Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-09-2019 Ran by ADAY (administrator) on ADAYDOMINATOR (Micro-Star International Co., Ltd. GT72 2QE) (23-09-2019 13:24:15) Running from C:\Users\ADAY\Desktop Loaded Profiles: ADAY (Available Profiles: ADAY) Platform: Windows 8.1 (Update) (X64) Language: Español (España, internacional) Default browser: Chrome Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () [File not signed] C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler64.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Creative Technology Ltd) [File not signed] C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe (CyberLink Corp. -> CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp. -> cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe (DEVGURU CO LTD -> DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe (Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe (Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe (Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Intel(R) Software -> Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe (Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Microsoft Corporation) [File not signed] C:\Windows\Microsoft.NET\Framework\v3.5\mscorsv.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe (Micro-Star International CO., LTD. -> Micro-Star International Co., Ltd.) [File not signed] C:\Program Files (x86)\MSI\Dragon Gaming Center\Dragon Gaming Center.exe (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Program Files (x86)\MSI\SUPER CHARGER\ChargeService.exe (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe (Micro-Star International Co., Ltd.) [File not signed] C:\Program Files (x86)\SCM\MSIService.exe (MSI) [File not signed] C:\Program Files (x86)\SCM\SCM.exe (NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Qualcomm Atheros -> Qualcomm Atheros) [File not signed] C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Qualcomm Atheros) [File not signed] C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (StarWind Software) [File not signed] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (SteelSeries ApS) [File not signed] C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Tonec Inc. -> Tonec Inc.) [File not signed] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc. -> Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322712 2014-10-09] (Intel® Rapid Storage Technology -> Intel Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13774552 2015-03-17] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [406528 2015-01-19] (MSI) [File not signed] HKLM\...\Run: [MBCfg64] => C:\Windows\system32\MBCfg64.dll [41088 2014-02-21] (Creative Technology Ltd -> Creative Technology Ltd.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2857200 2015-03-17] (Synaptics Incorporated -> Synaptics Incorporated) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-09-09] (Apple Inc. -> Apple Inc.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [268680 2019-09-22] (AVAST Software s.r.o. -> AVAST Software) HKLM\...\Run: [Onboard] => C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe [3197296 2014-07-22] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) HKLM-x32\...\Run: [Sound Blaster Cinema 2] => C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe [1440768 2014-02-24] (Creative Technology Ltd) [File not signed] HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) [File not signed] HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp. -> CyberLink Corp.) HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [179976 2013-09-25] (CyberLink Corp. -> cyberlink) HKLM-x32\...\Run: [SUPER CHARGER] => C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe [1047536 2014-02-21] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-10-06] (Oracle America, Inc. -> Oracle Corporation) HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1852264 2014-05-23] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694048 2014-05-23] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-07-22] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) HKU\S-1-5-21-1157891685-1263528733-739446543-1001\...\Run: [SteelSeries Engine] => C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe [87040 2014-06-26] (SteelSeries ApS) [File not signed] HKU\S-1-5-21-1157891685-1263528733-739446543-1001\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [39376 2015-03-12] (Alcohol Soft -> Alcohol Soft Development Team) HKU\S-1-5-21-1157891685-1263528733-739446543-1001\...\Run: [Steam] => D:\Juegos Instalados\Steam\steam.exe [3141920 2019-02-02] (Valve -> Valve Corporation) HKU\S-1-5-21-1157891685-1263528733-739446543-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3907152 2015-08-04] (Tonec Inc. -> Tonec Inc.) [File not signed] HKU\S-1-5-21-1157891685-1263528733-739446543-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3115792 2019-08-29] (Electronic Arts, Inc. -> Electronic Arts) HKU\S-1-5-21-1157891685-1263528733-739446543-1001\...