHR DefaultSuggestURL: Default -> hxxps://sug.saferbrowsing-search.com/v1/sug/?s=w1pr&vert=tracking&q={searchTerms}
CHR Extension: (Slides) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhon fmgoek [2020-11-09]
CHR Extension: (Docs) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake [2020-11-09]
CHR Extension: (Google Drive) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf [2020-11-09]
CHR Extension: (Online Privacy) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbnbdniloknhbmabbbaiodiocm gfdheo [2020-12-01]
CHR Extension: (YouTube) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2020-11-09]
CHR Extension: (Sheets) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpeb giejap [2020-11-09]
CHR Extension: (Google Docs Offline) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi [2020-11-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2020-11-09]
CHR Extension: (Gmail) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2020-11-09]
CHR Extension: (Chrome Media Router) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm [2020-11-28]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [250056 2020-11-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [8477080 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [621728 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [351848 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS. exe [65536 2019-02-22] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2019-02-22] (Intuit Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 aswArDisk; C:\windows\System32\drivers\aswArDisk.sys [36792 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\windows\System32\drivers\aswArPot.sys [208672 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\windows\System32\drivers\aswbidsdriver.sys [332880 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\windows\System32\drivers\aswbidsh.sys [247888 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\windows\System32\drivers\aswbuniv.sys [97360 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\windows\System32\drivers\aswKbd.sys [42424 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\windows\System32\drivers\aswMonFlt.sys [176384 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\windows\System32\drivers\aswNetHub.sys [522480 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R3 aswNetNd6; C:\windows\System32\DRIVERS\aswNetNd6.sys [38152 2020-11-09] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\windows\System32\drivers\aswRdr2.sys [108928 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\windows\System32\drivers\aswRvrt.sys [84496 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\windows\System32\drivers\aswSnx.sys [851256 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\windows\System32\drivers\aswSP.sys [469472 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\windows\System32\drivers\aswStm.sys [216984 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\windows\System32\drivers\aswVmm.sys [326064 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
S3 BtFilter; C:\windows\System32\DRIVERS\btfilter.sys [47816 2014-02-26] (Qualcomm Atheros -> Atheros)
S1 ccSet_NGC; C:\windows\System32\drivers\NGCx64\1614050.028\ccS etx64.sys [192248 2020-08-01] (Symantec Corporation -> Symantec Corporation)
