Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01.03.2019 Ran by Esteban Cárdenas (administrator) on LAPTOP-9VHJ613J (01-03-2019 17:07:01) Running from C:\Users\Esteban Cárdenas\Desktop\Nueva carpeta Loaded Profiles: Esteban Cárdenas (Available Profiles: Esteban Cárdenas) Platform: Windows 10 Home Single Language Version 1709 16299.431 (X64) Language: Español (México) Default browser: Opera Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe (Nitro Software, Inc. -> Nitro Software, Inc.) C:\Program Files\Nitro\Pro 11\NitroPDFDriverService11x64.exe (Nitro Software, Inc. -> Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\IntelCpHDCPSvc.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1812.3-0\MsMpEng.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe (McAfee, Inc. -> McAfee, Inc.) C:\Windows\System32\mfevtps.exe (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1812.3-0\NisSrv.exe (Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe (Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe (Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe (Luminati Networks -> Luminati Networks Ltd.) C:\Program Files (x86)\EagleGet\net_updater32.exe (Luminati Networks -> Luminati Networks Ltd.) C:\Program Files (x86)\EagleGet\Luminati\net_svc.exe (MICROLEAVES LTD -> Microleaves LTD) C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe (MICROLEAVES LTD -> Microleaves LTD) C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel Corporation -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTServer.exe (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Hewlett-Packard Company -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe (Hewlett-Packard Company -> HP) C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Hewlett-Packard Company -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe (Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\QtWebEngineProcess.exe (Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe (Opera Software AS -> Opera Software) C:\Program Files\Opera\58.0.3135.79\opera.exe (Opera Software AS -> Opera Software) C:\Program Files\Opera\58.0.3135.79\opera_crashreporter.exe (Opera Software AS -> Opera Software) C:\Program Files\Opera\58.0.3135.79\opera.exe (Opera Software AS -> Opera Software) C:\Program Files\Opera\58.0.3135.79\opera.exe (Opera Software AS -> Opera Software) C:\Program Files\Opera\58.0.3135.79\opera.exe (Opera Software AS -> Opera Software) C:\Program Files\Opera\58.0.3135.79\opera.exe (Opera Software AS -> Opera Software) C:\Program Files\Opera\58.0.3135.79\opera.exe (Opera Software AS -> Opera Software) C:\Program Files\Opera\58.0.3135.79\opera.exe (Opera Software AS -> Opera Software) C:\Program Files\Opera\58.0.3135.79\opera.exe (Opera Software AS -> Opera Software) C:\Program Files\Opera\58.0.3135.79\opera.exe (Opera Software AS -> Opera Software) C:\Program Files\Opera\58.0.3135.79\opera.exe (Opera Software AS -> Opera Software) C:\Program Files\Opera\58.0.3135.79\opera.exe (Opera Software AS -> Opera Software) C:\Program Files\Opera\58.0.3135.79\opera.exe (Opera Software AS -> Opera Software) C:\Program Files\Opera\58.0.3135.79\opera.exe (Opera Software AS -> Opera Software) C:\Program Files\Opera\58.0.3135.79\opera.exe (Opera Software AS -> Opera Software) C:\Program Files\Opera\58.0.3135.79\opera.exe (Opera Software AS -> Opera Software) C:\Program Files\Opera\58.0.3135.79\opera.exe (Opera Software AS -> Opera Software) C:\Program Files\Opera\58.0.3135.79\opera.exe (Opera Software AS -> Opera Software) C:\Program Files\Opera\58.0.3135.79\opera.exe (Opera Software AS -> Opera Software) C:\Program Files\Opera\58.0.3135.79\opera.exe (Opera Software AS -> Opera Software) C:\Program Files\Opera\58.0.3135.79\opera.exe (Opera Software AS -> Opera Software) C:\Program Files\Opera\58.0.3135.79\opera.exe (Opera Software AS -> Opera Software) C:\Program Files\Opera\58.0.3135.79\opera.exe (Opera Software AS -> Opera Software) C:\Program Files\Opera\58.0.3135.79\opera.exe (Opera Software AS -> Opera Software) C:\Program Files\Opera\58.0.3135.79\opera.exe (Opera Software AS -> Opera Software) C:\Program Files\Opera\58.0.3135.79\opera.exe (Opera Software AS -> Opera Software) C:\Program Files\Opera\58.0.3135.79\opera.exe (Opera Software AS -> Opera Software) C:\Program Files\Opera\58.0.3135.79\opera.exe (Opera Software AS -> Opera Software) C:\Program Files\Opera\58.0.3135.79\opera.exe (Opera Software AS -> Opera Software) C:\Program Files\Opera\58.0.3135.79\opera.exe (Opera Software AS -> Opera Software) C:\Program Files\Opera\58.0.3135.79\opera.