FRST
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09.03.2019 01
Ran by Admin (administrator) on ADMIN-PC (09-03-2019 15:35:18)
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin & (Available Profiles: Admin & Invitado)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(BlueStack Systems, Inc. -> BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe
(Safer Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) [File not signed] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) [File not signed] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Safer Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\egui.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [177928 2018-11-29] (ESET, spol. s r.o. -> ESET)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer Networking Ltd. -> Safer-Networking Ltd.)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03092019153309492\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-21-1020017746-2564302019-409182911-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) [File not signed]
HKU\S-1-5-21-1020017746-2564302019-409182911-1000\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [53540200 2019-02-21] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-1020017746-2564302019-409182911-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19646312 2019-02-12] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-1020017746-2564302019-409182911-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03092019153309960\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) [File not signed]
HKU\S-1-5-21-1020017746-2564302019-409182911-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03092019153309960\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [53540200 2019-02-21] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-1020017746-2564302019-409182911-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03092019153309960\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19646312 2019-02-12] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.121\Installer\chrmstp.exe [2019-03-06] (Google LLC -> Google Inc.)
GroupPolicy: Restriction ? <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: [S-1-5-21-1020017746-2564302019-409182911-1000] => 178.128.178.93:8080
ProxyServer: [S-1-5-21-1020017746-2564302019-409182911-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03092019153309960] => 178.128.178.93:8080
Hosts: 127.0.0.1 platform.wondershare.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{3D0CBD89-4285-4391-9FFF-890CF6E392CC}: [DhcpNameServer] 192.168.1.254 0.0.0.0
Tcpip\..\Interfaces\{912499E2-1079-4136-B3AA-14489ABD953A}: [DhcpNameServer] 192.168.1.254 0.0.0.0
Tcpip\..\Interfaces\{96A6B9BC-83EF-4E60-B040-5A613903BD79}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{B8AE8C2B-CA46-467B-9837-34226B2C5A26}: [NameServer] 208.67.222.222,209.67.220.220
Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2018-09-15] (Microsoft Corporation -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-07-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2018-09-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-02] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-07-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-02] (Oracle America, Inc. -> Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2018-03-14] (Microsoft Corporation -> Microsoft Corporation)
FireFox:
========
FF DefaultProfile: ssfk7292.default-1533535281217
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ssfk7292.default-1533535281217 [2019-03-09]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-08-24] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-09-15] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-01-06] (Google Inc -> Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-01-06] (Google Inc -> Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-01-31] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-08-24] (Adobe Systems Incorporated -> Adobe Systems)
Chrome:
=======
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default [2019-03-09]
CHR Extension: (Video Scrubber for Instagram) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apondjajmejlodhkaenofcicoiiekghf [2019-02-28]
CHR Extension: (Full Page Screen Capture) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2019-03-06]
CHR Extension: (WordPress Theme Detector and Plugins Detector) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdflfokckhmchfpokjmpcoblghjngjja [2019-02-28]
CHR Extension: (Image blocker) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkhbghdfcdepfhgeklhdhlmdldiiaajp [2019-01-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-01-06]
CHR Extension: (Chrome Media Router) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-13]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-08-24] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2917864 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2709480 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
S3 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [445976 2016-08-11] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [425496 2016-08-11] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [462360 2016-08-11] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2302160 2018-11-29] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [2302160 2018-11-29] (ESET, spol. s r.o. -> ESET)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer Networking Ltd. -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd. -> Safer-Networking Ltd.) [File not signed]
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd. -> Safer-Networking Ltd.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Windows -> Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 Atc002; C:\Windows\System32\DRIVERS\l260x64.sys [34304 2009-06-10] (Microsoft Windows -> Atheros Communications, Inc.)
S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2016-08-11] (Bluestack Systems, Inc. -> BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [307768 2016-07-28] (Bluestack Systems, Inc. -> Bluestack System Inc. )
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [143448 2018-11-29] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [107896 2018-11-29] (ESET, spol. s r.o. -> ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [188832 2018-10-17] (ESET, spol. s r.o. -> ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [50144 2018-10-17] (ESET, spol. s r.o. -> ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [82304 2018-10-17] (ESET, spol. s r.o. -> ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [61528 2018-10-17] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [109864 2018-10-17] (ESET, spol. s r.o. -> ESET)
R3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [6180832 2009-09-23] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [274416 2019-03-09] (Malwarebytes Corporation -> Malwarebytes)
R2 PHYMEM; C:\Windows\system32\ami_ipower.sys [15992 2016-09-28] (American Megatrends India Private Limited -> )
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security S.L. -> Panda Security, S.L.)
S3 RD9700; C:\Windows\System32\DRIVERS\RD9700.sys [21504 2012-01-04] (Microsoft Windows Hardware Compatibility Publisher -> Corechip Semiconductor, Inc. Co Ltd.)