R3 RSP2STOR; C:\windows\System32\DRIVERS\RtsP2Stor.sys [291032 2013-11-22] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
R0 SymEFASI; C:\windows\System32\drivers\NGCx64\1614050.028\SYM EFASI64.SYS [1964384 2020-08-01] (Symantec Corporation -> Symantec Corporation)
S3 Tosrfcom; no ImagePath
U1 aswbdisk; no ImagePath
S1 ESProtectionDriver; \??\C:\windows\system32\drivers\mbae64.sys [X]
S2 MBAMChameleon; \SystemRoot\System32\Drivers\MbamChameleon.sys [X]
S3 MBAMFarflt; system32\DRIVERS\farflt.sys [X]
S3 MBAMProtection; \??\C:\windows\system32\DRIVERS\mbam.sys [X]
S3 MBAMWebProtection; system32\DRIVERS\mwac.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-12-31 16:41 - 2020-12-31 16:43 - 000027535 _____ C:\Users\Bill\Downloads\Addition.txt
2020-12-31 16:37 - 2020-12-31 16:46 - 000019112 _____ C:\Users\Bill\Downloads\FRST.txt
2020-12-31 16:36 - 2020-12-31 16:45 - 000000000 ____D C:\FRST
2020-12-31 16:36 - 2020-12-31 16:36 - 002286592 _____ (Farbar) C:\Users\Bill\Downloads\FRST64.exe
2020-12-28 21:08 - 2020-12-28 21:09 - 000000000 ___SD C:\fc
2020-12-28 19:37 - 2020-12-28 19:37 - 000000000 ____D C:\Users\Bill\Downloads\backups
2020-12-25 15:03 - 2020-12-25 15:03 - 000051807 _____ C:\Users\Bill\Documents\Little acorn 3 storm 1 storm..pdf
2020-12-22 18:44 - 2020-12-22 20:03 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-12-21 20:44 - 2020-12-21 20:44 - 000232596 _____ C:\Users\Bill\Documents\Black truck battery reciept..pdf
2020-12-21 20:42 - 2020-12-21 20:42 - 000051058 _____ C:\Users\Bill\Documents\Napa Battery Black truck..pdf
2020-12-20 17:54 - 2020-12-20 18:02 - 000000000 ____D C:\ProgramData\HitmanPro.Alert
2020-12-20 17:54 - 2020-12-20 18:02 - 000000000 ____D C:\ProgramData\HitmanPro
2020-12-19 20:08 - 2020-12-19 20:08 - 000388608 _____ (Trend Micro Inc.) C:\Users\Bill\Downloads\HijackThis.exe
2020-12-19 19:42 - 2020-12-19 19:44 - 200074296 _____ (Malwarebytes) C:\Users\Bill\Downloads\MBSetup-0000870.0000870-4.2.3.203-1.0.1122-1.0.33326.exe
2020-12-18 19:38 - 2020-12-18 19:38 - 000051333 _____ C:\Users\Bill\Documents\105 little acorn dr. soffit and paper..pdf
2020-12-17 19:49 - 2020-12-17 19:49 - 000052493 _____ C:\Users\Bill\Documents\OOIR Nags Head slider door remove install..pdf
2020-12-16 16:55 - 2020-12-16 16:55 - 003962616 _____ C:\Users\Bill\Downloads\EN4500_2025A.exe
2020-12-16 16:50 - 2020-12-16 16:50 - 000000000 ____D C:\Users\Bill\Documents\HpReg_Backup
2020-12-16 16:46 - 2020-12-16 16:46 - 000002187 _____ C:\Users\Public\Desktop\HP ENVY 4500 series.lnk
2020-12-16 16:46 - 2020-12-16 16:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2020-12-16 16:46 - 2014-07-21 16:31 - 000763912 ____N (Hewlett-Packard Development Company, LP) C:\windows\system32\HPDiscoPMC511.dll
2020-12-16 16:45 - 2020-12-16 16:45 - 000000000 ____D C:\Program Files\HP
2020-12-16 16:41 - 2020-12-16 16:42 - 000000000 ____D C:\windows\system32\appmgmt
2020-12-16 16:07 - 2020-12-16 16:07 - 000051476 _____ C:\Users\Bill\Documents\107 Becker St. door install and others..pdf
2020-12-16 06:43 - 2020-12-16 06:42 - 000340576 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2020-12-16 06:42 - 2020-12-16 06:42 - 000216984 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2020-12-10 17:24 - 2020-12-10 17:24 - 000912993 _____ C:\Users\Bill\Downloads\D30-D44-Hardcore-Locking-Hubs-Install-Manual.pdf