\Run: [GoogleChromeAutoLaunch_366279037A1BD2BB4DC60532267AE0F4] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1678832 2019-08-23] (Google LLC -> Google LLC) HKU\S-1-5-21-1157891685-1263528733-739446543-1001\...\Run: [GalaxyClient] => C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe [7610952 2019-06-12] (GOG Sp. z o.o. -> GOG.com) HKU\S-1-5-21-1157891685-1263528733-739446543-1001\...\Run: [AvastBrowserAutoLaunch_2B07C3E4105FCA77F8C5BB5C040F4118] => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1850000 2019-08-20] (AVAST Software s.r.o. -> AVAST Software) HKU\S-1-5-21-1157891685-1263528733-739446543-1001\...\MountPoints2: {7d9a882d-4866-11e5-8267-806e6f6e6963} - "G:\setup.exe" HKU\S-1-5-21-1157891685-1263528733-739446543-1001\...\MountPoints2: {d8e17c42-f1f0-11e7-82e2-d8cb8a7de445} - "F:\HiSuiteDownLoader.exe" HKU\S-1-5-21-1157891685-1263528733-739446543-1001\...\MountPoints2: {e7bf52ae-63b9-11e9-82ff-d8cb8a7de445} - "H:\HiSuiteDownLoader.exe" HKU\S-1-5-21-1157891685-1263528733-739446543-1001\...\MountPoints2: {e7ccc755-be5d-11e8-82f7-d8cb8a7de445} - "F:\HiSuiteDownLoader.exe" HKU\S-1-5-21-1157891685-1263528733-739446543-1001\...\MountPoints2: {f10f46b8-2f28-11e8-82e6-d8cb8a7de445} - "H:\HiSuiteDownLoader.exe" HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\system32\rtvcvfw64.dll [246272 2012-09-28] () [File not signed] HKLM\...\Drivers32: [vidc.VP60] => C:\Windows\SysWOW64\vp6vfw.dll [447752 2014-10-19] (Electronic Arts -> On2.com) HKLM\...\Drivers32: [vidc.VP61] => C:\Windows\SysWOW64\vp6vfw.dll [447752 2014-10-19] (Electronic Arts -> On2.com) HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [File not signed] HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.132\Installer\chrmstp.exe [2019-08-30] (Google LLC -> Google LLC) HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> "C:\Program Files (x86)\AVAST Software\Browser\Application\65.0.405.162\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\76.0.1632.101\Installer\chrmstp.exe [2019-09-23] (AVAST Software s.r.o. -> AVAST Software) Startup: C:\Users\ADAY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2018-07-12] ShortcutTarget: MEGAsync.lnk -> C:\Users\ADAY\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited -> Mega Limited) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2016-05-05] ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{31C18D58-459B-467C-B103-1B42DFD74494}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Qualcomm Atheros, Inc. -> Flexera Software LLC) GroupPolicy: Restriction ? <==== ATTENTION FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {04CD0087-90EF-4AB1-8BF1-F13BDCDB6528} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2059272 2015-07-27] (Symantec Corporation -> Symantec Corporation) Task: {0FD572CB-845F-49E0-BB81-FAC0D0EC99F5} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel(R) Update Manager -> Intel Corporation) Task: {1E8A93DF-460E-4BC7-9859-69BBF303AA42} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [764896 2018-05-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {222F7CC4-569F-4A38-BDF8-6D09186BE3AE} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [857568 2018-05-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {35A352C7-FC90-4B4F-8AE5-0291DB1C5B66} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [655328 2018-05-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {3AA7B6A0-6BD7-4D5A-91AE-B8ED0AC1D714} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [764896 2018-05-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {443A0D5C-2CA8-42B2-9CF6-931903BD26BF} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3298272 2018-05-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {45ECA97F-C711-49A6-9B4A-3AC8171900AD} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [935392 2018-05-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {46D5C9C3-3EBD-439A-8640-8093238A1B7F} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1850000 2019-08-20] (AVAST Software s.r.o. -> AVAST Software) Task: {4EFB2811-FD9F-48E0-89BC-A2538B57A23D} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [983008 2018-05-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {5508D8E6-96D0-4411-B4B6-67F79F0DC059} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [935392 2018-05-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {574F2A51-FFEC-4AC0-A35F-994A7F5BA4A0} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2857200 2015-03-17] (Synaptics Incorporated -> Synaptics Incorporated) Task: {58BCA27E-8429-4FF2-A357-E62675FC3204} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [569416 2016-02-23] (Apple Inc. -> Apple Inc.) Task: {6B016513-0E0E-4EE8-A4BC-4EE3830F11A9} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel(R) Update Manager -> Intel Corporation) Task: {6DBA605B-9D6A-4E44-BBF1-E93C87412057} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3933576 2019-09-22] (AVAST Software s.r.o. -> AVAST Software) Task: {6FCF74BD-4FA4-4CD6-8381-6DD85F7E571F} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe [1286840 2015-05-05] (Intel(R) Software -> Intel Corporation) Task: {74C42F38-7A77-4EB4-9BC4-12871DFFFCE0} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1873288 2019-09-22] (AVAST Software s.r.o. -> AVAST Software) Task: {834A3D1C-9A5A-4758-93E3-56D2ED64CCDC} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1} Task: {89E54886-8B37-423A-B1E0-0887C9AE2B09} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-04-11] (AVAST Software s.r.o. -> AVAST Software) Task: {8D0211AC-36FF-4228-86DF-86DF43A2A9FF} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe Task: {8F9CB81E-C8F5-4368-B36F-17CC367FA9F4} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1850000 2019-08-20] (AVAST Software s.r.o. -> AVAST Software) Task: {947E883F-C77F-4EF6-8105-ACEF537009B6} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-1157891685-1263528733-739446543-1001 => C:\Users\ADAY\AppData\Local\MEGAsync\MEGAupdater.exe [615160 2019-09-23] (Mega Limited -> Mega Limited) Task: {94C3A01D-D17E-4D74-9BB5-293051B02B81} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc -> Google Inc.) Task: {978D9494-04E1-4B15-8336-E49203A513FE} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [857568 2018-05-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {CFEB8BD7-D240-453E-87BD-C440C04EB668} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [935392 2018-05-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {E1C4E654-E159-42AA-BC7E-43C490E331A9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc -> Google Inc.) Task: {F4DF57B4-2D4D-408A-923D-58656EF80075} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [935392 2018-05-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {F75195F3-E5B3-41DB-A19F-EA7F3E216FEB} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-04-11] (AVAST Software s.r.o. -> AVAST Software) Task: {F83D374C-6627-42DB-96BF-E1A669DC079D} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe Task: {FE6ED80B-68CF-4D0E-99C6-02ED3DE88A51} - System32\Tasks\MSI_Dragon Gaming Center => C:\Program Files (x86)\MSI\Dragon Gaming Center\mDispatch.exe [1680520 2014-01-23] (MICRO-STAR INTERNATIONAL CO., LTD -> TODO: <公司名稱>) [File not signed] (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 80.58.61.250 80.58.61.254 Tcpip\..\Interfaces\{11467045-9BDC-4534-86F6-BD98176C9374}: [DhcpNameServer] 80.58.61.250 80.58.61.254 Tcpip\..\Interfaces\{2FB05F09-093E-4B29-AF3A-95AF4F5C0284}: [DhcpNameServer] 8.8.8.8 Tcpip\..\Interfaces\{89BA23BB-4E0B-418F-8B1E-8094A62BDF08}: [DhcpNameServer] 212.40.224.73 62.42.230.24 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = HKU\S-1-5-21-1157891685-1263528733-739446543-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://msi13.msn.com SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {4FD88B58-B6FE-46EB-9743-F3EAEB774E6A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-07-08] (Tonec Inc. -> Internet Download Manager, Tonec Inc.) BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-07-08] (Tonec Inc. -> Internet Download Manager, Tonec Inc.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-08] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-08] (Oracle America, Inc. -> Oracle Corporation) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF DefaultProfile: 1m0bc38s.default FF ProfilePath: C:\Users\ADAY\AppData\Roaming\Mozilla\Firefox\Profiles\1m0bc38s.default [2019-07-15] FF Extension: (Avast SafePrice | Comparaciones, ofertas y cupones) - C:\Users\ADAY\AppData\Roaming\Mozilla\Firefox\Profiles\1m0bc38s.default\Extensions\sp@avast.com.xpi [2019-02-14] FF Extension: (Avast Online Security) - C:\Users\ADAY\AppData\Roaming\Mozilla\Firefox\Profiles\1m0bc38s.default\Extensions\wrc@avast.com.xpi [2018-07-17] FF ProfilePath: C:\Users\ADAY\AppData\Roaming\Mozilla\Firefox\Profiles\ehbpp69y.default-release [2019-09-22] FF Extension: (Avast SafePrice | Comparaciones, ofertas y cupones) - C:\Users\ADAY\AppData\Roaming\Mozilla\Firefox\Profiles\ehbpp69y.default-release\Extensions\sp@avast.com.xpi [2019-02-14] FF Extension: (Avast Online Security) - C:\Users\ADAY\AppData\Roaming\Mozilla\Firefox\Profiles\ehbpp69y.default-release\Extensions\wrc@avast.com.xpi [2018-07-17] FF HKU\S-1-5-21-1157891685-1263528733-739446543-1001\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Users\ADAY\AppData\Roaming\IDM\idmmzcc7 FF Extension: (IDM integration) - C:\Users\ADAY\AppData\Roaming\IDM\idmmzcc7 [2019-06-11] [Legacy] FF