Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-07-2023

Ran by YAOMH1 (administrator) on YAOMH (TOSHIBA Satellite C55-B) (16-07-2023

05:07:36)
Running from C:\Users\YAOMH1\Documents\FRST64.exe
Loaded Profiles: YAOMH1
Platform: Microsoft Windows 8.1 (Update) (X64) Language: English (United States)
Default browser: Opera
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will
not be moved.)

(C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe ->) (Qualcomm

Atheros -> ) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth
Suite\ActivateDesktop.exe
(C:\Users\YAOMH1\AppData\Local\Programs\Opera\opera.exe ->) (Microsoft Windows ->
Microsoft Corporation) C:\Windows\System32\cmd.exe
(C:\Users\YAOMH1\AppData\Local\Programs\Opera\opera.exe ->) (Opera Norway AS ->
Opera Software) C:\Users\YAOMH1\AppData\Local\Programs\Opera\95.0.4635.84\
opera_crashreporter.exe
(C:\Users\YAOMH1\Downloads\Windows_Repair_Toolbox\Windows_Repair_Toolbox.exe ->)
(NortonLifeLock Inc. -> NortonLifeLock Inc.) C:\Users\YAOMH1\Downloads\
Windows_Repair_Toolbox\Downloads\Malware Removal\NPE64.exe
(cmd.exe ->) (Cold Turkey Software, Inc. -> Cold Turkey Software Inc.) C:\Program
Files\Cold Turkey\CTMsgHostChrome.exe
(explorer.exe ->) (Alexandre Coelho) [File not signed] C:\Users\YAOMH1\Downloads\
Windows_Repair_Toolbox\Windows_Repair_Toolbox.exe
(explorer.exe ->) (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\
Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.272\
GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.272\
GoogleCrashHandler64.exe
(Intel(R) pGFX 2020 -> ) C:\Windows\System32\igfxTray.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SrTasks.exe
(notepad.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\
Windows Defender\MpCmdRun.exe
(Opera Norway AS -> Opera Software) C:\Users\YAOMH1\AppData\Local\Programs\Opera\
opera.exe <19>
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\
Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\
igfxCUIService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program
Files\Windows Defender\MsMpEng.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program
Files\Windows Defender\NisSrv.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\
Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\
amd64_microsoft-windows-
servicingstack_31bf3856ad364e35_6.3.9600.17246_none_fa4ae8e99b1f603c\TiWorker.exe
(taskeng.exe ->) (Cold Turkey Software, Inc. -> Cold Turkey Software Inc.) C:\
Program Files\Cold Turkey\CTServiceInstaller.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to
default or removed. The file will not be moved.)

HKLM\...\Run: [ProxyCap] => C:\Program Files\Proxy Labs\ProxyCap\pcapui.exe (No

File)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
(No File)
HKLM-x32\...\Run: [TeamsMachineUninstallerLocalAppData] => %LOCALAPPDATA%\
Microsoft\Teams\Update.exe --uninstall --msiUninstall --source=default (No File)
HKLM-x32\...\Run: [TeamsMachineUninstallerProgramData] => %ProgramData%\Microsoft\
Teams\Update.exe --uninstall --msiUninstall --source=default (No File)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm
Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-04-02] (Qualcomm Atheros ->
Qualcomm®Atheros®) [File not signed]
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-3957642251-2528715432-444061663-1001\...\Run:
[MicrosoftEdgeAutoLaunch_4D542A5D1C286362363C0CA8D57726FD] => "C:\Program Files
(x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-
start /prefetch:5 [4188608 2023-06-10] (Microsoft Corporation -> Microsoft
Corporation)
HKU\S-1-5-21-3957642251-2528715432-444061663-1001\...\Run: [IDMan] => C:\Program
Files (x86)\Internet Download Manager\IDMan.exe [5923592 2023-06-15] (Tonec Inc. ->
Tonec Inc.)
HKU\S-1-5-21-3957642251-2528715432-444061663-1001\...\Run: [CCleaner Smart
Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [40496032 2023-06-07]
(PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-
AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\109.0.5414.149\
Installer\chrmstp.exe [2023-06-16] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{ACFC407B-266C-8504-8DAE-
F3E276336E4B}] -> C:\WINDOWS\system32\AthCredentialProvider.dll [2014-04-02]
(Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
HKLM\Software\...\Authentication\Credential Provider Filters: [{ACFC407B-266C-8504-
8DAE-F3E276336E4B}] -> C:\WINDOWS\system32\AthCredentialProvider.dll [2014-04-02]
(Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
Startup: C:\Users\YAOMH1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\
Startup\Telegram.lnk [2023-06-29]
ShortcutTarget: Telegram.lnk -> C:\Users\YAOMH1\AppData\Roaming\Telegram Desktop\
Telegram.exe (Telegram FZ-LLC -> Telegram FZ-LLC)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The
file will not be moved unless listed separately.)

