Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.02.2019 Ran by Esteban Cárdenas (administrator) on LAPTOP-9VHJ613J (20-02-2019 18:48:56) Running from C:\Users\Esteban Cárdenas\Desktop Loaded Profiles: Esteban Cárdenas & (Available Profiles: Esteban Cárdenas) Platform: Windows 10 Home Single Language Version 1709 16299.431 (X64) Language: Español (México) Default browser: Opera Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe (Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Intel Corporation) C:\Windows\System32\IntelCpHDCPSvc.exe (Nitro Software, Inc.) C:\Program Files\Nitro\Pro 11\NitroPDFDriverService11x64.exe (Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1812.3-0\MsMpEng.exe (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes\Anti-Malware\MBAMService.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1812.3-0\NisSrv.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe () C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe (AMD) C:\Windows\System32\atieclxx.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes\Anti-Malware\mbamtray.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe () C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartProvider.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe (Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTServer.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe (Mega Limited) C:\ProgramData\MEGAsync\MEGAsync.exe (HP) C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe (Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Opera Software) C:\Program Files\Opera\58.0.3135.65\opera.exe (Opera Software) C:\Program Files\Opera\58.0.3135.65\opera_crashreporter.exe (Opera Software) C:\Program Files\Opera\58.0.3135.65\opera.exe (Opera Software) C:\Program Files\Opera\58.0.3135.65\opera.exe (Opera Software) C:\Program Files\Opera\58.0.3135.65\opera.exe (Opera Software) C:\Program Files\Opera\58.0.3135.65\opera.exe (Opera Software) C:\Program Files\Opera\58.0.3135.65\opera.exe (Opera Software) C:\Program Files\Opera\58.0.3135.65\opera.exe (Opera Software) C:\Program Files\Opera\58.0.3135.65\opera.exe (Opera Software) C:\Program Files\Opera\58.0.3135.65\opera.exe (Opera Software) C:\Program Files\Opera\58.0.3135.65\opera.exe (Opera Software) C:\Program Files\Opera\58.0.3135.65\opera.exe (Opera Software) C:\Program Files\Opera\58.0.3135.65\opera.exe (Opera Software) C:\Program Files\Opera\58.0.3135.65\opera.exe (Opera Software) C:\Program Files\Opera\58.0.3135.65\opera.exe (Opera Software) C:\Program Files\Opera\58.0.3135.65\opera.exe (Opera Software) C:\Program Files\Opera\58.0.3135.65\opera.exe (Opera Software) C:\Program Files\Opera\58.0.3135.65\opera.exe (Opera Software) C:\Program Files\Opera\58.0.3135.65\opera.exe (Opera Software) C:\Program Files\Opera\58.0.3135.65\opera.exe (Opera Software) C:\Program Files\Opera\58.0.3135.65\opera.exe (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (Opera Software) C:\Program Files\Opera\58.0.3135.65\opera.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\QtWebEngineProcess.exe (Opera Software) C:\Program Files\Opera\58.0.3135.65\opera.exe (Opera Software) C:\Program Files\Opera\58.0.3135.65\opera.exe (Opera Software) C:\Program Files\Opera\58.0.3135.65\opera.exe (Opera Software) C:\Program Files\Opera\58.0.3135.65\opera.exe (Opera Software) C:\Program Files\Opera\58.0.3135.65\opera.exe (Opera Software) C:\Program Files\Opera\58.0.3135.65\opera.exe (Opera Software) C:\Program Files\Opera\58.0.3135.65\opera.exe (Opera Software) C:\Program Files\Opera\58.0.3135.65\opera.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\mspaint.exe () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe (Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\700752213883ed000bfbd2f301dcea4d\WindowsUpdateBox.exe (Microsoft Corporation) C:\$WINDOWS.~BT\Sources\SetupHost.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe (HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe (Opera Software) C:\Program Files\Opera\58.0.3135.65\opera.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Opera Software) C:\Program Files\Opera\58.0.3135.65\opera.exe (EagleGet.com) C:\Program Files (x86)\EagleGet\EagleGet.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) ...