Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22.05.2024 01 Ran by patictor (administrator) on PAT (TOSHIBA PORTEGE R30-A) (24-05-2024 11:33:40) Running from C:\Users\patictor\Desktop\FRST64.exe Loaded Profiles: patictor Platform: Microsoft Windows 7 Professional Service Pack 1 (X64) Language: English (United States) Default browser: FF Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\AVAST Software\Avast\AvastUI.exe <4> (C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpnd\expressvpnd.exe (C:\Program Files\Apoint2K\Apoint.exe ->) (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe (C:\Program Files\Apoint2K\Apoint.exe ->) (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe (C:\Program Files\AVAST Software\Avast\AvastUI.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleCrashHandler.exe (C:\Program Files\AVAST Software\Avast\AvastUI.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleCrashHandler64.exe (C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe ->) (TOSHIBA CORPORATION -> ) C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe (C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe ->) (TOSHIBA CORPORATION -> TOSHIBA) C:\Program Files\TOSHIBA\FlashCards\Hotkey\TDUNotify\TDUSrv64.exe (C:\Program Files\TOSHIBA\TECO\Teco.exe ->) (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoHook.exe (C:\Windows\SysWOW64\irstrtsv.exe ->) (Intel Corporation) [File not signed] C:\Windows\Temp\irstrtsv\scrncap.exe (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.8\bin\TrayPopupE\TrayTipAgentE.exe (DTS, Inc. -> DTS, Inc.) C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\APO3GUI.exe (explorer.exe ->) () [File not signed] C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (explorer.exe ->) (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe (explorer.exe ->) (Google Inc -> Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe <2> (explorer.exe ->) (Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\hkcmd.exe (explorer.exe ->) (Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxpers.exe (explorer.exe ->) (Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxtray.exe (explorer.exe ->) (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe (explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (explorer.exe ->) (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIN0E.EXE (explorer.exe ->) (TOSHIBA CORPORATION -> ) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (explorer.exe ->) (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (explorer.exe ->) (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayicon.exe (explorer.exe ->) (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationService.exe (Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe (services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe (services.exe ->) (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe (services.exe ->) (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (services.exe ->) (DTS, Inc. -> ) C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe (services.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe (services.exe ->) (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (services.exe ->) (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (services.exe ->) (Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (services.exe ->) (Intel Corporation-Mobile Wireless Group -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (services.exe ->) (Intel Corporation-Mobile Wireless Group -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (services.exe ->) (Intel Corporation-Mobile Wireless Group -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (services.exe ->) (Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe (services.exe ->) (Intel(R) Software -> Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe (services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (services.exe ->) (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe (services.exe ->) (McAfee, Inc. -> McAfee, Inc.) C:\Windows\System32\mfevtps.exe (services.exe ->) (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (services.exe ->) (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe (services.exe ->) (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (services.exe ->) (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (services.exe ->) (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (Softarium.com) [File not signed] C:\Program Files (x86)\Sound Volume Hotkeys\SoundVolumeHotkeys.exe (svchost.exe ->) (Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxsrvc.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [] => [X] HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13674712 2014-07-29] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [381784 2013-11-15] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2853968 2014-02-26] (TOSHIBA CORPORATION -> TOSHIBA Corporation) HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [595840 2012-03-03] (TOSHIBA CORPORATION -> ) HKLM\...\Run: [BatteryManager] => C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayIcon.exe [287104 2014-04-17] (TOSHIBA CORPORATION -> TOSHIBA Corporation) HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1604168 2013-11-26] (TOSHIBA CORPORATION -> TOSHIBA Corporation) HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [711040 2013-08-21] (TOSHIBA CORPORATION -> TOSHIBA Corporation) HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-12-15] (TOSHIBA CORPORATION -> TOSHIBA Corporation) HKLM\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [1500240 2013-04-17] (TOSHIBA CORPORATION -> TOSHIBA) HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-12] (TOSHIBA CORPORATION -> TOSHIBA Corporation) HKLM\...\Run: [Toshiba Registration] => C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [150992 2014-10-16] (Toshiba Europe GmbH -> Toshiba Europe GmbH) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [423832 2024-04-10] (Avast Software s.r.o. -> Gen Digital Inc.) HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [456704 2012-02-20] () [File not signed] HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation - Software and Firmware Products -> Intel Corporation) HKLM-x32\...\Run: [DTS Studio Sound] => C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\APO3GUI.exe [1500992 2013-10-05] (DTS, Inc. -> DTS, Inc.) HKLM-x32\...\Run: [SoundVolumeHotkeys.{9547D1C7-4F18-4104-8674-046DCD12BDF9}] => C:\Program Files (x86)\Sound Volume Hotkeys\SoundVolumeHotkeys.exe [126976 2010-09-19] (Softarium.com) [File not signed] HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.8\bin\TrayPopupE\TrayTipAgentE.exe [255072 2014-11-18] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] HKLM-x32\...\Run: [ExpressVPNNotificationService] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationServiceStarter.exe [380776 2023-05-08] (EXPRSVPN LLC -> ExpressVPN) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (No File) HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (No File) HKU\S-1-5-21-1852484364-2830833799-2211547181-1000\...\Run: [EPLTarget\P0000000000000000] => C:\windows\system32\spool\DRIVERS\x64\3\E_YATIN0E.EXE [298560 2014-03-20] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) HKU\S-1-5-21-1852484364-2830833799-2211547181-1000\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [123171752 2024-04-02] (Skype Software Sarl -> Skype Technologies S.A.) HKU\S-1-5-21-1852484364-2830833799-2211547181-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [45430176 2024-05-20] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) HKU\S-1-5-21-1852484364-2830833799-2211547181-1000\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [763416 2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) HKU\S-1-5-21-1852484364-2830833799-2211547181-1000\...