Task: {96AB4E2A-F33D-4B13-9C36-B0ABD5183484} - System32\Tasks\Adobe Acrobat Update

Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564152
2023-04-04] (Adobe Inc. -> Adobe Inc.)
Task: {929488F0-DEB9-4D7A-8655-5DE3CD3CE969} - System32\Tasks\CCleaner Update =>
C:\Program Files\CCleaner\CCUpdate.exe [714256 2023-06-07] (PIRIFORM SOFTWARE
LIMITED -> Piriform Software Ltd)
Task: {970FAE63-B731-464B-A3B8-4DF55EBF7764} - System32\Tasks\
CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4703648
2023-06-07] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) -> --product 90 --send
dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program
Files\CCleaner" --configpath "C:\Program Files\CCleaner\Setup" --guid "fd4a6677-
3b84-471f-abc5-3d5e312eb522" --version "6.13.10517" --silent
Task: {0DD01350-2386-4B28-893B-BBBED1179FE2} - System32\Tasks\CCleanerSkipUAC -
YAOMH1 => C:\Program Files\CCleaner\CCleaner.exe [34304928 2023-06-07] (PIRIFORM
SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {F25B828B-5568-4027-8CB3-7A9CAE8843B5} - System32\Tasks\
GoogleUpdateTaskMachineCore{0B0AC3C8-89F3-433B-8B9C-DEAF47F503CA} => C:\Program
Files (x86)\Google\Update\GoogleUpdate.exe [162072 2023-06-16] (Google LLC ->
Google LLC)
Task: {29CEE378-CD25-4227-95EF-FA5BB7258829} - System32\Tasks\
GoogleUpdateTaskMachineUA{73F8EA4F-CBBD-48C8-B458-55FAB4DCDB82} => C:\Program Files
(x86)\Google\Update\GoogleUpdate.exe [162072 2023-06-16] (Google LLC -> Google LLC)
Task: {BCBE2C9A-0678-4A79-92ED-3FDA9C232739} - System32\Tasks\Opera scheduled
Autoupdate 1686546339 => C:\Users\YAOMH1\AppData\Local\Programs\Opera\launcher.exe
[2635160 2023-04-27] (Opera Norway AS -> Opera Software)
Task: {942E1EE6-461C-4481-B183-F271FDBE0909} - System32\Tasks\Power_a17007 => C:\
Program Files\Cold Turkey\CTServiceInstaller.exe [24008 2023-03-22] (Cold Turkey
Software, Inc. -> Cold Turkey Software Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The
file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\

CCleanerBugReport.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed

or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

Tcpip\..\Interfaces\{1B360760-20F4-46E3-B922-E65598C23968}: [NameServer]
8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{1B360760-20F4-46E3-B922-E65598C23968}: [DhcpNameServer]
192.168.1.1 192.168.1.1

Edge:
=======
Edge Profile: C:\Users\YAOMH1\AppData\Local\Microsoft\Edge\User Data\Default [2023-
07-13]
Edge Extension: (Cold Turkey Blocker) - C:\Users\YAOMH1\AppData\Local\Microsoft\
Edge\User Data\Default\Extensions\jfphahkinplobmabmgjmjgflbhjjddeb [2023-06-13]
Edge Extension: (Edge relevant text changes) - C:\Users\YAOMH1\AppData\Local\
Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-
06-13]
Edge Extension: (IDM Integration Module) - C:\Users\YAOMH1\AppData\Local\Microsoft\
Edge\User Data\Default\Extensions\llbjbkhnmlidjebalopleeepgdfgcpec [2023-06-30]
Edge HKU\S-1-5-21-3957642251-2528715432-444061663-1001\SOFTWARE\Microsoft\Edge\
Extensions\...\Edge\Extension: [llbjbkhnmlidjebalopleeepgdfgcpec] - C:\Program
Files (x86)\Internet Download Manager\IDMEdgeExt.crx [2023-06-15]

