Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17.02.2019 Ran by win8.1 (administrator) on WINA (18-02-2019 11:23:07) Running from C:\Users\win8.1\Desktop Loaded Profiles: win8.1 (Available Profiles: win8.1) Platform: Windows 8.1 Pro (Update) (X64) Language: Español (España, internacional) Default browser: Chrome Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Micro-Star INT'L CO., LTD.) C:\MSI\MSIRegister\MSIRegisterService.exe (Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe () C:\Windows\System32\igfxTray.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17246_none_fa4ae8e99b1f603c\TiWorker.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\Live Update.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9279520 2019-01-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [26252472 2018-12-04] (Micro-Star INT'L CO., LTD.) [File not signed] HKLM-x32\...\Run: [MSIRegister] => C:\MSI\MSIRegister\MSIRegister.exe [1262776 2018-10-25] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe [26112 2014-11-21] (Microsoft Corporation) [File not signed] HKU\S-1-5-18\...\RunOnce: [{60E52861-6CF0-4358-8D81-280A69550355}] => C:\MSI\LiveUpdate\DL_FILE\Killer_Network_Drivers_(driver_only)_1.1.57.1125\Killer\Setup.exe [188876640 2016-01-28] (Rivet Networks) HKLM\Software\Microsoft\Active Setup\Installed Components: [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] -> "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.109\Installer\chrmstp.exe [2019-02-18] () GroupPolicy: Restriction ? <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{BCB41417-93C5-4F47-8A40-AFCCDE8ED6DC}: [DhcpNameServer] 80.58.61.250 80.58.61.254 Tcpip\..\Interfaces\{F767E5D0-A32B-42BA-A68B-BE5D1711513C}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-1565744006-341084530-198036531-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-es/?ocid=iehp FireFox: ======== FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] () FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-31] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-31] (Google Inc.) Chrome: ======= Error reading preferences. Please check "secure preferences" file for possible corruption. <==== ATTENTION CHR Profile: C:\Users\win8.1\AppData\Local\Google\Chrome\User Data\Default [2019-01-09] CHR Extension: (No Name) - C:\Users\win8.1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-12-31] CHR Extension: (No Name) - C:\Users\win8.1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-12-31] CHR Extension: (No Name) - C:\Users\win8.1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-12-31] CHR Extension: (No Name) - C:\Users\win8.1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-12-31] CHR Extension: (No Name) - C:\Users\win8.1\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-12-31] CHR Extension: (No Name) - C:\Users\win8.1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-12-31] CHR Extension: (Chrome Web Store Payments) - C:\Users\win8.1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-12-31] CHR Extension: (No Name) - C:\Users\win8.1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-12-31] CHR Extension: (No Name) - C:\Users\win8.1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-31] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AppMgmt; C:\Windows\System32\appmgmts.dll [187904 2014-11-21] (Microsoft Corporation) [File not signed] R2 AudioEndpointBuilder; C:\Windows\System32\AudioEndpointBuilder.dll [226304 2014-11-21] (Microsoft Corporation) [File not signed] S3 AxInstSV; C:\Windows\System32\AxInstSV.dll [111104 2014-11-21] (Microsoft Corporation) [File not signed] S3 BDESVC; C:\Windows\System32\bdesvc.dll [348672 2014-11-21] (Microsoft Corporation) [File not signed] R2 BrokerInfrastructure; C:\Windows\System32\bisrv.dll [270336 2014-11-21] (Microsoft Corporation) [File not signed] R3 DeviceAssociationService; C:\Windows\system32\das.dll [407040 2014-11-21] (Microsoft Corporation) [File not signed] S3 dot3svc; C:\Windows\System32\dot3svc.dll [262144 2014-11-21] (Microsoft Corporation) [File not signed] R3 DsmSvc; C:\Windows\System32\DeviceSetupManager.dll [206848 2014-11-21] (Microsoft Corporation) [File not signed] S3 Eaphost; C:\Windows\System32\eapsvc.dll [110592 2014-11-21] (Microsoft Corporation) [File not signed] R2 EventLog; C:\Windows\System32\wevtsvc.dll [1696256 2014-11-21] (Microsoft Corporation) [File not signed] R2 EventSystem; C:\Windows\SysWOW64\es.dll [367616 2014-11-21] (Microsoft Corporation) [File not signed] S2 gupdate; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2018-12-31] (Google Inc.) [File not signed] S3 gupdatem; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2018-12-31] (Google Inc.) [File not signed] R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [343016 2018-12-31] (Intel Corporation -> Intel Corporation) S3 IKEEXT; C:\Windows\System32\ikeext.dll [1084416 2014-11-21] (Microsoft Corporation) [File not signed] R2 LanmanServer; C:\Windows\system32\srvsvc.dll [329216 2014-11-21] (Microsoft Corporation) [File not signed] S3 lfsvc; C:\Windows\System32\GeofenceMonitorService.dll [521728 2014-11-21] (Microsoft Corporation) [File not signed] S3 MSDTC; C:\Windows\System32\msdtc.exe [144384 2014-11-21] (Microsoft Corporation) [File not signed] R2 MSIREGISTER_MR; C:\MSI\MSIRegister\MSIRegisterService.exe [1925816 2018-09-25] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) S3 MSiSCSI; C:\Windows\system32\iscsiexe.dll [151040 2014-11-21] (Microsoft Corporation) [File not signed] S3 msiserver; C:\Windows\System32\msiexec.exe /V [64512 2014-11-21] (Microsoft Corporation) [File not signed] R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [2191032 2018-11-28] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) S3 napagent; C:\Windows\system32\qagentRT.dll [446464 2014-11-21] (Microsoft Corporation) [File not signed] R3 NcbService; C:\Windows\System32\ncbservice.dll [154112 2014-11-21] (Microsoft Corporation) [File not signed] R2 NlaSvc; C:\Windows\System32\nlasvc.dll [391168 2014-11-21] (Microsoft Corporation) [File not signed] R3 p2pimsvc; C:\Windows\system32\pnrpsvc.dll [380416 2014-11-21] (Microsoft Corporation) [File not signed] R3 p2psvc; C:\Windows\system32\p2psvc.dll [440832 2014-11-21] (Microsoft Corporation) [File not signed] S3 PeerDistSvc; C:\Windows\system32\peerdistsvc.dll [2252800 2014-11-21] (Microsoft Corporation) [File not signed] S3 PerfHost; C:\Windows\SysWow64\perfhost.exe [21504 2013-08-22] (Microsoft Corporation) [File not signed] R3 PNRPsvc; C:\Windows\system32\pnrpsvc.dll [380416 2014-11-21] (Microsoft Corporation) [File not signed] S3 QWAVE; C:\Windows\system32\qwave.dll [303104 2014-11-21] (Microsoft Corporation) [File not signed] S4 RemoteAccess; C:\Windows\System32\mprdim.dll [226816 2014-11-21] (Microsoft Corporation) [File not signed] S4 RemoteAccess; C:\Windows\SysWOW64\mprdim.dll [183296 2014-11-21] (Microsoft Corporation) [File not signed] R2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [80896 2014-11-21] (Microsoft Corporation) [File not signed] S3 RpcLocator; C:\Windows\system32\locator.exe [10240 2014-11-21] (Microsoft Corporation) [File not signed] S4 SCardSvr; C:\Windows\System32\SCardSvr.dll [194048 2014-11-21] (Microsoft Corporation) [File not signed] S3 ScDeviceEnum; C:\Windows\System32\ScDeviceEnum.dll [131072 2014-11-21] (Microsoft Corporation) [File not signed] R2 Schedule; C:\Windows\system32\schedsvc.dll [1265152 2014-11-21] (Microsoft Corporation) [File not signed] S3 seclogon; C:\Windows\system32\seclogon.dll [31744 2014-11-21] (Microsoft Corporation) [File not signed] S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2014-11-21] (Microsoft Corporation) [File not signed] S3 SstpSvc; C:\Windows\system32\sstpsvc.dll [142848 2014-11-21] (Microsoft Corporation) [File not signed] S3 StorSvc; C:\Windows\system32\storsvc.dll [20480 2014-11-21] (Microsoft Corporation) [File not signed] S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [17920 2014-11-21] (Microsoft Corporation) [File not signed] R3 svsvc; C:\Windows\system32\svsvc.dll [13312 2014-11-21] (Microsoft Corporation) [File not signed] R3 swprv; C:\Windows\System32\swprv.dll [706048 2014-11-21] (Microsoft Corporation) [File not signed] R2 TrkWks; C:\Windows\System32\trkwks.dll [124416 2014-11-21] (Microsoft Corporation) [File not signed] R3 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [106496 2014-11-21] (Microsoft Corporation) [File not signed] S3 upnphost; C:\Windows\System32\upnphost.dll [457728 2014-11-21] (Microsoft Corporation) [File not signed] S3 upnphost; C:\Windows\SysWOW64\upnphost.dll [331776 2014-11-21] (Microsoft Corporation) [File not signed] R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-11-21] (Microsoft Corporation -> Microsoft Corporation) S3 WebClient; C:\Windows\System32\webclnt.dll [229376 2014-11-21] (Microsoft Corporation) [File not signed] S3 WebClient; C:\Windows\SysWOW64\webclnt.dll [199168 2014-11-21] (Microsoft Corporation) [File not signed] S3 Wecsvc; C:\Windows\system32\wecsvc.dll [209408 2014-11-21] (Microsoft Corporation) [File not signed] S3 wercplsupport; C:\Windows\System32\wercplsupport.dll [84992 2014-11-21] (Microsoft Corporation) [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-11-21] (Microsoft Corporation -> Microsoft Corporation) S2 wscsvc; C:\Windows\System32\wscsvc.dll [146944 2014-11-21] (Microsoft Corporation) [File not signed] S4 NetTcpPortSharing; %systemroot%\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AmdK8; C:\Windows\System32\drivers\amdk8.sys [95744 2013-08-22] (Microsoft Corporation) [File not signed] S3 AppID; C:\Windows\system32\drivers\appid.sys [82944 2014-11-21] (Microsoft Corporation) [File not signed] S3 bthhfhid; C:\Windows\System32\drivers\BthHFHid.sys [30720 2013-08-22] (Microsoft Corporation) [File not signed] S3 circlass; C:\Windows\System32\drivers\circlass.sys [44032 2013-08-22] (Microsoft Corporation) [File not signed] R1 CSC; C:\Windows\System32\drivers\csc.sys [559104 2014-11-21] (Microsoft Corporation) [File not signed] S3 dmvsc; C:\Windows\System32\drivers\dmvsc.sys [29696 2013-08-22] (Microsoft Corporation) [File not signed] S3 gencounter; C:\Windows\System32\drivers\vmgencounter.sys [11264 2013-08-22] (Microsoft Corporation) [File not signed] S3 HidIr; C:\Windows\System32\drivers\hidir.sys [45568 2013-08-22] (Microsoft Corporation) [File not signed] R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2018-12-31] (Martin Malik - REALiX -> REALiX(tm)) S3 hyperkbd; C:\Windows\System32\drivers\hyperkbd.sys [13824 2013-08-22] (Microsoft Corporation) [File not signed] S3 HyperVideo; C:\Windows\system32\DRIVERS\HyperVideo.sys [22016 2013-08-22] (Microsoft Corporation) [File not signed] R0 iaStorA; C:\Windows\System32\drivers\iaStorA.sys [1469952 2018-12-31] () [File not signed] R3 IntcAzAudAddService; C:\Windows\system32\drivers\RTKVHD64.sys [6400040 2019-01-09] () [File not signed] R3 IntcDAud; C:\Windows\system32\DRIVERS\IntcDAud.sys [480176 2018-12-31] () [File not signed] R3 KillerEth; C:\Windows\system32\DRIVERS\e2xw8x64.sys [162456 2018-12-31] (Rivet Networks LLC -> Qualcomm Atheros, Inc.) S3 Modem; C:\Windows\System32\drivers\modem.sys [40960 2013-08-22] (Microsoft Corporation) [File not signed] R3 monitor; C:\Windows\System32\drivers\monitor.sys [30208 2013-08-22] (Microsoft Corporation) [File not signed] R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [74240 2014-11-21] (Microsoft Corporation) [File not signed] S3 MsBridge; C:\Windows\system32\DRIVERS\bridge.sys [115712 2014-11-21] (Microsoft Corporation) [File not signed] S3 MTConfig; C:\Windows\System32\drivers\MTConfig.sys [13312 2013-08-22] (Microsoft Corporation) [File not signed] R3 netr28x; C:\Windows\system32\DRIVERS\netr28x.sys [2543760 2018-12-31] (MEDIATEK INC. -> MediaTek Inc.) S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [17408 2014-11-21] (Microsoft Corporation) [File not signed] S3 RasPppoe; C:\Windows\system32\DRIVERS\raspppoe.sys [84992 2013-08-22] (Microsoft Corporation) [File not signed] R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [408576 2014-11-21] (Microsoft Corporation) [File not signed] R3 rdpbus; C:\Windows\System32\drivers\rdpbus.sys [22528 2013-08-22] (Microsoft Corporation) [File not signed] S3 s3cap; C:\Windows\System32\drivers\vms3cap.sys [7168 2013-08-22] (Microsoft Corporation) [File not signed] S3 sermouse; C:\Windows\System32\drivers\sermouse.sys [26112 2014-11-21] (Microsoft Corporation) [File not signed] R2 srv; C:\Windows\System32\DRIVERS\srv.sys [412160 2014-11-21] (Microsoft Corporation) [File not signed] R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [246272 2014-11-21] (Microsoft Corporation) [File not signed] S3 storvsp; C:\Windows\System32\drivers\storvsp.sys [68608 2014-11-21] (Microsoft Corporation) [File not signed] R3 tunnel; C:\Windows\system32\DRIVERS\tunnel.sys [154112 2013-08-22] (Microsoft Corporation) [File not signed] R4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [316928 2013-08-22] (Microsoft Corporation) [File not signed] S3 Vid; C:\Windows\System32\drivers\Vid.sys [220672 2014-11-21] (Microsoft Corporation) [File not signed] S3 VMBusHID; C:\Windows\System32\drivers\VMBusHID.sys [21760 2013-08-22] (Microsoft Corporation) [File not signed] S3 vmbusr; C:\Windows\System32\drivers\vmbusr.sys [129536 2014-11-21] (Microsoft Corporation) [File not signed] S3 vpcivsp; C:\Windows\System32\drivers\vpcivsp.sys [65536 2014-11-21] (Microsoft Corporation) [File not signed] R1 vwififlt; C:\Windows\system32\DRIVERS\vwififlt.sys [71680 2013-08-22] (Microsoft Corporation) [File not signed] R3 vwifimp; C:\Windows\system32\DRIVERS\vwifimp.sys [36864 2013-08-22] (Microsoft Corporation) [File not signed] S3 WacomPen; C:\Windows\System32\drivers\wacompen.sys [26752 2013-08-22] (Microsoft Corporation) [File not signed] S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [35856 2014-11-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [257880 2014-11-21] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-11-21] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-02-18 11:23 - 2019-02-18 11:23 - 000017622 _____ C:\Users\win8.1\Desktop\FRST.txt 2019-02-18 11:23 - 2019-02-18 11:23 - 000000000 ____D C:\FRST 2019-02-18 11:22 - 2019-02-17 16:15 - 002434560 _____ (Farbar) C:\Users\win8.1\Desktop\FRST64.exe ==================== One month (modified) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-02-18 11:22 - 2018-12-31 18:55 - 000002201 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2019-02-18 11:21 - 2018-12-31 18:52 - 000000000 __SHD C:\Users\win8.1\IntelGraphicsProfiles 2019-02-18 11:21 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\AppReadiness 2019-02-18 11:21 - 2013-08-22 15:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\dllhost.exe => File is digitally signed C:\Windows\SysWOW64\dllhost.exe => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed ATTENTION: ==> Could not access BCD. LastRegBack: 2018-12-31 18:23 ==================== End of FRST.txt ============================