Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-07-2019
Ran by galeo (administrator) on DESKTOP-VTBCMKI (ASUSTeK COMPUTER INC. K55VD) (15-07-2019 04:40:45)
Running from C:\Users\galeo\Desktop
Loaded Profiles: galeo (Available Profiles: galeo)
Platform: Windows 10 Pro Version 1903 18362.239 (X64) Language: Español (España, internacional)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() [File not signed] C:\Program Files\WindowsApps\microsoft.people_10.1902.633.0_x64__8wekyb3d8bbwe\PeopleApp.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1905.28.0_x64__8wekyb3d8bbwe\Calculator.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG TuneUp\TuneupSvc.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG TuneUp\TuneupUI.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avpui.exe
(Lagerkvist Teknisk Rådgivning i Borås HB -> Olof Lagerkvist) C:\Windows\System32\imdsksvc.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxCalendarAppImm.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsStore_11905.1001.4.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Samsung Electronics Co., Ltd. -> Samsung Electronics Co. Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe
(Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe
(Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18390912 2019-06-11] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-11-21] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [124000 2018-06-20] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2138272 2016-10-08] (Shenzhen Jia Xing Investment Co., Ltd. -> AimerSoft)
HKLM-x32\...\Run: [XPE] => C:\Program Files (x86)\XPE Windows 10 DPI Fix\XPEWindows10_DPI.exe [28672 2016-03-14] (XPExplorer.com - 2016) [File not signed]
HKU\S-1-5-21-3519385873-1241429883-2487059262-1001\...\Run: [Opera Browser Assistant] => C:\Users\galeo\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [2299928 2019-07-10] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-3519385873-1241429883-2487059262-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22695280 2019-06-18] (Piriform Software Ltd -> Piriform Software Ltd)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.100\Installer\chrmstp.exe [2019-07-12] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVG TuneUp.lnk [2019-06-04]
ShortcutTarget: AVG TuneUp.lnk -> C:\Program Files (x86)\AVG\AVG TuneUp\TuneupUI.exe (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Configurar RamDisk.lnk [2019-07-02]
ShortcutTarget: Configurar RamDisk.lnk -> C:\Program Files\ImDisk\RamDiskUI.exe () [File not signed]
Startup: C:\Users\galeo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar192.lnk [2019-07-11]
ShortcutTarget: Sidebar192.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) [File not signed]
Startup: C:\Users\galeo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar405.lnk [2019-07-11]
ShortcutTarget: Sidebar405.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) [File not signed]
GroupPolicy: Restriction ? <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0711579E-5D0F-4C5A-BD37-A30B8A647DAD} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [124304 2017-11-23] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {17C072B7-032B-40C7-A726-20532DAE1A2F} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-06-11] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {22F53ED7-AC9D-47F1-9D76-3790B2E72523} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_223_pepper.exe [1453112 2019-07-09] (Adobe Inc. -> Adobe)
Task: {30E66AF8-D3BB-41EE-B782-25FB4080B709} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16667424 2019-06-18] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {562D9E65-178E-4542-88CB-ECCBEF3F2AE4} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-06-11] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {6587C753-B31A-4AF7-9557-1DEAB6FFFCD0} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [124304 2017-11-23] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {78C8452C-085A-405B-89DD-1B08D74FEC04} - System32\Tasks\USBChargerPlusUWP => C:\Program Files (x86)\ASUS\USB Charger Plus Service\StartupUSBChargerPlus.exe [150416 2018-07-04] (ASUSTeK Computer Inc. -> )
Task: {81CA7F1F-91FB-4A1F-BF6D-1D7205D09235} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-07-09] (Adobe Inc. -> Adobe)
Task: {8D5F6776-11A9-4B45-BF6A-20714C10D12F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-07-12] (Google Inc -> Google LLC)
Task: {8F3BC0A0-DC8A-4EB9-83C0-508CEBC7FC95} - System32\Tasks\Opera scheduled assistant Autoupdate 1559673789 => C:\Users\galeo\AppData\Local\Programs\Opera\launcher.exe [1519640 2019-07-03] (Opera Software AS -> Opera Software)
Task: {9022D5BA-A880-4167-BCEB-1902F36226B0} - System32\Tasks\AVG TuneUp Update => C:\Program Files (x86)\AVG\AVG TuneUp\TUNEUpdate.exe [1706528 2019-07-11] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
Task: {A26EBAC9-EC9C-408A-BCFF-AC88BF66BE66} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [1146000 2019-03-14] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co. Ltd.)
