Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07.01.2019
Ran by CCTV (administrator) on MONITOREO (08-01-2019 10:21:01)
Running from C:\Users\CCTV\Desktop
Loaded Profiles: CCTV & MSSQL$ADUANASOFT & MSSQL$SQLEXPRESS (Available Profiles: CCTV & MSSQL$ADUANASOFT & MSSQL$SQLEXPRESS)
Platform: Windows 8.1 (Update) (X64) Language: Inglés (Estados Unidos)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Intel Corporation) C:\windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
() C:\Program Files (x86)\AnyDesk\AnyDesk.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Dropbox, Inc.) C:\windows\System32\DbxSvc.exe
(EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.ADUANASOFT\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(pdfforge GmbH) C:\Program Files\PDF Architect 5\creator-ws.exe
(© pdfforge GmbH.) C:\Program Files (x86)\PDF Architect 5 Manager\PDF Architect 5\Architect Manager.exe
(arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Aspel de México, S.A. de C.V.) C:\Program Files (x86)\VPNAspel\VPNServicio.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avpui.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\windows\System32\SrTasks.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksdeui.exe
(Microsoft Corporation) C:\windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\windows\System32\dllhost.exe
(Microsoft Corporation) C:\windows\System32\dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2012-08-22] (Hewlett-Packard )
HKLM\...\Run: [IgfxTray] => C:\windows\system32\igfxtray.exe [456808 2018-08-16] ()
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2793016 2013-09-05] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [154680 2013-09-05] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [154680 2013-09-05] (Hewlett-Packard)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2014-01-05] (IDT, Inc.)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2670056 2018-09-10] (Adobe Systems, Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [301880 2018-10-22] (Apple Inc.)
HKLM-x32\...\Run: [Ivms4200-PCNVR] => C:\Program Files\iVMS-4200 Station\iVMS-4200 PCNVR\iVMS-4200 PCNVR.exe [12405152 2013-04-08] ()
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [4049216 2018-12-12] (Dropbox, Inc.)
HKU\S-1-5-21-3402127397-1666700131-1220667733-1001\...\Run: [Epson Stylus Pro 4900] => C:\windows\system32\spool\DRIVERS\x64\3\E_IATIG1E.EXE [224768 2010-01-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3402127397-1666700131-1220667733-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3402127397-1666700131-1220667733-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [54788456 2018-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-3402127397-1666700131-1220667733-1001\...\Run: [Spotify] => C:\Users\CCTV\AppData\Roaming\Spotify\Spotify.exe [25972968 2018-12-18] (Spotify Ltd)
HKU\S-1-5-21-3402127397-1666700131-1220667733-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19467544 2018-10-23] (Piriform Ltd)
HKU\S-1-5-21-3402127397-1666700131-1220667733-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\PhotoScreensaver.scr [589312 2014-10-28] (Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-17] (Google Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{F3F1B0FA-4775-41d8-8578-436772D93FB4}] -> C:\Program Files\Hewlett-Packard\SimplePass\OmniPassCredProv.dll [2013-09-05] (Softex Inc..)
HKLM\Software\...\Authentication\Credential Provider Filters: [{F3F1B0FA-4775-41d8-8578-436772D93FB4}] -> C:\Program Files\Hewlett-Packard\SimplePass\OmniPassCredProv.dll [2013-09-05] (Softex Inc..)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2017-10-19]
ShortcutTarget: AnyDesk.lnk -> C:\Program Files (x86)\AnyDesk\AnyDesk.exe ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{3A43296F-398F-484C-8CAB-97D3239C97B1}: [DhcpNameServer] 192.168.1.254
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK14/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1
HKU\S-1-5-21-3402127397-1666700131-1220667733-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK14/1
HKU\S-1-5-21-3402127397-1666700131-1220667733-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1
HKU\S-1-5-80-2071893185-1259553690-2876245657-3315290641-2775677888\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK14/1
HKU\S-1-5-80-2071893185-1259553690-2876245657-3315290641-2775677888\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK14/1
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1
URLSearchHook: [S-1-5-80-2071893185-1259553690-2876245657-3315290641-2775677888] ATTENTION => Default URLSearchHook is missing
URLSearchHook: [S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> {A470857E-8C91-4429-AAB2-6BAEEE0A38EB} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-3402127397-1666700131-1220667733-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-80-2071893185-1259553690-2876245657-3315290641-2775677888 -> {A470857E-8C91-4429-AAB2-6BAEEE0A38EB} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-80-2071893185-1259553690-2876245657-3315290641-2775677888 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133 -> {A470857E-8C91-4429-AAB2-6BAEEE0A38EB} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_191\bin\ssv.dll [2018-11-13] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-11-13] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-23] (Hewlett-Packard)
BHO: Kaspersky Protection -> {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\IEExt\ie_plugin.dll [2018-12-31] (AO Kaspersky Lab)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-23] (Hewlett-Packard)
Toolbar: HKLM - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\IEExt\ie_plugin.dll [2018-12-31] (AO Kaspersky Lab)
FireFox:
========
FF DefaultProfile: jlpm3qqu.default-1531942714021
FF ProfilePath: C:\Users\CCTV\AppData\Roaming\Mozilla\Firefox\Profiles\jlpm3qqu.default-1531942714021 [2019-01-08]
FF Session Restore: Mozilla\Firefox\Profiles\jlpm3qqu.default-1531942714021 -> is enabled.
