FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-07-2019 01
Ran by Normal (administrator) on DESKTOP-117G5HU (TOSHIBA Satellite L655) (18-07-2019 00:33:42)
Running from C:\Users\Normal\Desktop
Loaded Profiles: Normal (Available Profiles: defaultuser0 & Normal)
Platform: Windows 10 Home Version 1607 14393.1715 (X64) Language: Español (España, internacional)
Default browser: Opera
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe
(Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrB.exe
(IDSA Production signing key -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
(IDSA Production signing key -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe
(IDSA Production signing key -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1809.2-0\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Normal\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Opera Software AS -> Opera Software) C:\Users\Normal\AppData\Local\Programs\Opera\62.0.3331.72_1\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Normal\AppData\Local\Programs\Opera\62.0.3331.72_1\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Normal\AppData\Local\Programs\Opera\62.0.3331.72_1\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Normal\AppData\Local\Programs\Opera\62.0.3331.72_1\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Normal\AppData\Local\Programs\Opera\62.0.3331.72_1\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Normal\AppData\Local\Programs\Opera\62.0.3331.72_1\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Normal\AppData\Local\Programs\Opera\62.0.3331.72_1\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Normal\AppData\Local\Programs\Opera\62.0.3331.72_1\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Normal\AppData\Local\Programs\Opera\62.0.3331.72_1\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Normal\AppData\Local\Programs\Opera\62.0.3331.72_1\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Normal\AppData\Local\Programs\Opera\62.0.3331.72_1\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Normal\AppData\Local\Programs\Opera\62.0.3331.72_1\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Normal\AppData\Local\Programs\Opera\62.0.3331.72_1\opera_crashreporter.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files\Java\jre1.8.0_181\bin\jp2launcher.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Razer Inc. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Tonec Inc.) [File not signed] C:\Program Files (x86)\Internet Download Manager\IDMan.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-27] (Microsoft Windows -> Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\RunOnce: [] => [X]
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2393600599-662570708-1542540813-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3152160 2019-04-29] (Valve -> Valve Corporation)
HKU\S-1-5-21-2393600599-662570708-1542540813-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4034616 2019-02-11] (Tonec Inc.) [File not signed]
HKU\S-1-5-21-2393600599-662570708-1542540813-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [23153344 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction ? <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1504EFCF-6F84-4E13-9376-E2491A19D810} - System32\Tasks\Microsoft\Windows\ErrorDetails\ErrorDetailsUpdate => {9CDA66BE-3271-4723-8D35-DD834C58AD92} C:\Windows\System32\ErrorDetailsUpdate.dll [72704 2016-11-02] (Microsoft Windows -> Microsoft Corporation)
Task: {16DEA092-FB0C-40D0-AE20-0536BECC21D9} - System32\Tasks\Microsoft\Windows\EDP\EDP App Launch Task => {35EF4182-F900-4632-B072-8639E4478A61}
Task: {1B65DD58-D16B-45E8-BEB4-94D7E4D64DF7} - System32\Tasks\Microsoft\Windows\EDP\EDP Auth Task => {35EF4182-F900-4632-B072-8639E4478A61}
Task: {3C9C6041-DACF-439E-85C2-ED53EA3603F8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-07-11] (Adobe Inc. -> Adobe)
Task: {3ECC4699-AA25-4A7B-B228-A6DA198A8C28} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1809.2-0\MpCmdRun.exe [464448 2018-10-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {449564CB-A0CE-4657-8328-5B2FBDFDF63E} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {51B02C18-1DE2-471C-84CF-E6656417FFF2} - System32\Tasks\{3DCB0C89-2F74-2E1A-48BA-2860FFFF93C0} => C:\Users\Normal\AppData\Roaming\Recodul\Gomatafo.exe
Task: {52E8B64D-8DE4-490B-A310-CF6FF3774FCD} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_223_pepper.exe [1453112 2019-07-11] (Adobe Inc. -> Adobe)
Task: {59CD221F-9919-486F-95E6-C0C066F78C01} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Automatic App Update => {A6BA00FE-40E8-477C-B713-C64A14F18ADB} C:\Windows\System32\wuautoappupdate.dll [33280 2017-08-22] (Microsoft Windows -> Microsoft Corporation)
Task: {75C497B0-35D6-4C36-B079-F664044FDF69} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {8572C331-9600-4060-AF7C-0F17ABE703D6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1809.2-0\MpCmdRun.exe [464448 2018-10-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {9610545B-339E-4AB1-A590-741DA8F6F83E} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-2393600599-662570708-1542540813-1001 => C:\Users\Normal\AppData\Local\MEGAsync\MEGAupdater.exe