Task: {A94B6A4E-A954-46D4-B5BC-797D106B8668} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-07-12] (Google Inc -> Google LLC)
Task: {C6A54E2D-EFB0-47CE-9E6B-C955CBBD3596} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-06-18] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {D53CABD9-386C-4786-99CA-8FC7AF244367} - System32\Tasks\Opera scheduled Autoupdate 1559673782 => C:\Users\galeo\AppData\Local\Programs\Opera\launcher.exe [1519640 2019-07-03] (Opera Software AS -> Opera Software)
Task: {D995D742-8270-44F4-B3A2-26FDC835371B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-17] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 80.58.61.250 80.58.61.254
Tcpip\..\Interfaces\{919910fd-346d-4322-b1b4-00418f5db505}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{919910fd-346d-4322-b1b4-00418f5db505}: [DhcpNameServer] 80.58.61.250 80.58.61.254
Internet Explorer:
==================
BHO: Kaspersky Protection -> {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\IEExt\ie_plugin.dll [2019-06-30] (Kaspersky Lab -> AO Kaspersky Lab)
BHO-x32: Kaspersky Protection -> {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\IEExt\ie_plugin.dll [2019-06-30] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKLM - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\IEExt\ie_plugin.dll [2019-06-30] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\IEExt\ie_plugin.dll [2019-06-30] (Kaspersky Lab -> AO Kaspersky Lab)
FireFox:
========
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi [2019-06-30]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF HKU\S-1-5-21-3519385873-1241429883-2487059262-1001\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Aimersoft\Aimersoft iTube Studio\BrowserPlugin\[email protected]_xpi
FF Extension: (iTube Studio) - C:\Program Files (x86)\Aimersoft\Aimersoft iTube Studio\BrowserPlugin\[email protected]_xpi [2019-07-03] [Legacy]
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-07-12] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-07-12] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-03] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.es/advanced_search
CHR StartupUrls: Default -> "hxxp://www.google.com","hxxps://mail.ru/cnt/10445?gp=811570","hxxps://www.google.com/","hxxps://duckduckgo.com/"
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> duckduckgo.com
CHR DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Profile: C:\Users\galeo\AppData\Local\Google\Chrome\User Data\Default [2019-07-15]
CHR Extension: (Traductor de Google) - C:\Users\galeo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2019-07-11]
CHR Extension: (Simple Allow Copy) - C:\Users\galeo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aefehdhdciieocakfobpaaolhipkcpgc [2019-07-14]
CHR Extension: (Web Boost - Wait Less, Browse Faster!) - C:\Users\galeo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahbkhnpmoamidjgbneafjipbmdfpefad [2019-07-14]
CHR Extension: (Universal Bypass) - C:\Users\galeo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aihomhdbhpnpmcnnbckjjcebjoikpihj [2019-07-14]
CHR Extension: (DuckDuckGo) - C:\Users\galeo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2019-07-14]
CHR Extension: (xXNurioXx) - C:\Users\galeo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkpeohkfimdfogdnpcnokjkbpankkmil [2019-07-14]
CHR Extension: (I'm not robot captcha clicker) - C:\Users\galeo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceipnlhmjohemhfpbjdgeigkababhmjc [2019-07-14]
CHR Extension: (Tampermonkey) - C:\Users\galeo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2019-07-14]
CHR Extension: (TSR Ad Skipper) - C:\Users\galeo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fekenfibegpnbagmldepdeajhbgodbae [2019-07-14]
CHR Extension: (AdBlock) - C:\Users\galeo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-07-14]