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\FFExt\light_plugin_firefox\addon.xpi [2018-12-31]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-11-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-11-13] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-12] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-12] (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-04] (Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 5 -> C:\Program Files (x86)\PDF Architect 5\np-previewer.dll [2017-07-05] (pdfforge GmbH)
FF Plugin-x32: Web Components -> C:\Program Files (x86)\Web Components\npWebVideoPlugin.dll [No File]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js [2019-01-02] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg [2019-01-02] <==== ATTENTION
Chrome:
=======
CHR Profile: C:\Users\CCTV\AppData\Local\Google\Chrome\User Data\Default [2019-01-08]
CHR Extension: (Presentaciones) - C:\Users\CCTV\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Kaspersky Protection) - C:\Users\CCTV\AppData\Local\Google\Chrome\User Data\Default\Extensions\amkpcclbbgegoafihnpgomddadjhcadd [2019-01-02]
CHR Extension: (Documentos) - C:\Users\CCTV\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\CCTV\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-06-29]
CHR Extension: (YouTube) - C:\Users\CCTV\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-29]
CHR Extension: (Hojas de cálculo) - C:\Users\CCTV\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\CCTV\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-22]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\CCTV\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\CCTV\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-06-29]
CHR Extension: (Chrome Media Router) - C:\Users\CCTV\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-20]
CHR HKLM\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd
CHR HKLM-x32\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
Opera:
=======
OPR StartupUrls: "hxxps://onedrive.live.com/edit.aspx?cid=4c4853d017460cc7&page=view&resid=4C4853D017460CC7!2698&parId=4C4853D017460CC7!107&app=Excel", "hxxp://www.dof.gob.mx/indicadores.php"
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2910696 2018-09-10] (Adobe Systems, Incorporated)
R2 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [1816776 2017-10-19] ()
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-04-27] (Apple Inc.)
R2 AVP19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avp.exe [619640 2018-02-28] (AO Kaspersky Lab)
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-09-05] () [File not signed]
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-08-12] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-08-12] (CyberLink)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-12-31] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-12-31] (Dropbox, Inc.)
R2 DbxSvc; C:\windows\system32\DbxSvc.exe [51024 2018-12-12] (Dropbox, Inc.)
R2 EsgShKernel; C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe [10072880 2018-12-31] (EnigmaSoft Limited)
R2 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [98304 2010-09-17] (Firebird Project) [File not signed]
R3 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [3735552 2010-09-17] (Firebird Project) [File not signed]
R2 igfxCUIService1.0.0.0; C:\windows\system32\igfxCUIService.exe [328296 2018-08-16] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-12] (Intel Corporation)
S3 klvssbridge64_19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\vssbridge64.exe [414352 2018-12-31] (AO Kaspersky Lab)
S2 KMService; C:\windows\SysWOW64\srvany.exe [8192 2017-07-04] () [File not signed]
R2 KSDE3.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe [617016 2018-02-28] (AO Kaspersky Lab)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
R2 MSSQL$ADUANASOFT; C:\Program Files\Microsoft SQL Server\MSSQL11.ADUANASOFT\MSSQL\Binn\sqlservr.exe [194240 2014-05-15] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [370368 2014-02-21] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2013-11-14] (Hewlett-Packard) [File not signed]
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-09-05] (Softex Inc.) [File not signed]
S3 PDF Architect 5; C:\Program Files\PDF Architect 5\ws.exe [2709176 2017-07-05] (pdfforge GmbH)