2020-12-10 17:21 - 2020-12-10 17:22 - 002701633 _____ C:\Users\Bill\Downloads\Dana 60 Manual (Front Axle).pdf
2020-12-10 17:02 - 2020-12-10 17:03 - 001068053 _____ C:\Users\Bill\Downloads\CAD-Delete-Installation-Instructions-1994-1999.pdf
2020-12-09 18:29 - 2020-12-09 18:29 - 000051513 _____ C:\Users\Bill\Documents\105 Little Acorn Dr Framing..pdf
2020-12-08 18:03 - 2020-12-08 18:03 - 000169053 _____ C:\Users\Bill\Documents\10 Blue pete Ct. inside framing..pdf
2020-12-06 20:48 - 2020-12-06 20:48 - 009676657 _____ C:\Users\Bill\Downloads\2000Ramparts.pdf
2020-12-06 18:39 - 2020-12-06 18:40 - 000545401 _____ C:\Users\Bill\Downloads\GetStatementPdf(1)
2020-12-06 18:38 - 2020-12-06 18:38 - 000545460 _____ C:\Users\Bill\Downloads\GetStatementPdf
2020-12-06 18:32 - 2020-12-06 18:33 - 000125942 _____ C:\Users\Bill\Downloads\Statement58852415.pdf
2020-12-06 18:29 - 2020-12-06 18:29 - 000138891 _____ C:\Users\Bill\Downloads\Statement58880825.pdf
2020-12-06 18:22 - 2020-12-06 18:22 - 001384453 _____ C:\Users\Bill\Downloads\Discover-Statement-20201116-1294.pdf
2020-12-06 18:18 - 2020-12-06 18:18 - 000142112 _____ C:\Users\Bill\Downloads\fqU4yKRm.pdf
2020-12-06 18:15 - 2020-12-06 18:16 - 000144142 _____ C:\Users\Bill\Downloads\TcUNGpRc.pdf
2020-12-05 18:01 - 2020-12-05 18:01 - 012328924 _____ C:\Users\Bill\Downloads\platform-tools_r30.0.5-windows.zip
2020-12-05 18:01 - 2020-12-05 18:01 - 000000000 ____D C:\Users\Bill\Downloads\platform-tools_r30.0.5-windows
2020-12-03 18:58 - 2020-12-03 18:58 - 000000000 ____D C:\Users\Bill\AppData\Roaming\WinBatch
2020-12-01 21:15 - 2020-12-01 21:15 - 000336767 _____ C:\Users\Bill\Documents\roof estimate.5401..pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-12-31 16:44 - 2020-11-24 22:36 - 000000000 ____D C:\Program Files\CCleaner
2020-12-31 16:38 - 2020-11-09 17:35 - 000000000 ____D C:\Users\Bill\AppData\LocalLow\Mozilla
2020-12-31 16:38 - 2009-07-13 23:45 - 000043728 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-12-31 16:38 - 2009-07-13 23:45 - 000043728 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-12-31 16:36 - 2020-11-09 18:01 - 000000000 ____D C:\ProgramData\Avast Software
2020-12-31 16:35 - 2020-11-09 17:35 - 000000000 ____D C:\ProgramData\Mozilla
2020-12-31 16:34 - 2009-07-14 00:13 - 000781458 _____ C:\windows\system32\PerfStringBackup.INI
2020-12-31 16:34 - 2009-07-13 22:20 - 000000000 ____D C:\windows\inf
2020-12-31 16:29 - 2009-07-14 00:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2020-12-30 18:34 - 2009-07-14 00:08 - 000032562 _____ C:\windows\Tasks\SCHEDLGU.TXT
2020-12-30 18:11 - 2014-05-20 10:29 - 000000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2020-12-29 19:10 - 2020-11-10 20:15 - 000001045 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2020-12-29 19:10 - 2020-11-10 20:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2020-12-28 21:11 - 2020-11-13 20:44 - 000000000 ____D C:\Users\Bill\AppData\Local\ElevatedDiagnostics
2020-12-28 17:58 - 2020-11-09 18:05 - 000004168 _____ C:\windows\system32\Tasks\Avast Emergency Update
2020-12-26 19:12 - 2020-11-26 16:34 - 000003870 _____ C:\windows\system32\Tasks\CCleaner Update
2020-12-26 19:12 - 2020-11-26 16:34 - 000002804 _____ C:\windows\system32\Tasks\CCleanerSkipUAC
2020-12-26 19:12 - 2020-11-24 18:30 - 000002938 _____ C:\windows\system32\Tasks\{608911EE-8E32-4222-A756-6741AEC8B509}