Task: {96757DB7-9B8D-452A-A34F-6377A9CA4BC1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1809.2-0\MpCmdRun.exe [464448 2018-10-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {A05E721E-98E1-4048-983E-94741C6D9B4C} - System32\Tasks\Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate => {FE285C8C-5360-41C1-A700-045501C740DE} C:\Windows\System32\ErrorDetailsUpdate.dll [72704 2016-11-02] (Microsoft Windows -> Microsoft Corporation)
Task: {AC2899A5-3C0E-46C7-84A4-8574DC192086} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {ADCC00A7-C46C-4939-8E91-7318739E1E39} - System32\Tasks\{D9E7C655-6C3E-4848-936D-33A40A8BAC87} => C:\Windows\system32\pcalua.exe -a C:\Users\Normal\Downloads\Programs\chromium-4.0.205.0-(25021)_2.exe -d C:\Users\Normal\Downloads\Programs
Task: {BE3A9015-0B41-4061-9275-F75F530E6D52} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16835256 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {D394F517-A837-4D8E-BA89-E0E5C6C87751} - System32\Tasks\Driver Booster SkipUAC (Normal) => C:\Program Files (x86)\IObit\Driver Booster\5.0.3\DriverBooster.exe
Task: {DDC8D049-45FB-4607-A700-AE1F1D58A7FA} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel(R) Software Asset Manager -> Intel Corporation)
Task: {E050E9C1-7927-4BAF-B71C-E6487043B3C9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1809.2-0\MpCmdRun.exe [464448 2018-10-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {EE5A939F-9164-41C6-846D-CD581DDC8D81} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel(R) Software Asset Manager -> Intel Corporation)
Task: {FC6A82B1-8F80-4C93-B564-7CAED9814230} - System32\Tasks\Opera scheduled Autoupdate 1563229315 => C:\Users\Normal\AppData\Local\Programs\Opera\launcher.exe [1519640 2019-07-11] (Opera Software AS -> Opera Software)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\{3DCB0C89-2F74-2E1A-48BA-2860FFFF93C0}.job => C:\Users\Normal\AppData\Roaming\Recodul\Gomatafo.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 200.44.32.12 200.109.78.12
Tcpip\..\Interfaces\{4c57f94b-94e8-45c3-aab4-26c468c27cf8}: [DhcpNameServer] 200.44.32.12 200.109.78.12
Tcpip\..\Interfaces\{d9b7a184-4d35-4f75-b6a0-b4ae58dac461}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{DB1E6086-EF74-4B62-8D23-BFC915F7C19F}: [DhcpNameServer] 192.168.1.254
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {e5badea7-e1c2-fbf1-87ac-061d1440d15b} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {e5badea7-e1c2-fbf1-87ac-061d1440d15b} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2393600599-662570708-1542540813-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2393600599-662570708-1542540813-1001 -> {44177982-996D-4b79-B29F-5B60E13A5169} URL = hxxp://www.baidu.com/s?wd={searchTerms}&tn=98012088_2_dg&ch=1&ie=utf-8
SearchScopes: HKU\S-1-5-21-2393600599-662570708-1542540813-1001 -> {e5badea7-e1c2-fbf1-87ac-061d1440d15b} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2018-11-21] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_181\bin\ssv.dll [2018-11-12] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-11-12] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2018-11-21] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
Edge:
======
Edge Extension: (IDM Integration Module) -> EdgeExtension_TonecIncIDMIntegrationModule_e7b5mm5d3r6v2 => C:\Program Files\WindowsApps\TonecInc.IDMIntegrationModule_6.30.6.0_neutral__e7b5mm5d3r6v2 [2019-02-27]
FireFox:
========
FF HKU\S-1-5-21-2393600599-662570708-1542540813-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\Normal\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Normal\AppData\Roaming\IDM\idmmzcc5 [2019-02-27] [Legacy] [not signed]
FF HKU\S-1-5-21-2393600599-662570708-1542540813-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-12-20] [Legacy]
FF Plugin: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-11-12] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-11-12] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @kingsfot.com/npkws -> C:\program files (x86)\kingsoft\kingsoft antivirus\npkws.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin HKU\S-1-5-21-2393600599-662570708-1542540813-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Normal\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2017-05-18] (Unity Technologies SF -> Unity Technologies ApS)
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2019-02-11]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2019-02-11]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 DSAService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe [26984 2019-06-27] (IDSA Production signing key -> Intel)
R3 DSAUpdateService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe [72552 2019-06-27] (IDSA Production signing key -> Intel)
S3 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [937208 2018-12-19] (Intel(R) Software Development Products -> )
S3 Intel(R) SUR QC SAM; C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel(R) Software Asset Manager -> Intel Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2018-09-25] (Even Balance, Inc. -> )
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [103736 2018-09-25] (Even Balance, Inc. -> )
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [106472 2013-09-18] (Razer Inc. -> Razer Inc.)