S3 PDF Architect 5 CrashHandler; C:\Program Files\PDF Architect 5\crash-handler-ws.exe [1051312 2017-07-05] (pdfforge GmbH)
R2 PDF Architect 5 Creator; C:\Program Files\PDF Architect 5\creator-ws.exe [859312 2017-07-05] (pdfforge GmbH)
R2 PDF Architect 5 Manager; C:\Program Files (x86)\PDF Architect 5 Manager\PDF Architect 5\Architect Manager.exe [985848 2017-05-16] (© pdfforge GmbH.)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2013-11-14] (Hewlett-Packard) [File not signed]
R2 PSI_SVC_2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2013-09-13] (arvato digital services llc)
R2 ShMonitor; C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe [537904 2018-12-31] (EnigmaSoft Limited)
S2 SQLAgent$ADUANASOFT; C:\Program Files\Microsoft SQL Server\MSSQL11.ADUANASOFT\MSSQL\Binn\SQLAGENT.EXE [613056 2014-05-15] (Microsoft Corporation)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [613056 2014-02-21] (Microsoft Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [340480 2014-01-05] (IDT, Inc.) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7757552 2018-02-26] (TeamViewer GmbH)
R2 VPNServicio; C:\Program Files (x86)\VPNAspel\VPNServicio.exe [1252880 2016-03-15] (Aspel de México, S.A. de C.V.) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 athr; C:\windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
R2 BdDci; C:\windows\system32\DRIVERS\bddci.sys [357768 2018-08-22] (Bitdefender)
R1 CLVirtualDrive; C:\windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R0 cm_km; C:\windows\System32\DRIVERS\cm_km.sys [243400 2018-01-27] (AO Kaspersky Lab)
S3 dg_ssudbus; C:\windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 edrsensor; C:\windows\System32\DRIVERS\edrsensor.sys [294000 2018-10-09] (BitDefender S.R.L. Bucharest, ROMANIA)
R3 EnigmaFileMonDriver; C:\windows\system32\Drivers\EnigmaFileMonDriver.sys [69432 2019-01-08] (EnigmaSoft Limited)
R0 kl1; C:\windows\System32\DRIVERS\kl1.sys [528576 2018-02-20] (AO Kaspersky Lab)
R0 klbackupdisk; C:\windows\System32\DRIVERS\klbackupdisk.sys [73416 2018-12-12] (AO Kaspersky Lab)
R1 klbackupflt; C:\windows\System32\DRIVERS\klbackupflt.sys [123152 2018-12-12] (AO Kaspersky Lab)
R1 kldisk; C:\windows\system32\DRIVERS\kldisk.sys [89168 2018-12-12] (AO Kaspersky Lab)
S0 klelam; C:\windows\System32\DRIVERS\klelam.sys [29208 2017-03-30] (AO Kaspersky Lab)
R3 klflt; C:\windows\system32\DRIVERS\klflt.sys [219744 2018-12-31] (AO Kaspersky Lab)
R1 KLHK; C:\windows\System32\drivers\klhk.sys [1214752 2018-12-31] (AO Kaspersky Lab)
R1 KLIF; C:\windows\System32\DRIVERS\klif.sys [1113696 2018-12-31] (AO Kaspersky Lab)
R1 klim6; C:\windows\system32\DRIVERS\klim6.sys [57032 2018-02-12] (AO Kaspersky Lab)
R3 klkbdflt; C:\windows\system32\DRIVERS\klkbdflt.sys [58048 2018-01-15] (AO Kaspersky Lab)
R3 klmouflt; C:\windows\system32\DRIVERS\klmouflt.sys [83496 2017-12-11] (AO Kaspersky Lab)
R1 klpd; C:\windows\System32\DRIVERS\klpd.sys [50648 2017-05-30] (AO Kaspersky Lab)
S3 klpnpflt; C:\windows\system32\DRIVERS\klpnpflt.sys [45768 2018-12-12] (AO Kaspersky Lab)
R3 kltap; C:\windows\system32\DRIVERS\kltap.sys [48080 2018-02-12] (The OpenVPN Project)
S4 klwfp; C:\windows\system32\DRIVERS\klwfp.sys [100552 2018-02-17] (AO Kaspersky Lab)
R1 klwtp; C:\windows\system32\DRIVERS\klwtp.sys [176976 2018-12-12] (AO Kaspersky Lab)
R1 kneps; C:\windows\system32\DRIVERS\kneps.sys [203968 2018-02-24] (AO Kaspersky Lab)
R3 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [261032 2019-01-08] (Malwarebytes)
R3 MEIx64; C:\windows\System32\drivers\TeeDriverx64.sys [99288 2013-08-12] (Intel Corporation)
R2 NPF; C:\windows\SysWOW64\drivers\npf64.sys [36600 2014-10-13] (Riverbed Technology, Inc.)
S4 RsFx0201; C:\windows\System32\DRIVERS\RsFx0201.sys [337088 2014-05-15] (Microsoft Corporation)
S4 RsFx0300; C:\windows\System32\DRIVERS\RsFx0300.sys [247488 2014-02-21] (Microsoft Corporation)
R3 SensorsSimulatorDriver; C:\windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
S3 ssudmdm; C:\windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
U5 TMUSB; C:\windows\System32\DRIVERS\TMUSB64.SYS [63096 2015-05-24] (Seiko Epson Corporation)
S3 WdBoot; C:\windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
U1 avgbdisk; no ImagePath
U3 McMPFSvc; no ImagePath
U3 McNaiAnn; no ImagePath
U3 mcpltsvc; no ImagePath
U3 McProxy; no ImagePath
U3 mfecore; no ImagePath