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Windows -> Microsoft Corporation) ...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8811776 2016-05-19] (Realtek Semiconductor Corp -> Realtek Semiconductor) ...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [231640 2016-05-13] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation) ...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [6629992 2016-06-16] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) ...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-04-08] (Apple Inc. -> Apple Inc.) ...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [657424 2016-01-11] (Hewlett-Packard Company -> HP Inc.) ...\Run: [HPRadioMgr] => C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe [268896 2016-04-14] (Hewlett-Packard Company -> HP) ...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [4190016 2019-02-19] (Dropbox, Inc -> Dropbox, Inc.) HKLM\...\Policies\Explorer: [NoActiveDesktop] C:\Windows\SysWOW64\1 [0 2017-04-29] () HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] C:\Windows\SysWOW64\1 [0 2017-04-29] () HKU\S-1-5-21-425742559-3532017336-187542989-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [44024 2019-01-25] (Glarysoft LTD -> Glarysoft Ltd) HKU\S-1-5-21-425742559-3532017336-187542989-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19645800 2019-01-10] (Piriform Software Ltd -> Piriform Software Ltd) HKU\S-1-5-21-425742559-3532017336-187542989-1001\...\MountPoints2: {332490d8-aa6a-11e8-b942-ccb0da353ad8} - "F:\HiSuiteDownLoader.exe" HKU\S-1-5-21-425742559-3532017336-187542989-1001\...\MountPoints2: {33249fef-aa6a-11e8-b942-ccb0da353ad8} - "F:\HiSuiteDownLoader.exe" HKU\S-1-5-21-425742559-3532017336-187542989-1001\...\MountPoints2: {44885646-c20b-11e8-b943-ccb0da353ad8} - "F:\HiSuiteDownLoader.exe" HKU\S-1-5-21-425742559-3532017336-187542989-1001\...\MountPoints2: {d157db3d-a215-11e8-b942-ccb0da353ad8} - "F:\HiSuiteDownLoader.exe" HKU\S-1-5-21-425742559-3532017336-187542989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192019235137977\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [44024 2019-01-25] (Glarysoft LTD -> Glarysoft Ltd) HKU\S-1-5-21-425742559-3532017336-187542989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192019235137977\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19645800 2019-01-10] (Piriform Software Ltd -> Piriform Software Ltd) HKU\S-1-5-21-425742559-3532017336-187542989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192019235137977\...\MountPoints2: {332490d8-aa6a-11e8-b942-ccb0da353ad8} - "F:\HiSuiteDownLoader.exe" HKU\S-1-5-21-425742559-3532017336-187542989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192019235137977\...\MountPoints2: {33249fef-aa6a-11e8-b942-ccb0da353ad8} - "F:\HiSuiteDownLoader.exe" HKU\S-1-5-21-425742559-3532017336-187542989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192019235137977\...\MountPoints2: {44885646-c20b-11e8-b943-ccb0da353ad8} - "F:\HiSuiteDownLoader.exe" HKU\S-1-5-21-425742559-3532017336-187542989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192019235137977\...\MountPoints2: {d157db3d-a215-11e8-b942-ccb0da353ad8} - "F:\HiSuiteDownLoader.exe" HKU\S-1-5-21-425742559-3532017336-187542989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02202019084707030\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [44024 2019-01-25] (Glarysoft LTD -> Glarysoft Ltd) HKU\S-1-5-21-425742559-3532017336-187542989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02202019084707030\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19645800 2019-01-10] (Piriform Software Ltd -> Piriform Software Ltd) HKU\S-1-5-21-425742559-3532017336-187542989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02202019084707030\...\MountPoints2: {332490d8-aa6a-11e8-b942-ccb0da353ad8} - "F:\HiSuiteDownLoader.exe" HKU\S-1-5-21-425742559-3532017336-187542989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02202019084707030\...\MountPoints2: {33249fef-aa6a-11e8-b942-ccb0da353ad8} - "F:\HiSuiteDownLoader.exe" HKU\S-1-5-21-425742559-3532017336-187542989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02202019084707030\...\MountPoints2: {44885646-c20b-11e8-b943-ccb0da353ad8} - "F:\HiSuiteDownLoader.exe" HKU\S-1-5-21-425742559-3532017336-187542989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02202019084707030\...