\MountPoints2: {74975856-b4a2-11e6-ba19-d07e35ba6701} - F:\AutoRun.exe HKU\S-1-5-21-1852484364-2830833799-2211547181-501\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (No File) HKU\S-1-5-21-1852484364-2830833799-2211547181-501\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [123171752 2024-04-02] (Skype Software Sarl -> Skype Technologies S.A.) HKLM\...\Windows x64\Print Processors\Epson Laser01: C:\Windows\System32\spool\prtprocs\x64\EP0LPP01.DLL [41472 2009-07-14] (Microsoft Windows -> SEIKO EPSON CORPORATION) HKLM\...\Windows x64\Print Processors\ssj1MPC: C:\Windows\System32\spool\prtprocs\x64\ssj1mpc.dll [37376 2012-10-05] (Windows (R) Server 2003 DDK provider) [File not signed] HKLM\...\Print\Monitors\Epson Inbox Language Monitor01: C:\windows\system32\EP0SLM01.DLL [77824 2009-07-14] (Microsoft Windows -> SEIKO EPSON CORPORATION) HKLM\...\Print\Monitors\EPSON L360 Series 64MonitorBE: C:\windows\system32\E_YLMBN0E.DLL [187392 2018-06-15] (Microsoft Windows Hardware Compatibility Publisher -> Seiko Epson Corporation) HKLM\...\Print\Monitors\ssj1M Langmon: C:\windows\system32\ssj1mlm.dll [34304 2011-04-25] () [File not signed] HKLM\...\Print\Monitors\Toshiba Bluetooth Monitor: C:\windows\system32\tbtmon.dll [202752 2013-03-08] (TOSHIBA CORPORATION.) [File not signed] HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\109.0.5414.120\Installer\chrmstp.exe [2023-01-29] (Google LLC -> Google LLC) HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{73FA19D0-2D75-11D2-995D-00C04F98BBC9}] -> HKLM\Software\...\Authentication\Credential Providers: [{3AFF1C30-4959-4c2f-8BED-E6E81E39F57A}] -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtCp.dll [2012-02-02] (TOSHIBA CORPORATION -> TOSHIBA CORPORATION) Startup: C:\Users\patictor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Firefox.lnk [2015-10-06] ShortcutTarget: Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) Startup: C:\Users\patictor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Explorer.lnk [2015-10-13] ShortcutAndArgument: Windows Explorer.lnk -> C:\windows\explorer.exe => /n/,e,D:\Pat GroupPolicy: Restriction ? <==== ATTENTION Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {93453ED2-D648-4173-935F-34829C68C622} - System32\Tasks\{2EFC65C6-D0C5-4078-8652-7773249CC202} => c:\program files (x86)\mozilla firefox\firefox.exe [636792 2022-07-25] (Mozilla Corporation -> Mozilla Corporation) -> hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=7.12.0.101&LastError=12007 Task: {C80EDBC7-98C4-49BF-85B6-7937332D970F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1552376 2022-09-26] (Adobe Inc. -> Adobe Inc.) Task: {C2F62A7A-65A6-4EE0-A03F-4E090AA38BE4} - System32\Tasks\Avast Software\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [5188504 2024-04-10] (Avast Software s.r.o. -> Gen Digital Inc.) Task: {49F457A3-AA3D-4C74-9964-0E5031CB9995} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe -> C:\Program Files\Common Files\AV\avast! Antivirus\/backup /iavs Task: {DF199C2E-84DC-4D9D-BB8B-8BF31A1740D6} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2144664 2023-08-31] (Avast Software s.r.o. -> Avast Software) Task: {4AFF087C-4F35-4774-BBBD-09E6FE695BBB} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [714256 2024-05-20] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) Task: {9BCE9167-8FCC-402E-BF74-65E8ED910F13} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [5074848 2024-05-20] (PIRIFORM SOFTWARE LIMITED -> Gen Digital Inc. All rights reserved.) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "e10edc45-a4d6-453b-98bf-0e6a489e74f4" --version "6.24.11060" --silent Task: {59273D6B-F506-4E3C-8BB3-AF53C6B0F6E2} - System32\Tasks\CCleanerSkipUAC - patictor => C:\Program Files\CCleaner\CCleaner.exe [39169952 2024-05-20] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) Task: {9B38AA15-0C29-48C7-9FAE-D818C888CA8E} - System32\Tasks\EPSON L360 Series Update {0ED42B8A-D858-4AEC-A11B-9B8CF0A11884} => C:\Windows\System32\spool\drivers\x64\3\E_YTSN0E.EXE [690536 2013-11-22] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) Task: {3C586DBD-BDA9-48FF-9582-AC6893F7C3A9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-10-03] (Google Inc -> Google Inc.) Task: {02C51267-2697-408D-870D-3951A9C15A79} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-10-03] (Google Inc -> Google Inc.) Task: {80D5026B-5E7C-4310-8D2C-0FE10EDACFA5} - System32\Tasks\WiseCleaner\WRCSkipUAC => C:\Program Files (x86)\Regcleaner\Wise Registry Cleaner\WiseRegCleaner.exe [3445192 2015-09-22] (Lespeed Technology Ltd. -> WiseCleaner.com) -> C:\Program Files (x86)\Regcleaner\Wise Registry Cleaner\\$UAC (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\windows\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe Task: C:\windows\Tasks\EPSON L360 Series Update {0ED42B8A-D858-4AEC-A11B-9B8CF0A11884}.job => C:\windows\system32\spool\DRIVERS\x64\3\E_YTSN0E.EXE:/EXE:{0ED42B8A-D858-4AEC-A11B-9B8CF0A11884} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.254 Tcpip\..\Interfaces\{06661065-774E-457F-98A2-DFA461897451}: [DhcpNameServer] 192.168.137.129 Tcpip\..\Interfaces\{0C3B1E55-AAA9-4AD4-8E69-4AC932CF593E}: [DhcpNameServer] 192.168.0.254 Tcpip\..\Interfaces\{2B8B2C61-03D8-4021-A72A-DB7AEEEF4477}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{3E8F3851-D5CE-4F42-9156-2C6682E2A091}: [DhcpNameServer] 192.168.0.254 Tcpip\..\Interfaces\{3E8F3851-D5CE-4F42-9156-2C6682E2A091}\4656E6164716D2C44523: [DhcpNameServer] 118.98.115.77 118.98.115.70 Tcpip\..\Interfaces\{3E8F3851-D5CE-4F42-9156-2C6682E2A091}\4656E6164716D2C4453313: [DhcpNameServer] 118.98.115.77 118.98.115.70 Tcpip\..\Interfaces\{3E8F3851-D5CE-4F42-9156-2C6682E2A091}\5416379724F687D2535303533343: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{3E8F3851-D5CE-4F42-9156-2C6682E2A091}\5416379724F687D2535303533343: [DhcpDomain] local Tcpip\..\Interfaces\{3E8F3851-D5CE-4F42-9156-2C6682E2A091}\75164716E6160284F64756C6: [DhcpNameServer] 192.168.88.1 8.8.8.8 8.8.4.4 Tcpip\..\Interfaces\{3E8F3851-D5CE-4F42-9156-2C6682E2A091}\A696E64716E616: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{3E8F3851-D5CE-4F42-9156-2C6682E2A091}\E494357514E44514259402255435944454E43454: [DhcpNameServer] 172.16.10.1 192.168.100.1 192.168.0.1 Tcpip\..\Interfaces\{3F2B0CDF-154B-4DF6-9A36-D1B6C72441BA}: [DhcpNameServer] 10.0.1.1 Tcpip\..\Interfaces\{44BC57C8-AAC0-45FA-A9E8-C526FA425433}: [DhcpNameServer] 10.0.1.1 Tcpip\..\Interfaces\{5A145E5A-8F6F-4CDA-8A8B-2FB1D381571A}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{687C6E6D-AFBD-46B5-A72A-A2476D97E837}: [DhcpNameServer] 10.0.1.1 Tcpip\..\Interfaces\{81190EFE-B696-4B2C-A6A8-8A5C4E8D4AB3}: [DhcpNameServer] 10.0.1.1 Tcpip\..\Interfaces\{B9022AE6-AC78-4D97-9FC9-9BE4845DEE41}: [DhcpNameServer] 10.0.1.1 Tcpip\..\Interfaces\{D38D25B5-F04D-428F-95F9-B51CF7BDBE2D}: [NameServer] 10.0.1.1 Tcpip\..\Interfaces\{D38D25B5-F04D-428F-95F9-B51CF7BDBE2D}: [DhcpNameServer] 10.0.1.1 FireFox: ======== FF DefaultProfile: jbjeu1jb.default FF ProfilePath: C:\Users\patictor\AppData\Roaming\Mozilla\Firefox\Profiles\jbjeu1jb.default [2024-05-24] FF DownloadDir: D:\Download FF Homepage: Mozilla\Firefox\Profiles\jbjeu1jb.default -> hxxps://outlook.live.com/owa/#wa=wsignin1.0 FF NetworkProxy: Mozilla\Firefox\Profiles\jbjeu1jb.default -> backup.ftp", "176.214.77.6:1080" FF Notifications: Mozilla\Firefox\Profiles\jbjeu1jb.default -> hxxps://www.planetromeo.com; hxxps://www.romeo.com; hxxps://www.rt.com; hxxps://www.instagram.com FF Extension: (PureVPN: VPN Proxy to Unblock Internet Privately) - C:\Users\patictor\AppData\Roaming\Mozilla\Firefox\Profiles\jbjeu1jb.default\Extensions\enquiry@purevpn.com.xpi [2022-11-17] FF Extension: (Webmail Ad Blocker) - C:\Users\patictor\AppData\Roaming\Mozilla\Firefox\Profiles\jbjeu1jb.default\Extensions\gmailnoads@mywebber.com.xpi [2022-10-14] FF Extension: (Simple Translate) - C:\Users\patictor\AppData\Roaming\Mozilla\Firefox\Profiles\jbjeu1jb.default\Extensions\simple-translate@sienori.xpi [2022-09-03] FF Extension: (Adblock Plus - bloqueur de publicités gratuit) - C:\Users\patictor\AppData\Roaming\Mozilla\Firefox\Profiles\jbjeu1jb.