2020-12-26 19:12 - 2020-11-24 18:29 - 000002938 _____ C:\windows\system32\Tasks\{199D6C26-4AA8-4C24-BC3E-2206554D5800}
2020-12-26 19:12 - 2020-11-11 18:19 - 000004476 _____ C:\windows\system32\Tasks\Adobe Acrobat Update Task
2020-12-26 19:12 - 2020-11-09 01:44 - 000003130 _____ C:\windows\system32\Tasks\RTKCPL
2020-12-26 19:12 - 2014-05-20 10:29 - 000003768 _____ C:\windows\system32\Tasks\Adobe Flash Player Updater
2020-12-26 17:51 - 2020-11-09 18:07 - 000000000 ____D C:\windows\system32\Tasks\Avast Software
2020-12-25 15:05 - 2020-11-10 19:58 - 022745088 ____R C:\Wiliam M Baum 2007 3-3-14.QBW
2020-12-25 15:05 - 2020-11-10 19:58 - 000589824 ____R C:\Wiliam M Baum 2007 3-3-14.QBW.TLG
2020-12-25 15:05 - 2020-11-10 19:58 - 000000334 _____ C:\Wiliam M Baum 2007 3-3-14.QBW.ND
2020-12-25 15:01 - 2020-11-10 19:58 - 000000000 ____D C:\QuickBooksAutoDataRecovery
2020-12-22 20:03 - 2020-11-09 17:35 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-12-19 20:28 - 2020-11-09 01:53 - 000000000 ____D C:\Program Files (x86)\TOSHIBA
2020-12-19 20:28 - 2014-05-20 10:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toshiba
2020-12-19 20:19 - 2020-11-11 20:30 - 000000000 ____D C:\Qoobox
2020-12-17 19:40 - 2020-11-10 20:44 - 000000000 ____D C:\Unified_Android_Toolkit
2020-12-16 17:35 - 2009-07-13 22:20 - 000000000 ____D C:\windows\rescache
2020-12-16 16:51 - 2020-11-22 12:29 - 000002266 _____ C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2020-12-16 16:45 - 2020-11-10 20:34 - 000000000 ____D C:\ProgramData\HP
2020-12-16 16:45 - 2020-11-10 20:34 - 000000000 ____D C:\Program Files (x86)\HP
2020-12-16 06:42 - 2020-11-09 18:04 - 000851256 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2020-12-16 06:42 - 2020-11-09 18:04 - 000522480 _____ (AVAST Software) C:\windows\system32\Drivers\aswNetHub.sys
2020-12-16 06:42 - 2020-11-09 18:04 - 000469472 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2020-12-16 06:42 - 2020-11-09 18:04 - 000332880 _____ (AVAST Software) C:\windows\system32\Drivers\aswbidsdriver.sys
2020-12-16 06:42 - 2020-11-09 18:04 - 000326064 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys
2020-12-16 06:42 - 2020-11-09 18:04 - 000247888 _____ (AVAST Software) C:\windows\system32\Drivers\aswbidsh.sys
2020-12-16 06:42 - 2020-11-09 18:04 - 000208672 _____ (AVAST Software) C:\windows\system32\Drivers\aswArPot.sys
2020-12-16 06:42 - 2020-11-09 18:04 - 000176384 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2020-12-16 06:42 - 2020-11-09 18:04 - 000108928 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2020-12-16 06:42 - 2020-11-09 18:04 - 000097360 _____ (AVAST Software) C:\windows\system32\Drivers\aswbuniv.sys
2020-12-16 06:42 - 2020-11-09 18:04 - 000084496 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2020-12-16 06:42 - 2020-11-09 18:04 - 000042424 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys
2020-12-16 06:42 - 2020-11-09 18:04 - 000036792 _____ (AVAST Software) C:\windows\system32\Drivers\aswArDisk.sys
2020-12-13 19:59 - 2009-07-14 00:32 - 000000000 ____D C:\Program Files\Windows Sidebar
2020-12-13 19:59 - 2009-07-14 00:32 - 000000000 ____D C:\Program Files (x86)\Windows Sidebar
2020-12-09 18:44 - 2020-11-11 18:17 - 000002030 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-12-04 18:05 - 2020-11-19 21:43 - 000053148 _____ C:\Users\Bill\Documents\127 S. Snow Geese. joists and ledgers..pdf