S2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe [195832 2018-12-19] (Intel(R) Software Development Products -> )
S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [937208 2018-12-19] (Intel(R) Software Development Products -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1809.2-0\NisSrv.exe [3847376 2018-10-07] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1809.2-0\MsMpEng.exe [114200 2018-10-07] (Microsoft Corporation -> Microsoft Corporation)
S2 KMSEmulator; temp.exe [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 bcmfn; C:\Windows\System32\drivers\bcmfn.sys [9728 2016-07-16] (Microsoft Windows -> Windows (R) Win 7 DDK provider)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2017-09-16] (DT Soft Ltd -> DT Soft Ltd)
R3 ETDSMBus; C:\Windows\System32\drivers\ETDSMBus.sys [31816 2018-09-29] (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronic Corp.)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2018-09-29] (Martin Malik - REALiX -> REALiX(tm))
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
R3 L1C; C:\Windows\System32\drivers\L1C63x64.sys [162024 2018-09-29] (Rivet Networks LLC -> Qualcomm Atheros, Inc.)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] (Microsoft Windows -> )
S3 ptun0901; C:\Windows\System32\drivers\ptun0901.sys [27136 2014-08-08] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 QIOMem; C:\Windows\System32\drivers\QIOMem.sys [22736 2015-05-28] (WDKTestCert 1,130752733198717037 -> TOSHIBA)
R3 rtwlane_13; C:\Windows\System32\drivers\rtwlane_13.sys [3717120 2016-07-16] (Microsoft Windows -> Realtek Semiconductor Corporation )
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [43008 2018-12-19] (Intel Corporation -> )
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 tap0901; C:\Windows\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [45944 2018-09-29] (TOSHIBA CLIENT SOLUTIONS CO., LTD. -> Toshiba Client Solutions Co., Ltd.)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [46184 2018-10-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [352424 2018-10-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [60584 2018-10-07] (Microsoft Windows -> Microsoft Corporation)
S3 xhunter1; C:\Windows\xhunter1.sys [73672 2019-01-23] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S1 bafkwdyy; \??\C:\Windows\system32\drivers\bafkwdyy.sys [X]
S0 bootsafe; system32\drivers\bootsafe64_ev.sys [X]
S1 ckmyfrde; \??\C:\Windows\system32\drivers\ckmyfrde.sys [X]
S1 cwwrngng; \??\C:\Windows\system32\drivers\cwwrngng.sys [X]
S1 djsktwhu; \??\C:\Windows\system32\drivers\djsktwhu.sys [X]
S1 fergugjp; \??\C:\Windows\system32\drivers\fergugjp.sys [X]
S1 fsjdmqwg; \??\C:\Windows\system32\drivers\fsjdmqwg.sys [X]
S1 fvxicksk; \??\C:\Windows\system32\drivers\fvxicksk.sys [X]
S1 heyhyfoz; \??\C:\Windows\system32\drivers\heyhyfoz.sys [X]
S1 ihkebpsg; \??\C:\Windows\system32\drivers\ihkebpsg.sys [X]
S2 ksapi64; system32\drivers\ksapi64.sys [X]
S1 lxpsrkaf; \??\C:\Windows\system32\drivers\lxpsrkaf.sys [X]
S1 mubblxro; \??\C:\Windows\system32\drivers\mubblxro.sys [X]
S1 nggolwdv; \??\C:\Windows\system32\drivers\nggolwdv.sys [X]
S1 nmyrotat; \??\C:\Windows\system32\drivers\nmyrotat.sys [X]
S1 rjwfcbio; \??\C:\Windows\system32\drivers\rjwfcbio.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
NETSVCx32: dg597 -> no filepath.