\MountPoints2: {d157db3d-a215-11e8-b942-ccb0da353ad8} - "F:\HiSuiteDownLoader.exe" HKLM\Software\Microsoft\Active Setup\Installed Components: [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] -> %SystemRoot%\inf\unregmp2.exe /ShowWMP HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.109\Installer\chrmstp.exe [2019-02-13] (Google LLC -> Google Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP JumpStart Launch.lnk [2017-01-31] ShortcutTarget: HP JumpStart Launch.lnk -> c:\Windows\Installer\{0F5EBB0D-DF6D-4DBE-9789-57BF05B3B0FD}\HPlogo_blue.ico () Startup: C:\Users\Esteban Cárdenas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2017-09-10] ShortcutTarget: MEGAsync.lnk -> C:\ProgramData\MEGAsync\MEGAsync.exe (Mega Limited) BootExecute: autocheck autochk * GroupPolicy: Restriction ? <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 190.157.8.33 190.157.8.1 Tcpip\..\Interfaces\{1786339f-d71c-448f-9a92-9565bb62d23f}: [DhcpNameServer] 190.157.8.33 190.157.8.1 Tcpip\..\Interfaces\{726d753f-cbd0-4be9-9152-47b3304cc512}: [DhcpNameServer] 190.157.8.33 190.157.8.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131384702764191888&GUID=1A9D675D-5B11-4A91-88FB-15C95BA03A2B HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131384702764227764&GUID=1A9D675D-5B11-4A91-88FB-15C95BA03A2B HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE HKU\S-1-5-21-425742559-3532017336-187542989-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131384702764218620&GUID=1A9D675D-5B11-4A91-88FB-15C95BA03A2B HKU\S-1-5-21-425742559-3532017336-187542989-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE HKU\S-1-5-21-425742559-3532017336-187542989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192019235137977\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131384702764218620&GUID=1A9D675D-5B11-4A91-88FB-15C95BA03A2B HKU\S-1-5-21-425742559-3532017336-187542989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192019235137977\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE HKU\S-1-5-21-425742559-3532017336-187542989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02202019084707030\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131384702764218620&GUID=1A9D675D-5B11-4A91-88FB-15C95BA03A2B HKU\S-1-5-21-425742559-3532017336-187542989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02202019084707030\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE SearchScopes: HKU\S-1-5-21-425742559-3532017336-187542989-1001 -> DefaultScope {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = SearchScopes: HKU\S-1-5-21-425742559-3532017336-187542989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192019235137977 -> DefaultScope {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = SearchScopes: HKU\S-1-5-21-425742559-3532017336-187542989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02202019084707030 -> DefaultScope {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-01-16] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: EGet Class -> {1E871FF8-029C-4732-8AA7-39E3D3872057} -> C:\Program Files (x86)\EagleGet\eagleSniffer.dll [2018-12-27] (Beijing Pu Technology Limited -> EagleGet.com) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2019-01-16] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-16] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-16] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-16] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-16] (Microsoft Corporation -> Microsoft Corporation) FireFox: ======== FF HKLM-x32\...