S3 tap-tb-0901; C:\Windows\System32\DRIVERS\tap-tb-0901.sys [38656 2016-09-21] (TunnelBear, Inc. -> The OpenVPN Project)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [36040 2015-09-11] (SaferSocial Ltd -> The OpenVPN Project)
S3 tap0901_openvpn_accl; C:\Windows\System32\DRIVERS\tap0901_openvpn_accl.sys [37912 2016-09-12] (FlyVPN INC -> The OpenVPN Project)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-03-09 15:35 - 2019-03-09 15:40 - 000016553 _____ C:\Users\Admin\Desktop\FRST.txt
2019-03-09 15:25 - 2019-03-09 15:25 - 000000000 ____D C:\FRST
2019-03-09 14:52 - 2019-03-09 14:52 - 000005170 _____ C:\Users\Admin\Desktop\JRT.txt
2019-03-09 13:56 - 2019-03-09 15:32 - 000274416 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-03-09 13:52 - 2019-03-09 13:53 - 000000000 ____D C:\AdwCleaner
2019-03-09 13:45 - 2019-03-09 13:45 - 000001879 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-03-09 13:45 - 2019-03-09 13:45 - 000001879 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2019-03-09 13:45 - 2019-03-09 13:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-03-09 13:45 - 2019-03-09 13:45 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-03-09 13:45 - 2019-03-09 13:45 - 000000000 ____D C:\Program Files\Malwarebytes
2019-03-09 13:45 - 2019-01-08 15:32 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-03-09 13:41 - 2019-03-09 15:05 - 000004128 _____ C:\Windows\System32\Tasks\CCleaner Update
2019-03-09 12:11 - 2019-03-09 12:11 - 007316688 _____ (Malwarebytes) C:\Users\Admin\Desktop\adwcleaner_7.2.7.0.exe
2019-03-09 12:01 - 2019-03-09 12:04 - 002434560 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2019-03-09 11:58 - 2019-03-09 11:58 - 001790024 _____ (Malwarebytes) C:\Users\Admin\Desktop\JRT.exe
2019-03-09 11:56 - 2019-03-09 11:58 - 064296368 _____ (Malwarebytes ) C:\Users\Admin\Desktop\mb3-setup-consumer-3.7.1.2839-1.0.538-1.0.9594.exe
2019-03-09 11:49 - 2019-03-09 11:57 - 019384632 _____ (Piriform Software Ltd) C:\Users\Admin\Desktop\ccsetup553.exe
2019-03-07 23:04 - 2019-03-07 23:08 - 000002018 _____ C:\Users\Admin\Desktop\Rkill.txt
2019-03-07 14:38 - 2019-03-07 14:39 - 000000424 __RSH C:\ProgramData\ntuser.pol
2019-03-07 14:10 - 2019-03-07 14:14 - 1846108748 _____ C:\Users\Invitado\Desktop\boda misa y deysi.zip
2019-03-07 14:01 - 2019-03-07 14:01 - 000002561 _____ C:\Windows\diagwrn.xml
2019-03-07 14:01 - 2019-03-07 14:01 - 000001908 _____ C:\Windows\diagerr.xml
2019-03-07 12:02 - 2019-03-07 12:02 - 000000000 ____D C:\ProgramData\Mozilla
2019-03-06 20:14 - 2019-03-06 20:14 - 000000000 ____D C:\Users\Invitado\AppData\Local\ESET
2019-03-05 23:36 - 2019-03-05 23:36 - 000000000 ____D C:\Users\Admin\Downloads\Youtube Advanced Masterclass 2019
2019-03-05 14:13 - 2019-03-05 14:13 - 000030496 _____ C:\Users\Admin\Desktop\relojes.mp4.sfk
2019-03-05 00:15 - 2019-03-07 23:35 - 000000000 ____D C:\Users\Admin\AppData\Local\ESET
2019-03-05 00:15 - 2019-03-05 00:15 - 000001951 _____ C:\Users\Public\Desktop\ESET Protección de pagos y banca online.lnk
2019-03-05 00:15 - 2019-03-05 00:15 - 000001951 _____ C:\ProgramData\Desktop\ESET Protección de pagos y banca online.lnk
2019-03-05 00:08 - 2019-03-05 00:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2019-03-05 00:08 - 2019-03-05 00:08 - 000000000 ____D C:\ProgramData\ESET
2019-03-05 00:08 - 2019-03-05 00:08 - 000000000 ____D C:\Program Files\ESET
2019-02-28 22:25 - 2019-02-28 22:25 - 000000000 __SHD C:\found.004
2019-02-27 08:52 - 2015-09-14 13:03 - 000039672 _____ C:\Windows\system32\Drivers\DasPtct.SYS
2019-02-27 08:52 - 2015-01-29 18:21 - 000050320 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2019-02-27 08:51 - 2019-02-27 08:51 - 000000000 ____D C:\Program Files (x86)\Panda Security
2019-02-20 13:07 - 2019-02-20 13:07 - 000000218 _____ C:\Users\Admin\AppData\Local\recently-used.xbel
2019-02-19 09:42 - 2019-03-04 22:33 - 000001324 _____ C:\Users\Public\Desktop\Skype.lnk
2019-02-19 09:42 - 2019-03-04 22:33 - 000001324 _____ C:\ProgramData\Desktop\Skype.lnk
2019-02-19 09:42 - 2019-03-04 22:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2019-02-19 09:42 - 2019-02-19 09:42 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Skype