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2022-08-30] FF Extension: (Greasemonkey) - C:\Users\patictor\AppData\Roaming\Mozilla\Firefox\Profiles\jbjeu1jb.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2018-03-19] FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_27_0_0_187.dll [2017-11-20] (Adobe Systems Incorporated -> ) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VLC\npvlc.dll [2015-04-16] (VideoLAN) [File not signed] FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-11-20] (Adobe Systems Incorporated -> ) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel® Identity Protection Technology Software -> Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel® Identity Protection Technology Software -> Intel Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.) Chrome: ======= CHR Profile: C:\Users\patictor\AppData\Local\Google\Chrome\User Data\Default [2024-05-24] CHR DownloadDir: C:\Users\patictor\Desktop CHR Extension: (Google Docs hors connexion) - C:\Users\patictor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-06-09] CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\patictor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-03-17] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2022-09-26] (Adobe Inc. -> Adobe Inc.) R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [9139608 2024-04-10] (Avast Software s.r.o. -> AVAST Software) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [766360 2024-04-10] (Avast Software s.r.o. -> Gen Digital Inc.) R2 avast! Tools; C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe [1201560 2024-04-10] (Avast Software s.r.o. -> Gen Digital Inc.) R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [56912 2023-06-13] (Avast Software s.r.o. -> AVAST Software) S4 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1085856 2024-05-20] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-10-05] (DTS, Inc. -> ) R2 ExpressVPNService; C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe [439656 2023-05-08] (EXPRSVPN LLC -> ExpressVPN) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-28] (Intel(R) Corporation) [File not signed] R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8887344 2024-05-17] (Malwarebytes Inc. -> Malwarebytes) S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [3073888 2024-03-23] (Malwarebytes Inc. -> Malwarebytes) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [221832 2014-10-01] (McAfee, Inc. -> McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc. -> McAfee, Inc.) S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH -> Toshiba Europe GmbH) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 aftap0901; C:\windows\System32\DRIVERS\aftap0901.sys [49632 2017-11-21] (Panda Security S.L. -> The OpenVPN Project) R0 aswArDisk; C:\windows\System32\drivers\aswArDisk.sys [20528 2024-04-10] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.) R1 aswArPot; C:\windows\System32\drivers\aswArPot.sys [230448 2024-04-10] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.) R1 aswbidsdriver; C:\windows\System32\drivers\aswbidsdriver.sys [379960 2024-04-10] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.) R0 aswbidsh; C:\windows\System32\drivers\aswbidsh.sys [292920 2024-04-10] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.) R0 aswbuniv; C:\windows\System32\drivers\aswbuniv.sys [84536 