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Beijing Pu Technology Limited -> EagleGet.com) C:\Program Files (x86)\EagleGet\EagleGet.exe (VS Revo Group Ltd. -> VS Revo Group) C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe (Opera Software AS -> Opera Software) C:\Program Files\Opera\58.0.3135.79\opera.exe (MICROLEAVES LTD -> Microleaves LTD) C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mspaint.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Windows -> Microsoft Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8811776 2016-05-19] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [231640 2016-05-13] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation) HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [6629992 2016-06-16] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-04-08] (Apple Inc. -> Apple Inc.) HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [657424 2016-01-11] (Hewlett-Packard Company -> HP Inc.) HKLM-x32\...\Run: [HPRadioMgr] => C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe [268896 2016-04-14] (Hewlett-Packard Company -> HP) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [4190016 2019-02-19] (Dropbox, Inc -> Dropbox, Inc.) HKU\S-1-5-21-425742559-3532017336-187542989-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [44024 2019-01-25] (Glarysoft LTD -> Glarysoft Ltd) HKU\S-1-5-21-425742559-3532017336-187542989-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19645800 2019-01-10] (Piriform Software Ltd -> Piriform Software Ltd) HKU\S-1-5-21-425742559-3532017336-187542989-1001\...\MountPoints2: {332490d8-aa6a-11e8-b942-ccb0da353ad8} - "F:\HiSuiteDownLoader.exe" HKU\S-1-5-21-425742559-3532017336-187542989-1001\...\MountPoints2: {33249fef-aa6a-11e8-b942-ccb0da353ad8} - "F:\HiSuiteDownLoader.exe" HKU\S-1-5-21-425742559-3532017336-187542989-1001\...\MountPoints2: {44885646-c20b-11e8-b943-ccb0da353ad8} - "F:\HiSuiteDownLoader.exe" HKU\S-1-5-21-425742559-3532017336-187542989-1001\...\MountPoints2: {d157db3d-a215-11e8-b942-ccb0da353ad8} - "F:\HiSuiteDownLoader.exe" HKLM\...\Providers\0pz2kw65: C:\Program Files (x86)\Showeckshefik Manager\local64spl.dll <==== ATTENTION HKLM\Software\Microsoft\Active Setup\Installed Components: [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] -> %SystemRoot%\inf\unregmp2.exe /ShowWMP HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.119\Installer\chrmstp.exe [2019-03-01] (Google LLC -> Google Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP JumpStart Launch.lnk [2017-01-31] ShortcutTarget: HP JumpStart Launch.lnk -> c:\Windows\Installer\{0F5EBB0D-DF6D-4DBE-9789-57BF05B3B0FD}\HPlogo_blue.ico () [File not signed] BootExecute: autocheck autochk * GroupPolicy: Restriction ? <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: 127.0.0.1 clients2.google.com Tcpip\Parameters: [DhcpNameServer] 190.157.8.33 190.157.8.1 Tcpip\..\Interfaces\{1786339f-d71c-448f-9a92-9565bb62d23f}: [DhcpNameServer] 190.157.8.33 190.157.8.1 Tcpip\..\Interfaces\{726d753f-cbd0-4be9-9152-47b3304cc512}: [DhcpNameServer] 190.157.8.33 190.157.8.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131384702764191888&GUID=1A9D675D-5B11-4A91-88FB-15C95BA03A2B HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131384702764227764&GUID=1A9D675D-5B11-4A91-88FB-15C95BA03A2B HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE HKU\S-1-5-21-425742559-3532017336-187542989-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131384702764218620&GUID=1A9D675D-5B11-4A91-88FB-15C95BA03A2B HKU\S-1-5-21-425742559-3532017336-187542989-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE SearchScopes: HKLM -> {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} URL = hxxps://co.