U3 MSK80Service; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-01-08 10:21 - 2019-01-08 10:22 - 000028908 _____ C:\Users\CCTV\Desktop\FRST.txt
2019-01-08 10:20 - 2019-01-08 10:21 - 000000000 ____D C:\FRST
2019-01-08 10:19 - 2019-01-08 10:19 - 000002293 _____ C:\Users\CCTV\Desktop\JRT.txt
2019-01-08 10:16 - 2019-01-08 10:16 - 000004106 _____ C:\Users\CCTV\Desktop\AdwCleaner[C00].txt
2019-01-08 10:09 - 2019-01-08 10:11 - 000000000 ____D C:\AdwCleaner
2019-01-08 09:41 - 2019-01-08 09:41 - 002424832 _____ (Farbar) C:\Users\CCTV\Desktop\FRST64.exe
2019-01-08 09:38 - 2019-01-08 09:38 - 001790024 _____ (Malwarebytes) C:\Users\CCTV\Desktop\JRT.exe
2019-01-08 09:37 - 2019-01-08 09:37 - 007320272 _____ (Malwarebytes) C:\Users\CCTV\Desktop\adwcleaner_7.2.6.0.exe
2019-01-08 08:54 - 2019-01-08 08:54 - 000041129 _____ C:\Users\CCTV\Desktop\Copy of F-PRDN-001 Bitacora de clasificacion (2).pdf
2019-01-07 17:34 - 2019-01-07 17:34 - 000205560 ____T C:\Users\CCTV\Desktop\IMG_3339-07-01-19-05-36.jpeg
2019-01-07 17:25 - 2019-01-07 17:26 - 009096372 _____ C:\Users\CCTV\Downloads\Protocolizacion de Acta IEM 2017-compressed.pdf
2019-01-07 10:17 - 2019-01-07 10:17 - 000001638 _____ C:\Users\CCTV\Downloads\gads590724tb9.cer.id-ACC234ED.[[email protected]].adobe
2019-01-07 08:07 - 2019-01-07 08:09 - 000002794 _____ C:\RakhniDecryptor.1.21.26.1_07.01.2019_08.07.52_log.txt
2019-01-07 08:06 - 2019-01-07 08:07 - 000002658 _____ C:\RakhniDecryptor.1.21.26.1_07.01.2019_08.06.42_log.txt
2019-01-05 12:48 - 2019-01-05 12:48 - 000011521 _____ C:\Users\CCTV\Documents\calendario respaldos 2019.xlsx
2019-01-05 12:44 - 2019-01-05 12:45 - 000000793 _____ C:\Users\CCTV\Desktop\scaii.ini.lnk
2019-01-05 12:32 - 2019-01-05 12:33 - 000001216 _____ C:\Users\CCTV\Desktop\Anexo31.exe.lnk
2019-01-05 12:30 - 2019-01-05 12:31 - 000001227 _____ C:\Users\CCTV\Desktop\ScaiiSQL.exe.lnk
2019-01-05 12:29 - 2019-01-05 12:29 - 000000000 ____D C:\Aduanasoft
2019-01-04 17:53 - 2019-01-04 17:53 - 000000000 ____D C:\Program Files (x86)\Aduanasoft
2019-01-04 17:21 - 2019-01-04 17:21 - 000000000 ____D C:\Users\CCTV\AppData\Roaming\www.shadowexplorer.com
2019-01-04 15:43 - 2019-01-04 17:56 - 004830582 _____ C:\Users\CCTV\Desktop\Copia_de_seguridad_de_joel perez nva.cdr
2019-01-04 15:43 - 2018-11-20 20:47 - 004830988 _____ C:\Users\CCTV\Desktop\Copia_de_seguridad_de_Copia_de_seguridad_de_joel perez nva.cdr
2019-01-04 03:09 - 2019-01-08 10:14 - 000261032 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamswissarmy.sys
2019-01-03 17:18 - 2019-01-03 17:18 - 000614980 _____ C:\Users\CCTV\Desktop\CBP Form 434 2019.pdf
2019-01-03 09:44 - 2019-01-03 09:44 - 000454669 _____ C:\Users\CCTV\Desktop\piasa pedido aceite 2019.pdf
2019-01-03 09:43 - 2019-01-03 09:43 - 000472311 _____ C:\Users\CCTV\Desktop\piasa pedido aceite 2019.cdr
2019-01-02 15:32 - 2019-01-02 15:33 - 000000000 _RSHD C:\ProgramData\Key-Base
2019-01-02 15:32 - 2019-01-02 15:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stellar Data Recovery Professional
2019-01-02 15:32 - 2019-01-02 15:32 - 000000000 ____D C:\ProgramData\{B88A1C51-1A9E-B0ED-662C-6E173CC866DE}
2019-01-02 15:32 - 2019-01-02 15:32 - 000000000 ____D C:\Program Files (x86)\Stellar Data Recovery Professional
2019-01-02 15:30 - 2019-01-02 15:30 - 015370584 _____ (Stellar Information Technology Pvt Ltd. ) C:\Users\CCTV\Desktop\StellarPhoenixWindowsDataRecovery-Professional.exe
2019-01-02 15:25 - 2019-01-02 15:25 - 000002680 _____ C:\RakhniDecryptor.1.21.26.1_02.01.2019_15.25.00_log.txt
2019-01-02 14:53 - 2019-01-02 14:54 - 000003498 _____ C:\RakhniDecryptor.1.21.26.1_02.01.2019_14.53.12_log.txt
2019-01-02 14:52 - 2019-01-02 15:24 - 000000000 ____D C:\Users\CCTV\Downloads\RakhniDecryptor
2019-01-02 14:50 - 2019-01-02 14:51 - 005341830 _____ C:\Users\CCTV\Downloads\RakhniDecryptor.zip
2019-01-02 12:17 - 2019-01-02 12:17 - 000241547 _____ C:\Users\CCTV\Desktop\OP ENERO.pdf
2019-01-02 10:23 - 2019-01-02 10:23 - 000086878 _____ C:\Users\CCTV\Downloads\4413354193.zip
2018-12-31 15:42 - 2018-12-31 15:42 - 000000000 ____D C:\Users\CCTV\Documents\PDF Architect
2018-12-31 13:27 - 2018-12-31 13:27 - 000003032 _____ C:\windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2018-12-31 13:27 - 2018-12-31 13:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection
2018-12-31 13:27 - 2018-12-31 13:27 - 000000000 ____D C:\Program Files\Common Files\AV