CHR Extension: (Chrometana - Redirect Bing Somewhere Better) - C:\Users\galeo\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaicbfmipfpfpjmlbpejaoaflfdnabnc [2019-07-14]
CHR Extension: (Classic Blue) - C:\Users\galeo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmgkofhcnndinbbdbaplplnmdalnc [2019-07-14]
CHR Extension: (Prompts by Story Wars) - C:\Users\galeo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndafjiogibbbdghmbijdgncijcloklod [2019-07-14]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\galeo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-07-10]
CHR Extension: (AdFly Skipper) - C:\Users\galeo\AppData\Local\Google\Chrome\User Data\Default\Extensions\obnfifcganohemahpomajbhocfkdgmjb [2019-07-14]
CHR Extension: (Speedtest by Ookla) - C:\Users\galeo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjjikdiikihdfpoppgaidccahalehjh [2019-07-14]
CHR Extension: (Chrome Media Router) - C:\Users\galeo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-07-10]
CHR Extension: (RightToCopy) - C:\Users\galeo\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmcimdddlobkphnofejmeidjblideca [2019-07-14]
CHR Profile: C:\Users\galeo\AppData\Local\Google\Chrome\User Data\System Profile [2019-07-13]
CHR HKLM\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd
Opera:
=======
OPR Extension: (Adblock Plus - free ad blocker) - C:\Users\galeo\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2019-07-11]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVP19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe [619640 2018-02-28] (Kaspersky Lab -> AO Kaspersky Lab)
R2 CleanupPSvc; C:\Program Files (x86)\AVG\AVG TuneUp\TuneupSvc.exe [10300120 2019-07-11] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
S4 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [40016 2019-07-01] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [316760 2019-05-19] (Intel(R) pGFX -> Intel Corporation)
S4 ImDiskRD; C:\Program Files\ImDisk\RamDiskUI.exe [66560 2019-04-07] () [File not signed]
R2 ImDskSvc; C:\WINDOWS\system32\imdsksvc.exe [31544 2018-11-19] (Lagerkvist Teknisk Rådgivning i Borås HB -> Olof Lagerkvist)
S3 klvssbridge64_19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\vssbridge64.exe [414352 2019-06-30] (Kaspersky Lab -> AO Kaspersky Lab)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
R2 SamsungRapidSvc; C:\WINDOWS\System32\RAPID\SamsungRapidSvc.exe [29280 2018-06-20] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [328344 2019-04-22] (Invincea, Inc. -> Sandboxie Holdings, LLC)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5773384 2019-07-10] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 USBChargerService; C:\Program Files (x86)\ASUS\USB Charger Plus Service\USBChargerService.exe [120720 2018-07-04] (ASUSTeK Computer Inc. -> ASUSTek COMPUTER INC.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1906.3-0\NisSrv.exe [2455544 2019-07-10] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1906.3-0\MsMpEng.exe [110104 2019-07-10] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WsDrvInst; C:\ProgramData\iTube Studio\TransferProcess\DriverInstall.exe [94208 2018-10-10] (Wondershare) [File not signed]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 AiCharger; C:\WINDOWS\System32\DRIVERS\AiCharger.sys [31032 2018-07-04] (WDKTestCert Jie,131315143419111253 -> ASUSTek Computer Inc.)
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [73976 2015-06-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 AsusTP; C:\WINDOWS\System32\drivers\AsusTP.sys [110544 2017-12-12] (ASUSTeK Computer Inc. -> ASUS Corporation)
R3 athr; C:\WINDOWS\System32\drivers\athw10x.sys [4321160 2019-05-14] (Qualcomm Atheros -> Qualcomm Atheros Communications, Inc.)
R1 ATKWMIACPIIO; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [20096 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek Computer Inc.)