\Thunderbird\Extensions: [eagleget_ffext@eagleget.com] - C:\Program Files (x86)\EagleGet\addon\eagleget_ffext@eagleget.com.xpi FF Extension: (EagleGet Free Downloader) - C:\Program Files (x86)\EagleGet\addon\eagleget_ffext@eagleget.com.xpi [2018-06-21] FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-01-16] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-01-16] (Microsoft Corporation) FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 11\npnitromozilla.dll [2016-12-08] (Nitro PDF) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.) FF Plugin HKU\S-1-5-21-425742559-3532017336-187542989-1001: eagleget.com/EagleGet32 -> C:\Program Files (x86)\EagleGet\npEagleget.dll [2018-02-05] (EagleGet) FF Plugin HKU\S-1-5-21-425742559-3532017336-187542989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192019235137977: eagleget.com/EagleGet32 -> C:\Program Files (x86)\EagleGet\npEagleget.dll [2018-02-05] (EagleGet) FF Plugin HKU\S-1-5-21-425742559-3532017336-187542989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02202019084707030: eagleget.com/EagleGet32 -> C:\Program Files (x86)\EagleGet\npEagleget.dll [2018-02-05] (EagleGet) Chrome: ======= CHR DefaultProfile: ChromeDefaultData CHR HomePage: ChromeDefaultData -> hxxp://www.google.com.co/ CHR Profile: C:\Users\Esteban Cárdenas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2019-02-18] <==== ATTENTION CHR Extension: (Documentos de Google sin conexión) - C:\Users\Esteban Cárdenas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-01] CHR Extension: (i New Tab) - C:\Users\Esteban Cárdenas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\hdkdmoacnkphoadmfidlhfdobieblphn [2019-02-18] CHR Extension: (EagleGet Free Downloader) - C:\Users\Esteban Cárdenas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\kaebhgioafceeldhgjmendlfhbfjefmo [2018-12-14] CHR Extension: (Chrome Media Router) - C:\Users\Esteban Cárdenas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-01] CHR HKLM\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Program Files (x86)\EagleGet\addon\eagleget_cext@eagleget.com.crx [2017-03-02] CHR HKU\S-1-5-21-425742559-3532017336-187542989-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hdkdmoacnkphoadmfidlhfdobieblphn] - C:\Program Files (x86)\EagleGet\addon\eagleget_newtab.crx [2017-04-16] CHR HKU\S-1-5-21-425742559-3532017336-187542989-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Program Files (x86)\EagleGet\addon\eagleget_cext@eagleget.com.crx [2017-03-02] CHR HKU\S-1-5-21-425742559-3532017336-187542989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192019235137977\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hdkdmoacnkphoadmfidlhfdobieblphn] - C:\Program Files (x86)\EagleGet\addon\eagleget_newtab.crx [2017-04-16] CHR HKU\S-1-5-21-425742559-3532017336-187542989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192019235137977\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Program Files (x86)\EagleGet\addon\eagleget_cext@eagleget.com.crx [2017-03-02] CHR HKU\S-1-5-21-425742559-3532017336-187542989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02202019084707030\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hdkdmoacnkphoadmfidlhfdobieblphn] - C:\Program Files (x86)\EagleGet\addon\eagleget_newtab.crx [2017-04-16] CHR HKU\S-1-5-21-425742559-3532017336-187542989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02202019084707030\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Program Files (x86)\EagleGet\addon\eagleget_cext@eagleget.com.crx [2017-03-02] CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [hdkdmoacnkphoadmfidlhfdobieblphn] - C:\Program Files (x86)\EagleGet\addon\eagleget_newtab.crx [2017-04-16] CHR HKLM-x32\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Program Files (x86)\EagleGet\addon\eagleget_cext@eagleget.com.crx [2017-03-02] Opera: ======= OPR Extension: (EagleGet Free Downloader) - C:\Users\Esteban Cárdenas\AppData\Roaming\Opera Software\Opera Stable\Extensions\kaebhgioafceeldhgjmendlfhbfjefmo [2018-12-12] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [138752 2016-06-16] () [File not signed] R2 AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [315416 2016-06-24] (Microsoft Windows Hardware Compatibility Publisher -> AMD) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-03-29] (Apple Inc. -> Apple Inc.) R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [125656 2016-05-13] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9677904 2018-12-28] (Microsoft Corporation -> Microsoft Corporation) R2 cplspcon; C:\WINDOWS\system32\IntelCpHDCPSvc.exe [459248 2016-06-23] (Intel(R) pGFX -> Intel Corporation) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-01-31] (Dropbox, Inc -> Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-01-31] (Dropbox, Inc -> Dropbox, Inc.) R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2019-02-19] (Dropbox, Inc -> Dropbox, Inc.) S3 egGetSvc; C:\Program Files (x86)\EagleGet\EGMonitor.exe [256504 2018-12-27] (Beijing Pu Technology Limited -> ) R2 esifsvc; C:\WINDOWS\System32\Intel\DPTF\esif_uf.exe [1585784 2016-06-14] (Intel Corporation - pGFX -> Intel Corporation) R2 HPJumpStartBridge; c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [459800 2016-06-02] (HP Inc. -> HP Inc.) S3 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc. -> HP Inc.) R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224 2016-01-11] (Hewlett-Packard Company -> HP Inc.) R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [324592 2016-06-23] (Intel(R) pGFX -> Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [974632 2016-02-19] (Intel(R) Trusted Connect Service -> Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [215328 2016-05-16] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) S2 luminati_net_updater_win_eagleget_com; C:\Program Files (x86)\EagleGet\net_updater32.exe [1596336 2019-02-06] (Luminati Networks -> Luminati Networks Ltd.) R2 MBAMService; C:\Program Files (x86)\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes) S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [242704 2016-09-08] (McAfee, Inc. -> McAfee, Inc.) R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [384016 2016-09-08] (McAfee, Inc. -> McAfee, Inc.) S3 mfevtp; C:\windows\system32\mfevtps.exe [331280 2016-09-08] (McAfee, Inc. -> McAfee, Inc.) R2 NitroDriverReadSpool11; C:\Program Files\Nitro\Pro 11\NitroPDFDriverService11x64.exe [327368 2016-12-08] (Nitro Software, Inc. -> Nitro Software, Inc.) S3 NitroUpdateService; C:\Program Files\Nitro\Pro 11\Nitro_UpdateService.exe [419016 2016-12-08] (Nitro Software, Inc. -> ) R2 nlsX86cc; C:\WINDOWS\SysWOW64\NLSSRV32.EXE [71880 2016-12-08] (Nitro Software, Inc. -> Nalpeiron Ltd.) S3 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [614664 2016-03-23] (CyberLink Corp. -> CyberLink) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312576 2016-05-19] (Realtek Semiconductor Corp -> Realtek Semiconductor) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [252520 2016-05-19] (Synaptics Incorporated -> Synaptics Incorporated) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe [3880120 2018-12-10] (Microsoft Corporation -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MsMpEng.exe [114208 2018-12-10] (Microsoft Corporation -> Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [27005464 2016-06-24] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) R3 amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [506384 2016-06-24] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [60920 2017-06-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [38048 2017-06-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [88120 2016-09-09] (McAfee, Inc. -> McAfee, Inc.) R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [65088 2016-06-14] (Intel Corporation -> Intel Corporation) S3 eagleGet; C:\WINDOWS\System32\Drivers\eagleGet.sys [87192 2016-07-03] (Beijing Jiupu Technology Co., Ltd. -> eagleGet) R3 esif_lf; C:\WINDOWS\System32\drivers\esif_lf.sys [343608 2016-06-14] (Intel Corporation -> Intel Corporation) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes) S1 GUBootStartup; C:\WINDOWS\System32\drivers\GUBootStartup.sys [28936 2018-07-26] (Glarysoft LTD -> Glarysoft Ltd) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [198512 2019-02-19] (Malwarebytes Corporation -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [127136 2019-02-19] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [72864 2019-02-19] (Malwarebytes Corporation -> Malwarebytes) R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [274416 2019-02-19] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [114040 2019-02-19] (Malwarebytes Corporation -> Malwarebytes) R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [477752 2016-09-09] (McAfee, Inc. -> McAfee, Inc.) R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [364088 2016-09-09] (McAfee, Inc. -> McAfee, Inc.) S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85656 2016-09-09] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, Inc.) R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [512056 2016-09-09] (McAfee, Inc. -> McAfee, Inc.) R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [884792 