2024-04-10] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.) R1 aswKbd; C:\windows\System32\drivers\aswKbd.sys [28728 2024-04-10] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.) R1 aswMonFlt; C:\windows\System32\drivers\aswMonFlt.sys [268856 2024-04-10] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.) R1 aswRdr; C:\windows\System32\drivers\aswRdr2.sys [93752 2024-04-10] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.) R0 aswRvrt; C:\windows\System32\drivers\aswRvrt.sys [69176 2024-04-10] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.) R1 aswSnx; C:\windows\System32\drivers\aswSnx.sys [935992 2024-04-10] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.) R1 aswSP; C:\windows\System32\drivers\aswSP.sys [695864 2024-04-10] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.) R2 aswStm; C:\windows\System32\drivers\aswStm.sys [201784 2024-04-10] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.) R0 aswVmm; C:\windows\System32\drivers\aswVmm.sys [306232 2024-04-10] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.) S3 cfwids; C:\windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc. -> McAfee, Inc.) R2 config; C:\windows\System32\DRIVERS\ibtfudrv.sys [120528 2014-04-15] (Intel Corporation-Mobile Wireless Group -> Intel Corporation) S3 epmntdrv; C:\windows\system32\epmntdrv.sys [18528 2014-11-18] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] S3 EuGdiDrv; C:\windows\system32\EuGdiDrv.sys [10848 2014-11-18] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] S3 expressvpnsplittunnel; C:\Program Files (x86)\ExpressVPN\splittunnel\expressvpnsplittunnel.sys [18800 2023-05-08] (ExprsVPN LLC -> ) R3 guardian2; C:\windows\System32\Drivers\oz776x64.sys [87696 2013-01-11] (O2Micro -> O2Micro) R2 mbamchameleon; C:\windows\System32\Drivers\MbamChameleon.sys [223184 2024-05-18] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [239576 2024-04-24] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) S3 mfeapfk; C:\windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc. -> McAfee, Inc.) R3 mfeavfk; C:\windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc. -> McAfee, Inc.) R3 mfefirek; C:\windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc. -> McAfee, Inc.) R0 mfehidk; C:\windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc. -> McAfee, Inc.) R0 mfewfpk; C:\windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc. -> McAfee, Inc.) S3 tap0901; C:\windows\System32\DRIVERS\tap0901.sys [27136 2019-03-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project) S3 tap0901_openvpn_accl; C:\windows\System32\DRIVERS\tap0901_openvpn_accl.sys [37912 2016-11-19] (FlyVPN INC -> The OpenVPN Project) S3 tapexpressvpn; C:\windows\System32\DRIVERS\tapexpressvpn.sys [36208 2023-05-08] (ExprsVPN LLC -> The OpenVPN Project) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2024-05-24 11:33 - 2024-05-24 11:34 - 000029967 _____ C:\Users\patictor\Desktop\FRST.txt 2024-05-24 11:32 - 2024-05-24 11:34 - 000000000 ____D C:\FRST 2024-05-24 11:31 - 2024-05-24 11:31 - 002395136 _____ (Farbar) C:\Users\patictor\Desktop\FRST64.exe 2024-05-23 16:43 - 2024-05-23 16:43 - 000000000 ____D C:\Users\patictor\AppData\Local\unali-274702 2024-05-23 16:43 - 2024-05-23 16:43 - 000000000 ____D C:\Users\patictor\AppData\Local\unali-274561 2024-05-23 16:17 - 2024-05-23 16:17 - 000000000 ____D C:\Users\patictor\AppData\Local\Rufus 2024-05-23 16:03 - 2024-05-23 16:03 - 000000461 _____ C:\Users\patictor\Desktop\Emergency boot.iso - Shortcut.lnk 2024-05-17 23:18 - 2024-05-17 23:18 - 000000000 ____D C:\Users\patictor\AppData\Local\AdvertisingPopup 2024-05-17 20:15 - 2024-05-17 20:15 - 000004096 ___SH C:\{FC0BAE2E-01DC-4850-BC55-AA55257641F8}.CBM 2024-05-17 19:03 - 2024-05-17 19:03 - 000496640 ___SH C:\EUMONBMP.SYS 2024-05-17 19:03 - 2024-05-17 19:03 - 000000000 ____D C:\windows\system32\config\regsave 