==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-07-18 00:33 - 2019-07-18 00:35 - 000022126 _____ C:\Users\Normal\Desktop\FRST.txt
2019-07-18 00:32 - 2019-07-18 00:33 - 000000000 ____D C:\FRST
2019-07-18 00:23 - 2019-07-18 00:23 - 000012681 _____ C:\Users\Normal\Desktop\UsbFix_Report.txt
2019-07-18 00:21 - 2019-07-18 00:21 - 000001956 _____ C:\Users\Normal\Desktop\UsbFix Anti-Malware.lnk
2019-07-18 00:21 - 2019-07-18 00:21 - 000000000 ____D C:\Program Files (x86)\UsbFix
2019-07-18 00:19 - 2019-07-18 00:19 - 002095104 _____ (Farbar) C:\Users\Normal\Desktop\FRST64.exe
2019-07-17 23:38 - 2019-07-17 23:38 - 000002536 _____ C:\Users\Normal\Desktop\Informe.txt
2019-07-17 14:01 - 2019-07-17 14:01 - 000011436 _____ C:\Users\Normal\Desktop\ZHPCleaner (R).txt
2019-07-17 13:55 - 2019-07-17 13:55 - 000013500 _____ C:\Users\Normal\Desktop\ZHPCleaner (S).txt
2019-07-17 13:20 - 2019-07-17 13:20 - 000843444 _____ C:\Users\Normal\Desktop\cc_20190717_132000.reg
2019-07-17 13:11 - 2019-07-17 13:11 - 000003936 _____ C:\Windows\System32\Tasks\CCleaner Update
2019-07-17 13:11 - 2019-07-17 13:11 - 000002890 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2019-07-17 13:11 - 2019-07-17 13:11 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-07-17 13:11 - 2019-07-17 13:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-07-17 13:11 - 2019-07-17 13:11 - 000000000 ____D C:\Program Files\CCleaner
2019-07-17 13:06 - 2019-07-17 13:06 - 000000000 ____D C:\Users\Normal\AppData\Local\mbam
2019-07-17 13:04 - 2019-07-17 13:04 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-07-17 13:04 - 2019-07-17 13:04 - 000000000 ____D C:\Users\Normal\AppData\Local\mbamtray
2019-07-17 13:04 - 2019-07-17 13:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-07-17 13:04 - 2019-06-26 13:00 - 000020936 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2019-07-17 13:04 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-07-17 13:03 - 2019-07-17 13:26 - 000000000 ____D C:\AdwCleaner
2019-07-17 13:03 - 2019-07-17 13:03 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-07-17 13:03 - 2019-07-17 13:03 - 000000000 ____D C:\Program Files\Malwarebytes
2019-07-17 13:02 - 2019-07-17 14:14 - 000000921 _____ C:\Users\Normal\Desktop\ZHPCleaner.lnk
2019-07-17 13:02 - 2019-07-17 14:14 - 000000000 ____D C:\Users\Normal\AppData\Roaming\ZHP
2019-07-17 13:02 - 2019-07-17 13:02 - 000000000 ____D C:\Users\Normal\AppData\Local\ZHP
2019-07-17 13:01 - 2019-07-17 13:10 - 020891464 _____ (Piriform Software Ltd) C:\Users\Normal\Desktop\ccsetup560.exe
2019-07-17 02:12 - 2019-07-17 02:16 - 003069312 _____ (Nicolas Coolman) C:\Users\Normal\Desktop\ZHPCleaner.exe
2019-07-17 02:05 - 2019-07-17 02:07 - 007025360 _____ (Malwarebytes) C:\Users\Normal\Desktop\adwcleaner_7.3.exe
2019-07-17 01:31 - 2019-07-17 01:58 - 064580080 _____ (Malwarebytes ) C:\Users\Normal\Desktop\mb3-setup-consumer-3.8.3.2965-1.0.613-1.0.11577.exe
2019-07-16 23:59 - 2019-07-17 00:19 - 000000128 _____ C:\Users\Normal\Desktop\Save me.txt
