Hola
Antes que nada quiero agradecer su apoyo para revisar y actualizar uno de mis equipos que había sido hackeado, particularmente agradecer a Sanmar.
Una vez más los molesto con su apoyo, ya que el equipo de mi hermana también fue afectado por esa gente sin escrúpulos. Ella detecto algo extraño al querer guardar en word un archivo y le pregunto si quería compartir en línea, lo cual no le solicitaba antes. Nunca hemos habilitado el escritorio remoto, ya que no compartimos archivos o red entre nosotros. Sin embargo, aparecían en inicio como los programas recientes fax, escritorio remoto y el centro de sincronización.
Revisando el task manager aparecen procesos de escritorio remoto, entre otros como servicio de red de office y de svchost.exe
y revisando el escritorio remoto, aparece en blanco, pero si doy clic en la opcion de red Pc conectase a escritorio remoto, me dice que ya hay una sesión.
Anexo reportes de FRST y Addition
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20.12.2018
Ran by Moyete (administrator) on MOYETE-PC (21-12-2018 16:58:01)
Running from C:\Users\Moyete\Desktop
Loaded Profiles: Moyete (Available Profiles: Moyete)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
(Visicom Media Inc.) C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\mstsc.exe
(Microsoft Corporation) C:\Windows\System32\mmc.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\msconfig.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\mmc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\SnippingTool.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
"Path" (C:\Program Files\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\ -> %SystemRoot%\System32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\) <==== Repaired successfully
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe [153296 2018-05-30] (Panda Security, S.L.)
HKLM\...\Run: [Panda Security URL Filtering] => "C:\Program Files\Panda Security URL Filtering\Panda_URL_Filtering.exe"
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle Corporation)
HKU\S-1-5-21-2713976509-1318226811-4177288055-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [13594584 2018-06-24] (Piriform Ltd)
HKLM\...\Drivers32: [MSVideo8] => C:\Windows\System32\VfWWDM32.dll [56832 2010-11-20] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.2.9.84 10.2.9.100
Tcpip\..\Interfaces\{5AD1119D-D7FA-43B3-8085-3D39E8DF931D}: [DhcpNameServer] 10.2.9.84 10.2.9.100
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2713976509-1318226811-4177288055-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
HKU\S-1-5-21-2713976509-1318226811-4177288055-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-006
SearchScopes: HKLM -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2713976509-1318226811-4177288055-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2713976509-1318226811-4177288055-1000 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://pandasecurity.mystart.com/results.php?pr=vmn&gen=ms&id=pandasafeweb&v=2_0&idate=2018-11-05&ent=ch_675&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2713976509-1318226811-4177288055-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_191\bin\ssv.dll [2018-12-12] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-12-12] (Oracle Corporation)
Toolbar: HKLM - Panda Safe Web - {b60873b9-51aa-4566-b2fc-c16de2ec8bff} - No File
FireFox:
========
FF DefaultProfile: 904qasv3.default
FF ProfilePath: C:\Users\Moyete\AppData\Roaming\Mozilla\Firefox\Profiles\904qasv3.default [2018-12-21]
FF Extension: (Malwarebytes Browser Extension) - C:\Users\Moyete\AppData\Roaming\Mozilla\Firefox\Profiles\904qasv3.default\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2018-12-13]
FF Plugin: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-12-12] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-12-12] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-04] (Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\Moyete\AppData\Local\Google\Chrome\User Data\Default [2018-12-21]
CHR Extension: (Presentaciones) - C:\Users\Moyete\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Dr.Web Anti-Virus Link Checker) - C:\Users\Moyete\AppData\Local\Google\Chrome\User Data\Default\Extensions\aleggpabliehgbeagmfhnodcijcmbonb [2018-12-14]
CHR Extension: (Documentos) - C:\Users\Moyete\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\Moyete\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-15]
CHR Extension: (AdGuard AdBlocker) - C:\Users\Moyete\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2018-12-14]
CHR Extension: (YouTube) - C:\Users\Moyete\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-15]
CHR Extension: (Adobe Acrobat) - C:\Users\Moyete\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-05-15]
CHR Extension: (Panda Smart Shopping) - C:\Users\Moyete\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcbhdhpamoencpdogjnmnbjddipfkpad [2018-11-05]
CHR Extension: (Hojas de cálculo) - C:\Users\Moyete\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Moyete\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-21]
CHR Extension: (Malwarebytes Browser Extension) - C:\Users\Moyete\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2018-12-13]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Moyete\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Gmail) - C:\Users\Moyete\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-15]
CHR Extension: (Chrome Media Router) - C:\Users\Moyete\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-09]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [fcbhdhpamoencpdogjnmnbjddipfkpad] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 avast; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-03-26] (AVAST Software)
S3 avastm; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-03-26] (AVAST Software)
S3 GoogleChromeElevationService; C:\Program Files\Google\Chrome\Application\71.0.3578.98\elevation_service.exe [375776 2018-12-11] (Google Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5073376 2018-09-19] (Malwarebytes)
R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe [109024 2017-11-08] (Panda Security, S.L.)