2016-09-09] (McAfee, Inc. -> McAfee, Inc.) R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252984 2016-09-09] (McAfee, Inc. -> McAfee, Inc.) R3 Neo_VPN; C:\WINDOWS\System32\drivers\Neo6_x64_VPN.sys [38216 2017-02-23] (SoftEther Corporation -> SoftEther Corporation) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [935168 2016-02-25] (Realtek Semiconductor Corp -> Realtek ) R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [784264 2018-05-31] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation) S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [413912 2016-02-25] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation) R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [7904088 2018-04-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation ) R1 SeLow; C:\WINDOWS\system32\DRIVERS\SeLow_x64.sys [51024 2017-02-23] (SoftEther Corporation -> SoftEther Corporation) S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [60008 2016-05-19] (Synaptics Incorporated -> Synaptics Incorporated) R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [63080 2016-05-19] (Synaptics Incorporated -> Synaptics Incorporated) S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2016-12-21] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46680 2018-12-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [330936 2018-12-10] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62136 2018-12-10] (Microsoft Windows -> Microsoft Corporation) R3 WirelessButtonDriver64; C:\WINDOWS\system32\DRIVERS\WirelessButtonDriver64.sys [31656 2016-04-14] (Hewlett-Packard Company -> HP) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-02-20 18:48 - 2019-02-20 18:49 - 000032131 _____ C:\Users\Esteban Cárdenas\Desktop\FRST.txt 2019-02-20 18:48 - 2019-02-20 18:48 - 000000000 ____D C:\FRST 2019-02-20 18:47 - 2019-02-20 06:07 - 002435072 _____ (Farbar) C:\Users\Esteban Cárdenas\Desktop\FRST64.exe 2019-02-20 15:41 - 2019-02-20 15:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2019-02-19 23:51 - 2019-02-19 23:51 - 000127136 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2019-02-19 23:51 - 2019-02-19 23:51 - 000114040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2019-02-19 23:51 - 2019-02-19 23:51 - 000072864 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2019-02-19 23:19 - 2019-02-19 23:19 - 000000000 ____D C:\Users\Esteban Cárdenas\AppData\Local\mbam 2019-02-19 23:18 - 2019-02-19 23:18 - 000274416 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2019-02-19 23:18 - 2019-02-19 23:18 - 000198512 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2019-02-19 23:18 - 2019-02-19 23:18 - 000000000 ____D C:\WINDOWS\system32\Drivers\etc\BACKUP 2019-02-19 23:18 - 2019-02-19 23:18 - 000000000 ____D C:\Users\Esteban Cárdenas\AppData\Local\mbamtray 2019-02-19 23:18 - 2019-02-19 23:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2019-02-19 23:18 - 2019-02-19 23:18 - 000000000 ____D C:\ProgramData\Malwarebytes 2019-02-19 23:18 - 2019-02-01 11:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys 2019-02-19 23:18 - 2019-01-08 15:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2019-02-19 23:17 - 2019-02-19 23:17 - 000000000 ____D C:\Program Files (x86)\Malwarebytes 2019-02-19 23:16 - 2019-02-07 21:53 - 000000000 ____D C:\Users\Esteban Cárdenas\Desktop\Archivo 115 2019-02-19 23:10 - 2019-02-07 21:58 - 065954308 _____ C:\Users\Esteban Cárdenas\Desktop\MALWAREBYTES.rar 2019-02-19 18:19 - 2019-02-19 18:19 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe 2019-02-19 18:19 - 2019-02-19 18:19 - 000047800 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys 2019-02-19 18:19 - 2019-02-19 18:19 - 000047800 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys 2019-02-19 18:19 - 2019-02-19 18:19 - 000047800 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys 2019-02-19 00:11 - 2017-04-03 02:56 - 002975136 _____ (Avira Operations GmbH & Co. KG) C:\Users\Esteban Cárdenas\Desktop\avira_registry_cleaner_en.exe 2019-02-13 21:19 - 2019-02-15 15:14 - 000000000 ____D C:\Users\Esteban Cárdenas\Desktop\Inventario Amway 2019-02-12 13:03 - 2019-02-19 00:14 - 000000732 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-425742559-3532017336-187542989-1001.job 