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2020-12-23 18:37
==================== End of FRST.txt ========================
Reply With Quote
  #5  
Old December 31st, 2020, 10:51 PM
bot96 bot96 is offline
Senior Member
 
Join Date: Jun 2012
Posts: 201
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2020
Ran by Bill (31-12-2020 16:46:35)
Running from C:\Users\Bill\Downloads
Windows 7 Professional Service Pack 1 (X64) (2020-11-09 04:24:34)
Boot Mode: Normal
================================================== ========


==================== Accounts: =============================

Administrator (S-1-5-21-3498834930-2541690638-1204314038-500 - Administrator - Disabled)
Bill (S-1-5-21-3498834930-2541690638-1204314038-1000 - Administrator - Enabled) => C:\Users\Bill
Guest (S-1-5-21-3498834930-2541690638-1204314038-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3498834930-2541690638-1204314038-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {5078598A-1FA2-C888-AA5F-A9C66537DB12}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.013.20074 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\{98616875-CF30-4BE5-AAED-36EF4AC6EE27}) (Version: 11.3.300.268 - Adobe Systems Incorporated)
Android Studio (HKLM\...\Android Studio) (Version: 4.1 - Google LLC)
Atheros Bluetooth Filter Driver Package (HKLM\...\{65486209-5C54-439C-8383-8AC9BBE25932}) (Version: 2.0.0.27 - Qualcomm Atheros)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 20.10.2442 - Avast Software)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v9.10.20(T) - TOSHIBA CORPORATION)
CCleaner (HKLM\...\CCleaner) (Version: 5.75 - Piriform)
ETDWare PS/2-X64 11.8.20.3_WHQL (HKLM\...\Elantech) (Version: 11.8.20.3 - ELAN Microelectronic Corp.)
HP ENVY 4500 series Basic Device Software (HKLM\...\{6915424E-704F-4F5D-9057-9C7B406B36DB}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.10.255 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{7563302D-BD6B-4153-BA7D-3E3432E7C22D}) (Version: 7.5.6 - Intel Corporation)
Java 8 Update 271 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180271F0}) (Version: 8.0.2710.9 - Oracle Corporation)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 84.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 84.0.1 (x64 en-US)) (Version: 84.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 82.0.3 - Mozilla)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
QuickBooks (HKLM-x32\...\{2B0E1E07-2F3D-4E7D-AD0A-1C74A8881B9B}) (Version: 26.0.4017.2607 - Intuit Inc.) Hidden
QuickBooks Pro 2016 (HKLM-x32\...\{4338BDE2-0035-41BC-87BE-EE0AD5D48042}) (Version: 26.0.4017.2607 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.29073 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.78.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7195 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.2.0 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.2.0 - VS Revo Group, Ltd.)
TOOL ALL IN ONE - 1 (HKU\S-1-5-21-3498834930-2541690638-1204314038-1000\...\dc1f63000b2c54db) (Version: 1.0.6.1 - Mauronofrio)
TOOL ALL IN ONE (HKU\S-1-5-21-3498834930-2541690638-1204314038-1000\...\067ec52159e66db0) (Version: 2.0.1.3 - Mauronofrio)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.2 - TOSHIBA)
TOSHIBA Audio Enhancement (HKLM\...\{F2DE0088-CF05-4DAB-AC4D-9D2C4D657456}) (Version: 1.0.2.13 - Toshiba Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.13 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{F5AFF327-9B52-4E96-B5A0-BD2488A8EEC9}) (Version: 1.4.5.64 - Toshiba Corporation)
TOSHIBA Flash Cards (HKLM\...\{F5D089A2-3E02-4471-AA04-3C7B87A60BD4}) (Version: 9.0.5.6401 - Toshiba Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.15 - TOSHIBA Corporation)
TOSHIBA PC Diagnostic Tool (HKLM-x32\...\{F0794FA5-1809-4FC3-AA4E-48061281B5A2}) (Version: 9.0.3.6400 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.9.52040013 - Toshiba Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.15.0 - TOSHIBA)
TOSHIBA System Driver (HKLM\...\{46754F5B-B496-4BCA-87E5-84ACF27FCE0F}) (Version: 9.0.3.6401 - Toshiba Corporation)
Universal Adb Driver (HKLM-x32\...\{C0E08D8D-6076-4117-B644-2AF34F35B757}) (Version: 1.0.4 - ClockworkMod)
Utility Common Driver (HKLM-x32\...\{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}) (Version: 1.0.52.6 - TOSHIBA) Hidden
Utility Common Driver (HKLM-x32\...\InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}) (Version: 1.0.52.6 - TOSHIBA) Hidden

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2020-12-16] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2020-12-16] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [tosBtShllExt] -> {6BEF3D0B-53F0-4b0d-B91C-C19ED3D4C9D1} => C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\TosBtShell.dll [2014-01-20] (TOSHIBA) [File not signed]
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2020-12-16] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers4: [tosBtShllExt] -> {6BEF3D0B-53F0-4b0d-B91C-C19ED3D4C9D1} => C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\TosBtShell.dll [2014-01-20] (TOSHIBA) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2013-10-28] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2020-12-16] (Avast Software s.r.o. -> AVAST Software)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Fi lter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) =============