HKU\S-1-5-21-1157891685-1263528733-739446543-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\ADAY\AppData\Roaming\IDM\idmmzcc5 FF Extension: (IDM CC) - C:\Users\ADAY\AppData\Roaming\IDM\idmmzcc5 [2019-06-10] [Legacy] [not signed] FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (Electronic Arts -> EA Digital Illusions CE AB) FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-06-08] (Unity Technologies ApS -> Unity Technologies ApS) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) [File not signed] FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (Electronic Arts -> EA Digital Illusions CE AB) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-11-10] (Intel(R) Identity Protection Technology Software -> Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-11-10] (Intel(R) Identity Protection Technology Software -> Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-08] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-08] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-04-01] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC) FF Plugin HKU\S-1-5-21-1157891685-1263528733-739446543-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\ADAY\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-10-26] (Unity Technologies SF -> Unity Technologies ApS) FF Plugin HKU\S-1-5-21-1157891685-1263528733-739446543-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\ADAY\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2019-08-14] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxp://gnula.nu/ CHR Profile: C:\Users\ADAY\AppData\Local\Google\Chrome\User Data\Default [2019-09-23] CHR Extension: (Presentaciones) - C:\Users\ADAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12] CHR Extension: (Documentos) - C:\Users\ADAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12] CHR Extension: (Google Drive) - C:\Users\ADAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17] CHR Extension: (YouTube) - C:\Users\ADAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-16] CHR Extension: (Hojas de cálculo) - C:\Users\ADAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12] CHR Extension: (1&1 Webmail) - C:\Users\ADAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcjogbpfcemanialiamhomdbpfddjlok [2019-08-07] CHR Extension: (Documentos de Google sin conexión) - C:\Users\ADAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-20] CHR Extension: (AdBlock) - C:\Users\ADAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-09-22] CHR Extension: (Morpheon Dark) - C:\Users\ADAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\mafbdhjdkjnoafhfelkjpchpaepjknad [2018-09-13] CHR Extension: (Hotspot Shield VPN Free Proxy – Unblock Sites) - C:\Users\ADAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj [2019-08-12] CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\ADAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04] CHR Extension: (Gmail) - C:\Users\ADAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-24] CHR Extension: (Chrome Media Router) - C:\Users\ADAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-09] CHR Extension: (Mariam Shubbak - Inicio) - C:\Users\ADAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pljbppcfddiibjckhcbbbpiahcgoeejh [2019-08-07] CHR Profile: C:\Users\ADAY\AppData\Local\Google\Chrome\User Data\System Profile [2019-03-21] CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-08-03] CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-08-05] (Apple Inc. -> Apple Inc.) S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6085360 2019-09-22] (AVAST Software s.r.o. -> AVAST Software) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [309376 2014-09-19] (Qualcomm Atheros -> Qualcomm Atheros) [File not signed] S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-04-11] (AVAST Software s.r.o. -> AVAST Software) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [996880 2019-09-22] (AVAST Software s.r.o. -> AVAST Software) S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-04-11] (AVAST Software s.r.o. -> AVAST Software) S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\76.0.1632.101\elevation_service.exe [976608 2019-08-20] (AVAST Software s.r.o. -> AVAST Software) S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [39376 2015-03-12] (Alcohol Soft -> Alcohol Soft Development Team) S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [243464 2013-09-26] (CyberLink Corp. -> CyberLink) R2 clr_optimization_v3.0.40314_64; C:\Windows\microsoft.net\framework\v3.5\mscorsv.exe [20992 2012-12-01] (Microsoft Corporation) [File not signed] S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [780928 2018-05-27] (EasyAntiCheat Oy -> EasyAntiCheat Ltd) S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [791112 2019-06-12] (GOG Sp. z o.o. -> GOG.com) S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7170632 