2019-07-16 22:40 - 2019-07-16 22:40 - 000000085 _____ C:\Windows\wininit.ini
2019-07-15 18:42 - 2019-07-15 18:42 - 000003372 _____ C:\Windows\System32\Tasks\{D9E7C655-6C3E-4848-936D-33A40A8BAC87}
2019-07-15 18:21 - 2019-07-17 11:59 - 000004226 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1563229315
2019-07-15 18:21 - 2019-07-17 11:59 - 000001441 _____ C:\Users\Normal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Navegador Opera.lnk
2019-07-15 18:21 - 2019-07-15 18:21 - 000001441 _____ C:\Users\Normal\Desktop\Navegador Opera.lnk
2019-07-12 13:27 - 2019-07-12 13:27 - 000244616 _____ C:\Users\Normal\AppData\Roaming\Melem
2019-07-12 12:47 - 2019-07-12 12:47 - 000000000 ___HD C:\OneDriveTemp
2019-07-11 01:03 - 2019-07-11 01:03 - 004863032 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2019-07-10 18:55 - 2019-07-10 18:55 - 000000157 _____ C:\Users\Normal\Downloads\Cuenta (1).txt
2019-07-10 15:33 - 2019-07-10 15:33 - 000000000 ____D C:\Users\Normal\AppData\Local\Razer
2019-07-10 15:32 - 2019-07-10 15:32 - 000000000 ____D C:\ProgramData\Razer
2019-07-10 15:32 - 2019-07-10 15:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2019-07-10 15:32 - 2019-07-10 15:32 - 000000000 ____D C:\Program Files (x86)\Razer
2019-07-09 22:31 - 2019-07-09 22:31 - 000000000 ____D C:\Users\Normal\AppData\Roaming\java
2019-07-07 16:04 - 2019-07-07 16:04 - 000000033 _____ C:\Users\Normal\ggpo-ng.ini
2019-07-04 01:26 - 2019-07-04 01:26 - 000362246 _____ C:\Users\Normal\AppData\Roaming\Pahenolefas
2019-06-28 14:53 - 2019-06-28 14:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2019-06-25 12:26 - 2019-06-25 12:26 - 000116667 _____ C:\Users\Normal\AppData\Roaming\Dokaraficu
==================== One month (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-07-18 00:34 - 2017-01-23 22:30 - 000004220 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A2E1DCFD-D0B0-4CA3-9CBE-8B955F66EC37}
2019-07-18 00:33 - 2019-02-27 17:40 - 000000000 ____D C:\Users\Normal\AppData\Roaming\DMCache
2019-07-18 00:19 - 2019-02-27 17:40 - 000000000 ____D C:\Users\Normal\AppData\Roaming\IDM
2019-07-17 23:44 - 2018-11-15 17:47 - 000000000 ____D C:\Windows\CbsTemp
2019-07-17 23:39 - 2019-01-22 18:15 - 000000000 ____D C:\Users\Normal\Desktop\llanero
2019-07-17 23:32 - 2017-01-07 00:47 - 000000000 ___RD C:\Users\Normal\OneDrive
2019-07-17 23:31 - 2017-01-07 01:58 - 000000000 ____D C:\Program Files (x86)\Steam
2019-07-17 23:28 - 2017-01-06 23:03 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-07-17 23:28 - 2017-01-06 23:02 - 000000000 ____D C:\Windows\system32\SleepStudy
2019-07-17 23:26 - 2017-01-07 00:44 - 000000000 ____D C:\Users\Normal
2019-07-17 21:27 - 2017-06-11 21:14 - 000000000 ____D C:\Users\Normal\AppData\Local\Pokemon Showdown
2019-07-17 14:56 - 2019-05-12 00:25 - 000000000 ____D C:\ProgramData\{B7AA8B96-9F82-F3EE-C7DA-DBC62F32031E}
2019-07-17 14:56 - 2018-07-18 12:48 - 000000000 ____D C:\Users\Normal\AppData\Local\Baheb
2019-07-17 14:56 - 2018-06-26 13:17 - 000000000 ____D C:\Users\Normal\AppData\Local\Fobumud