2020-12-30 17:07 - 2020-12-30 17:07 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Avast Software\Avast\defs\20123004\avast.local_vc142.crt \api-ms-win-core-synch-l1-2-0.dll
2020-12-31 16:30 - 2020-12-31 16:30 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Avast Software\Avast\defs\20123106\avast.local_vc142.crt \api-ms-win-core-file-l1-2-0.dll
2020-12-31 16:30 - 2020-12-31 16:30 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Avast Software\Avast\defs\20123106\avast.local_vc142.crt \api-ms-win-core-file-l2-1-0.dll
2020-12-31 16:30 - 2020-12-31 16:30 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Avast Software\Avast\defs\20123106\avast.local_vc142.crt \api-ms-win-core-localization-l1-2-0.dll
2020-12-31 16:30 - 2020-12-31 16:30 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Avast Software\Avast\defs\20123106\avast.local_vc142.crt \api-ms-win-core-processthreads-l1-1-1.dll
2020-12-31 16:30 - 2020-12-31 16:30 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Avast Software\Avast\defs\20123106\avast.local_vc142.crt \api-ms-win-core-synch-l1-2-0.dll
2020-12-31 16:30 - 2020-12-31 16:30 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Avast Software\Avast\defs\20123106\avast.local_vc142.crt \api-ms-win-core-timezone-l1-1-0.dll
2020-12-31 16:30 - 2020-12-31 16:30 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Avast Software\Avast\defs\20123106\avast.local_vc142.crt \api-ms-win-crt-convert-l1-1-0.dll
2020-12-31 16:30 - 2020-12-31 16:30 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Avast Software\Avast\defs\20123106\avast.local_vc142.crt \api-ms-win-crt-environment-l1-1-0.dll
2020-12-31 16:30 - 2020-12-31 16:30 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Avast Software\Avast\defs\20123106\avast.local_vc142.crt \api-ms-win-crt-filesystem-l1-1-0.dll
2020-12-31 16:30 - 2020-12-31 16:30 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Avast Software\Avast\defs\20123106\avast.local_vc142.crt \api-ms-win-crt-heap-l1-1-0.dll
2020-12-31 16:30 - 2020-12-31 16:30 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Avast Software\Avast\defs\20123106\avast.local_vc142.crt \api-ms-win-crt-locale-l1-1-0.dll
2020-12-31 16:30 - 2020-12-31 16:30 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Avast Software\Avast\defs\20123106\avast.local_vc142.crt \api-ms-win-crt-math-l1-1-0.dll
2020-12-31 16:30 - 2020-12-31 16:30 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Avast Software\Avast\defs\20123106\avast.local_vc142.crt \api-ms-win-crt-multibyte-l1-1-0.dll
2020-12-31 16:30 - 2020-12-31 16:30 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Avast Software\Avast\defs\20123106\avast.local_vc142.crt \api-ms-win-crt-runtime-l1-1-0.dll
2020-12-31 16:30 - 2020-12-31 16:30 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Avast Software\Avast\defs\20123106\avast.local_vc142.crt \api-ms-win-crt-stdio-l1-1-0.dll
2020-12-31 16:30 - 2020-12-31 16:30 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Avast Software\Avast\defs\20123106\avast.local_vc142.crt \api-ms-win-crt-string-l1-1-0.dll
2020-12-31 16:30 - 2020-12-31 16:30 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Avast Software\Avast\defs\20123106\avast.local_vc142.crt \api-ms-win-crt-time-l1-1-0.dll
2020-12-31 16:30 - 2020-12-31 16:30 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Avast Software\Avast\defs\20123106\avast.local_vc142.crt \api-ms-win-crt-utility-l1-1-0.dll
2020-12-31 16:30 - 2020-12-31 16:30 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Avast Software\Avast\defs\20123106\avast.local_vc142.crt \MSVCP140.dll
2020-12-31 16:30 - 2020-12-31 16:30 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Avast Software\Avast\defs\20123106\avast.local_vc142.crt \ucrtbase.DLL
2020-12-31 16:30 - 2020-12-31 16:30 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Avast Software\Avast\defs\20123106\avast.local_vc142.crt \VCRUNTIME140.dll
2020-12-31 16:30 - 2020-12-31 16:30 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Avast Software\Avast\defs\20123106\avast.local_vc142.crt \VCRUNTIME140_1.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\procexp90.Sys => ""="Driver"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Version 11) (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3498834930-2541690638-1204314038-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3498834930-2541690638-1204314038-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3498834930-2541690638-1204314038-1000 -> DefaultScope {5E70D020-F197-4FCA-8253-BA1E9D292E21} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_271\bin\ssv.dll [2020-11-24] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_271\bin\jp2ssv.dll [2020-11-24] (Oracle America, Inc. -> Oracle Corporation)
Handler-x32: intu-help-qb9 - {C1252096-0E63-4C06-A38B-03DF9A16AA12} - C:\Program Files (x86)\Intuit\QuickBooks 2016\HelpAsyncPluggableProtocol.dll [2019-02-22] (Intuit, Inc. -> Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2010-11-20] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 000000824 _____ C:\windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3498834930-2541690638-1204314038-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Th emes\TranscodedWallpaper.jpg
DNS Servers: 192.168.86.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F1922258-7B6B-401B-A1BA-094DF0346DDD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{676E95EE-6702-4071-85F3-AD6D77705158}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [SPPSVC-In-TCP] => (Allow) C:\windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) C:\windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{0AE4A349-92EA-4751-9F23-C75E0AA4E171}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{6799B122-017B-4535-9C89-2334C2870966}] => (Allow) LPort=5357
FirewallRules: [{E81FFF39-2555-4FDA-BF99-31ACD038CC48}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{B1DECBA3-6DF0-46CB-8A35-7CC4BB6FE682}] => (Allow) C:\Program Files (x86)\HP\Diagnostics\PSDR\SoftPaq\Binaries\HPDiagn osticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{A54455B5-9160-4768-9295-7B0F861C5A2B}] => (Allow) C:\Program Files (x86)\HP\Diagnostics\PSDR\SoftPaq\Binaries\HPDiagn osticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)