2018-12-31 13:26 - 2018-12-31 13:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Free
2018-12-31 13:26 - 2013-05-06 08:13 - 000110176 _____ (Kaspersky Lab ZAO) C:\windows\system32\klfphc.dll
2018-12-31 13:25 - 2019-01-08 10:17 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2018-12-31 13:25 - 2018-12-31 13:27 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2018-12-31 13:25 - 2018-12-31 13:25 - 001214752 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klhk.sys
2018-12-31 13:25 - 2018-12-31 13:25 - 001113696 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klif.sys
2018-12-31 13:25 - 2018-12-31 13:25 - 000219744 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klflt.sys
2018-12-31 13:25 - 2018-12-31 13:25 - 000152960 _____ (AO Kaspersky Lab) C:\windows\system32\klhkum.dll
2018-12-31 13:20 - 2018-12-31 13:20 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2018-12-31 13:19 - 2018-12-31 13:19 - 000025886 _____ C:\ProgramData\agent.uninstall.1546287575.bdinstall.bin
2018-12-31 13:17 - 2018-12-31 13:17 - 000034597 _____ C:\ProgramData\agent.update.1546287412.bdinstall.bin
2018-12-31 12:54 - 2018-12-31 12:54 - 000000000 ____D C:\ProgramData\Bitdefender
2018-12-31 12:54 - 2018-10-09 14:07 - 000294000 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\windows\system32\Drivers\edrsensor.sys
2018-12-31 12:53 - 2018-10-04 22:40 - 000359584 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\windows\system32\Drivers\Gemma.sys
2018-12-31 12:53 - 2018-08-22 11:43 - 000357768 _____ (Bitdefender) C:\windows\system32\Drivers\bddci.sys
2018-12-31 12:53 - 2018-06-05 03:32 - 001292296 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\windows\system32\Drivers\atc.sys
2018-12-31 12:50 - 2018-12-31 12:50 - 000000000 ____D C:\Users\CCTV\AppData\Roaming\QuickScan
2018-12-31 12:28 - 2018-12-31 12:28 - 000104148 _____ C:\ProgramData\agent.1546284511.bdinstall.v2.bin
2018-12-31 12:28 - 2018-12-31 12:28 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2018-12-31 11:33 - 2019-01-08 10:14 - 000069432 _____ (EnigmaSoft Limited) C:\windows\system32\Drivers\EnigmaFileMonDriver.sys
2018-12-31 11:33 - 2019-01-02 15:24 - 000000000 ____D C:\ProgramData\EnigmaSoft Limited
2018-12-31 11:33 - 2018-12-31 11:33 - 000000000 ____D C:\sh5ldr
2018-12-31 11:33 - 2018-12-31 11:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnigmaSoft
2018-12-31 11:32 - 2018-12-31 11:32 - 000000000 ____D C:\Program Files\EnigmaSoft
2018-12-31 09:58 - 2018-12-31 09:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-12-31 09:56 - 2018-12-31 09:56 - 000000000 ____D C:\Users\CCTV\AppData\Roaming\Dropbox
2018-12-31 09:55 - 2019-01-08 10:14 - 000000962 _____ C:\windows\Tasks\DropboxUpdateTaskMachineCore.job
2018-12-31 09:55 - 2019-01-08 10:00 - 000000966 _____ C:\windows\Tasks\DropboxUpdateTaskMachineUA.job
2018-12-31 09:55 - 2018-12-31 09:58 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-12-31 09:55 - 2018-12-31 09:55 - 000003938 _____ C:\windows\System32\Tasks\DropboxUpdateTaskMachineUA
2018-12-31 09:55 - 2018-12-31 09:55 - 000003702 _____ C:\windows\System32\Tasks\DropboxUpdateTaskMachineCore
2018-12-31 09:55 - 2018-12-31 09:55 - 000000000 ____D C:\ProgramData\Dropbox
2018-12-31 08:31 - 2018-12-31 09:08 - 000000000 ____D C:\Users\CCTV\Downloads\Vector-2019-Calendar-Design
2018-12-31 08:30 - 2018-12-31 08:30 - 002144500 _____ C:\Users\CCTV\Downloads\Vector-2019-Calendar-Design.zip
2018-12-28 15:36 - 2019-01-04 03:08 - 000152688 _____ (Malwarebytes) C:\windows\system32\Drivers\mbae64.sys
2018-12-28 15:36 - 2018-12-28 15:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-12-28 15:36 - 2018-12-28 15:36 - 000000000 ____D C:\Program Files\Malwarebytes
2018-12-28 13:20 - 2018-12-28 13:20 - 000000000 ____D C:\Users\CCTV\AppData\Local\mbamtray
2018-12-28 13:20 - 2018-12-28 13:20 - 000000000 ____D C:\Users\CCTV\AppData\Local\mbam
2018-12-28 13:20 - 2018-12-28 13:20 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-12-28 13:08 - 2018-12-31 13:20 - 000000000 ____D C:\Program Files (x86)\AVG
2018-12-28 13:04 - 2018-12-31 13:20 - 000000000 ____D C:\Users\CCTV\AppData\Local\Avg
2018-12-28 13:03 - 2018-12-28 13:03 - 000000000 ____D C:\windows\System32\Tasks\AVG
2018-12-28 13:01 - 2018-12-28 13:01 - 000000000 ____D C:\Program Files\Common Files\AVG
2018-12-28 12:59 - 2018-12-31 13:20 - 000000000 ____D C:\ProgramData\AVG
2018-12-28 11:55 - 2018-12-28 11:55 - 000074384 _____ C:\Users\CCTV\Documents\ventas