2019-07-17 14:56 - 2017-03-12 15:12 - 000000000 ____D C:\Users\Normal\AppData\Roaming\Kubapiboka
2019-07-17 14:23 - 2017-08-08 11:54 - 000000000 ____D C:\Users\Normal\AppData\Local\CrashDumps
2019-07-17 14:12 - 2019-05-26 09:00 - 000000000 ____D C:\Users\Normal\Desktop\VISA CHILENA
2019-07-17 14:05 - 2019-02-24 13:25 - 000000000 _RSHD C:\streamer
2019-07-17 14:04 - 2016-07-16 02:04 - 000524288 _____ C:\Windows\system32\config\BBI
2019-07-17 14:01 - 2017-03-25 09:42 - 000000000 ____D C:\Users\Normal\AppData\Local\Google
2019-07-17 13:26 - 2019-05-12 00:26 - 000000000 ____D C:\Users\Normal\AppData\Roaming\Recodul
2019-07-17 13:26 - 2018-09-29 12:08 - 000000000 ____D C:\Users\Normal\AppData\Roaming\IObit
2019-07-17 13:26 - 2018-09-29 12:08 - 000000000 ____D C:\ProgramData\IObit
2019-07-17 13:26 - 2018-09-29 12:08 - 000000000 ____D C:\Program Files (x86)\IObit
2019-07-17 13:17 - 2017-09-16 23:11 - 000000000 ____D C:\Users\Normal\AppData\Roaming\DAEMON Tools Lite
2019-07-17 13:17 - 2017-01-07 08:00 - 000000000 ____D C:\Users\Normal\AppData\Roaming\uTorrent
2019-07-17 13:16 - 2016-07-16 07:45 - 000000000 ____D C:\Windows\INF
2019-07-17 13:04 - 2016-07-16 07:47 - 000000000 ___HD C:\Windows\ELAMBKUP
2019-07-17 12:42 - 2017-01-07 01:48 - 000000000 ____D C:\Users\Normal\AppData\Roaming\vlc
2019-07-17 11:10 - 2018-09-29 12:09 - 000003042 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (Normal)
2019-07-17 11:08 - 2016-07-16 02:04 - 000032768 _____ C:\Windows\system32\config\ELAM
2019-07-17 11:04 - 2019-04-23 22:20 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2019-07-17 11:04 - 2019-02-26 14:14 - 000000000 ____D C:\Program Files\Recuva
2019-07-16 23:19 - 2017-01-07 04:06 - 000741432 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2019-07-16 22:40 - 2019-04-23 22:20 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2019-07-16 22:28 - 2017-01-07 01:38 - 000000000 ____D C:\ProgramData\Package Cache
2019-07-16 20:36 - 2016-07-16 07:47 - 000000000 ____D C:\Windows\AppReadiness
2019-07-16 00:58 - 2017-02-21 17:38 - 000000564 _____ C:\Users\Normal\AppData\Roaming\WB.CFG
2019-07-15 21:55 - 2017-08-06 03:16 - 000000000 ____D C:\ProgramData\Norton
2019-07-15 21:41 - 2017-08-06 03:16 - 000000000 ____D C:\ProgramData\NortonInstaller
2019-07-15 18:22 - 2017-01-07 00:58 - 000000000 ____D C:\Users\Normal\AppData\Local\Opera Software
2019-07-15 17:30 - 2017-01-07 00:50 - 000000000 ____D C:\Program Files (x86)\Opera
2019-07-15 00:47 - 2018-02-15 14:11 - 000000000 ____D C:\Users\Normal\AppData\Roaming\Psiphon3
2019-07-13 22:03 - 2018-04-17 14:08 - 000000000 ____D C:\Users\Normal\AppData\Local\tyranoscript
2019-07-13 18:46 - 2018-02-13 16:09 - 000000000 ____D C:\Users\Normal\Documents\MEGAsync Downloads
2019-07-12 15:55 - 2017-07-20 17:36 - 000003380 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2393600599-662570708-1542540813-1001
2019-07-12 15:55 - 2017-01-07 00:47 - 000002445 _____ C:\Users\Normal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-07-11 01:04 - 2017-03-25 09:01 - 000004628 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2019-07-11 01:03 - 2016-07-16 07:47 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-07-11 01:03 - 2016-07-16 07:47 - 000000000 ____D C:\Windows\system32\Macromed