2019-06-12] (GOG Sp. z o.o. -> GOG.com) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel® Trusted Connect Service -> Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [132896 2014-11-10] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel(R) Update Manager -> Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [158496 2014-11-10] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2015-01-19] (Micro-Star International Co., Ltd.) [File not signed] R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\SUPER CHARGER\ChargeService.exe [162800 2014-02-21] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4278112 2013-08-02] (Symantec Corporation -> Symantec Corporation) R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [764896 2018-05-20] (NVIDIA Corporation -> NVIDIA Corporation) R3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [764896 2018-05-20] (NVIDIA Corporation -> NVIDIA Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2329904 2019-08-29] (Electronic Arts, Inc. -> Electronic Arts) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2016-05-24] (Even Balance, Inc. -> ) S3 PrintNotify; C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll [3441152 2018-04-12] (Microsoft Corporation) [File not signed] R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [386560 2014-11-06] (Qualcomm Atheros) [File not signed] R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-06-16] (DEVGURU CO LTD -> DEVGURU Co., LTD.) R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed] R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-07-22] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-05-23] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation) R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe [19192 2015-09-30] (Intel(R) Software -> Intel(R) Corporation) R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37616 2019-09-22] (AVAST Software s.r.o. -> AVAST Software) R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [204824 2019-09-22] (AVAST Software s.r.o. -> AVAST Software) R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [274456 2019-09-22] (AVAST Software s.r.o. -> AVAST Software) R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [209552 2019-09-22] (AVAST Software s.r.o. -> AVAST Software) R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [65120 2019-09-22] (AVAST Software s.r.o. -> AVAST Software) R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [276952 2019-09-22] (AVAST Software s.r.o. -> AVAST Software) R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42736 2019-09-22] (AVAST Software s.r.o. -> AVAST Software) R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [171520 2019-09-22] (AVAST Software s.r.o. -> AVAST Software) R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110320 2019-09-22] (AVAST Software s.r.o. -> AVAST Software) R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [83792 2019-09-22] (AVAST Software s.r.o. -> AVAST Software) R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [856744 2019-09-23] (AVAST Software s.r.o. -> AVAST Software) R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [464608 2019-09-23] (AVAST Software s.r.o. -> AVAST Software) S2 aswStm; C:\Windows\System32\drivers\aswStm.sys [236024 2019-09-22] (AVAST Software s.r.o. -> AVAST Software) R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [316528 2019-09-22] (AVAST Software s.r.o. -> AVAST Software) U3 axscsidrv; C:\Windows\System32\Drivers\axscsidrv.sys [304296 2015-08-22] (Disc Soft Ltd -> Alcohol Soft Development Team) S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Broadcom Corporation -> Windows (R) Win 7 DDK provider) R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [98992 2014-10-17] (Qualcomm Atheros, Inc. -> Qualcomm Atheros, Inc.) R3 busenum; C:\Windows\System32\drivers\SteelBus64.sys [146944 2014-05-29] (Microsoft Windows Hardware Compatibility Publisher -> SteelSeries Corporation) S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0405000.009\ccSetx64.sys [150104 2013-07-30] (Symantec Corporation -> Symantec Corporation) S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) R2 iocbios2; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [30224 2015-08-12] (Intel(R) Software -> Intel Corporation) S3 ipadtst; C:\Program Files (x86)\MSI\SUPER CHARGER\ipadtst_64.sys [20464 2013-11-12] (MICRO-STAR INTERNATIONAL CO., LTD. -> Windows (R) Win 7 DDK provider) R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [130224 2014-03-27] (Qualcomm Atheros, Inc. -> Qualcomm Atheros, Inc.) S3 Netaapl; C:\Windows\system32\DRIVERS\netaapl64.sys [23040 2015-11-05] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.) R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\SUPER CHARGER\NTIOLib_X64.sys [13368 2012-10-26] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31200 