2018-12-27 10:39 - 2019-01-08 09:47 - 000000000 ____D C:\Users\CCTV\87315462BUxsrtdQavkH
2018-12-27 10:39 - 2018-12-27 10:39 - 000003350 _____ C:\windows\System32\Tasks\BtxlqHcPWiu
2018-12-27 10:36 - 2018-12-27 10:39 - 000000000 ____D C:\Users\CCTV\86172zIsJoFWlc
2018-12-27 10:35 - 2018-12-27 10:36 - 014675346 _____ C:\Users\CCTV\Downloads\AntiRansom (1).zip
2018-12-26 16:45 - 2017-08-31 11:43 - 000070480 _____ C:\windows\system32\Drivers\gpt_loader.sys
2018-12-26 16:45 - 2017-08-31 11:43 - 000057488 _____ (Paragon Software Group) C:\windows\system32\Drivers\mounthlp.sys
2018-12-26 16:45 - 2017-08-31 11:43 - 000037200 _____ (Paragon Software Group) C:\windows\system32\Drivers\csvol.sys
2018-12-26 10:58 - 2018-12-26 10:58 - 028896382 _____ C:\Users\CCTV\Downloads\Spyware.Doctor.v6.1.0.448.Multilenguaje.Incl.Serial.rar
2018-12-21 16:23 - 2018-12-22 12:41 - 000028920 _____ C:\Users\CCTV\Downloads\calendario-2019-una-pagina (1).xlsx
2018-12-21 16:22 - 2018-12-21 16:22 - 000023403 _____ C:\Users\CCTV\Downloads\calendario-2019-una-pagina.xlsx
2018-12-21 15:58 - 2018-12-21 15:58 - 000054484 _____ C:\Users\CCTV\Downloads\Joost-Bold.ttf
2018-12-21 15:58 - 2018-12-21 15:58 - 000049584 _____ C:\Users\CCTV\Downloads\Joost-Medium.otf
2018-12-21 15:58 - 2018-12-21 15:58 - 000048420 _____ C:\Users\CCTV\Downloads\Joost-Bold.otf
2018-12-21 15:54 - 2018-12-21 15:54 - 000000000 ____D C:\Users\CCTV\Downloads\bold_testament
2018-12-21 15:53 - 2018-12-21 15:53 - 000007828 _____ C:\Users\CCTV\Downloads\bold_testament.zip
2018-12-20 13:53 - 2019-01-08 10:05 - 000000000 ____D C:\Users\CCTV\51397QwqgmfoZdFyz
2018-12-20 13:53 - 2018-12-20 13:53 - 000003370 _____ C:\windows\System32\Tasks\mKyRYNBvEgnzCsLoh
2018-12-20 13:48 - 2018-12-20 13:53 - 000000000 ____D C:\Users\CCTV\942810657wfFGQPVSkrs
2018-12-20 13:45 - 2019-01-08 10:04 - 000000000 ____D C:\Users\CCTV\098751zMxKHBngusLdFqTcPO
2018-12-20 13:45 - 2018-12-20 13:45 - 000003362 _____ C:\windows\System32\Tasks\QwVITnEy
2018-12-20 13:41 - 2018-12-20 13:45 - 000000000 ____D C:\Users\CCTV\78509YhNcZgmKdQCJO
2018-12-20 13:41 - 2018-12-20 13:41 - 000000000 ____D C:\Users\CCTV\Downloads\AntiRansom
2018-12-20 13:40 - 2018-12-20 13:40 - 014675346 _____ C:\Users\CCTV\Downloads\AntiRansom.zip
2018-12-18 11:07 - 2018-12-18 11:07 - 000036776 _____ C:\Users\CCTV\Downloads\7915370-18122018-1208-201811-222-2015.zip
2018-12-18 10:31 - 2018-12-18 10:31 - 000052544 _____ C:\Users\CCTV\Downloads\emim_cuest_7915370_201810.zip
2018-12-17 09:14 - 2018-12-17 09:14 - 007312411 _____ C:\Users\CCTV\Downloads\TRW.rar
2018-12-17 09:13 - 2018-12-17 09:13 - 001143497 _____ C:\Users\CCTV\Downloads\140810.pdf
2018-12-17 09:12 - 2018-12-17 09:12 - 001097206 _____ C:\Users\CCTV\Downloads\140724.pdf
2018-12-17 09:12 - 2018-12-17 09:12 - 001004995 _____ C:\Users\CCTV\Downloads\140962.pdf
2018-12-17 09:12 - 2018-12-17 09:12 - 000741460 _____ C:\Users\CCTV\Downloads\140918.pdf
2018-12-17 09:12 - 2018-12-17 09:12 - 000607929 _____ C:\Users\CCTV\Downloads\141159.pdf
2018-12-17 09:12 - 2018-12-17 09:12 - 000520241 _____ C:\Users\CCTV\Downloads\140354.pdf
2018-12-17 09:12 - 2018-12-17 09:12 - 000467877 _____ C:\Users\CCTV\Downloads\141212.pdf
2018-12-17 09:12 - 2018-12-17 09:12 - 000267945 _____ C:\Users\CCTV\Downloads\141073.pdf
2018-12-17 09:11 - 2018-12-17 09:11 - 000534387 _____ C:\Users\CCTV\Downloads\139893.pdf
2018-12-17 09:04 - 2018-12-17 09:04 - 000928543 _____ C:\Users\CCTV\Downloads\140039.pdf
2018-12-17 09:02 - 2018-12-17 09:02 - 000742824 _____ C:\Users\CCTV\Downloads\139788.pdf
2018-12-13 16:27 - 2018-12-21 17:40 - 000037437 _____ C:\Users\CCTV\Desktop\Copia de INFORMACION FACTURAS MARLENE.xlsx
2018-12-12 22:12 - 2018-12-12 22:12 - 000051024 _____ (Dropbox, Inc.) C:\windows\system32\DbxSvc.exe
2018-12-12 22:12 - 2018-12-12 22:12 - 000047800 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-stable.sys
2018-12-12 22:12 - 2018-12-12 22:12 - 000047800 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-dev.sys
2018-12-12 22:12 - 2018-12-12 22:12 - 000047800 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-canary.sys
2018-12-12 16:24 - 2018-12-12 16:24 - 000618075 _____ C:\Users\CCTV\Documents\LICENCIA.pdf
2018-12-12 01:43 - 2018-12-12 01:43 - 000176976 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klwtp.sys