S3 Panda VPN Service; C:\Program Files\Panda Security\Panda Security Protection\Hydra.Sdk.Windows.Service.exe [320848 2017-11-19] ()
R2 PandaAgent; C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [86104 2016-07-19] (Panda Security, S.L.)
R2 panda_url_filtering; C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe [236528 2016-11-22] (Visicom Media Inc.)
R2 PSUAService; C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe [48784 2018-05-30] (Panda Security, S.L.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [109456 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 ICAM5USB; C:\Windows\System32\Drivers\Icam5USB.sys [100992 2001-08-17] (Microsoft Corporation)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [230120 2018-12-21] (Malwarebytes)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [108880 2017-11-03] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [222424 2017-11-03] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [132296 2017-11-03] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [147112 2017-11-03] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [83040 2017-09-18] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [128816 2017-11-03] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [84664 2017-11-03] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [140664 2017-11-03] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [329032 2017-11-03] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [226256 2017-11-03] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [127664 2017-11-03] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [275984 2017-11-03] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [123416 2017-11-03] (Panda Security, S.L.)
R3 NxpCap; C:\Windows\System32\DRIVERS\NxpCap.sys [1363200 2017-05-15] (NXP Semiconductors Germany GmbH)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [162392 2017-11-08] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [131160 2018-01-22] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [177240 2018-01-30] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [133544 2017-11-06] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [144856 2017-11-07] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [119136 2017-11-06] (Panda Security, S.L.)
U3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [60592 2017-05-22] (Panda Security, S.L.)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [147344 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 panda_url_filteringd; \??\C:\Program Files\Panda Security URL Filtering\panda_url_filteringd.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-12-21 16:58 - 2018-12-21 16:58 - 000015707 _____ C:\Users\Moyete\Desktop\FRST.txt
2018-12-21 16:57 - 2018-12-21 16:58 - 000000000 ____D C:\FRST
2018-12-21 16:55 - 2018-12-21 16:55 - 001778176 _____ (Farbar) C:\Users\Moyete\Desktop\FRST.exe
2018-12-21 15:31 - 2018-12-21 15:31 - 000230120 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-12-21 15:31 - 2017-05-22 04:29 - 000060592 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2018-12-21 10:04 - 2018-12-21 10:04 - 000018432 _____ C:\Users\Moyete\Downloads\VIDEO_TS (4).IFO
2018-12-21 10:04 - 2018-12-21 10:04 - 000018432 _____ C:\Users\Moyete\Downloads\VIDEO_TS (3).IFO
2018-12-21 10:04 - 2018-12-21 10:04 - 000018432 _____ C:\Users\Moyete\Downloads\VIDEO_TS (2).IFO
2018-12-21 10:03 - 2018-12-21 10:03 - 000018432 _____ C:\Users\Moyete\Downloads\VIDEO_TS.IFO
2018-12-21 10:03 - 2018-12-21 10:03 - 000018432 _____ C:\Users\Moyete\Downloads\VIDEO_TS (1).IFO
2018-12-21 09:56 - 2018-12-21 09:56 - 000008192 _____ C:\Users\Moyete\Downloads\VIDEO_TS.VOB
2018-12-21 09:54 - 2018-12-21 09:54 - 000159744 _____ C:\Users\Moyete\Downloads\VTS_01_0.VOB
2018-12-21 09:54 - 2018-12-21 09:54 - 000045056 _____ C:\Users\Moyete\Downloads\VTS_01_0.IFO
2018-12-13 10:39 - 2018-12-13 10:39 - 000000000 ____D C:\KVRT_Data
2018-12-12 21:28 - 2018-12-13 01:42 - 000262144 _____ C:\Windows\system32\config\ELAM