2019-02-12 13:03 - 2019-02-19 00:14 - 000000636 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-425742559-3532017336-187542989-1001.job 2019-02-12 13:03 - 2019-02-13 23:50 - 000003920 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-425742559-3532017336-187542989-1001 2019-02-12 13:03 - 2019-02-13 23:50 - 000003824 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-425742559-3532017336-187542989-1001 2019-02-12 13:03 - 2019-02-13 23:50 - 000000000 ____D C:\Users\Esteban Cárdenas\AppData\Local\GoToMeeting 2019-02-12 13:01 - 2019-02-12 13:01 - 000000000 ____D C:\Users\Esteban Cárdenas\AppData\Local\GoTo Opener 2019-02-12 10:55 - 2019-02-18 11:58 - 000000000 ____D C:\Users\Esteban Cárdenas\Desktop\Ingresos y Gastos Personales 2019-02-07 23:44 - 2019-02-07 23:44 - 000000000 ____D C:\Users\Esteban Cárdenas\AppData\Local\ElevatedDiagnostics 2019-02-07 23:43 - 2018-09-20 04:43 - 001479480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll 2019-02-06 22:26 - 2019-02-06 22:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent 2019-02-06 22:26 - 2019-02-06 22:26 - 000000000 ____D C:\Program Files\qBittorrent 2019-02-06 12:38 - 2019-02-06 12:39 - 767088992 _____ C:\Users\Esteban Cárdenas\Desktop\CAMTASIA.rar 2019-02-04 13:03 - 2019-02-12 12:23 - 000000000 ____D C:\Users\Esteban Cárdenas\Desktop\Visas EEUU 2019-02-04 13:02 - 2019-02-19 23:08 - 000000000 ____D C:\Users\Esteban Cárdenas\AppData\Local\CrashDumps 2019-02-04 12:20 - 2019-02-04 12:23 - 000000000 ____D C:\Users\Esteban Cárdenas\AppData\Roaming\TechSmith 2019-02-04 12:19 - 2019-02-13 21:07 - 000000000 ____D C:\Users\Esteban Cárdenas\Documents\Camtasia Studio 2019-02-04 12:19 - 2019-02-04 12:19 - 000000000 ____D C:\Users\Esteban Cárdenas\AppData\Local\TechSmith 2019-02-04 12:14 - 2019-02-04 12:14 - 000001157 _____ C:\Users\Public\Desktop\Camtasia 9.lnk 2019-02-04 12:14 - 2019-02-04 12:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith 2019-02-04 12:13 - 2019-02-04 12:13 - 000000000 ____D C:\Program Files\TechSmith 2019-01-25 09:07 - 2019-02-16 18:55 - 000000000 ____D C:\Users\Esteban Cárdenas\Desktop\Nueva carpeta (2) 2019-01-24 02:57 - 2019-01-24 02:57 - 000000659 _____ C:\Users\Esteban Cárdenas\Desktop\LA SOMBRA DEL SILENCIO.txt 2019-01-23 18:51 - 2019-01-23 18:51 - 002839772 _____ C:\Users\Esteban Cárdenas\Downloads\60. INDUCCION Y REINDUCCION OXITENO 2017 ok.pptx ==================== One month (modified) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-02-20 18:48 - 2017-02-01 23:00 - 000000000 ____D C:\Users\Esteban Cárdenas\Documents\EGDownloads 2019-02-20 18:47 - 2017-03-02 22:30 - 000000000 ____D C:\Program Files (x86)\EagleGet 2019-02-20 18:36 - 2017-11-26 22:39 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2019-02-20 17:24 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization 2019-02-20 17:15 - 2017-11-22 17:55 - 000000000 ___DC C:\WINDOWS\Panther 2019-02-20 15:42 - 2017-02-04 00:36 - 000000000 ___RD C:\Users\Esteban Cárdenas\Dropbox 2019-02-20 15:41 - 2016-07-01 09:22 - 000000000 ____D C:\Program Files (x86)\Dropbox 2019-02-20 15:25 - 2017-02-01 00:02 - 000000000 __SHD C:\Users\Esteban Cárdenas\IntelGraphicsProfiles 2019-02-20 08:53 - 2017-11-26 22:47 - 000000000 ____D C:\Users\Esteban Cárdenas\AppData\Local\Packages 2019-02-20 08:53 - 2017-09-29 08:46 - 000000000 ___HD C:\Program Files\WindowsApps 2019-02-20 08:53 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\AppReadiness 2019-02-19 23:51 - 2017-11-26 23:03 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2019-02-19 23:49 - 2017-09-29 03:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2019-02-19 23:47 - 2017-04-29 23:49 - 000000000 ____D C:\Program Files\ByteFence 2019-02-19 23:18 - 2017-09-29 08:46 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2019-02-19 21:06 - 2017-11-26 23:03 - 000004238 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FDEA10A7-F2F2-4FD3-8633-A6A8C42F2EDF} 2019-02-19 08:07 - 2017-09-10 19:50 - 000000000 ____D C:\ProgramData\MEGAsync 2019-02-19 00:14 - 2018-05-19 23:36 - 000000990 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job 2019-02-19 00:14 - 2018-05-19 23:36 - 000000986 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job 2019-02-17 00:04 - 2018-05-27 18:12 - 000000000 ____D