2018-12-12 01:43 - 2018-12-12 01:43 - 000123152 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klbackupflt.sys
2018-12-12 01:43 - 2018-12-12 01:43 - 000089168 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\kldisk.sys
2018-12-12 01:43 - 2018-12-12 01:43 - 000073416 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klbackupdisk.sys
2018-12-12 01:43 - 2018-12-12 01:43 - 000045768 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klpnpflt.sys
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-01-08 10:22 - 2018-09-06 07:07 - 000004128 _____ C:\windows\System32\Tasks\CCleaner Update
2019-01-08 10:20 - 2017-07-06 12:46 - 000965310 _____ C:\windows\system32\perfh00A.dat
2019-01-08 10:20 - 2017-07-06 12:46 - 000247310 _____ C:\windows\system32\perfc00A.dat
2019-01-08 10:20 - 2013-08-24 14:38 - 002376760 _____ C:\windows\system32\PerfStringBackup.INI
2019-01-08 10:20 - 2013-08-22 06:36 - 000000000 ____D C:\windows\Inf
2019-01-08 10:19 - 2014-01-22 17:17 - 000003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3402127397-1666700131-1220667733-1001
2019-01-08 10:17 - 2017-07-06 16:49 - 000000000 ____D C:\Users\CCTV\AppData\Roaming\Lavasoft
2019-01-08 10:17 - 2017-07-06 16:49 - 000000000 ____D C:\ProgramData\Lavasoft
2019-01-08 10:17 - 2017-07-06 16:49 - 000000000 ____D C:\Program Files (x86)\Lavasoft
2019-01-08 10:16 - 2017-07-10 08:18 - 000000000 ___RD C:\Users\CCTV\Dropbox
2019-01-08 10:13 - 2013-08-22 07:45 - 000000006 ____H C:\windows\Tasks\SA.DAT
2019-01-08 10:11 - 2017-07-06 16:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2019-01-08 10:11 - 2016-07-07 11:59 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2019-01-08 09:53 - 2013-08-22 06:25 - 000262144 ___SH C:\windows\system32\config\BBI
2019-01-08 09:52 - 2014-01-22 17:11 - 000000000 ____D C:\Users\CCTV
2019-01-08 09:43 - 2014-02-11 05:01 - 000000000 ____D C:\windows\Minidump
2019-01-08 09:42 - 2018-08-09 07:43 - 000000000 ____D C:\Users\CCTV\AppData\Local\Spotify
2019-01-08 09:41 - 2017-07-07 06:57 - 000000000 ____D C:\Users\CCTV\Documents\Archivos de outlook
2019-01-08 09:13 - 2018-08-09 07:42 - 000000000 ____D C:\Users\CCTV\AppData\Roaming\Spotify
2019-01-08 08:14 - 2018-01-29 14:44 - 000000000 ____D C:\Users\CCTV\AppData\LocalLow\Mozilla
2019-01-08 07:42 - 2014-01-28 11:58 - 000003782 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{DCDAAB11-70C3-411B-B9A3-E68C0B4EF32E}
2019-01-07 17:57 - 2017-07-07 08:23 - 000000000 ____D C:\Users\CCTV\Desktop\CITLALI
2019-01-07 13:52 - 2018-04-14 09:14 - 000003160 _____ C:\windows\System32\Tasks\HPCeeScheduleForCCTV
2019-01-07 13:52 - 2018-04-14 09:14 - 000000348 _____ C:\windows\Tasks\HPCeeScheduleForCCTV.job
2019-01-07 08:02 - 2018-09-13 08:23 - 000000000 ___RD C:\Users\CCTV\Desktop\SALVAVIDAS
2019-01-07 07:51 - 2018-07-17 09:45 - 000000000 ____D C:\Users\CCTV\AppData\Local\CrashDumps
2019-01-05 09:18 - 2018-01-22 11:46 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-01-04 17:22 - 2017-07-06 08:34 - 000000000 ____D C:\Users\CCTV\Desktop\Aduanasoft
2019-01-04 10:09 - 2018-08-28 08:22 - 000000000 ____D C:\Users\CCTV\Desktop\CP EMPAQUES
2019-01-03 17:57 - 2018-02-27 08:42 - 000000000 ___RD C:\Users\CCTV\Desktop\BONOS
2019-01-03 17:47 - 2017-07-10 09:24 - 003125638 _____ C:\Users\CCTV\Desktop\Caratulas paqueteria.cdr
2019-01-03 17:02 - 2017-07-07 09:45 - 000000000 ____D C:\Users\CCTV\Desktop\IMMEX
2019-01-03 11:47 - 2018-08-01 11:47 - 000000000 ____D C:\Users\CCTV\Desktop\Honeywell
2019-01-02 12:01 - 2017-07-07 11:17 - 000000000 ____D C:\Users\CCTV\Desktop\IEM
2019-01-02 11:54 - 2018-01-29 10:21 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-12-31 13:26 - 2013-08-22 06:25 - 000262144 ___SH C:\windows\system32\config\ELAM
2018-12-31 13:25 - 2013-08-22 08:36 - 000000000 ___HD C:\windows\ELAMBKUP
2018-12-31 12:43 - 2018-06-13 09:39 - 000000000 _____ C:\windows\SysWOW64\last.dump
2018-12-31 10:14 - 2017-07-10 08:15 - 000000000 ____D C:\Users\CCTV\AppData\Local\Dropbox
2018-12-31 09:58 - 2018-10-11 12:03 - 000000000 ____D C:\Users\CCTV\Desktop\PECAS
2018-12-31 08:08 - 2018-03-26 07:44 - 000000000 ____D C:\Users\CCTV\AppData\Local\AVAST Software
2018-12-28 17:46 - 2014-01-22 17:11 - 000000000 ____D C:\Users\CCTV\AppData\Local\Packages
2018-12-28 17:46 - 2013-08-22 08:36 - 000000000 ___HD C:\Program Files\WindowsApps
2018-12-28 17:46 - 2013-08-22 08:36 - 000000000 ____D C:\windows\AppReadiness