2019-07-10 20:39 - 2019-02-27 17:40 - 000000000 ____D C:\Users\Normal\Downloads\Compressed
2019-07-10 17:28 - 2019-02-25 18:36 - 000000000 ____D C:\Users\Normal\Downloads\3.0.6-PVP
2019-07-10 16:47 - 2017-09-22 11:25 - 000000000 ____D C:\Users\Normal\Documents\FeedbackHub
2019-07-10 16:42 - 2017-01-13 22:02 - 000000000 ____D C:\Users\Normal\Desktop\ZulaSetup
2019-07-10 15:57 - 2017-01-07 01:46 - 000000000 ____D C:\Windows\SysWOW64\directx
2019-07-10 15:55 - 2017-01-07 01:46 - 000000000 ___HD C:\Windows\msdownld.tmp
2019-07-10 15:31 - 2018-09-29 12:08 - 000002383 _____ C:\Users\Public\Desktop\Driver Booster 5.lnk
2019-07-06 23:41 - 2019-02-27 17:40 - 000000000 ____D C:\Users\Normal\Downloads\Video
2019-07-05 14:17 - 2016-07-16 07:47 - 000000000 ____D C:\Windows\system32\NDF
2019-06-28 14:54 - 2019-05-26 16:17 - 000002738 _____ C:\Windows\System32\Tasks\USER_ESRV_SVC_QUEENCREEK
2019-06-28 14:53 - 2017-01-06 23:54 - 000000000 ____D C:\Program Files (x86)\Intel
==================== Files in the root of some directories ================
2018-10-19 17:40 - 2018-10-16 19:38 - 000054572 _____ () C:\Users\Normal\AppData\Roaming\4_1_18.ico
2019-05-22 16:26 - 2019-05-22 16:26 - 000127497 _____ () C:\Users\Normal\AppData\Roaming\Bagokaticet
2019-06-25 12:26 - 2019-06-25 12:26 - 000116667 _____ () C:\Users\Normal\AppData\Roaming\Dokaraficu
2018-11-11 20:44 - 2018-11-15 14:00 - 000000021 _____ () C:\Users\Normal\AppData\Roaming\fixcfg.ini
2019-05-30 18:27 - 2019-05-30 18:27 - 000226987 _____ () C:\Users\Normal\AppData\Roaming\Gafel
2019-06-17 14:26 - 2019-06-17 14:26 - 000245517 _____ () C:\Users\Normal\AppData\Roaming\Harobis
2019-06-08 00:28 - 2019-06-08 00:28 - 000213226 _____ () C:\Users\Normal\AppData\Roaming\Hiroparako
2018-09-27 01:19 - 2018-09-29 12:52 - 000000025 _____ () C:\Users\Normal\AppData\Roaming\localcache.dat
2019-07-12 13:27 - 2019-07-12 13:27 - 000244616 _____ () C:\Users\Normal\AppData\Roaming\Melem
2019-07-04 01:26 - 2019-07-04 01:26 - 000362246 _____ () C:\Users\Normal\AppData\Roaming\Pahenolefas
2019-05-12 00:15 - 2019-05-12 00:15 - 000315508 _____ () C:\Users\Normal\AppData\Roaming\Puturosodab
2017-02-21 17:38 - 2019-07-16 00:58 - 000000564 _____ () C:\Users\Normal\AppData\Roaming\WB.CFG
2018-02-01 13:41 - 2018-02-01 13:41 - 000000052 _____ () C:\Users\Normal\AppData\Local\b5wqke8ztn
2017-09-24 04:04 - 2017-09-24 04:06 - 000003390 _____ () C:\Users\Normal\AppData\Local\icsys.icn
2018-09-27 01:18 - 2018-09-29 12:58 - 000000180 _____ () C:\Users\Normal\AppData\Local\masm71.dat
2018-07-24 23:21 - 2018-07-24 23:21 - 000007654 _____ () C:\Users\Normal\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ===============================
(There is no automatic fix for files that do not pass verification.)
LastRegBack: 2019-07-16 01:16
==================== End of FRST.txt ============================