C:\Users\Esteban Cárdenas\AppData\Roaming\qBittorrent 2019-02-15 10:15 - 2018-12-11 08:43 - 000000000 ____D C:\Users\Esteban Cárdenas\Desktop\Amway 2019-02-15 09:52 - 2017-10-05 20:55 - 000000000 ____D C:\Program Files\rempl 2019-02-15 09:46 - 2017-11-26 23:03 - 000004050 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA 2019-02-15 09:46 - 2017-11-26 23:03 - 000003818 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore 2019-02-13 21:35 - 2017-09-29 08:37 - 000000000 ____D C:\WINDOWS\CbsTemp 2019-02-13 21:35 - 2017-02-01 22:11 - 000000000 ____D C:\WINDOWS\system32\MRT 2019-02-13 21:13 - 2017-02-01 22:10 - 129330784 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2019-02-13 21:12 - 2017-11-26 23:03 - 000003966 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1485925845 2019-02-13 21:12 - 2017-07-17 10:02 - 000001114 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navegador Opera.lnk 2019-02-13 21:12 - 2017-02-01 00:08 - 000000000 ____D C:\Program Files\Opera 2019-02-13 21:11 - 2017-02-01 00:09 - 000002306 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2019-02-12 23:33 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2019-02-12 11:01 - 2017-02-26 23:19 - 000000000 ____D C:\Program Files (x86)\Glary Utilities 5 2019-02-12 10:18 - 2018-04-12 12:27 - 000000000 ___HD C:\$WINDOWS.~BT 2019-02-07 23:44 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\NDF 2019-02-07 21:24 - 2017-09-29 08:44 - 000000000 ____D C:\WINDOWS\INF 2019-02-07 20:16 - 2017-09-29 08:46 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files 2019-02-06 22:07 - 2017-02-01 01:39 - 000000000 ____D C:\Users\Esteban Cárdenas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2019-02-06 22:07 - 2017-02-01 01:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2019-02-06 22:07 - 2017-02-01 01:39 - 000000000 ____D C:\Program Files\WinRAR 2019-02-06 22:06 - 2018-12-12 19:32 - 000001083 _____ C:\Users\Public\Desktop\EagleGet.lnk 2019-02-06 22:06 - 2018-09-28 00:29 - 000000870 _____ C:\Users\Public\Desktop\CCleaner.lnk 2019-02-06 22:06 - 2017-11-26 23:03 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update 2019-02-06 22:06 - 2017-02-01 22:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EagleGet 2019-02-06 21:53 - 2017-11-26 22:45 - 003038396 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2019-02-06 21:53 - 2017-09-30 09:35 - 001384894 _____ C:\WINDOWS\system32\perfh00A.dat 2019-02-06 21:53 - 2017-09-30 09:35 - 000341784 _____ C:\WINDOWS\system32\perfc00A.dat 2019-02-06 21:46 - 2018-05-24 12:35 - 000414496 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2019-02-06 21:45 - 2017-07-21 15:02 - 000000000 ____D C:\Program Files\CCleaner 2019-02-06 21:43 - 2019-01-14 21:44 - 000001156 _____ C:\Users\Public\Desktop\Glary Utilities 5.lnk 2019-02-06 21:43 - 2017-11-26 23:03 - 000003064 _____ C:\WINDOWS\System32\Tasks\GU5SkipUAC 2019-02-06 21:43 - 2017-02-26 23:20 - 000001168 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk 2019-02-05 02:30 - 2018-12-26 13:11 - 000000000 ____D C:\Users\Esteban Cárdenas\Desktop\Andrea Alvis 2019-02-04 12:13 - 2017-10-18 18:21 - 000000000 ____D C:\ProgramData\Package Cache 2019-02-04 12:13 - 2017-07-21 15:04 - 000000000 ____D C:\ProgramData\TechSmith 2019-02-02 18:15 - 2018-03-29 16:04 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2019-02-02 18:15 - 2018-03-29 16:04 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2019-02-01 16:33 - 2017-02-04 00:34 - 000000000 ____D C:\Users\Esteban Cárdenas\AppData\Local\Dropbox 2019-01-27 08:12 - 2018-12-27 21:50 - 000000000 __RDL C:\Users\Esteban Cárdenas\OneDrive - ANLA - Autoridad Nacional de Licencias Ambientales 2019-01-23 15:36 - 2017-02-13 18:05 - 000000000 ____D C:\Users\Esteban Cárdenas\AppData\Roaming\Nitro ==================== Files in the root of some directories ======= 2017-02-02 00:58 - 2017-02-13 01:58 - 000000282 _____ () C:\Users\Esteban Cárdenas\AppData\Roaming\WB.CFG 2017-02-01 00:02 - 2019-02-20 18:37 - 001344038 _____ () C:\Users\Esteban Cárdenas\AppData\Local\BTServer.log ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\dllhost.exe => File is digitally signed C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2019-02-16 23:17 ==================== End of FRST.txt ============================