2018-05-20] (NVIDIA Corporation -> NVIDIA Corporation) S3 NVSWCFilter; C:\Windows\System32\drivers\nvswcfilter.sys [19616 2015-03-17] (Nvidia Corporation -> Windows (R) Win 7 DDK provider) R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [56200 2019-05-07] (NVIDIA Corporation -> NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [67432 2018-03-15] (NVIDIA Corporation -> NVIDIA Corporation) R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [66792 2018-10-03] (NVIDIA Corporation -> NVIDIA Corporation) R3 Qcamain; C:\Windows\system32\DRIVERS\Qcamainx64.sys [2279936 2014-10-31] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros, Inc.) R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [506584 2015-03-17] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation) S3 SAlphamBth; C:\Windows\System32\drivers\SAlphabt64.sys [31232 2014-05-16] (Microsoft Windows Hardware Compatibility Publisher -> SteelSeries Corporation) S3 SAlphamHid; C:\Windows\System32\drivers\SAlpham64.sys [39168 2014-05-27] (Microsoft Windows Hardware Compatibility Publisher -> SteelSeries Corporation) R3 SAlphaPS2; C:\Windows\System32\drivers\SAlphaPS264.sys [27520 2014-05-16] (Microsoft Windows Hardware Compatibility Publisher -> SteelSeries Corporation) S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [11973 2018-05-13] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed] S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2015-03-17] (Synaptics Incorporated -> Synaptics Incorporated) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2015-03-17] (Synaptics Incorporated -> Synaptics Incorporated) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381608 2015-08-22] (Disc Soft Ltd -> Duplex Secure Ltd.) S3 ssdevfactory; C:\Windows\System32\drivers\ssdevfactory.sys [40576 2016-03-09] (SteelSeries ApS -> SteelSeries ApS) S3 sshid; C:\Windows\System32\drivers\sshid.sys [51400 2016-05-12] (SteelSeries ApS -> SteelSeries ApS) S3 ssps2; C:\Windows\System32\drivers\ssps2.sys [33376 2016-05-12] (SteelSeries ApS -> SteelSeries ApS) S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) R3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42064 2016-03-01] (AnchorFree Inc -> Anchorfree Inc.) U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [28272 2019-09-23] (Adlice -> ) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-11-05] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.) S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2015-04-25] (Microsoft Windows -> Microsoft Corporation) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WDC_SAM; C:\Windows\System32\drivers\wdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation) R3 WINIO; C:\Program Files (x86)\MSI\Dragon Gaming Center\winio64.sys [15160 2010-06-07] (Micro-Star Int'l Co. Ltd. -> ) S3 xb1usb; C:\Windows\System32\drivers\xb1usb.sys [42760 2016-02-23] (Windows Central Build Account - X -> Microsoft Corporation) R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-08-12] (Intel(R) Software -> Intel Corporation) S3 intaud_WaveExtensible; \SystemRoot\system32\drivers\intelaud.sys [X] S3 iwdbus; \SystemRoot\System32\drivers\iwdbus.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-09-23 13:24 - 2019-09-23 13:24 - 000044995 _____ C:\Users\ADAY\Desktop\FRST.txt 2019-09-23 13:23 - 2019-09-22 22:33 - 001616384 _____ (Farbar) C:\Users\ADAY\Desktop\FRST64.exe 2019-09-22 22:45 - 2019-09-23 13:24 - 000000000 ____D C:\FRST 2019-09-22 22:36 - 2019-09-23 00:25 - 000028272 _____ C:\Windows\system32\Drivers\truesight.sys 2019-09-22 22:36 - 2019-09-23 00:09 - 000001033 _____ C:\Users\Public\Desktop\RogueKiller.lnk 2019-09-22 22:36 - 2019-09-22 22:36 - 000000000 ____D C:\ProgramData\RogueKiller 2019-09-22 22:36 - 2019-09-22 22:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller 2019-09-22 22:36 - 2019-09-22 22:36 - 000000000 ____D C:\Program Files\RogueKiller 2019-09-22 22:33 - 2019-09-22 22:33 - 001616384 _____ (Farbar) C:\Users\ADAY\Downloads\FRST64.exe 2019-09-22 22:29 - 2019-09-22 22:31 - 032956512 _____ (Adlice Software ) C:\Users\ADAY\Downloads\RogueKiller_setup.exe 2019-09-22 17:27 - 2019-09-22 17:28 - 000000000 ____D C:\AdwCleaner 2019-09-22 17:24 - 2019-09-22 17:26 - 007636680 _____ (Malwarebytes) C:\Users\ADAY\Downloads\adwcleaner_7.4.1.exe 2019-09-22 17:08 - 2019-09-22 17:08 - 000355720 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2019-09-22 17:08 - 2019-09-22 17:08 - 000236024 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2019-09-22 17:08 - 2019-09-22 17:08 - 000171520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2019-09-22 16:10 - 2019-09-22 16:10 - 000000593 _____ C:\Users\Public\Desktop\Tom Clancy's Ghost Recon Wildlands.lnk 2019-09-22 15:51 - 2019-09-22 22:19 - 000000000 ____D C:\wildhack 2019-09-17 17:20 - 2019-09-17 17:20 - 000013702 _____ C:\Users\ADAY\Downloads\1568682257-Godzilla [1080p][Castellano][wWw.EliteTorrent.IO].torrent 2019-09-16 15:43 - 2019-09-16 15:43 - 000032768 _____ C:\Users\Public\Documents\crash_dump.bin 2019-09-14 15:41 - 2019-09-14 15:41 - 000014420 _____ C:\Users\ADAY\Downloads\1568417099-Hellboy [1080p][Castellano][wWw.EliteTorrent.IO] (1).torrent 2019-09-14 01:06 - 2019-09-14 01:06 - 000014420 _____ C:\Users\ADAY\Downloads\1568417099-Hellboy [1080p][Castellano][wWw.EliteTorrent.IO].torrent 2019-09-13 15:26 - 2019-09-13 15:26 - 000000000 ____D C:\Users\ADAY\AppData\LocalLow\CDProjektRED 2019-09-12 01:39 - 2019-09-12 01:39 - 000000000 ____D C:\Users\ADAY\AppData\Local\ManOfMedan 2019-09-12 00:39 - 2019-09-12 00:39 - 000000000 ____D C:\Users\ADAY\AppData\Local\Remedy 2019-09-11 22:28 - 2019-09-13 15:17 - 000000000 ____D C:\Control 2019-09-09 21:52 - 2019-09-09 21:52 - 000014215 _____ C:\Users\ADAY\Downloads\1568027862-Xmen Fenix Oscura [1080p][Castellano][wWw.EliteTorrent.IO].torrent 2019-09-09 21:52 - 2019-09-09 21:52 - 000014215 _____ C:\Users\ADAY\Downloads\1568027862-Xmen Fenix Oscura [1080p][Castellano][wWw.EliteTorrent.IO] (1).torrent 2019-08-25 15:26 - 2019-08-25 15:26 - 000816637 _____ C:\Users\ADAY\Downloads\Sesiones_Método_Yuen.eml 2019-08-24 21:54 - 2019-09-22 15:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gwent [GOG.com] 2019-08-24 21:54 - 2019-08-31 11:24 - 000001305 _____ C:\Users\Public\Desktop\Gwent.lnk 2019-08-24 15:39 - 2019-08-24 21:53 - 000000000 ____D C:\Program Files (x86)\GOG Galaxy 2019-08-24 15:39 - 2019-08-24 15:39 - 000001063 _____ C:\Users\Public\Desktop\GOG Galaxy.lnk 2019-08-24 15:39 - 2019-08-24 15:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com 2019-08-24 15:19 - 2019-08-24 15:19 - 001156704 _____ (GOG Sp. z o.o.) C:\Users\ADAY\Downloads\GOG_Galaxy_Gwent.exe ==================== One month (modified) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-09-23 13:21 - 2019-04-12 01:20 - 000003732 _____ C:\Windows\System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) 2019-09-23 13:21 - 2019-04-12 01:20 - 000003150 _____ C:\Windows\System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) 2019-09-23 13:21 - 2018-04-11 21:15 - 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk 2019-09-23 13:17 - 2014-11-06 01:56 - 000812192 _____ C:\Windows\system32\perfh00A.dat 2019-09-23 13:17 - 2014-11-06 01:56 - 000167450 _____ C:\Windows\system32\perfc00A.dat 2019-09-23 13:17 - 2014-03-18 11:03 - 001833224 _____ C:\Windows\system32\PerfStringBackup.INI 2019-09-23 13:17 - 2013-08-22 14:36 - 000000000 ____D C:\Windows\Inf 2019-09-23 13:15 - 2015-08-21 22:00 - 000003994 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{5097B4DE-5CFD-4D8B-B84C-D01E24A9648A} 2019-09-23 13:14 - 2015-08-21 21:57 - 000003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1157891685-1263528733-739446543-1001 2019-09-23 13:14 - 2015-03-19 22:16 - 000000000 ____D C:\ProgramData\NVIDIA 2019-09-23 13:12 - 2016-04-14 20:13 - 000856744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2019-09-23 13:12 - 2016-04-14 20:13 - 000464608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2019-09-23 13:11 - 2018-07-12 00:03 - 000000000 ____D C:\Users\ADAY\AppData\Local\MEGAsync 2019-09-23 13:09 - 2017-06-30 14:27 - 000008192 _____ C:\Windows\SysWOW64\WDPABKP.dat 2019-09-23 13:09 - 2015-08-21 21:58 - 000000000 ___RD C:\Users\ADAY\OneDrive 2019-09-23 13:08 - 2013-08-22 15:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2019-09-23 00:41 - 2015-08-25 21:55 - 000000000 ____D C:\Users\ADAY\AppData\Roaming\DMCache 2019-09-23 00:25 - 2016-05-05 12:46 - 000192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2019-09-23 00:20 - 2016-05-05 13:21 - 000007611 _____ C:\Users\ADAY\AppData\Local\Resmon.ResmonCfg 2019-09-22 18:46 - 2016-09-07 18:41 - 000000000 ____D C:\Users\ADAY\AppData\Local\Ubisoft Game Launcher 2019-09-22 17:28 - 2018-03-06 21:53 - 000000000 ____D C:\Users\ADAY\AppData\Roaming\Lavasoft 2019-09-22 17:28 - 2018-03-06 21:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft 2019-09-22 17:28 - 2018-03-06 21:53 - 000000000 ____D C:\Program Files (x86)\Lavasoft 2019-09-22 17:28 - 2018-03-06 21:52 - 000000000 ____D C:\ProgramData\Lavasoft 2019-09-22 17:10 - 2018-04-11 21:12 - 000000000 ____D C:\Users\ADAY\AppData\Local\AVAST Software 2019-09-22 17:08 - 2019-01-04 15:25 - 000274456 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys 2019-09-22 17:08 - 2019-01-04 15:25 - 000209552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys 2019-09-22 17:08 - 2019-01-04 15:25 - 000065120 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys 2019-09-22 17:08 - 2019-01-04 15:25 - 000037616 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys 2019-09-22 17:08 - 2018-10-19 18:00 - 000042736 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys 2019-09-22 17:08 - 2018-01-05 