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_eaggtfs_17_09¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dco%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0C0E0BtD0D0AtAyDtA0A0DyB0EtAtC0BtN0D0Tzu0StCzzzzyEtN1L2XzutAtFtByBtFtCtFyDyBtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2StCyEtC0Czz0B0F0AtGtDyByEtCtGyDyDyEyBtGyEtCzyzztG0E0F0B0DtCtCzz0A0AyC0ByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByD0B0EtAtDtC0EtGtAtDzyyCtGyE0DyDyCtG0BtD0CyBtGtByC0EyDtDyE0DyDtD0EtDyE2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtBtCtCzz%26cr%3D1372521893%26a%3Dwbf_eaggtfs_17_09%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage&p={searchTerms} SearchScopes: HKLM-x32 -> {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} URL = hxxps://co.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_eaggtfs_17_17¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dco%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1Qzu0C0E0BtD0D0AtAyDtA0A0DyB0EtAtC0BtN0D0Tzu0StCzyyEyDtN1L2XzutAtFtByCtFtBtFyDyEtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2StDzy0EtCtC0CyD0BtGtD0AtCtCtG0EzytD0EtGtAtA0F0EtGzytA0EzztB0BzztD0CyDzz0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByD0B0EtAtDtC0EtGtAtDzyyCtGyE0DyDyCtG0BtD0CyBtGtByC0EyDtDyE0DyDtD0EtDyE2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByBtBzz%26cr%3D1953828174%26a%3Dwbf_eaggtfs_17_17%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage&p={searchTerms} SearchScopes: HKLM-x32 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://co.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_eaggtfs_17_09¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dco%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0C0E0BtD0D0AtAyDtA0A0DyB0EtAtC0BtN0D0Tzu0StCzzzzyEtN1L2XzutAtFtByBtFtCtFyDyBtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2StCyEtC0Czz0B0F0AtGtDyByEtCtGyDyDyEyBtGyEtCzyzztG0E0F0B0DtCtCzz0A0AyC0ByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByD0B0EtAtDtC0EtGtAtDzyyCtGyE0DyDyCtG0BtD0CyBtGtByC0EyDtDyE0DyDtD0EtDyE2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtBtCtCzz%26cr%3D1372521893%26a%3Dwbf_eaggtfs_17_09%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage&p={searchTerms} SearchScopes: HKU\S-1-5-21-425742559-3532017336-187542989-1001 -> DefaultScope {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKU\S-1-5-21-425742559-3532017336-187542989-1001 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-01-16] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: EGet Class -> {1E871FF8-029C-4732-8AA7-39E3D3872057} -> C:\Program Files (x86)\EagleGet\eagleSniffer.dll [2018-12-27] (Beijing Pu Technology Limited -> EagleGet.com) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2019-01-16] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-16] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-16] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-16] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-16] (Microsoft Corporation -> Microsoft Corporation) FireFox: ======== FF HKLM-x32\...\Thunderbird\Extensions: [eagleget_ffext@eagleget.com] - C:\Program Files (x86)\EagleGet\addon\eagleget_ffext@eagleget.com.xpi FF Extension: (EagleGet Free Downloader) - C:\Program Files (x86)\EagleGet\addon\eagleget_ffext@eagleget.com.xpi [2018-06-21] FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-01-16] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-01-16] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 11\npnitromozilla.dll [2016-12-08] (Nitro Software, Inc. -> Nitro PDF) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc -> Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc -> Google Inc.) FF Plugin HKU\S-1-5-21-425742559-3532017336-187542989-1001: eagleget.com/EagleGet32 -> C:\Program Files (x86)\EagleGet\npEagleget.dll [2018-02-05] (Beijing Jiupu Technology Co., Ltd. -> EagleGet) Chrome: ======= CHR DefaultProfile: ChromeDefaultData CHR HomePage: ChromeDefaultData -> hxxp://www.google.com.co/ CHR Profile: C:\Users\Esteban Cárdenas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2019-03-01] <==== ATTENTION CHR Extension: (Documentos de Google sin conexión) - C:\Users\Esteban Cárdenas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-01] CHR