2024-05-17 19:00 - 2024-05-23 16:42 - 000000048 _____ C:\windows\SysWOW64\EUTB.TODK 2024-05-17 19:00 - 2024-05-17 19:00 - 000000000 ____D C:\ProgramData\SystemAcCrux 2024-05-17 19:00 - 2024-04-22 01:21 - 000072184 _____ C:\windows\system32\Drivers\EUSSRDVR.sys 2024-05-17 19:00 - 2024-04-22 01:20 - 000574456 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\windows\system32\Drivers\EuFdDisk.sys 2024-05-17 19:00 - 2024-04-22 01:20 - 000081400 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\windows\system32\Drivers\eubakup.sys 2024-05-17 19:00 - 2024-04-22 01:20 - 000060920 _____ C:\windows\system32\Drivers\EUBKMON.sys 2024-05-17 19:00 - 2024-04-22 01:20 - 000029688 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\windows\system32\Drivers\eudskacs.sys 2024-05-17 18:59 - 2024-05-17 18:59 - 000000000 ____D C:\ProgramData\EaseUS 2024-05-17 18:59 - 2024-04-22 01:21 - 000029688 _____ C:\windows\system32\Drivers\euimgprt.sys 2024-04-24 15:09 - 2024-04-24 15:10 - 000251896 _____ C:\windows\ntbtlog.txt ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2024-05-24 11:31 - 2016-11-20 04:52 - 000000000 ____D C:\Users\patictor\AppData\LocalLow\Mozilla 2024-05-24 11:30 - 2022-07-26 07:23 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38 2024-05-24 11:29 - 2022-07-25 21:25 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2024-05-24 11:28 - 2022-10-04 12:28 - 000000911 _____ C:\windows\Tasks\EPSON L360 Series Update {0ED42B8A-D858-4AEC-A11B-9B8CF0A11884}.job 2024-05-24 11:28 - 2009-07-14 06:45 - 000027344 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2024-05-24 11:28 - 2009-07-14 06:45 - 000027344 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2024-05-24 11:26 - 2009-07-14 07:13 - 000781298 _____ C:\windows\system32\PerfStringBackup.INI 2024-05-24 11:26 - 2009-07-14 05:20 - 000000000 ____D C:\windows\inf 2024-05-24 11:23 - 2014-10-16 03:05 - 000000000 ____D C:\Program Files (x86)\Google 2024-05-24 11:22 - 2017-01-26 23:15 - 000000000 ____D C:\Program Files\CCleaner 2024-05-24 11:21 - 2017-01-26 20:59 - 000000000 ____D C:\ProgramData\AVAST Software 2024-05-24 11:21 - 2009-07-14 07:08 - 000000006 ____H C:\windows\Tasks\SA.DAT 2024-05-24 11:07 - 2015-10-07 17:25 - 000000000 ____D C:\Program Files (x86)\EaseUS 2024-05-23 16:44 - 2009-07-14 05:20 - 000000000 ____D C:\windows\registration 2024-05-23 16:17 - 2015-01-22 04:20 - 000000532 __RSH C:\ProgramData\ntuser.pol 2024-05-23 16:14 - 2021-06-05 20:51 - 000000000 ____D C:\Users\patictor\AppData\Local\WEB2Print 2024-05-23 12:34 - 2022-09-21 12:34 - 000000666 _____ C:\windows\Tasks\CCleanerCrashReporting.job 2024-05-23 12:14 - 2022-09-21 12:34 - 000003254 _____ C:\windows\system32\Tasks\CCleanerCrashReporting 2024-05-23 12:14 - 2018-09-19 18:39 - 000003870 _____ C:\windows\system32\Tasks\CCleaner Update 2024-05-17 19:05 - 2023-06-13 23:25 - 000000000 ____D C:\Users\patictor\AppData\Local\Avast Software 2024-05-01 12:34 - 2017-12-16 14:52 - 000000000 ____D C:\Users\patictor\AppData\Roaming\Microsoft\Skype for Desktop 2024-04-25 15:48 - 2015-10-03 14:56 - 000000000 ___SD C:\Users\patictor\AppData\Roaming\Microsoft\Credentials 2024-04-24 15:11 - 2024-01-21 08:19 - 000239576 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamswissarmy.sys 2024-04-24 15:06 - 2024-01-24 03:53 - 000000000 ____D C:\Users\patictor\AppData\Local\CrashDumps 2024-04-24 14:23 - 2015-11-04 10:27 - 000000000 ____D C:\Users\patictor\AppData\Local\ElevatedDiagnostics ==================== Files in the root of some directories ======== 2017-04-06 17:45 - 2024-03-20 07:28 - 000004096 ____H () C:\Users\patictor\AppData\Local\keyfile3.drm 2016-11-13 19:55 - 2016-11-13 19:55 - 000007605 _____ () C:\Users\patictor\AppData\Local\Resmon.ResmonCfg ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) LastRegBack: 2024-05-17 21:26 ==================== End of FRST.txt ========================