FireFox:
========
FF ProfilePath: C:\Users\YAOMH1\AppData\Roaming\Mozilla\Firefox\Profiles\
jo9ulvpv.default-release [2023-07-14]
FF HKU\S-1-5-21-3957642251-2528715432-444061663-1001\...\SeaMonkey\Extensions:
[mozilla_cc@internetdownloadmanager.com] - C:\Users\YAOMH1\AppData\Roaming\IDM\
idmmzcc5
FF Extension: (IDM CC) - C:\Users\YAOMH1\AppData\Roaming\IDM\idmmzcc5 [2023-06-30]
[Legacy] [not signed]
FF HKU\S-1-5-21-3957642251-2528715432-444061663-1001\...\SeaMonkey\Extensions:
[mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet
Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\
idmmzcc2.xpi [2017-12-20] [Legacy]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\
Reader\AIR\nppdf32.dll [2023-07-03] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\YAOMH1\AppData\Local\Google\Chrome\User Data\Default [2023-
07-12]
CHR Extension: (‫ مستندات‬Google ‫ )بال إنترنت‬- C:\Users\YAOMH1\AppData\Local\Google\
Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-06-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\YAOMH1\AppData\Local\Google\
Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-06-16]
CHR Extension: (Cold Turkey Blocker) - C:\Users\YAOMH1\AppData\Local\Google\Chrome\
User Data\Default\Extensions\pganeibhckoanndahmnfggfoeofncnii [2023-06-16]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program
Files (x86)\Internet Download Manager\IDMGCExt.crx [2023-06-15]
CHR HKU\S-1-5-21-3957642251-2528715432-444061663-1001\SOFTWARE\Google\Chrome\
Extensions\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program
Files (x86)\Internet Download Manager\IDMGCExt.crx [2023-06-15]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program
Files (x86)\Internet Download Manager\IDMGCExt.crx [2023-06-15]

Opera:
=======
OPR Profile: C:\Users\YAOMH1\AppData\Roaming\Opera Software\Opera Stable [2023-07-
16]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?
client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
OPR Extension: (Google Translate) - C:\Users\YAOMH1\AppData\Roaming\Opera Software\
Opera Stable\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2023-07-04]
OPR Extension: (Cold Turkey Blocker) - C:\Users\YAOMH1\AppData\Roaming\Opera
Software\Opera Stable\Extensions\efnolkfmdbinpkbnfigocgfglnhahldj [2023-06-13]
OPR Extension: (Rich Hints Agent) - C:\Users\YAOMH1\AppData\Roaming\Opera Software\
Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2023-06-22]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\YAOMH1\AppData\Roaming\Opera
Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2023-06-22]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The
file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

[173040 2023-04-04] (Adobe Inc. -> Adobe Inc.)
S4 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\
adminservice.exe [319104 2014-04-02] (Qualcomm Atheros -> Windows (R) Win 7 DDK
provider) [File not signed]
S4 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\
CCleanerPerformanceOptimizerService.exe [1063840 2023-06-07] (PIRIFORM SOFTWARE
LIMITED -> Piriform Software Ltd)
S4 Power_a17007; C:\Program Files\Cold Turkey\ServiceHub.Power.exe [132040 2023-03-
31] (Cold Turkey Software, Inc. -> )
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12]
(Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [112144 2021-05-18]
(Microsoft Corporation -> Microsoft Corporation)
S2 DigitalWave.Update.Service; "C:\Program Files (x86)\Common Files\DVDVideoSoft\
lib\app_updater.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The
file will not be moved unless listed separately.)

R3 athr; C:\WINDOWS\system32\DRIVERS\athwbx.sys [4319632 2017-11-23] (Qualcomm

Atheros -> Qualcomm Atheros Communications, Inc.)
R2 IDMWFP; C:\WINDOWS\system32\DRIVERS\idmwfp.sys [171512 2023-02-15] (Microsoft
Windows Hardware Compatibility Publisher -> Tonec Inc.)
R3 MpKsl99618105; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\
{0F4DE095-6EA3-4B18-948B-A0DDFF33B7C0}\MpKslDrv.sys [54568 2023-07-16] (Microsoft
Windows -> Microsoft Corporation)
R3 QIOMem; C:\WINDOWS\System32\drivers\QIOMem.sys [14000 2013-08-22] (WDKTestCert
1,130202426583431586 -> TOSHIBA)
R3 RSP2STOR; C:\WINDOWS\System32\drivers\RtsP2Stor.sys [329664 2018-05-11] (Realtek
Semiconductor Corp. -> Realtek Semiconductor Corp.)
R1 SMR540; C:\WINDOWS\System32\drivers\SMR540.SYS [119048 2023-07-16]
(NortonLifeLock Inc. -> Symantec Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung
Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [32624 2013-08-19] (TOSHIBA
CORPORATION -> Windows (R) Win 7 DDK provider)
R0 tosqual; C:\WINDOWS\System32\DRIVERS\tosqual.sys [13368 2015-01-15] (TOSHIBA
CORPORATION -> TOSHIBA Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft
Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [274776 2017-01-12]
(Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12]
(Microsoft Windows -> Microsoft Corporation)
R3 WinRing0_1_2_0; \??\C:\Users\YAOMH1\AppData\Local\Temp\tmp685E.tmp [X] <====
ATTENTION

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The
file will not be moved unless listed separately.)