2018-12-28 17:30 - 2017-07-19 12:25 - 000000000 ____D C:\Program Files\Opera
2018-12-28 15:28 - 2017-08-31 11:43 - 000000000 ____D C:\ProgramData\AVAST Software
2018-12-28 13:48 - 2017-04-27 11:50 - 000000000 ____D C:\Util
2018-12-28 12:07 - 2017-07-07 08:41 - 000000000 ____D C:\Users\CCTV\Desktop\Clientes
2018-12-27 13:13 - 2018-11-03 12:33 - 000000000 ____D C:\ProgramData\VPNAspel
2018-12-27 13:13 - 2018-01-29 10:21 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-12-27 13:13 - 2017-08-04 10:00 - 000000000 ____D C:\Program Files (x86)\SamsungPrinterLiveUpdateInstaller
2018-12-27 13:13 - 2017-07-04 15:51 - 000000000 ____D C:\ProgramData\Protexis
2018-12-27 13:13 - 2017-07-01 10:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-12-27 13:13 - 2014-12-04 13:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2018-12-27 13:13 - 2013-12-06 03:19 - 000000000 ____D C:\Program Files (x86)\HPConnectedMusic
2018-12-27 13:13 - 2013-12-06 03:16 - 000000000 ____D C:\Program Files\IDT
2018-12-27 13:12 - 2018-11-13 09:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2018-12-27 13:12 - 2018-11-13 09:34 - 000000000 ____D C:\Program Files\iPod
2018-12-27 13:12 - 2018-11-13 09:33 - 000000000 ____D C:\Program Files\iTunes
2018-12-27 13:12 - 2018-07-23 08:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2018-12-27 13:12 - 2018-04-26 06:55 - 000000000 ___RD C:\Users\CCTV\iCloudDrive
2018-12-27 13:12 - 2018-01-29 10:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-12-27 13:12 - 2017-07-19 14:25 - 000000000 ____D C:\Program Files\CCleaner
2018-12-27 13:12 - 2017-07-04 15:03 - 000000000 ____D C:\Users\CCTV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-12-27 13:12 - 2017-07-04 15:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-12-27 13:12 - 2017-07-01 10:54 - 000000000 ____D C:\Program Files\WinRAR
2018-12-27 13:12 - 2014-12-16 15:55 - 000000000 ____D C:\windows\system32\appraiser
2018-12-27 13:12 - 2013-08-22 08:36 - 000000000 __RSD C:\windows\Media
2018-12-27 13:12 - 2013-08-22 08:36 - 000000000 ____D C:\windows\PolicyDefinitions
2018-12-27 13:12 - 2013-08-22 08:36 - 000000000 ____D C:\windows\ADFS
2018-12-27 13:11 - 2013-08-22 08:36 - 000000000 ___RD C:\windows\ToastData
2018-12-27 13:11 - 2013-08-22 08:36 - 000000000 ____D C:\windows\SysWOW64\Macromed
2018-12-27 13:11 - 2013-08-22 08:36 - 000000000 ____D C:\windows\system32\Macromed
2018-12-27 13:11 - 2013-08-22 06:36 - 000000000 ____D C:\windows\system32\Sysprep
2018-12-27 13:03 - 2013-08-22 08:36 - 000000000 ____D C:\windows\registration
2018-12-27 11:38 - 2017-06-29 16:29 - 000000000 ____D C:\Users\CCTV\AppData\Local\Deployment
2018-12-27 11:36 - 2013-12-06 03:18 - 000000000 ____D C:\ProgramData\Temp
2018-12-26 17:45 - 2018-04-11 07:40 - 000000000 ____D C:\Users\CCTV\AppData\Roaming\Apple Computer
2018-12-26 17:45 - 2018-04-11 07:30 - 000000000 ____D C:\Program Files\Common Files\Apple
2018-12-26 16:46 - 2014-02-24 18:07 - 000211322 ____H C:\Users\CCTV\AppData\Local\IconCache.db.backup
2018-12-26 13:41 - 2017-07-19 12:25 - 000003840 _____ C:\windows\System32\Tasks\Opera scheduled Autoupdate 1500492328
2018-12-26 13:41 - 2017-07-19 12:25 - 000001028 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navegador Opera.lnk
2018-12-26 11:25 - 2016-07-07 11:59 - 000000000 ____D C:\Users\CCTV\AppData\Roaming\TeamViewer
2018-12-21 21:27 - 2013-08-22 07:44 - 005277264 _____ C:\windows\system32\FNTCACHE.DAT
2018-12-20 08:13 - 2013-08-22 08:20 - 000000000 ____D C:\windows\CbsTemp
2018-12-19 07:55 - 2017-06-29 16:29 - 000003332 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-12-19 07:55 - 2017-06-29 16:29 - 000003204 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-12-17 17:56 - 2017-06-29 16:30 - 000002249 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-12-17 15:11 - 2018-10-05 11:02 - 000000000 ____D C:\Users\CCTV\Desktop\DANHIL
2018-12-15 12:31 - 2018-01-29 10:21 - 000000955 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
==================== Files in the root of some directories =======
2017-09-02 11:07 - 2017-09-02 11:07 - 000000132 _____ () C:\Users\CCTV\AppData\Roaming\Adobe PNG Format CS5 Prefs
2018-09-27 07:02 - 2018-09-27 07:02 - 000000000 _____ () C:\Users\CCTV\AppData\Local\oobelibMkey.log
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-05-18 21:44
==================== End of FRST.txt ============================