08:15 - 000276952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys 2019-09-22 17:08 - 2017-11-16 18:49 - 000204824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys 2019-09-22 17:08 - 2017-03-10 03:01 - 000003910 _____ C:\Windows\System32\Tasks\Avast Emergency Update 2019-09-22 17:08 - 2016-04-14 20:13 - 000316528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2019-09-22 17:08 - 2016-04-14 20:13 - 000110320 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2019-09-22 17:08 - 2016-04-14 20:13 - 000083792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2019-09-22 16:10 - 2019-06-08 16:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tom Clancys Ghost Recon Wildlands 2019-09-22 15:50 - 2015-08-22 01:45 - 000000944 _____ C:\Users\ADAY\Documents\ax_files.xml 2019-09-22 15:44 - 2016-04-14 20:14 - 000002029 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2019-09-22 15:44 - 2013-08-22 14:25 - 000524288 _____ C:\Windows\system32\config\BBI 2019-09-22 15:43 - 2015-08-21 21:50 - 000000000 ____D C:\Users\ADAY 2019-09-22 15:42 - 2019-06-10 13:35 - 000000000 ____D C:\Program Files\Mozilla Firefox 2019-09-22 15:42 - 2016-09-07 15:44 - 000000000 ____D C:\Program Files (x86)\Origin 2019-09-22 15:41 - 2019-06-10 13:35 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2019-09-22 15:41 - 2019-06-08 18:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Call of Cthulhu 2019-09-22 15:41 - 2019-06-08 18:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Devil May Cry 5 2019-09-22 15:41 - 2018-05-27 02:13 - 000000000 ____D C:\Program Files\Epic Games 2019-09-22 15:41 - 2018-05-27 02:05 - 000000000 ____D C:\ProgramData\Epic 2019-09-22 15:41 - 2018-05-27 02:05 - 000000000 ____D C:\Program Files (x86)\Epic Games 2019-09-22 15:41 - 2018-05-18 02:46 - 000000000 ____D C:\Users\ADAY\AppData\Roaming\qBittorrent 2019-09-22 15:41 - 2018-03-23 22:01 - 000000000 ____D C:\Users\ADAY\AppData\Local\Spotify 2019-09-22 15:41 - 2018-03-20 22:45 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation 2019-09-22 15:41 - 2016-05-03 21:24 - 000000000 ___RD C:\Users\ADAY\Desktop\Juegos 2019-09-22 15:41 - 2015-12-09 04:10 - 000000000 ____D C:\Users\ADAY\AppData\Roaming\vlc 2019-09-22 15:41 - 2015-08-23 23:57 - 000000000 ____D C:\Users\ADAY\Documents\My Games 2019-09-22 15:41 - 2015-08-21 21:51 - 000000000 ____D C:\Users\ADAY\AppData\Local\NVIDIA 2019-09-22 15:41 - 2015-03-19 23:12 - 000000000 ___HD C:\SuperChargerProfile 2019-09-22 15:41 - 2015-03-19 22:16 - 000000000 ____D C:\ProgramData\NVIDIA Corporation 2019-09-22 15:41 - 2015-03-19 22:16 - 000000000 ____D C:\Program Files\NVIDIA Corporation 2019-09-22 15:41 - 2015-03-19 22:16 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2019-09-22 15:41 - 2013-08-22 16:36 - 000000000 ___HD C:\Program Files\WindowsApps 2019-09-22 15:41 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\registration 2019-09-22 15:41 - 2013-08-22 14:36 - 000000000 ____D C:\Windows\servicing 2019-09-18 19:22 - 2019-06-10 13:35 - 000000000 ____D C:\Users\ADAY\AppData\LocalLow\Mozilla 2019-09-18 16:22 - 2016-01-05 17:24 - 000000000 ____D C:\Users\ADAY\AppData\Local\CrashDumps 2019-09-03 22:49 - 2018-11-25 21:18 - 000000000 ____D C:\Users\ADAY\Documents\Shadow of the Tomb Raider 2019-08-31 14:03 - 2019-08-07 18:38 - 000000000 ____D C:\Users\ADAY\Desktop\MARIAM 2019-08-30 22:15 - 2018-03-23 21:56 - 000000000 ____D C:\Users\ADAY\AppData\Roaming\Spotify 2019-08-30 01:20 - 2018-04-28 12:58 - 000002252 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2019-08-30 01:20 - 2018-04-28 12:58 - 000002211 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2019-08-29 14:35 - 2013-08-22 15:44 - 000346640 _____ C:\Windows\system32\FNTCACHE.DAT 2019-08-25 17:39 - 2015-08-25 21:55 - 000000000 ____D C:\Users\ADAY\Downloads\Compressed 2019-08-25 17:34 - 2015-08-21 23:50 - 000000000 ____D C:\Juegos 2019-08-24 21:54 - 2015-03-19 22:13 - 000000000 ____D C:\ProgramData\Package Cache 2019-08-24 15:20 - 2017-04-28 21:17 - 000000000 ____D C:\ProgramData\GOG.com ==================== Files in the root of some directories ================ 2016-05-05 01:50 - 2016-05-05 01:50 - 000000044 _____ () C:\Users\ADAY\AppData\Roaming\WB.CFG 2016-01-08 02:47 - 2016-01-08 02:47 - 000042496 _____ (NirSoft) C:\Users\ADAY\AppData\Local\nircmd.exe 2016-05-05 13:21 - 2019-09-23 00:20 - 000007611 _____ () C:\Users\ADAY\AppData\Local\Resmon.ResmonCfg ==================== FCheck ================================ (If an entry is included in the fixlist, the file/folder will be moved.) FCheck: C:\Windows\pas.exe [2017-05-15] <==== ATTENTION (zero byte File/Folder) ==================== SigCheck =============================== (There is no automatic fix for files that do not pass verification.) LastRegBack: 2019-09-22 03:56 ==================== End of FRST.txt ============================