==================== One month (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-03-09 15:38 - 2009-07-13 22:45 - 000014416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-03-09 15:38 - 2009-07-13 22:45 - 000014416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-03-09 15:34 - 2018-12-26 19:26 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2019-03-09 15:30 - 2009-07-13 23:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-03-09 13:44 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\inf
2019-03-09 13:41 - 2017-04-08 17:09 - 000000828 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-03-09 13:41 - 2017-04-08 17:09 - 000000828 _____ C:\ProgramData\Desktop\CCleaner.lnk
2019-03-09 13:41 - 2017-04-08 17:09 - 000000000 ____D C:\Program Files\CCleaner
2019-03-09 13:41 - 2016-11-27 20:51 - 000000000 ____D C:\Users\Admin\AppData\LocalLow\Mozilla
2019-03-08 23:36 - 2016-09-23 23:47 - 000001456 _____ C:\Users\Admin\AppData\Local\Adobe Guardar para Web 13.0 Prefs
2019-03-08 19:16 - 2016-09-09 02:30 - 000220416 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2019-03-08 11:22 - 2018-10-28 21:16 - 000000000 ____D C:\Users\Admin\AppData\Roaming\inkscape
2019-03-08 11:22 - 2016-10-10 18:11 - 000000000 ____D C:\Users\Admin\AppData\Local\CrashDumps
2019-03-07 23:35 - 2016-09-13 16:05 - 000000000 ____D C:\Program Files (x86)\Opera
2019-03-07 21:13 - 2009-07-13 22:45 - 007215296 _____ C:\Windows\system32\FNTCACHE.DAT
2019-03-07 18:55 - 2017-04-13 12:50 - 000000000 ____D C:\Users\Admin\AppData\Roaming\TeamViewer
2019-03-07 14:38 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2019-03-07 12:02 - 2018-08-05 23:57 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-03-07 12:02 - 2016-12-23 12:08 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-03-07 12:01 - 2018-01-25 13:31 - 000000000 ____D C:\Users\Admin\Desktop\DATA
2019-03-06 13:24 - 2019-01-06 19:14 - 000002234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-03-06 13:24 - 2019-01-06 19:14 - 000002193 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-03-06 13:24 - 2019-01-06 19:14 - 000002193 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2019-03-05 21:51 - 2016-09-10 14:25 - 000007700 _____ C:\Users\Admin\Desktop\newdata2019.txt
2019-03-05 00:20 - 2009-07-14 03:31 - 000751176 _____ C:\Windows\system32\perfh00A.dat
2019-03-05 00:20 - 2009-07-14 03:31 - 000160200 _____ C:\Windows\system32\perfc00A.dat
2019-03-05 00:20 - 2009-07-13 23:13 - 001686082 _____ C:\Windows\system32\PerfStringBackup.INI
2019-03-03 16:20 - 2017-10-22 08:08 - 000000000 ____D C:\Users\Admin\AppData\Local\ElevatedDiagnostics
2019-03-01 12:34 - 2016-09-13 16:08 - 000003854 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1473804455
2019-02-27 11:50 - 2018-12-26 20:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2019-02-27 11:50 - 2018-12-25 12:59 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bryxen Software
2019-02-23 23:39 - 2016-09-11 12:26 - 000002471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-02-19 10:34 - 2017-04-21 13:14 - 000000000 ____D C:\Users\Admin\AppData\Local\TeamViewer
2019-02-19 08:59 - 2016-09-09 10:14 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2019-02-14 19:57 - 2016-09-11 12:27 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
==================== Files in the root of some directories =======
2016-09-29 08:16 - 2016-09-29 08:48 - 000002432 _____ () C:\Users\Admin\AppData\Roaming\droid4xinstaller.log
2019-01-11 16:55 - 2019-03-07 13:13 - 000015372 _____ () C:\Users\Admin\AppData\Roaming\Safer-Networking.log
2016-09-26 22:32 - 2016-09-26 22:49 - 000000006 _____ () C:\Users\Admin\AppData\Roaming\sc_client.pid
2016-09-23 23:47 - 2019-03-08 23:36 - 000001456 _____ () C:\Users\Admin\AppData\Local\Adobe Guardar para Web 13.0 Prefs
2018-09-28 08:24 - 2018-09-28 08:24 - 000000000 _____ () C:\Users\Admin\AppData\Local\oobelibMkey.log
2018-11-23 12:10 - 2018-11-23 12:10 - 000000600 _____ () C:\Users\Admin\AppData\Local\PUTTY.RND
2019-02-20 13:07 - 2019-02-20 13:07 - 000000218 _____ () C:\Users\Admin\AppData\Local\recently-used.xbel
2016-09-10 11:38 - 2016-09-10 11:38 - 000000000 _____ () C:\Users\Admin\AppData\Local\{9B7F615F-4BD1-45D5-A8C8-484928F64C88}
2018-10-29 04:11 - 2018-10-29 04:11 - 000000000 _____ () C:\Users\Admin\AppData\Local\{C1371400-063C-4B69-BB9B-F82A2B7CC96C}
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2019-03-07 00:14
==================== End of FRST.txt ============================