==================== Restore Points =========================

16-12-2020 16:40:51 Removed HP ENVY 4500 series Basic Device Software
16-12-2020 16:41:32 Removed HP ENVY 4500 series Basic Device Software
18-12-2020 20:02:40 JRT Pre-Junkware Removal
19-12-2020 20:36:35 JRT Pre-Junkware Removal
20-12-2020 16:50:57 JRT Pre-Junkware Removal
24-12-2020 18:28:16 JRT Pre-Junkware Removal
28-12-2020 19:03:15 JRT Pre-Junkware Removal
29-12-2020 19:13:19 JRT Pre-Junkware Removal
29-12-2020 19:35:21 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices ============

Name: Malwarebytes Anti-Exploit
Description: Malwarebytes Anti-Exploit
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ESProtectionDriver
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: ========================

Application errors:
==================
Error: (12/31/2020 04:39:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 14.12.2020.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1588

Start Time: 01d6dfbd2bfb937a

Termination Time: 16

Application Path: C:\Users\Bill\Downloads\FRST64.exe

Report Id:

Error: (12/31/2020 04:29:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/30/2020 07:41:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/30/2020 06:53:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LMS.exe, version: 9.5.10.1628, time stamp: 0x51cb6db4
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x02cc7584
Faulting process id: 0xeb4
Faulting application start time: 0x01d6df04ad18cbd5
Faulting application path: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
Faulting module path: unknown
Report Id: 2cc037b8-4afa-11eb-a80c-f8a963d84040

Error: (12/30/2020 06:53:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: jhi_service.exe, version: 9.5.12.1682, time stamp: 0x51e60670
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x02cc7584
Faulting process id: 0x930
Faulting application start time: 0x01d6df04acd886ad
Faulting application path: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
Faulting module path: unknown
Report Id: 2c8bd972-4afa-11eb-a80c-f8a963d84040

Error: (12/30/2020 06:53:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IntelMeFWService.exe, version: 9.5.10.1628, time stamp: 0x51cb6ca3
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x02cc7584
Faulting process id: 0xe5c
Faulting application start time: 0x01d6df04acab4c88
Faulting application path: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
Faulting module path: unknown
Report Id: 2c6100ad-4afa-11eb-a80c-f8a963d84040

Error: (12/30/2020 06:53:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ICCProxy.exe, version: 1.0.0.1, time stamp: 0x4f971121
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x02cc7584
Faulting process id: 0xdbc
Faulting application start time: 0x01d6df04619bfe81
Faulting application path: C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
Faulting module path: unknown
Report Id: 2c231ce6-4afa-11eb-a80c-f8a963d84040

Error: (12/30/2020 06:53:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: QBIDPService.exe, version: 1.26.21.4000, time stamp: 0x56e87cac
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x02cc7584
Faulting process id: 0xb5c
Faulting application start time: 0x01d6df045e8f3b27
Faulting application path: C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
Faulting module path: unknown
Report Id: 2927032e-4afa-11eb-a80c-f8a963d84040


System errors:
=============
Error: (12/31/2020 04:29:26 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ccSet_NGC
ESProtectionDriver

Error: (12/31/2020 04:29:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMChameleon service failed to start due to the following error:
The system cannot find the file specified.

Error: (12/30/2020 07:41:00 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ccSet_NGC
ESProtectionDriver

Error: (12/30/2020 07:40:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMChameleon service failed to start due to the following error:
The system cannot find the file specified.

Error: (12/30/2020 06:53:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Management and Security Application Local Management Service service terminated unexpectedly. It has done this 1 time(s).

Error: (12/30/2020 06:53:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s).

Error: (12/30/2020 06:53:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) ME Service service terminated unexpectedly. It has done this 1 time(s).

Error: (12/30/2020 06:53:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Integrated Clock Controller Service - Intel(R) ICCS service terminated unexpectedly. It has done this 1 time(s).