Extension: (i New Tab) - C:\Users\Esteban Cárdenas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\hdkdmoacnkphoadmfidlhfdobieblphn [2018-12-14] CHR Extension: (EagleGet Free Downloader) - C:\Users\Esteban Cárdenas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\kaebhgioafceeldhgjmendlfhbfjefmo [2018-12-14] CHR Extension: (Chrome Media Router) - C:\Users\Esteban Cárdenas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-01] CHR HKLM\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Program Files (x86)\EagleGet\addon\eagleget_cext@eagleget.com.crx CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-425742559-3532017336-187542989-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hdkdmoacnkphoadmfidlhfdobieblphn] - C:\Program Files (x86)\EagleGet\addon\eagleget_newtab.crx CHR HKU\S-1-5-21-425742559-3532017336-187542989-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Program Files (x86)\EagleGet\addon\eagleget_cext@eagleget.com.crx CHR HKU\S-1-5-21-425742559-3532017336-187542989-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-425742559-3532017336-187542989-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [hdkdmoacnkphoadmfidlhfdobieblphn] - C:\Program Files (x86)\EagleGet\addon\eagleget_newtab.crx CHR HKLM-x32\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Program Files (x86)\EagleGet\addon\eagleget_cext@eagleget.com.crx CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx Opera: ======= OPR Extension: (EagleGet Free Downloader) - C:\Users\Esteban Cárdenas\AppData\Roaming\Opera Software\Opera Stable\Extensions\kaebhgioafceeldhgjmendlfhbfjefmo [2018-12-12] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [138752 2016-06-16] () [File not signed] R2 AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [315416 2016-06-24] (Microsoft Windows Hardware Compatibility Publisher -> AMD) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-03-29] (Apple Inc. -> Apple Inc.) R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [125656 2016-05-13] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9678624 2019-02-07] (Microsoft Corporation -> Microsoft Corporation) R2 cplspcon; C:\WINDOWS\system32\IntelCpHDCPSvc.exe [459248 2016-06-23] (Intel(R) pGFX -> Intel Corporation) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-01-31] (Dropbox, Inc -> Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-01-31] (Dropbox, Inc -> Dropbox, Inc.) R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2019-02-19] (Dropbox, Inc -> Dropbox, Inc.) S3 egGetSvc; C:\Program Files (x86)\EagleGet\EGMonitor.exe [256504 2018-12-27] (Beijing Pu Technology Limited -> ) R2 esifsvc; C:\WINDOWS\System32\Intel\DPTF\esif_uf.exe [1585784 2016-06-14] (Intel Corporation - pGFX -> Intel Corporation) R2 HPJumpStartBridge; c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [459800 2016-06-02] (HP Inc. -> HP Inc.) S3 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc. -> HP Inc.) R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224 2016-01-11] (Hewlett-Packard Company -> HP Inc.) R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [324592 2016-06-23] (Intel(R) pGFX -> Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [974632 2016-02-19] (Intel(R) Trusted Connect Service -> Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [215328 2016-05-16] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) R2 luminati_net_updater_win_eagleget_com; C:\Program Files (x86)\EagleGet\net_updater32.exe [3223488 2019-03-01] (Luminati Networks -> Luminati Networks Ltd.) S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [242704 2016-09-08] (McAfee, Inc. -> McAfee, Inc.) R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [384016 2016-09-08] (McAfee, Inc. -> McAfee, Inc.) S3 mfevtp; C:\windows\system32\mfevtps.exe [331280 2016-09-08] (McAfee, Inc. -> McAfee, Inc.) R2 NitroDriverReadSpool11; C:\Program Files\Nitro\Pro 11\NitroPDFDriverService11x64.exe [327368 2016-12-08] (Nitro Software, Inc. -> Nitro Software, Inc.) S3 NitroUpdateService; C:\Program Files\Nitro\Pro 11\Nitro_UpdateService.exe [419016 2016-12-08] (Nitro Software, Inc. -> ) R2 nlsX86cc; C:\WINDOWS\SysWOW64\NLSSRV32.EXE [71880 2016-12-08] (Nitro Software, Inc. -> Nalpeiron Ltd.) S3 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [614664 2016-03-23] (CyberLink Corp. -> CyberLink) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312576 2016-05-19] (Realtek Semiconductor Corp -> Realtek Semiconductor) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [252520 2016-05-19] (Synaptics Incorporated -> Synaptics Incorporated) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe [3880120 2018-12-10] (Microsoft Corporation -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MsMpEng.exe [114208 2018-12-10] (Microsoft Corporation -> Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [27005464 2016-06-24] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) R3 amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [506384 2016-06-24] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [60920 2017-06-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [38048 2017-06-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [88120 2016-09-09] (McAfee, Inc. -> McAfee, Inc.) R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [65088 2016-06-14] (Intel Corporation -> Intel Corporation) S3 eagleGet; C:\WINDOWS\System32\Drivers\eagleGet.sys [87192 2016-07-03] (Beijing Jiupu Technology Co., Ltd. -> eagleGet) R3 esif_lf; C:\WINDOWS\System32\drivers\esif_lf.sys [343608 2016-06-14] (Intel Corporation -> Intel Corporation) S1 GUBootStartup; C:\WINDOWS\System32\drivers\GUBootStartup.sys [28936 2018-07-26] (Glarysoft LTD -> Glarysoft Ltd) R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [477752 2016-09-09] (McAfee, Inc. -> McAfee, Inc.) R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [364088 2016-09-09] (McAfee, Inc. -> McAfee, Inc.) S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85656 2016-09-09] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, Inc.) R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [512056 2016-09-09] (McAfee, Inc. -> McAfee, Inc.) R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [884792 2016-09-09] (McAfee, Inc. -> McAfee, Inc.) R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252984 2016-09-09] (McAfee, Inc. -> McAfee, Inc.) R3 Neo_VPN; C:\WINDOWS\System32\drivers\Neo6_x64_VPN.sys [38216 2017-02-23] (SoftEther Corporation -> SoftEther Corporation) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [935168 2016-02-25] (Realtek Semiconductor Corp -> Realtek ) R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [784264 2018-05-31] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation) S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [413912 2016-02-25] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation) R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [7904088 2018-04-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation ) R1 SeLow; C:\WINDOWS\system32\DRIVERS\SeLow_x64.sys [51024 2017-02-23] (SoftEther Corporation -> SoftEther Corporation) S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [60008 2016-05-19] (Synaptics Incorporated -> Synaptics Incorporated) R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [63080 2016-05-19] (Synaptics Incorporated -> Synaptics Incorporated) S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2016-12-21] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46680 2018-12-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [330936 2018-12-10] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62136 2018-12-10] (Microsoft Windows -> Microsoft Corporation) R3 WirelessButtonDriver64; C:\WINDOWS\system32\DRIVERS\WirelessButtonDriver64.sys [31656 2016-04-14] (Hewlett-Packard Company -> HP) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-03-01 17:06 - 2019-03-01 17:07 - 000000000 ____D C:\Users\Esteban Cárdenas\Desktop\Nueva carpeta 2019-03-01 15:32 - 2019-03-01 15:32 - 000001086 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk 2019-03-01 15:32 - 2019-03-01 15:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller 2019-03-01 15:32 - 2019-03-01 15:32 - 000000000 ____D C:\Program Files\VS Revo Group 2019-03-01 07:07 - 2019-03-01 07:07 - 000002490 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk 2019-03-01 