2018-12-12 21:22 - 2018-12-12 22:27 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2018-12-12 20:51 - 2018-12-12 20:51 - 002378800 _____ (Kaspersky Lab) C:\Users\Moyete\Downloads\kfa18.0.0.405abes_13158.exe
2018-12-12 18:25 - 2018-12-12 18:25 - 000000000 ____D C:\Program Files\Common Files\Oracle
2018-12-12 18:18 - 2018-12-12 18:18 - 000000000 ____D C:\Program Files\Common Files\Java
2018-12-11 15:48 - 2018-12-11 15:49 - 000413977 _____ C:\Users\Moyete\Downloads\statement_807716624.pdf
2018-12-03 09:19 - 2018-12-03 09:19 - 000313992 _____ C:\Users\Moyete\Downloads\565820400418 (10).pdf
2018-11-23 10:30 - 2018-11-23 10:30 - 000038063 _____ C:\Users\Moyete\Downloads\SAT_20181123113051.pdf
2018-11-23 10:24 - 2018-11-23 10:24 - 000042572 _____ C:\Users\Moyete\Downloads\Acuse.384739458.AcusePdf.pdfraul vazquez oct 2018.pdf
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-12-21 16:57 - 2009-07-13 22:34 - 000021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-12-21 16:57 - 2009-07-13 22:34 - 000021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-12-21 15:47 - 2017-05-19 15:32 - 000000000 ____D C:\Users\Moyete\Documents\Fax
2018-12-21 15:47 - 2009-07-13 20:37 - 000000000 ____D C:\Windows\ModemLogs
2018-12-21 15:45 - 2017-05-15 13:53 - 000000000 ____D C:\Users\Moyete\AppData\LocalLow\Mozilla
2018-12-21 15:30 - 2009-07-13 22:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-12-21 14:44 - 2018-11-05 10:28 - 000000000 ____D C:\Program Files\Panda Security URL Filtering
2018-12-20 11:12 - 2010-11-20 18:30 - 000747396 _____ C:\Windows\system32\perfh00A.dat
2018-12-20 11:12 - 2010-11-20 18:30 - 000158868 _____ C:\Windows\system32\perfc00A.dat
2018-12-20 11:12 - 2010-11-20 15:01 - 001676890 _____ C:\Windows\system32\PerfStringBackup.INI
2018-12-20 11:12 - 2009-07-13 20:37 - 000000000 ____D C:\Windows\inf
2018-12-20 11:10 - 2017-05-19 15:34 - 000000000 ____D C:\Users\Moyete\Documents\irmi
2018-12-20 11:05 - 2017-05-15 13:35 - 000000000 ____D C:\Users\Moyete\AppData\Local\Microsoft Help
2018-12-14 17:25 - 2017-05-15 13:52 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2018-12-14 17:25 - 2017-05-15 13:52 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-12-13 10:32 - 2017-05-15 14:02 - 000000000 ____D C:\Program Files\AVAST Software
2018-12-13 10:32 - 2017-05-15 14:01 - 000000000 ____D C:\ProgramData\AVAST Software
2018-12-13 01:41 - 2017-05-15 14:06 - 000000000 ____D C:\Program Files\Common Files\AV
2018-12-12 22:25 - 2017-12-13 21:23 - 000000000 ____D C:\Users\Moyete\AppData\Local\AVAST Software
2018-12-12 19:27 - 2009-07-13 20:37 - 000000000 __RHD C:\Users\Public\Libraries
2018-12-12 18:26 - 2017-05-15 13:49 - 000002168 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-12-12 18:25 - 2017-05-15 13:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-12-12 18:25 - 2017-05-15 13:55 - 000000000 ____D C:\Program Files\Java
2018-12-12 18:16 - 2017-05-15 13:55 - 000096632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2018-12-12 10:03 - 2017-05-15 14:01 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-12-11 15:56 - 2018-11-19 10:04 - 000129248 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
2018-12-09 15:10 - 2018-11-04 15:48 - 000000000 ____D C:\Users\Moyete\AppData\Local\ESET
2018-11-29 09:38 - 2017-05-15 13:44 - 000000408 _____ C:\Windows\Tasks\Driver Easy Scheduled Scan.job
2018-11-24 10:39 - 2018-03-26 10:37 - 000002373 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2018-11-24 10:39 - 2018-03-26 10:37 - 000002330 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
2018-11-23 10:32 - 2017-05-19 11:10 - 000000000 ____D C:\Users\Moyete\AppData\Roaming\PrimoPDF
Some files in TEMP:
====================
2018-12-12 18:13 - 2018-12-12 18:13 - 001892728 _____ (Oracle Corporation) C:\Users\Moyete\AppData\Local\Temp\jre-8u191-windows-au.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-12-14 18:13
==================== End of FRST.txt ============================