CodeIntegrity:
===================================

Date: 2020-11-09 19:52:02.912
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\MRT.exe because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

BIOS: TOSHIBA 1.30 11/28/2014
Motherboard: TOSHIBA ZFWAA
Processor: Intel(R) Core(TM) i3-3217U CPU @ 1.80GHz
Percentage of memory in use: 53%
Total physical RAM: 6031.24 MB
Available physical RAM: 2833 MB
Total Virtual: 12060.62 MB
Available Virtual: 9018.09 MB

==================== Drives ================================

Drive c: (TI10695800D) (Fixed) (Total:687.55 GB) (Free:627.34 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{7c6c4644-2254-11eb-ba9a-806e6f6e6963}\ (System) (Fixed) (Total:1.46 GB) (Free:1.25 GB) NTFS

==================== MBR & Partition Table ====================

================================================== ========
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 698.6 GB) (Disk ID: D34BCE7D)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=687.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.6 GB) - (Type=17)

==================== End of Addition.txt =======================
Reply With Quote
  #6  
Old January 1st, 2021, 05:14 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,147
Not seeing anything yet.


Disable Avast.

---------------------

Download AdwCleaner and move it to your Desktop.

Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users).
Accept the EULA (I accept), then click on Scan.
Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button.
Once the cleaning process is complete, AdwCleaner will ask to restart your computer, please do so.
After the restart, a log will open when logging in. Please copy and paste the contents of that log into your next reply.

---------------------

Download malwarebytes_anti_malware.MalwareBytes Anti-Malware to your desktop.

Double-click mbam-setup-2.0.exe to start the installation of Malwarebytes Anti-Malware.
Follow the instructions on your screen to complete the installation. You can find the complete installation procedure here.
Click Scan at the top of the screen and hit Detection and Protection.
Choose Custom Scan and click Scan Now.
Check the box next to Scan for rootkits.
MalwareBytes Anti-Malware will now check for the latest updates. Click Update Now if new updates are available.
Your computer is now being scanned, please do not use your computer during the scan.
If no threats were found, click View detailed log.
Click Export and save the log as a .txt file on your Desktop or another location.
If the scan detected any threats, click Apply Actions.
To complete any actions taken you will be prompted to restart your computer...click on Yes.
After reboot, start Malwarebytes Anti-Malware again and click the History Tab at the top and select Application Logs.
Check the box next to Scan Log. Choose the most current scan and click View.
Click Export and save the log as a .txt file on your Desktop or another location.
Providing the MalwareBytes' Anti-Malware log file
Attach the log file you just saved to your next reply for further review.
Reply With Quote
  #7  
Old January 1st, 2021, 11:32 PM
bot96 bot96 is offline
Senior Member
 
Join Date: Jun 2012
Posts: 201
# -------------------------------
# Malwarebytes AdwCleaner 8.0.8.0
# -------------------------------
# Build: 10-08-2020
# Database: 2020-12-21.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 01-01-2021
# Duration: 00:00:36
# OS: Windows 7 Professional
# Scanned: 31930
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.


AdwCleaner[S00].txt - [5772 octets] - [13/11/2020 21:29:57]
AdwCleaner[C00].txt - [1958 octets] - [13/11/2020 21:30:47]
AdwCleaner[S01].txt - [5909 octets] - [24/11/2020 22:18:19]
AdwCleaner[S02].txt - [5970 octets] - [19/12/2020 20:27:59]
AdwCleaner[C02].txt - [6600 octets] - [19/12/2020 20:28:23]
AdwCleaner[S03].txt - [1718 octets] - [19/12/2020 20:30:48]
AdwCleaner[C03].txt - [1908 octets] - [19/12/2020 20:31:01]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S04].txt ##########
Reply With Quote
  #8  
Old January 1st, 2021, 11:41 PM
bot96 bot96 is offline
Senior Member
 
Join Date: Jun 2012
Posts: 201
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 1/1/21
Scan Time: 5:38 PM
Log File: 062ed666-4c82-11eb-a4b8-f8a963d84040.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1130
Update Package Version: 1.0.35139
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Bill-PC\Bill

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 238033
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 2 min, 47 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
Reply With Quote
  #9  
Old January 2nd, 2021, 02:42 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,147
Nothing found, and those two scans would have ID'd any Firefox malware issues. Any chance Firefox ran better with Avast disabled?
Reply With Quote
  #10  
Old January 6th, 2021, 02:56 AM
bot96 bot96 is offline
Senior Member
 
Join Date: Jun 2012
Posts: 201
Ran the same.
Reply With Quote
  #11  
Old January 6th, 2021, 02:57 AM
bot96 bot96 is offline
Senior Member
 
Join Date: Jun 2012
Posts: 201
what is more important is, getting combofix to run.
Reply With Quote
  #12  
Old January 6th, 2021, 12:52 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,147
No scans have found anything amiss on your system, and I suspect Avast was involved in interfering with Combofix. But truly no reason to run Combofix just because a browser is slow, and especially after your system shows clear of any malware.
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 02:17 AM.