07:07 - 2019-03-01 07:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Herramientas de Microsoft Office 2016 2019-03-01 06:54 - 2019-03-01 06:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2019-03-01 06:45 - 2019-03-01 06:49 - 000000000 ____D C:\Users\Esteban Cárdenas\Desktop\Windows 10 2019-02-20 23:06 - 2019-02-20 23:11 - 000033573 _____ C:\Users\Esteban Cárdenas\Desktop\Fixlog.txt 2019-02-20 23:04 - 2019-02-20 23:04 - 000000275 _____ C:\DelFix.txt 2019-02-20 18:50 - 2019-02-20 18:51 - 000075466 _____ C:\Users\Esteban Cárdenas\Desktop\Addition.txt 2019-02-20 18:48 - 2019-03-01 17:07 - 000000000 ____D C:\FRST 2019-02-20 18:48 - 2019-02-20 18:51 - 000045064 _____ C:\Users\Esteban Cárdenas\Desktop\FRST.txt 2019-02-19 23:19 - 2019-02-19 23:19 - 000000000 ____D C:\Users\Esteban Cárdenas\AppData\Local\mbam 2019-02-19 23:18 - 2019-02-19 23:18 - 000000000 ____D C:\Users\Esteban Cárdenas\AppData\Local\mbamtray 2019-02-19 23:18 - 2019-02-19 23:18 - 000000000 ____D C:\ProgramData\Malwarebytes 2019-02-19 23:17 - 2019-02-19 23:17 - 000000000 ____D C:\Program Files (x86)\Malwarebytes 2019-02-19 23:16 - 2019-02-07 21:53 - 000000000 ____D C:\Users\Esteban Cárdenas\Desktop\Archivo 115 2019-02-19 23:10 - 2019-02-07 21:58 - 065954308 _____ C:\Users\Esteban Cárdenas\Desktop\MALWAREBYTES.rar 2019-02-19 18:19 - 2019-02-19 18:19 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe 2019-02-19 18:19 - 2019-02-19 18:19 - 000047800 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys 2019-02-19 18:19 - 2019-02-19 18:19 - 000047800 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys 2019-02-19 18:19 - 2019-02-19 18:19 - 000047800 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys 2019-02-13 21:19 - 2019-02-15 15:14 - 000000000 ____D C:\Users\Esteban Cárdenas\Desktop\Inventario Amway 2019-02-12 13:03 - 2019-03-01 16:12 - 000003920 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-425742559-3532017336-187542989-1001 2019-02-12 13:03 - 2019-03-01 16:12 - 000000732 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-425742559-3532017336-187542989-1001.job 2019-02-12 13:03 - 2019-03-01 16:11 - 000003824 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-425742559-3532017336-187542989-1001 2019-02-12 13:03 - 2019-03-01 16:11 - 000000636 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-425742559-3532017336-187542989-1001.job 2019-02-12 13:03 - 2019-03-01 16:11 - 000000000 ____D C:\Users\Esteban Cárdenas\AppData\Local\GoToMeeting 2019-02-12 13:01 - 2019-02-12 13:01 - 000000000 ____D C:\Users\Esteban Cárdenas\AppData\Local\GoTo Opener 2019-02-12 10:55 - 2019-02-18 11:58 - 000000000 ____D C:\Users\Esteban Cárdenas\Desktop\Ingresos y Gastos Personales 2019-02-07 23:44 - 2019-02-07 23:44 - 000000000 ____D C:\Users\Esteban Cárdenas\AppData\Local\ElevatedDiagnostics 2019-02-07 23:43 - 2018-09-20 04:43 - 001479480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll 2019-02-06 22:26 - 2019-02-06 22:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent 2019-02-06 22:26 - 2019-02-06 22:26 - 000000000 ____D C:\Program Files\qBittorrent 2019-02-06 12:38 - 2019-02-06 12:39 - 767088992 _____ C:\Users\Esteban Cárdenas\Desktop\CAMTASIA.rar 2019-02-04 13:03 - 2019-02-12 12:23 - 000000000 ____D C:\Users\Esteban Cárdenas\Desktop\Visas EEUU 2019-02-04 13:02 - 2019-03-01 15:49 - 000000000 ____D C:\Users\Esteban Cárdenas\AppData\Local\CrashDumps 2019-02-04 12:20 - 2019-02-04 12:23 - 000000000 ____D C:\Users\Esteban Cárdenas\AppData\Roaming\TechSmith 2019-02-04 12:19 - 2019-02-13 21:07 - 000000000 ____D C:\Users\Esteban Cárdenas\Documents\Camtasia Studio 2019-02-04 12:19 - 2019-02-04 12:19 - 000000000 ____D C:\Users\Esteban Cárdenas\AppData\Local\TechSmith 2019-02-04 12:14 - 2019-02-04 12:14 - 000001157 _____ C:\Users\Public\Desktop\Camtasia 9.lnk 2019-02-04 12:14 - 2019-02-04 12:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith 2019-02-04 12:13 - 2019-02-04 12:13 - 000000000 ____D C:\Program Files\TechSmith ==================== One month (modified) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-03-01 17:06 - 2017-02-01 23:00 - 000000000 ____D C:\Users\Esteban Cárdenas\Documents\EGDownloads 2019-03-01 17:05 - 