Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-06-2020 Ran by gary_ (administrator) on LAPTOP-D7R02BVQ (TOSHIBA Satellite P55t-C) (13-06-2020 18:23:24) Running from C:\Users\gary_\Downloads Loaded Profiles: gary_ Platform: Windows 10 Home Version 1903 18362.836 (X64) Language: English (United States) Default browser: Chrome Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (AVAST Software s.r.o. -> Piriform Software) C:\Program Files (x86)\CCleaner Browser\Update\1.6.607.0\CCleanerBrowserCrashHandler.exe (AVAST Software s.r.o. -> Piriform Software) C:\Program Files (x86)\CCleaner Browser\Update\1.6.607.0\CCleanerBrowserCrashHandler64.exe (Conexant Systems, Inc. -> Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe (Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (Corel Corporation -> WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe (CyberLink Corp. -> ) C:\Program Files\CyberLink\Shared files\RichVideo64.exe (Disc Soft Ltd -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Pro\DiscSoftBusServicePro.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <25> (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe (IDSA Production signing key -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe (IDSA Production signing key -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_a9d116625f58b0a8\igfxCUIService.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_a9d116625f58b0a8\IntelCpHDCPSvc.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_a9d116625f58b0a8\IntelCpHeciSvc.exe (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_120314e52c04567c\RstMwService.exe (Intel(R) Software Development Products -> ) C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe (Intel(R) Software Development Products -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe (Intel(R) Software Development Products -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe (IS AppCloud Software) [File not signed] C:\Program Files (x86)\TOSHIBA\AppPlace\toshibaappplace.exe <4> (Kristjan Skutta -> ) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (McAfee, Inc. -> McAfee, LLC.) C:\Program Files\mcafee\TrueKey\McAfee.TrueKey.Service.exe (McAfee, Inc. -> McAfee, LLC.) C:\Program Files\mcafee\TrueKey\McAfee.TrueKey.ServiceHelper.exe (McAfee, Inc. -> McAfee, LLC.) C:\Program Files\mcafee\TrueKey\McTkSchedulerService.exe (McAfee, LLC -> McAfee, Inc.) C:\Program Files\mcafee\WebAdvisor\servicehost.exe (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee Security Scan\3.11.1844\SSScheduler.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Users\gary_\AppData\Local\Microsoft\OneDrive\20.064.0329.0008\FileCoAuth.exe (Microsoft Corporation -> Microsoft Corporation) C:\Users\gary_\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotifyIcon.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2005.5-0\MsMpEng.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2> (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Piriform Software Ltd -> Piriform Software) C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe <5> (SoftEther Corporation -> SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe <2> (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\System Setting\TCrdMain_Win8.exe (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe (TOSHIBA CORPORATION -> Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA CORPORATION -> TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA System Driver\RMService.exe (WinZip Computing LLC -> WinZip Computing, S.L.) C:\Program Files\WinZip\FAHWindow64.exe (Wondershare software CO., LIMITED -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [601944 2015-08-14] (Conexant Systems, Inc. -> Conexant Systems, Inc.) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3873000 2016-06-02] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [180016 2015-06-08] (TOSHIBA CORPORATION -> TOSHIBA Corporation) HKLM\...\Run: [TCrdMain] => C:\Program Files\Toshiba\System Setting\TCrdMain_Win8.exe [559920 2015-10-09] (TOSHIBA CORPORATION -> TOSHIBA Corporation) HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\nvspcap64.dll [1922496 2017-07-26] (NVIDIA Corporation -> NVIDIA Corporation) HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [2047744 2017-12-11] (Corel Corporation -> WinZip) [File not signed] HKLM\...\Run: [WinZip PreLoader] => C:\Program Files\WinZip\WzPreloader.exe [123848 2017-12-11] (Corel Corporation -> WinZip Computing, S.L.) HKLM\...\Run: [WinZip FAH] => C:\Program Files\WinZip\FAHConsole.exe [436416 2017-12-11] (WinZip Computing LLC -> WinZip Computing, S.L.) HKLM\...\Run: [SoftEther VPN Client UI Helper] => C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5250712 2019-01-06] (SoftEther Corporation -> SoftEther VPN Project at University of Tsukuba, Japan.) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc. -> Conexant Systems, Inc.) HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe" HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [7916032 2020-06-09] (Dropbox, Inc -> Dropbox, Inc.) [File not signed] HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare software CO., LIMITED -> Wondershare) HKLM-x32\...\Run: [Arc] => C:\Program Files (x86)\Arc\ArcLauncher.exe [445488 2020-05-26] (Perfect World Entertainment -> Perfect World Entertainment) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [646160 2019-12-11] (Oracle America, Inc. -> Oracle Corporation) HKLM-x32\...\Run: [Intel Driver & Support Assistant] => C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe [238440 2020-05-27] (IDSA Production signing key -> Intel) HKLM\...\Policies\Explorer: [NoViewOnDrive] 0 HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0 HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0 HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0 HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0 HKLM\...\Policies\Explorer: [NoViewContextMenu] 0 HKLM\...\Policies\Explorer: [NoShellSearchButton] 0 HKLM\...\Policies\Explorer: [NoFind] 0 HKLM\...\Policies\Explorer: [NoFile] 0 HKLM\...\Policies\Explorer: [HideClock] 0 HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0 HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKLM\...\Policies\Explorer: [NoSetFolders] 0 HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKLM\...