R2 AWEAlloc; C:\WINDOWS\system32\DRIVERS\awealloc.sys [21048 2018-11-19] (Lagerkvist Teknisk Radgivning i Boras HB -> Olof Lagerkvist)
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [243400 2018-01-27] (Kaspersky Lab -> AO Kaspersky Lab)
S3 dg_ssudbus; C:\WINDOWS\System32\drivers\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
R0 EUBAKUP; C:\WINDOWS\System32\drivers\eubakup.sys [73448 2019-06-28] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
R0 EUBKMON; C:\WINDOWS\System32\drivers\EUBKMON.sys [53504 2019-06-28] (Microsoft Windows Hardware Compatibility Publisher -> )
R1 EUDSKACS; C:\WINDOWS\system32\drivers\eudskacs.sys [22784 2019-06-28] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
R1 EUFDDISK; C:\WINDOWS\system32\drivers\EuFdDisk.sys [341760 2019-06-28] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
R0 FlashBoot; C:\WINDOWS\System32\drivers\FlashBoot.sys [17616 2019-05-19] (Challenger Backup Solutions, LLC -> Challenger Backup Solutions, LLC)
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsRadioControl.sys [34232 2019-01-16] (ASUSTek Computer Inc. -> ASUS)
R2 ImDisk; C:\WINDOWS\system32\DRIVERS\imdisk.sys [48704 2018-11-19] (Lagerkvist Teknisk Radgivning i Boras HB -> Olof Lagerkvist)
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [75600 2019-06-30] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [125568 2019-06-30] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [91472 2019-06-30] (Kaspersky Lab -> AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [29208 2017-03-30] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [236672 2019-06-30] (Kaspersky Lab -> AO Kaspersky Lab)
R1 KLHK; C:\WINDOWS\System32\drivers\klhk.sys [1093248 2019-06-30] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP19.0.0\Bases\klids.sys [197760 2019-07-14] (Kaspersky Lab -> AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1168000 2019-06-30] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klim6; C:\WINDOWS\system32\DRIVERS\klim6.sys [58704 2019-06-30] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [60536 2019-06-30] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [60784 2019-06-30] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [50304 2019-06-30] (Kaspersky Lab -> AO Kaspersky Lab)
S3 klpnpflt; C:\WINDOWS\system32\DRIVERS\klpnpflt.sys [46416 2019-06-30] (Kaspersky Lab -> AO Kaspersky Lab)
R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [245272 2019-06-30] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [99152 2019-06-30] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [302368 2019-06-30] (Kaspersky Lab -> AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [116104 2019-06-30] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [198768 2019-06-30] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [104576 2019-06-30] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [184960 2019-06-30] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [218240 2019-06-30] (Kaspersky Lab -> AO Kaspersky Lab)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2019-07-12] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [224408 2019-07-15] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2019-07-15] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-07-15] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [116112 2019-07-15] (Malwarebytes Corporation -> Malwarebytes)
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_1474122a0ce2f241\nvlddmkm.sys [17544792 2018-03-25] (NVIDIA Corporation -> NVIDIA Corporation)
R0 nvpciflt; C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_1474122a0ce2f241\nvpciflt.sys [48480 2018-03-25] (NVIDIA Corporation -> NVIDIA Corporation)
S3 rdacpi; C:\WINDOWS\System32\drivers\rdacpi.sys [41784 2019-05-19] (EA Excelsior Hang Tong Computer Technology Limited -> )
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1141744 2019-05-14] (Realtek Semiconductor Corp. -> Realtek )
R0 SamsungRapidDiskFltr; C:\WINDOWS\System32\DRIVERS\SamsungRapidDiskFltr.sys [288864 2018-06-28] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\WINDOWS\System32\DRIVERS\SamsungRapidFSFltr.sys [119400 2018-06-28] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [228616 2019-04-23] (Invincea, Inc. -> Sandboxie Holdings, LLC)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [50832 2019-05-19] (Synaptics Incorporated -> Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [51352 2019-05-19] (Synaptics Incorporated -> Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64912 2017-05-18] (Samsung Electronics Co., Ltd. -> QUALCOMM Incorporated)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [47704 2019-07-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2019-05-19] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [367032 2019-07-10] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54200 2019-07-10] (Microsoft Windows -> Microsoft Corporation)
R1 Win10Pcap; C:\WINDOWS\system32\DRIVERS\Win10Pcap.sys [50304 2015-10-07] (SoftEther Corporation -> Daiyuu Nobori, University of Tsukuba, Japan)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2019-06-11] (Zemana Ltd. -> Zemana Ltd.)