2017-03-02 22:30 - 000000000 ____D C:\Program Files (x86)\EagleGet 2019-03-01 17:02 - 2017-11-26 22:39 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2019-03-01 15:49 - 2017-11-22 17:55 - 000000000 ___DC C:\WINDOWS\Panther 2019-03-01 15:49 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2019-03-01 15:44 - 2017-11-26 23:03 - 000000000 ____D C:\WINDOWS\System32\Tasks\MEGA 2019-03-01 15:44 - 2017-09-10 19:51 - 000000000 ___RD C:\Users\Esteban Cárdenas\Documents\MEGA 2019-03-01 15:27 - 2017-11-26 23:03 - 000004238 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FDEA10A7-F2F2-4FD3-8633-A6A8C42F2EDF} 2019-03-01 15:25 - 2017-02-04 00:36 - 000000000 ___RD C:\Users\Esteban Cárdenas\Dropbox 2019-03-01 15:23 - 2017-02-01 00:02 - 000000000 __SHD C:\Users\Esteban Cárdenas\IntelGraphicsProfiles 2019-03-01 07:35 - 2018-04-18 21:06 - 000000000 ____D C:\WINDOWS\System32\Tasks\Apple 2019-03-01 07:35 - 2018-01-21 11:00 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2019-03-01 07:35 - 2017-11-26 23:03 - 000000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard 2019-03-01 07:35 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy 2019-03-01 07:35 - 2017-05-05 09:44 - 000000000 ____D C:\Users\Esteban Cárdenas\AppData\Local\WANARE 2019-03-01 07:35 - 2017-05-03 07:00 - 000000000 ____D C:\WINDOWS\psgo 2019-03-01 07:35 - 2017-04-29 23:49 - 000000000 ____D C:\Program Files\ByteFence 2019-03-01 07:35 - 2017-02-27 11:33 - 000000000 ____D C:\Users\Esteban Cárdenas\AppData\Local\{BDB18BED-9919-E755-F481-C2BDD0E93E25} 2019-03-01 07:35 - 2017-02-25 19:20 - 000000000 ____D C:\ProgramData\Microleaves 2019-03-01 07:35 - 2017-02-24 21:55 - 000000000 ____D C:\Program Files (x86)\BikaQRss 2019-03-01 07:35 - 2017-02-23 19:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Socia2Sea Browser Enhancer 2019-03-01 07:35 - 2017-02-23 19:21 - 000000000 ____D C:\WINDOWS\system32\SSL 2019-03-01 07:35 - 2017-02-23 19:14 - 000000000 ____D C:\Users\Esteban C£rdenas\AppData\Local\Kuhily 2019-03-01 07:35 - 2017-02-23 19:14 - 000000000 ____D C:\Program Files (x86)\Showeckshefik Manager 2019-03-01 07:35 - 2015-10-30 02:24 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy 2019-03-01 07:32 - 2017-11-26 23:03 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2019-03-01 07:31 - 2017-09-29 03:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2019-03-01 07:29 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\registration 2019-03-01 07:29 - 2017-02-23 19:16 - 000000000 ____D C:\Program Files (x86)\Microleaves 2019-03-01 07:29 - 2017-02-23 19:14 - 000000000 ____D C:\Users\Esteban C£rdenas 2019-03-01 07:20 - 2017-10-05 20:55 - 000000000 ____D C:\Program Files\rempl 2019-03-01 07:14 - 2017-09-29 08:44 - 000000000 ____D C:\WINDOWS\INF 2019-03-01 07:14 - 2017-02-01 00:09 - 000002306 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2019-03-01 07:09 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization 2019-03-01 07:09 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\AppReadiness 2019-03-01 07:08 - 2017-09-29 08:46 - 000000000 ___HD C:\Program Files\WindowsApps 2019-03-01 07:08 - 2017-09-29 08:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2019-03-01 07:07 - 2019-01-16 13:46 - 000002587 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype Empresarial.lnk 2019-03-01 07:07 - 2019-01-16 13:46 - 000002538 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk 2019-03-01 07:07 - 2019-01-16 13:46 - 000002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk 2019-03-01 07:07 - 2019-01-16 13:46 - 000002501 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk 2019-03-01 07:07 - 2019-01-16 13:46 - 000002492 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk 2019-03-01 07:07 - 2019-01-16 13:46 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk 2019-03-01 07:07 - 2019-01-16 13:46 - 000002446 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk 2019-03-01 07:06 - 2016-07-01 09:23 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2019-03-01 07:02 - 2017-11-26 23:03 - 000003966 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1485925845 2019-03-01 07:02 - 2017-07-17 10:02 - 000001114 