\Policies\Explorer: [NoSetTaskbar] 0 HKLM\...\Policies\Explorer: [NoDeletePrinter] 0 HKLM\...\Policies\Explorer: [NoDFSTab] 0 HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0 HKLM\...\Policies\Explorer: [NoLogoff] 0 HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0 HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0 HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKLM\...\Policies\Explorer: [NoResolveSearch] 0 HKLM\...\Policies\Explorer: [NoSaveSettings] 0 HKLM\...\Policies\Explorer: [NoHardwareTab] 0 HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0 HKLM\...\Policies\Explorer: [NoDesktop] 0 HKU\S-1-5-21-369767717-942642580-508085590-1001\...\Run: [Discord] => C:\Users\gary_\AppData\Local\Discord\app-0.0.306\Discord.exe [90950968 2020-02-24] (Discord Inc. -> Discord Inc.) HKU\S-1-5-21-369767717-942642580-508085590-1001\...\Run: [Akamai NetSession Interface] => "C:\Users\gary_\AppData\Local\Akamai\netsession_win.exe" HKU\S-1-5-21-369767717-942642580-508085590-1001\...\Run: [Battle.net] => C:\Program Files (x86)\Battle.net\Battle.net.exe [1136104 2020-05-29] (Blizzard Entertainment, Inc. -> Blizzard Entertainment) HKU\S-1-5-21-369767717-942642580-508085590-1001\...\Run: [WallpaperEngine] => C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe [2578936 2020-02-16] (Kristjan Skutta -> ) HKU\S-1-5-21-369767717-942642580-508085590-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32194448 2020-06-05] (Epic Games Inc. -> Epic Games, Inc.) HKU\S-1-5-21-369767717-942642580-508085590-1001\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files\DAEMON Tools Pro\DTAgent.exe [4506304 2017-05-17] (Disc Soft Ltd -> Disc Soft Ltd) HKU\S-1-5-21-369767717-942642580-508085590-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22256824 2020-02-28] (Piriform Software Ltd -> Piriform Software Ltd) HKU\S-1-5-21-369767717-942642580-508085590-1001\...\Policies\system: [DisableCMD] 0 HKU\S-1-5-21-369767717-942642580-508085590-1001\...\Policies\system: [NoDispAppearancePage] 0 HKU\S-1-5-21-369767717-942642580-508085590-1001\...\Policies\system: [NoDispBackgroundPage] 0 HKU\S-1-5-21-369767717-942642580-508085590-1001\...\Policies\system: [NoDispSettingsPage] 0 HKU\S-1-5-21-369767717-942642580-508085590-1001\...\Policies\Explorer: [NoViewOnDrive] 0 HKU\S-1-5-21-369767717-942642580-508085590-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0 HKU\S-1-5-21-369767717-942642580-508085590-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0 HKU\S-1-5-21-369767717-942642580-508085590-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0 HKU\S-1-5-21-369767717-942642580-508085590-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0 HKU\S-1-5-21-369767717-942642580-508085590-1001\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-21-369767717-942642580-508085590-1001\...\Policies\Explorer: [NoShellSearchButton] 0 HKU\S-1-5-21-369767717-942642580-508085590-1001\...\Policies\Explorer: [NoFind] 0 HKU\S-1-5-21-369767717-942642580-508085590-1001\...\Policies\Explorer: [NoFile] 0 HKU\S-1-5-21-369767717-942642580-508085590-1001\...\Policies\Explorer: [HideClock] 0 HKU\S-1-5-21-369767717-942642580-508085590-1001\...\Policies\Explorer: [NoTrayContextMenu] 0 HKU\S-1-5-21-369767717-942642580-508085590-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKU\S-1-5-21-369767717-942642580-508085590-1001\...\Policies\Explorer: [NoSetFolders] 0 HKU\S-1-5-21-369767717-942642580-508085590-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKU\S-1-5-21-369767717-942642580-508085590-1001\...\Policies\Explorer: [NoSetTaskbar] 0 HKU\S-1-5-21-369767717-942642580-508085590-1001\...\Policies\Explorer: [NoDeletePrinter] 0 HKU\S-1-5-21-369767717-942642580-508085590-1001\...\Policies\Explorer: [NoDFSTab] 0 HKU\S-1-5-21-369767717-942642580-508085590-1001\...\Policies\Explorer: [NoChangeStartMenu] 0 HKU\S-1-5-21-369767717-942642580-508085590-1001\...\Policies\Explorer: [NoLogoff] 0 HKU\S-1-5-21-369767717-942642580-508085590-1001\...\Policies\Explorer: [NoWindowsUpdate] 0 HKU\S-1-5-21-369767717-942642580-508085590-1001\...\Policies\Explorer: [NoEncryptOnMove] 0 HKU\S-1-5-21-369767717-942642580-508085590-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKU\S-1-5-21-369767717-942642580-508085590-1001\...\Policies\Explorer: [NoResolveSearch] 0 HKU\S-1-5-21-369767717-942642580-508085590-1001\...\Policies\Explorer: [NoSaveSettings] 0 HKU\S-1-5-21-369767717-942642580-508085590-1001\...\Policies\Explorer: [NoHardwareTab] 0 HKU\S-1-5-21-369767717-942642580-508085590-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0 HKLM\Software\Microsoft\Active Setup\Installed Components: [{052EB454-9F19-CB42-7875-807F79F311C4}] -> C:\Program Files (x86)\CCleaner Browser\Application\81.1.4223.141\Installer\chrmstp.exe [2020-06-02] (Piriform Software Ltd -> Piriform Software) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.97\Installer\chrmstp.exe [2020-06-04] (Google LLC -> Google LLC) HKLM\Software\Microsoft\Active Setup\Installed Components: [{9459C573-B17A-45AE-9F64-1857B5D58CEE}] -> C:\Program Files (x86)\Microsoft\Edge\Application\83.0.478.45\Installer\setup.exe [2020-06-06] (Microsoft Corporation -> Microsoft Corporation) HKLM\Software\...\Authentication\Credential Providers: [{B7724AE5-1135-4889-8A5F-CA98BE6CA1ED}] -> C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.CredentialProvider.dll [2019-03-09] (McAfee, Inc. -> McAfee, LLC.) Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter" "C:\Program Files\McAfee\TrueKey\McAfeeTrueKeyPasswordFilter" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2017-04-19] ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Inc. -> Webroot Software, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2017-04-19] ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Inc. -> Webroot Software, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2020-06-03] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.1844\SSScheduler.exe (McAfee, LLC -> McAfee, LLC) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk [2019-01-06] ShortcutTarget: SoftEther VPN Client Manager Startup.lnk -> C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe (SoftEther Corporation -> SoftEther VPN Project at University of Tsukuba, Japan.) Startup: C:\Users\gary_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2016-07-26] ShortcutTarget: MEGAsync.lnk -> C:\Users\gary_\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited -> Mega Limited) CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {05C7DD53-A1E8-4232-9752-47CB225E0DB1} - System32\Tasks\IS AppCloud Software\App Place for Toshiba => C:\Program Files (x86)\Toshiba\AppPlace\toshibaappplace.exe [47142944 2016-06-08] (IS AppCloud Software) [File not signed] Task: {05E80FD0-1272-4E89-B96E-806DAD7D6A1B} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [647616 2017-07-26] (NVIDIA Corporation -> NVIDIA Corporation) Task: {06A1FC64-E596-48A8-8828-6F0285A029A5} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs" Task: {0B7439ED-CBF7-4188-8888-5C0078458996} - System32\Tasks\CCleanerUpdateTaskMachineCore => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [206104 2020-03-22] (AVAST Software s.r.o. -> Piriform Software) Task: {10EE4416-F90A-466A-8739-53EF1897D122} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [1698000 2015-06-05] (Intel(R) Software -> Intel Corporation) Task: {112761ED-7ED7-4DFF-AD7D-02201AB6C400} - System32\Tasks\CCleanerUpdateTaskMachineUA => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [206104 2020-03-22] (AVAST Software s.r.o. -> Piriform Software) Task: {11E311AE-7B05-467D-AC58-DEC98717945F} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [946112 2017-07-26] (NVIDIA Corporation -> NVIDIA Corporation) Task: {163DB39D-D451-4A34-808B-9FA5884843BB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [286096 2020-05-19] (Microsoft Corporation -> Microsoft Corporation) Task: {19E3195E-4338-4ACD-B3A8-98CD865FB1EB} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [971656 2020-03-22] (Microsoft Corporation -> Microsoft Corporation) Task: {1B6176D5-C8EA-4647-B7BE-7B9AB00310E0} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-06-24] (Intel(R) Software Asset Manager -> Intel Corporation) Task: {1CF8AF11-75B1-4C41-B6A3-03A8C5B87509} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-07-26] (NVIDIA Corporation -> NVIDIA Corporation) Task: {20467A26-3A90-4AF7-AD51-277CA7D66A04} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-02-28] (Piriform Software Ltd -> Piriform Software Ltd) Task: {23797D25-CDAB-4402-9D01-CBB1E794F2A1} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe Task: {287F477B-ED95-43A8-83AD-FE89EB63A7AA} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4469000 2019-01-31] (McAfee, Inc. -> McAfee, Inc.) Task: {30A11789-1799-4A2E-857F-5CD981040D73} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3087184 2020-03-10] (Intel(R) Software Development Products -> Intel Corporation) Task: {3251053F-2904-4E17-A8BD-0762887D7B08} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_223_Plugin.exe [1457208 2019-07-19] (Adobe Inc. -> Adobe) Task: {32778C62-7036-4619-AC63-ADB16330B892} - System32\Tasks\dts_apo_service_task => C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_task.exe [14320 2015-05-27] (DTS, Inc. -> ) Task: {33EB9F40-8EB5-4BB8-A4E0-9634F69A6FFC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18233016 2020-02-28] (Piriform Software Ltd -> Piriform Software Ltd) Task: {45B4BB5F-1D1A-41CC-862B-D0CF48C48FC7} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [971656 2020-03-22] (Microsoft Corporation -> Microsoft Corporation) Task: {4624D496-E143-4FB3-B64A-0F46ECC51BAF} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [717248 2017-07-26] (NVIDIA Corporation -> NVIDIA Corporation) Task: {47A3ED6A-366D-4BA3-89D5-58626F302E8D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-12-28] (Google Inc -> Google Inc.) Task: {4AD9867C-52D4-4A1D-BA38-B2E66961870C} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-20] (Dropbox, Inc -> Dropbox, Inc.) Task: {5BE5BC22-F50D-4FD3-963F-6A828453CE00} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3087184 2020-03-10] (Intel(R) Software Development Products -> Intel Corporation) Task: {5C74256B-A512-4FD7-980F-855B7149A731} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineUA => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [224160 2020-06-04] (Microsoft Corporation -> Microsoft Corporation) Task: {652084E9-6085-4E35-8025-620D75AF412E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-07-19] (Adobe Inc. -> Adobe) Task: {69B9C631-96D2-47D9-89B4-140163A0D05A} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [700040 2014-04-03] (TOSHIBA CORPORATION -> TOSHIBA Corporation) Task: {6D43A56C-C03D-4C5E-ADC3-6AB3FB399C60} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-369767717-942642580-508085590-1001 => C:\Users\gary_\AppData\Local\MEGAsync\MEGAupdater.exe [615160 2020-03-18] (Mega Limited -> Mega Limited) Task: {74DA756C-D2DA-40CD-9F1E-48599937BF3E} - System32\Tasks\WinZip Update Notifier => C:\Program Files\WinZip\WZUpdateNotifier.exe [2047744 2017-12-11] (Corel Corporation -> WinZip) [File not signed] Task: {79D04C7D-B048-4E89-B7D7-1F0F9C61761A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-12-28] (Google Inc -> Google Inc.) Task: {7B69B4FE-A925-4365-9CEF-99FB7A8D0F2B} - System32\Tasks\IS AppCloud Software\App Place for Toshiba-Reminder => C:\Program Files (x86)\Toshiba\AppPlace\toshibaappplace.exe [47142944 2016-06-08] (IS AppCloud Software) [File not signed] Task: {7E15D45A-9F21-4A75-AAC5-C535EB25D7B3} - System32\Tasks\CCleaner Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [2019736 2020-05-11] (Piriform Software Ltd -> Piriform Software) Task: {80528D66-15EB-4978-911B-AEDEEDA453B7} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [1714112 2017-07-26] (NVIDIA Corporation -> NVIDIA Corporation) Task: {8C141472-C74E-4250-8D93-AB17401CF4E3} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe Task: {8C383ADC-7631-47CF-B82B-3C3E183A26CC} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe Task: {935576B2-78C9-41D8-8AB7-A185EC621B22} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1242704 2020-02-25] (Adobe Inc. -> Adobe Systems) Task: {9E7C77C9-AAE4-415E-B898-44E3E9A2BAE2} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [647616 2017-07-26] (NVIDIA Corporation -> NVIDIA Corporation) Task: {A9404B78-1E90-4121-A2A8-042CFC3F38C9} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {AC462B01-693A-43E2-8E41-18B5AD9A7529} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [224160 2020-06-04] (Microsoft