S1 amsdk; \??\C:\WINDOWS\system32\drivers\amsdk.sys [X]
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-07-15 04:40 - 2019-07-15 04:41 - 000030501 _____ C:\Users\galeo\Desktop\FRST.txt
2019-07-15 04:40 - 2019-07-15 04:40 - 000000000 ____D C:\FRST
2019-07-15 04:40 - 2019-07-15 04:38 - 002095104 _____ (Farbar) C:\Users\galeo\Desktop\FRST64.exe
2019-07-15 04:07 - 2019-07-15 04:07 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-07-15 04:06 - 2019-07-15 04:06 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-07-15 04:06 - 2019-07-15 04:06 - 000224408 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-07-15 04:06 - 2019-07-15 04:06 - 000116112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-07-14 20:58 - 2019-07-14 20:58 - 000000873 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-07-14 02:00 - 2019-07-14 02:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anti-WebMiner
2019-07-14 02:00 - 2019-07-14 02:00 - 000000000 ____D C:\Program Files (x86)\AntiWebMiner
2019-07-14 02:00 - 2019-07-14 00:11 - 000001025 _____ C:\WINDOWS\system32\Drivers\etc\hosts.old
2019-07-14 01:45 - 2019-07-14 02:13 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2019-07-14 00:45 - 2019-07-14 01:09 - 000295656 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-07-14 00:01 - 2019-07-15 04:34 - 000000000 ____D C:\Users\galeo\AppData\Roaming\ZHP
2019-07-14 00:01 - 2019-07-14 00:01 - 000000000 ____D C:\Users\galeo\AppData\Local\ZHP
2019-07-13 01:08 - 2019-07-13 01:08 - 000000000 ____D C:\Program Files\FolderPainter
2019-07-13 00:36 - 2019-07-13 00:36 - 000004096 ___SH C:\{397730BD-2520-4E63-8D90-5273178CDB52}.CBM
2019-07-12 21:26 - 2019-07-14 00:29 - 000002144 _____ C:\Users\galeo\Desktop\Windows10 DPI Fix.lnk
2019-07-12 21:26 - 2019-07-12 21:26 - 000000000 ____D C:\Program Files (x86)\XPE Windows 10 DPI Fix
2019-07-12 17:36 - 2019-07-12 17:36 - 000002385 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-07-12 17:36 - 2019-07-12 17:36 - 000000000 ____D C:\Program Files (x86)\Google
2019-07-12 17:19 - 2019-07-12 17:19 - 000001422 _____ C:\Users\Public\Desktop\EaseUS Todo Backup Free 11.5.lnk
2019-07-12 17:19 - 2019-07-12 17:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Todo Backup 11.5
2019-07-12 17:18 - 2019-07-01 16:09 - 000026192 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\WINDOWS\system32\fbnative.exe
2019-07-12 16:53 - 2019-07-13 18:54 - 000000020 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-07-12 15:11 - 2019-07-13 00:42 - 000000000 ___RD C:\Users\galeo\Desktop\Alerta
2019-07-12 11:44 - 2019-07-12 11:44 - 000000000 ___RD C:\Users\galeo\Desktop\Folderico
2019-07-12 02:16 - 2019-07-12 11:03 - 000199768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-07-11 21:05 - 2019-07-11 21:05 - 000000080 ___SH C:\bootTel.dat
2019-07-11 21:01 - 2019-07-11 21:01 - 000000000 ____D C:\Users\galeo\AppData\Local\AWL