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navegador Opera.lnk 2019-03-01 07:02 - 2017-02-01 00:08 - 000000000 ____D C:\Program Files\Opera 2019-03-01 06:55 - 2016-07-01 09:22 - 000000000 ____D C:\Program Files (x86)\Dropbox 2019-03-01 06:39 - 2017-11-26 22:46 - 000000000 ____D C:\Users\Esteban Cárdenas 2019-03-01 06:38 - 2018-05-19 23:36 - 000000990 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job 2019-03-01 06:38 - 2018-05-19 23:36 - 000000986 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job 2019-02-20 08:53 - 2017-11-26 22:47 - 000000000 ____D C:\Users\Esteban Cárdenas\AppData\Local\Packages 2019-02-17 00:04 - 2018-05-27 18:12 - 000000000 ____D C:\Users\Esteban Cárdenas\AppData\Roaming\qBittorrent 2019-02-16 18:55 - 2019-01-25 09:07 - 000000000 ____D C:\Users\Esteban Cárdenas\Desktop\Nueva carpeta (2) 2019-02-15 10:15 - 2018-12-11 08:43 - 000000000 ____D C:\Users\Esteban Cárdenas\Desktop\Amway 2019-02-15 09:46 - 2017-11-26 23:03 - 000004050 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA 2019-02-15 09:46 - 2017-11-26 23:03 - 000003818 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore 2019-02-13 21:35 - 2017-09-29 08:37 - 000000000 ____D C:\WINDOWS\CbsTemp 2019-02-13 21:35 - 2017-02-01 22:11 - 000000000 ____D C:\WINDOWS\system32\MRT 2019-02-13 21:13 - 2017-02-01 22:10 - 129330784 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2019-02-12 11:01 - 2017-02-26 23:19 - 000000000 ____D C:\Program Files (x86)\Glary Utilities 5 2019-02-12 10:18 - 2018-04-12 12:27 - 000000000 ___HD C:\$WINDOWS.~BT 2019-02-07 23:44 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\NDF 2019-02-07 20:16 - 2017-09-29 08:46 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files 2019-02-06 22:07 - 2017-02-01 01:39 - 000000000 ____D C:\Users\Esteban Cárdenas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2019-02-06 22:07 - 2017-02-01 01:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2019-02-06 22:07 - 2017-02-01 01:39 - 000000000 ____D C:\Program Files\WinRAR 2019-02-06 22:06 - 2018-12-12 19:32 - 000001083 _____ C:\Users\Public\Desktop\EagleGet.lnk 2019-02-06 22:06 - 2018-09-28 00:29 - 000000870 _____ C:\Users\Public\Desktop\CCleaner.lnk 2019-02-06 22:06 - 2017-11-26 23:03 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update 2019-02-06 22:06 - 2017-02-01 22:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EagleGet 2019-02-06 21:53 - 2017-11-26 22:45 - 003038396 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2019-02-06 21:53 - 2017-09-30 09:35 - 001384894 _____ C:\WINDOWS\system32\perfh00A.dat 2019-02-06 21:53 - 2017-09-30 09:35 - 000341784 _____ C:\WINDOWS\system32\perfc00A.dat 2019-02-06 21:46 - 2018-05-24 12:35 - 000414496 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2019-02-06 21:45 - 2017-07-21 15:02 - 000000000 ____D C:\Program Files\CCleaner 2019-02-06 21:43 - 2019-01-14 21:44 - 000001156 _____ C:\Users\Public\Desktop\Glary Utilities 5.lnk 2019-02-06 21:43 - 2017-11-26 23:03 - 000003064 _____ C:\WINDOWS\System32\Tasks\GU5SkipUAC 2019-02-06 21:43 - 2017-02-26 23:20 - 000001168 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk 2019-02-05 02:30 - 2018-12-26 13:11 - 000000000 ____D C:\Users\Esteban Cárdenas\Desktop\Andrea Alvis 2019-02-04 12:13 - 2017-10-18 18:21 - 000000000 ____D C:\ProgramData\Package Cache 2019-02-04 12:13 - 2017-07-21 15:04 - 000000000 ____D C:\ProgramData\TechSmith 2019-02-02 18:15 - 2018-03-29 16:04 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2019-02-02 18:15 - 2018-03-29 16:04 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2019-02-01 16:33 - 2017-02-04 00:34 - 000000000 ____D C:\Users\Esteban Cárdenas\AppData\Local\Dropbox ==================== Files in the root of some directories ======= 2017-02-02 00:58 - 2017-02-13 01:58 - 000000282 _____ () C:\Users\Esteban Cárdenas\AppData\Roaming\WB.CFG 2017-02-01 00:02 - 2019-03-01 15:24 - 001354475 _____ () C:\Users\Esteban Cárdenas\AppData\Local\BTServer.log ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\dllhost.exe => File is digitally signed C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2019-02-16 23:17 ==================== End of FRST.txt ============================