Corporation -> Microsoft Corporation) Task: {BD07B861-0EC2-4FEB-8F2A-31FB96261B61} - System32\Tasks\BTSchedulerTask => C:\Program Files (x86)\TOSHIBA\Toshiba Bluetooth Device Profile Utility\TosBt_NotificationScheduler.exe [135504 2015-07-08] (TOSHIBA CORPORATION -> Toshiba Corporation) Task: {C7F14A52-6D31-4125-9525-9E8E31E4F215} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-06-24] (Intel(R) Software Asset Manager -> Intel Corporation) Task: {CC30675E-4348-4077-9B2C-876A864959E0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [286096 2020-05-19] (Microsoft Corporation -> Microsoft Corporation) Task: {D89496AD-2FCA-4D0D-A47F-A1E1B9A4C038} - System32\Tasks\Driver Booster SkipUAC (gary_) => C:\Program Files (x86)\IObit\Driver Booster\5.5.1\DriverBooster.exe [6074128 2018-07-06] (IObit Information Technology -> IObit) Task: {E580A1D7-A3C1-478C-9873-642B653330EB} - System32\Tasks\CCleaner Browser Heartbeat Task (Logon) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [2019736 2020-05-11] (Piriform Software Ltd -> Piriform Software) Task: {EEBE6043-FD7C-4962-A33F-64AA6C09A950} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe [747016 2020-06-02] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.) Task: {F08AC8A0-5C79-47F3-83B4-28AAF27B4285} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [717248 2017-07-26] (NVIDIA Corporation -> NVIDIA Corporation) Task: {F4918F2A-B3DA-464F-9556-55579C18649F} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-20] (Dropbox, Inc -> Dropbox, Inc.) Task: {FE0E7BCD-24E1-4750-9E16-71EF555C5FE0} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [436672 2017-07-26] (NVIDIA Corporation -> NVIDIA Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: 0.0.0.1 mssplus.mcafee.com Tcpip\Parameters: [DhcpNameServer] 190.113.220.18 190.113.220.51 190.113.220.54 Tcpip\..\Interfaces\{65ce82dc-e0f7-4ae9-af66-53c80d0e4cb3}: [DhcpNameServer] 190.113.220.18 190.113.220.51 190.113.220.54 Tcpip\..\Interfaces\{6d95562f-645e-4000-9e91-1b86d54c3fca}: [DhcpNameServer] 190.113.220.18 190.113.220.51 190.113.220.54 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKU\S-1-5-21-369767717-942642580-508085590-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba15.msn.com/?pc=TBTE HKU\S-1-5-21-369767717-942642580-508085590-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://start.new.toshiba.com?cid=H16C1 SearchScopes: HKLM -> DefaultScope {61275CAF-F619-42F8-812A-7F530A7F7DEC} URL = SearchScopes: HKLM-x32 -> DefaultScope {61275CAF-F619-42F8-812A-7F530A7F7DEC} URL = SearchScopes: HKU\S-1-5-21-369767717-942642580-508085590-1001 -> DefaultScope {61275CAF-F619-42F8-812A-7F530A7F7DEC} URL = SearchScopes: HKU\S-1-5-21-369767717-942642580-508085590-1001 -> {0044E731-F8D9-4FC3-8AEF-607283F3A42F} URL = hxxps://pe.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie64.dll [2018-04-23] (McAfee, Inc. -> Intel Security) BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2020-03-22] (Microsoft Corporation -> Microsoft Corporation) BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2019-08-22] (McAfee, LLC -> McAfee, Inc.) BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll => No File BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2020-05-19] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie.dll [2018-04-23] (McAfee, Inc. -> Intel Security) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2020-03-21] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\ssv.dll [2020-03-31] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Arc\Plugins\ArcPluginIE.dll => No File BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2019-08-22] (McAfee, LLC -> McAfee, Inc.) BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll => No File BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2020-05-19] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\jp2ssv.dll [2020-03-31] (Oracle America, Inc. -> Oracle Corporation) Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll No File Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie64.dll [2018-04-23] (McAfee, Inc. -> Intel Security) Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll No File Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie.dll [2018-04-23] (McAfee, Inc. -> Intel Security) Toolbar: HKU\S-1-5-21-369767717-942642580-508085590-1001 -> True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie64.dll [2018-04-23] (McAfee, Inc. -> Intel Security) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation -> Microsoft Corporation) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll No File Edge: ====== Edge Profile: C:\Users\gary_\AppData\Local\Microsoft\Edge\User Data\Default [2020-06-12] Edge HomePage: Default -> hxxps://web-start-page.com/?s=toshibaupd&m=home&brw=ch FireFox: ======== FF DefaultProfile: 0rnmugtd.default FF ProfilePath: C:\Users\gary_\AppData\Roaming\Mozilla\Firefox\Profiles\0rnmugtd.default [2020-06-13] FF Homepage: Mozilla\Firefox\Profiles\0rnmugtd.default -> hxxps://links.malwarebytes.com/link/restorebrowser?lic=trial&product=MBAM-Cdmontlsfs_18_05¶m1=1¶m2=f%3D1%26b%3DFirefox%26cc%3Dpe%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyB0AyBzytCzytD0EyDzztCyCtD0EzztAtN0D0Tzu0StBtBtByEtN1L2XzuyEtFtCyCtFtDtFyDzztN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyDyDtCtDyE0BtC0BtGyB0B0ByBtGtC0E0EtAtGtB0EyC0BtGtDtD0EtAtA0B0A0CzyyEyByE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1Rzy1PyDyC1QzzzytGzzzzyCzztGyEyBtAtBtGzz1R1TtBtG1Q1TyDtB1Qzz1P1QtD1O1RyB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyDzzzyzytN1Q2Z1B1P1RzutCyDtCyByDzyyDzzyDyB%26cr%3D549239080%26a%3Dwny_dmontlsfs_18_05%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome FF NewTab: Mozilla\Firefox\Profiles\0rnmugtd.default -> hxxps://www.amazon.com/gp/bit/amazonserp/ref=bit_bds-p17_serp_ff_us_display?ie=UTF8&tagbase=bds-p17&tbrId=v1_abb-channel-17_72b5c17f_1201_1403_20161024_PE_ff_nt_ FF NewTabOverride: Mozilla\Firefox\Profiles\0rnmugtd.default -> Enabled: jid1-16aeif9OQIRKxA@jetpack FF Extension: (MEGA) - C:\Users\gary_\AppData\Roaming\Mozilla\Firefox\Profiles\0rnmugtd.default\Extensions\firefox@mega.co.nz.xpi [2018-02-10] [UpdateUrl:hxxps://eu.static.mega.co.nz/3/firefox-web-extension-updates.json] FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2019-08-22] FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_223.dll [2019-07-19] (Adobe Inc. -> ) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_223.dll [2019-07-19] (Adobe Inc. -> ) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-25] (Intel(R) Identity Protection Technology Software -> Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-25] (Intel(R) Identity Protection Technology Software -> Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.241.2 -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\dtplugin\npDeployJava1.dll [2020-03-31] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.241.2 -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\plugin2\npjp2.dll [2020-03-31] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-08-28] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2016-08-27] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Arc\Plugins\npArcPluginFF.dll [No File] FF Plugin-x32: @update.ccleanerbrowser.com/CCleaner Browser;version=3 -> C:\Program Files (x86)\CCleaner Browser\Update\1.6.607.0\npCCleanerBrowserUpdate3.dll [2020-03-22] (AVAST Software s.r.o. -> Piriform Software) FF Plugin-x32: @update.ccleanerbrowser.com/CCleaner Browser;version=9 -> C:\Program Files (x86)\CCleaner Browser\Update\1.6.607.0\npCCleanerBrowserUpdate3.dll [2020-03-22] (AVAST Software s.r.o. -> Piriform Software) FF Plugin-x32: @videolan.org/vlc,version=3.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=3.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [No File] FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-05-03] (Adobe Inc. -> Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\gary_\AppData\Local\Google\Chrome\User Data\Default [2020-06-13] CHR HomePage: Default -> hxxps://web-start-page.com/?s=toshibaupd&m=home&brw=ch CHR StartupUrls: Default -> "hxxps://web-start-page.com/?s=toshibaupd&m=start&brw=ch" CHR Extension: (Google Drive) - C:\Users\gary_\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17] CHR Extension: (YouTube) - C:\Users\gary_\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-28] CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\gary_\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-09-30] CHR Extension: (Gmail) - C:\Users\gary_\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-28] CHR Extension: (Chrome Media Router) - C:\Users\gary_\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-05-27] CHR Profile: C:\Users\gary_\AppData\Local\Google\Chrome\User Data\System Profile [2020-06-12] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] CHR HKLM\...\Chrome\Extension: [ngkhgikojglcgnckopipfdajaifmmnnc] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] CHR HKLM-x32\...\Chrome\Extension: [ngkhgikojglcgnckopipfdajaifmmnnc] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 ArcService; C:\Program Files (x86)\Arc\ArcService.exe [125488 2020-05-26] (Perfect World Entertainment -> Perfect World Entertainment Inc) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8402648 2019-12-12] (BattlEye Innovations e.K. -> ) S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2018-08-11] (BitRaider LLC -> BitRaider, LLC) S2 ccleaner; C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [206104 2020-03-22] (AVAST Software s.r.o. -> Piriform Software) S3 CCleanerBrowserElevationService; C:\Program Files (x86)\CCleaner Browser\Application\81.1.4223.141\elevation_service.exe [1106528 2020-05-11] (Piriform Software Ltd -> Piriform Software) S3 ccleanerm; C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [206104 2020-03-22] (AVAST Software s.r.o. -> Piriform Software) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3052120 2020-03-22] (Microsoft Corporation -> Microsoft Corporation) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-20] (Dropbox, Inc -> Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-20] (Dropbox, Inc -> Dropbox, Inc.) R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44552 2020-06-09] (Dropbox, Inc -> Dropbox, Inc.) R3 Disc Soft Pro Bus Service; C:\Program Files\DAEMON Tools Pro\DiscSoftBusServicePro.exe [1841344 2017-05-17] (Disc Soft Ltd -> Disc Soft Ltd) R2 DSAService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe [37736 2020-05-27] (IDSA Production signing key -> Intel) R3 DSAUpdateService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe [154472 2020-05-27] (IDSA Production signing key -> Intel) S3 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19960 2015-05-27] (DTS, Inc. -> ) S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [802432 2020-02-16] (EasyAntiCheat Oy -> EasyAntiCheat Ltd) S2 edgeupdate; C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [224160 2020-06-04] (Microsoft Corporation -> Microsoft Corporation) S3 edgeupdatem; C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [224160 2020-06-04] (Microsoft Corporation -> Microsoft Corporation) R2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [941368 2020-03-10] (Intel(R) Software Development Products -> ) R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144608 2016-06-02] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed] S3 Intel(R) SUR QC SAM; C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3087184 2020-03-10] (Intel(R) Software Development Products -> Intel Corporation) S3 Intel(R) WiDi SAM; C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-06-24] (Intel(R) Software Asset Manager -> Intel Corporation) S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed] R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-09-04] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6933272 2020-06-12] (Malwarebytes Inc -> Malwarebytes) R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [905472 2019-08-22] (McAfee, LLC -> McAfee, Inc.) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.1844\McCHSvc.exe [408192 2020-05-21] (McAfee, LLC -> McAfee, LLC) S3 MicrosoftEdgeElevationService; C:\Program Files (x86)\Microsoft\Edge\Application\83.0.478.45\elevation_service.exe [1507208 2020-06-06] (Microsoft Corporation -> Microsoft Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [311584 2019-02-28] (Intel Corporation -> ) R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-07-26] (NVIDIA Corporation -> NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-07-26] (NVIDIA Corporation -> NVIDIA Corporation) R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [464456 2018-03-16] (NVIDIA Corporation -> NVIDIA Corporation) R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] (CyberLink Corp. -> ) S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1688720 2020-03-09] (Rockstar Games, Inc. -> Rockstar Games) R2 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5250712 2019-01-06] (SoftEther Corporation -> SoftEther VPN Project at University of Tsukuba, Japan.) R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe [208696 2020-03-10] (Intel(R) Software Development Products -> ) R2 TOSRMService; C:\Program Files (x86)\TOSHIBA\TOSHIBA System Driver\RMService.exe [330032 2015-11-20] (TOSHIBA CORPORATION -> TOSHIBA) R2 TrueKey; C:\Program Files\mcafee\TrueKey\McAfee.TrueKey.Service.exe [421432 2019-03-09] (McAfee, Inc. -> McAfee, LLC.) R2 TrueKeyScheduler; C:\Program Files\mcafee\TrueKey\McTkSchedulerService.exe [421432 2019-03-09] (McAfee, Inc. -> McAfee, LLC.) R2 TrueKeyServiceHelper; C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.ServiceHelper.exe [194168 2019-03-09] (McAfee, Inc. -> McAfee, LLC.) S3 uncheater_bgl; C:\Program Files\Common Files\Uncheater\uncheater_bgl.exe [2097008 2020-03-13] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.) S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [941368 2020-03-10] (Intel(R) Software Development Products -> ) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2005.5-0\NisSrv.exe [2484256 2020-05-31] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2005.5-0\MsMpEng.exe [103168 2020-05-31] (Microsoft Windows Publisher -> Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [4110624 2019-02-28] (Intel Corporation -> Intel® Corporation) R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugin" S2 WinZip Compression Smart Monitor Service; "C:\Program Files\WinZip\WinZip Smart Monitor\WinZip Compression Smart Monitor Service.exe" [X] ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2018-08-11] (BitRaider -> BitRaider) S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [269408 2018-01-09] (Bluestack Systems, Inc. -> Bluestack System Inc.) S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [231936 2019-09-10] (Microsoft Corporation) [File not signed] S3 cpuz143; C:\WINDOWS\temp\cpuz143\cpuz143_x64.sys [48960 2020-06-12] (CPUID -> CPUID) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [136040 2019-09-26] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2018-02-02] (Disc Soft Ltd -> Disc Soft Ltd) S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2018-02-02] (Disc Soft Ltd -> Disc Soft Ltd) R3 dtproscsibus; C:\WINDOWS\System32\drivers\dtproscsibus.sys [30264 2019-10-23] (Disc Soft Ltd -> Disc Soft Ltd) S3 ETDSMBus; C:\WINDOWS\System32\drivers\ETDSMBus.sys [31816 2018-08-31] (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronic Corp.) R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2018-08-31] (Martin Malik - REALiX -> REALiX(tm)) S3 ManyCam; C:\WINDOWS\system32\DRIVERS\mcvidrv.sys [52128 2013-11-26] (Visicom Media Inc. -> Visicom Media Inc.) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [214496 2020-06-12] (Malwarebytes Inc -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-06-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [195432 2020-06-12] (Malwarebytes Inc -> Malwarebytes) R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-06-12] (Malwarebytes Inc -> Malwarebytes) S3 mcaudrv_simple; C:\WINDOWS\system32\drivers\mcaudrv_x64.sys [35232 2013-12-06] (Visicom Media Inc. -> Visicom Media Inc.) R3 Neo_VPN; C:\WINDOWS\System32\drivers\Neo6_x64_VPN.sys [38216 2017-03-11] (SoftEther Corporation -> SoftEther Corporation) S3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw04.sys [3629008 2019-02-11] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation) R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvtd.inf_amd64_e77181c117d0dee7\nvlddmkm.sys [17538088 2018-06-07] (NVIDIA Corporation -> NVIDIA Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-07-26] (NVIDIA Corporation -> NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [69840 2019-05-19] (NVIDIA Corporation -> NVIDIA Corporation) R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-07-26] (NVIDIA Corporation -> NVIDIA Corporation) R3 QIOMem; C:\WINDOWS\System32\drivers\QIOMem.sys [14000 2015-05-05] (WDKTestCert 1,130752733198717037 -> TOSHIBA) R3 RSP2STOR; C:\WINDOWS\System32\drivers\RtsP2Stor.sys [347704 2020-02-10] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) S2 SecDrv; C:\WINDOWS\SysWOW64\drivers\SECDRV.SYS [11376 2003-09-12] () [File not signed] R1 SeLow; C:\WINDOWS\system32\DRIVERS\SeLow_x64.sys [50624 2019-01-06] (SoftEther Corporation -> SoftEther Corporation) R3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [41816 2020-03-10] (Intel Corporation -> ) R3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [56840 2019-03-05] (Synaptics Incorporated -> Synaptics Incorporated) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166760 2019-09-26] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R3 SteamStreamingMicrophone; C:\WINDOWS\system32\drivers\SteamStreamingMicrophone.sys [40736 2017-07-28] (Valve Corp. -> ) R3 SteamStreamingSpeakers; C:\WINDOWS\system32\drivers\SteamStreamingSpeakers.sys [40736 2017-07-21] (Valve Corp. -> ) S3 taphss6; C:\WINDOWS\System32\drivers\taphss6.sys [42064 2016-02-17] (AnchorFree Inc -> Anchorfree Inc.) R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [45944 2018-08-31] (TOSHIBA CLIENT SOLUTIONS CO., LTD. -> Toshiba Client Solutions Co., Ltd.) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [45960 2020-05-31] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [401120 2020-05-31] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [64224 2020-05-31] (Microsoft Windows -> Microsoft Corporation) S3 WinDivert1.1; C:\Program Files\KMSpico\WinDivert.sys [35376 2018-03-11] (Nemea Mjukvaruutveckling AB -> Basil Projects) S3 xhunter1; C:\WINDOWS\xhunter1.sys [2719256 2020-03-16] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) =================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-06-13 18:23 - 2020-06-13 18:27 - 000053726 _____ C:\Users\gary_\Downloads\FRST.txt 2020-06-13 18:17 - 2020-06-13 18:26 - 000000000 ____D C:\FRST 2020-06-13 18:17 - 2020-06-13 18:17 - 002289152 _____ (Farbar) C:\Users\gary_\Downloads\FRST64.exe 2020-06-13 18:12 - 2020-06-13 18:12 - 009181353 _____ C:\Users\gary_\Downloads\Manual 2019 03 Comportamiento Organizacional (2306)(1).pdf 2020-06-13 18:07 - 2020-06-13 18:07 - 001475141 _____ C:\Users\gary_\Downloads\Fwd__Silabos_de_3_ciclo.zip 2020-06-13 10:41 - 2020-06-13 10:41 - 000015893 _____ C:\Users\gary_\Desktop\MBT.txt 2020-06-13 10:31 - 2020-06-12 12:56 - 000008328 _____ C:\Users\gary_\Desktop\AdwCleaner[C00].txt 2020-06-13 10:31 - 2020-06-12 12:53 - 000016030 _____ C:\Users\gary_\Desktop\AdwCleaner[S00].txt 2020-06-13 00:16 - 2020-06-13 00:17 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe 2020-06-13 00:16 - 2020-06-13 00:17 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe 2020-06-12 13:00 - 2020-06-12 13:00 - 000195432 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2020-06-12 12:51 - 2020-06-12 12:55 - 000000000 ____D C:\AdwCleaner 2020-06-12 12:50 - 2020-06-12 12:51 - 008402608 _____ (Malwarebytes) C:\Users\gary_\Downloads\adwcleaner_8.0.5.exe 2020-06-12 11:42 - 2020-06-12 11:42 - 000000000 ____D C:\Users\gary_\AppData\Local\mbam 2020-06-12 11:41 - 2020-06-12 11:41 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2020-06-12 11:41 - 2020-06-12 11:41 - 000214496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2020-06-12 11:41 - 2020-06-12 11:41 - 000002044 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2020-06-12 11:41 - 2020-06-12 11:41 - 000002032 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2020-06-12 11:41 - 2020-06-12 11:41 - 000002032 _____ C:\ProgramData\Desktop\Malwarebytes.lnk 2020-06-12 11:40 - 2020-06-12 11:39 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2020-06-12 11:40 - 2020-06-12 11:39 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys 2020-06-12 11:39 - 2020-06-12 11:39 - 000000000 ____D C:\ProgramData\Malwarebytes 2020-06-12 11:38 - 2020-06-12 11:38 - 000000000 ____D C:\Program Files\Malwarebytes 2020-06-12 11:37 - 2020-06-12 11:37 - 001928352 _____ (Malwarebytes) C:\Users\gary_\Downloads\MBSetup-0009996.0009996-consumer.exe 2020-06-11 21:25 - 2020-06-11 21:25 - 000118446 _____ C:\Users\gary_\Downloads\Plan de Estudios.pdf 2020-06-10 17:04 - 2020-06-10 17:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2020-06-10 14:27 - 2020-06-10 14:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oblivion Mod Manager 2020-06-10 14:09 - 2020-06-07 13:43 - 000000000 ____D C:\Users\gary_\Downloads\Mods - Oblivion 2020-06-10 13:04 - 2020-06-10 13:09 - 2853078111 _____ C:\Users\gary_\Downloads\Mods - Oblivion Overhaul.rar 2020-06-10 13:03 - 2020-06-10 13:03 - 000000221 _____ C:\Users\gary_\Desktop\The Elder Scrolls IV Oblivion.url 2020-06-09 13:58 - 2020-06-09 13:58 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys 2020-06-09 13:58 - 2020-06-09 13:58 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys 2020-06-09 13:58 - 2020-06-09 13:58 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys 2020-06-09 13:58 - 2020-06-09 13:58 - 000044552 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe 2020-06-08 19:10 - 2020-06-08 19:10 - 000198820 _____ C:\Users\gary_\Downloads\Tarea2_Qary Núñez.pdf 2020-06-04 10:40 - 2020-06-06 14:13 - 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2020-06-04 10:40 - 2020-06-06 14:13 - 000002287 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2020-06-04 10:40 - 2020-06-06 14:13 - 000002287 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk 2020-06-04 10:40 - 2020-06-04 11:46 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2020-06-04 10:40 - 2020-06-04 11:46 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2020-06-04 01:45 - 2020-06-04 01:45 - 000001426 _____ C:\WINDOWS\system32\default_error_stack-000002-000000.txt 2020-06-03 08:55 - 2020-06-03 08:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus 2020-06-03 08:54 - 2020-06-10 17:05 - 000000000 ____D C:\ProgramData\McAfee Security Scan 2020-06-02 00:10 - 2020-06-02 00:10 - 000924045 _____ C:\Users\gary_\Downloads\Presentation1.pptx 2020-05-31 14:31 - 2020-05-31 14:31 - 000001547 _____ C:\Users\gary_\Downloads\proyecto.txt 2020-05-26 03:31 - 2020-05-26 03:31 - 000000393 _____ C:\Users\gary_\Downloads\frase de quaniire.txt 2020-05-22 19:26 - 2020-05-22 19:26 - 001385626 _____ C:\Users\gary_\Downloads\VID-20200517-WA0113.mp4 2020-05-22 16:21 - 2020-05-22 16:21 - 001155292 _____ C:\Users\gary_\Downloads\TAREA RM 1º y 2º sec. Promedios.pdf 2020-05-21 11:28 - 2020-05-21 11:28 - 000260137 _____ C:\Users\gary_\Downloads\Ayleidoon Regular Font-88616-1-0.zip 2020-05-21 00:08 - 2020-05-21 00:08 - 000029782 _____ C:\Users\gary_\Downloads\Tarea1_Qary Núñez.pdf 2020-05-20 10:37 - 2020-06-03 08:55 - 000002029 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2020-05-20 10:37 - 2020-06-03 08:55 - 000002029 _____ C:\ProgramData\Desktop\McAfee Security Scan Plus.lnk 2020-05-18 22:37 - 2020-06-01 22:24 - 000190444 _____ C:\Users\gary_\Downloads\ejercicio de laboratorio Número 5.pptx 2020-05-15 17:28 - 2020-05-15 17:28 - 000588390 _____ C:\Users\gary_\Downloads\D4KN_Evaluación_1_Nuñez Qary.pdf ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-06-13 18:26 - 2016-05-06 20:25 - 001388432 _____ C:\Users\Public\VOIP.dat 2020-06-13 18:13 - 2019-03-18 23:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2020-06-13 18:06 - 2017-01-18 19:25 - 000000000 ____D C:\Program Files (x86)\Steam 2020-06-13 17:19 - 2019-09-05 18:55 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2020-06-13 14:44 - 2016-08-01 19:07 - 000000000 ____D C:\Users\gary_\AppData\Roaming\discord 2020-06-13 12:43 - 2019-03-18 23:37 - 000000000 ____D C:\WINDOWS\CbsTemp 2020-06-13 10:54 - 2016-05-06 19:36 - 000000000 ____D C:\Users\gary_\AppData\Local\App Place for Toshiba 2020-06-13 10:29 - 2016-06-16 20:46 - 000000000 ____D C:\Users\gary_\AppData\Local\Battle.net 2020-06-13 10:27 - 2019-04-03 13:36 - 000000000 ____D C:\Program Files (x86)\Arc 2020-06-13 10:16 - 2016-05-06 19:33 - 000000000 __SHD C:\Users\gary_\IntelGraphicsProfiles 2020-06-13 01:30 - 2016-10-15 19:06 - 000000000 ____D C:\ProgramData\NVIDIA 2020-06-13 01:24 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\AppReadiness 2020-06-13 01:23 - 2019-03-18 23:52 - 000000000 ___HD C:\Program Files\WindowsApps 2020-06-12 13:29 - 2019-10-23 20:43 - 000000000 ____D C:\Users\gary_\AppData\Roaming\DAEMON Tools Pro 2020-06-12 13:29 - 2016-05-28 17:49 - 000000000 ____D C:\Users\gary_\AppData\Roaming\DAEMON Tools Lite 2020-06-12 13:29 - 2016-05-06 23:29 - 000000000 ____D C:\Users\gary_\AppData\Roaming\uTorrent 2020-06-12 13:28 - 2020-04-17 12:20 - 000000000 ____D C:\WINDOWS\Minidump 2020-06-12 13:28 - 2019-08-21 12:53 - 000000000 ___DC C:\WINDOWS\Panther 2020-06-12 13:28 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2020-06-12 13:28 - 2019-03-18 23:50 - 000000000 ____D C:\WINDOWS\INF 2020-06-12 13:28 - 2017-02-11 17:49 - 000000000 ____D C:\Users\gary_\AppData\Local\CrashDumps 2020-06-12 13:28 - 2016-06-16 20:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft 2020-06-12 13:01 - 2019-01-06 18:43 - 000000000 ____D C:\Program Files\SoftEther VPN Client 2020-06-12 12:58 - 2019-09-05 19:46 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2020-06-12 12:57 - 2019-03-18 23:37 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2020-06-12 12:55 - 2018-08-31 22:55 - 000000000 ____D C:\Users\gary_\AppData\LocalLow\IObit 2020-06-12 12:55 - 2018-08-31 22:55 - 000000000 ____D C:\Program Files (x86)\IObit 2020-06-12 12:55 - 2018-08-31 22:54 - 000000000 ____D C:\Users\gary_\AppData\Roaming\IObit 2020-06-12 12:55 - 2018-08-31 22:54 - 000000000 ____D C:\ProgramData\IObit 2020-06-12 12:55 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated 2020-06-12 12:55 - 2018-03-29 18:06 - 000000000 ____D C:\Program Files\WinZip 2020-06-12 12:55 - 2016-10-02 18:26 - 000000000 ____D C:\Program Files (x86)\Yahoo! 2020-06-12 12:35 - 2019-09-05 19:46 - 000003038 _____ C:\WINDOWS\system32\Tasks\Driver Booster SkipUAC (gary_) 2020-06-12 12:23 - 2019-09-05 19:10 - 000000000 ____D C:\Users\gary_ 2020-06-12 12:21 - 2019-10-23 20:43 - 000000000 ____D C:\Program Files\DAEMON Tools Pro 2020-06-12 12:21 - 2017-03-09 00:50 - 000000000 ____D C:\Program Files (x86)\Cheat Engine 6.5.1 2020-06-12 11:40 - 2019-03-18 23:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2020-06-11 22:34 - 2018-04-07 01:00 - 000000000 ____D C:\Users\gary_\OneDrive\Documents\Cibertec 2020-06-11 10:46 - 2018-08-31 22:55 - 000000000 ____D C:\ProgramData\ProductData 2020-06-10 21:14 - 2018-08-12 16:12 - 000001100 _____ C:\Users\gary_\OneDrive\Documents\omelet.txt 2020-06-10 17:05 - 2016-02-22 08:36 - 000000000 ____D C:\Program Files (x86)\Dropbox 2020-06-10 15:50 - 2016-06-01 22:12 - 000000000 ____D C:\Users\gary_\OneDrive\Documents\Nexus Mod Manager 2020-06-10 13:03 - 2017-01-18 19:56 - 000000000 ____D C:\Users\gary_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2020-06-10 12:43 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\NDF 2020-06-10 12:29 - 2016-07-26 08:36 - 000000000 ____D C:\Users\gary_\OneDrive\Documents\MEGAsync Downloads 2020-06-09 19:36 - 2019-10-25 18:03 - 000000000 ____D C:\Users\gary_\BrawlhallaReplays 2020-06-09 14:18 - 2019-09-05 19:46 - 000003946 _____ C:\WINDOWS\system32\Tasks\BlueStacksHelper 2020-06-08 19:10 - 2017-12-01 16:25 - 000000000 ____D C:\Users\gary_\AppData\Local\Packages 2020-06-06 20:41 - 2019-09-05 19:46 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update 2020-06-05 16:03 - 2020-02-20 11:14 - 000835480 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2020-06-05 16:03 - 2020-02-20 11:14 - 000179608 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2020-06-05 14:09 - 2020-02-17 12:32 - 000000000 ____D C:\Users\gary_\AppData\Roaming\.minecraft 2020-06-04 16:40 - 2016-12-28 23:10 - 000002312 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2020-06-03 11:58 - 2017-08-20 16:39 - 000000000 ____D C:\Users\gary_\.junique 2020-06-03 08:55 - 2016-05-07 10:09 - 000000000 ____D C:\Program Files\McAfee Security Scan 2020-06-02 15:22 - 2016-06-27 21:30 - 000002147 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2020-06-02 14:17 - 2019-08-21 18:25 - 000000000 ____D C:\Program Files (x86)\Minecraft Launcher 2020-06-02 13:42 - 2019-09-05 19:24 - 000840852 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2020-06-02 12:16 - 2020-03-22 23:02 - 000002398 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner Browser.lnk 2020-06-02 12:16 - 2020-03-22 22:59 - 000000000 ____D C:\Program Files (x86)\CCleaner Browser 2020-05-31 20:15 - 2018-05-11 16:45 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2020-05-31 20:05 - 2019-10-25 23:41 - 000001521 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver & Support Assistant.lnk 2020-05-31 20:05 - 2017-08-06 23:21 - 000000000 ____D C:\Program Files (x86)\Intel 2020-05-31 20:05 - 2016-02-22 07:27 - 000000000 ____D C:\ProgramData\Package Cache 2020-05-30 11:11 - 2017-07-06 21:35 - 000000000 ____D C:\Program Files\UNP 2020-05-29 14:13 - 2019-09-05 19:10 - 000002370 _____ C:\Users\gary_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2020-05-29 14:13 - 2016-05-06 19:40 - 000000000 ___RD C:\Users\gary_\OneDrive 2020-05-29 13:34 - 2019-02-23 14:20 - 000000000 ____D C:\Program Files (x86)\Battle.net 2020-05-22 17:27 - 2017-11-13 21:20 - 000000000 ____D C:\Users\gary_\AppData\Roaming\WhatsApp 2020-05-22 16:16 - 2017-11-13 21:20 - 000000000 ____D C:\Users\gary_\AppData\Local\WhatsApp 2020-05-19 19:30 - 2016-08-27 18:45 - 000000000 ____D C:\Program Files\Microsoft Office 15 2020-05-19 11:22 - 2020-03-22 23:02 - 000003842 _____ C:\WINDOWS\system32\Tasks\CCleaner Browser Heartbeat Task (Hourly) 2020-05-19 11:22 - 2020-03-22 23:02 - 000003258 _____ C:\WINDOWS\system32\Tasks\CCleaner Browser Heartbeat Task (Logon) ==================== Files in the root of some directories ======== 2016-05-06 20:25 - 2020-06-13 18:26 - 001388432 _____ () C:\Users\Public\VOIP.dat 2017-04-19 16:57 - 2017-04-19 16:57 - 018102328 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe 2017-08-17 21:49 - 2017-08-17 21:49 - 000057542 _____ () C:\Users\gary_\AppData\Roaming\DMGR_0V1L2Z2Z1T1I1L1T1V0BtJ1V0A0V0A0S0T.txt 2016-08-06 22:27 - 2019-09-03 13:29 - 000000132 _____ () C:\Users\gary_\AppData\Roaming\Prefs. de formato PNG de Adobe CS6 2019-06-20 17:52 - 2019-06-20 17:52 - 000000266 _____ () C:\Users\gary_\AppData\Local\digi.me-Internal-Helper.log 2017-12-06 19:14 - 2017-12-06 19:14 - 000000736 _____ () C:\Users\gary_\AppData\Local\recently-used.xbel ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ========================