Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28.04.2019 Ran by Pc (administrator) on MARTISBI (SAMSUNG ELECTRONICS CO., LTD. R540/R538/SA41/E452) (29-04-2019 22:12:50) Running from C:\Users\Pc\Downloads Loaded Profiles: Pc (Available Profiles: Pc) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Español (España, internacional) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () [File not signed] C:\Windows\SysWOW64\Rezip.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.141.333\AvastBrowserCrashHandler.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.141.333\AvastBrowserCrashHandler64.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (DAEMON Tools Code Signing Services -> DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Users\Pc\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Users\Pc\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Users\Pc\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Users\Pc\AppData\Roaming\Dropbox\bin\Dropbox.exe (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrB.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation -> Microsoft Corporation) C:\Users\Pc\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe (OpenOffice.org) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Samsung Electronics CO., LTD. -> SEC) [File not signed] C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (Samsung Electronics Co., Ltd.) [File not signed] C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.) [File not signed] C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (SAMSUNG Electronics) [File not signed] C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe (Spotify AB -> Spotify Ltd) C:\Users\Pc\AppData\Roaming\Spotify\SpotifyWebHelper.exe (TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe (TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10144288 2010-04-07] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [2703752 2010-03-25] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [261000 2019-04-24] (AVAST Software s.r.o. -> AVAST Software) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-05-04] (Advanced Micro Devices, Inc.) [File not signed] HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink -> CyberLink Corp.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-233006258-18527085-3623643150-1001\...\Run: [Facebook Update] => C:\Users\Pc\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-11] (Facebook, Inc. -> Facebook Inc.) HKU\S-1-5-21-233006258-18527085-3623643150-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [369200 2009-10-30] (DAEMON Tools Code Signing Services -> DT Soft Ltd) HKU\S-1-5-21-233006258-18527085-3623643150-1001\...\Run: [IRNeroReboot] => /reboot="1" HKU\S-1-5-21-233006258-18527085-3623643150-1001\...\Run: [Dropbox Update] => C:\Users\Pc\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc -> Dropbox, Inc.) HKU\S-1-5-21-233006258-18527085-3623643150-1001\...\Run: [Steam] => D:\Program Files (x86)\Steam\steam.exe [3152160 2019-04-17] (Valve -> Valve Corporation) HKU\S-1-5-21-233006258-18527085-3623643150-1001\...\Run: [Spotify Web Helper] => C:\Users\Pc\AppData\Roaming\Spotify\SpotifyWebHelper.exe [780688 2018-02-27] (Spotify AB -> Spotify Ltd) HKU\S-1-5-21-233006258-18527085-3623643150-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22515488 2019-04-04] (Piriform Software Ltd -> Piriform Software Ltd) HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\i420vfw.dll [83456 2010-11-03] (www.helixcommunity.org) [File not signed] HKLM\...\Drivers32-x32: [vidc.ffds] => ffdshow.ax HKLM\...\Drivers32: [msacm.ac3filter] => C:\Windows\system32\ac3filter.acm [421888 2008-07-09] () [File not signed] HKLM\...\Drivers32-x32: [vidc.XVID] => xvidvfw.dll HKLM\...\Drivers32: [vidc.yv12] => C:\Windows\SysWOW64\yv12vfw.dll [83456 2010-11-03] (www.helixcommunity.org) [File not signed] HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.103\Installer\chrmstp.exe [2019-04-11] (Google LLC -> Google Inc.) HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2018-06-29] (Adobe Systems, Incorporated -> Adobe Systems, Inc.) HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\72.0.1174.122\Installer\chrmstp.exe [2019-03-08] (AVAST Software s.r.o. -> AVAST Software) HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2011-03-28] (Microsoft Corporation -> Microsoft Corp.) Startup: C:\Users\Pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2019-04-24] ShortcutTarget: Dropbox.lnk -> C:\Users\Pc\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.) Startup: C:\Users\Pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk [2010-10-02] ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () [File not signed] FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0AC95AAF-43CF-4001-9032-322715A65156} - System32\Tasks\{4A3ACC91-9B6B-4AC3-98F0-A7DFA3552D3C} => C:\Windows\system32\pcalua.exe -a C:\Users\Pc\Desktop\pci_es_smartrecovery.exe -d C:\Users\Pc\Desktop Task: {0FDB4D25-9981-4C41-987A-7403ADF39B21} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy Task: {1B5BE0A6-0F93-4ED5-9E2F-0952342C9222} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-233006258-18527085-3623643150-1001UA => C:\Users\Pc\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-11] (Facebook, Inc. -> Facebook Inc.) Task: {1B620F69-C532-4C53-BD8D-DC597C3EFA40} - System32\Tasks\{8437E2FA-63D8-4C83-8054-7BCCB28B8A70} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" -c /uninstall HOMESTUDENTR /dll OSETUP.DLL Task: {427193FC-D1F0-47DC-89B4-C52B6B39B032} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe Task: {4607EE4B-0EDD-4411-860E-20D73A72704E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16509040 2019-04-04] (Piriform Software Ltd -> Piriform Software Ltd) Task: {58EDCBEA-378C-40E5-9675-81F61F8CC774} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-04-09] (Adobe Inc. -> Adobe) Task: {58F3F9CC-BCBF-473F-9704-627549D47D7A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-12-14] (Google Inc -> Google Inc.) Task: {5A6A2F67-F10A-4BD1-9609-82FED179BE04} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-233006258-18527085-3623643150-1001Core => C:\Users\Pc\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-11] (Facebook, Inc. -> Facebook Inc.) Task: {7A4E0893-DA89-43D6-8E0A-ED44B1016E4E} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [356352 2010-03-29] (SAMSUNG Electronics co., LTD.) [File not signed] Task: {90F42A99-C814-46A3-AD8C-1B1D9D3DCC73} - System32\Tasks\{1FBFDAA0-9E00-4B37-B762-C98F1309BC88} => C:\Windows\system32\pcalua.exe -a F:\setup.exe -d F:\ Task: {9D751E82-5560-4E24-A128-BEC7E376CA15} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-12-14] (Google Inc -> Google Inc.) Task: {9F8313F3-41C2-4772-AF77-B9EC08FE6145} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe Task: {A8351280-B4B1-4B3E-86D8-82EB8BAD9710} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [1749504 2010-05-06] (SAMSUNG Electronics) [File not signed] Task: {BCE4A354-1627-425F-90A5-30899DBAC62F} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [843264 2010-04-07] (Samsung Electronics Co., Ltd.) [File not signed] Task: {D1D7DC3F-DDA3-4170-AED0-C67B2CE827CF} - System32\Tasks\EasySpeedUpManager => Command(1): "%programfiles(x86)%\Samsung\EasySpeedUpManager\EasySpeedUpManager2.exe" -> /s Task: {D1D7DC3F-DDA3-4170-AED0-C67B2CE827CF} - System32\Tasks\EasySpeedUpManager => Command(2): C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [719360 [719360 2010-02-10]] (Samsung Electronics Co., Ltd.) [File not signed] Task: {DC1C396E-85AC-45A8-848A-89F723AD9623} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [6624768 2010-04-17] (Samsung Electronics. Co. Ltd.) [File not signed] Task: {FEA84312-C5C3-400E-BCA2-8436BFB67093} - System32\Tasks\advSRS4 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2201192 2010-01-19] (Samsung Electronics CO., LTD. -> SEC) [File not signed] (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-233006258-18527085-3623643150-1001Core1d4c499dcb36952.job => C:\Users\Pc\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-233006258-18527085-3623643150-1001Core.job => C:\Users\Pc\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-233006258-18527085-3623643150-1001UA.job => C:\Users\Pc\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d136b5a62a851e.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d163f92ead0715.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1aafe9ce66b8d.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1eb06af2711b2.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 213.60.205.173 213.60.205.175 Tcpip\..\Interfaces\{65B5263D-22EB-4206-9C00-533276B33C0B}: [DhcpNameServer] 213.60.205.173 213.60.205.175 Tcpip\..\Interfaces\{BC03D5C6-11D5-46F5-8C43-9F54ED431D27}: [NameServer] 8.8.8.8,8.8.4.4 HKLM\System\...\Parameters\PersistentRoutes: [0.0.0.0,0.0.0.0,192.168.1.1,-1] Internet Explorer: ================== HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-233006258-18527085-3623643150-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-es/?ocid=iehp SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN SearchScopes: HKU\S-1-5-21-233006258-18527085-3623643150-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corporation -> Microsoft Corp.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2016-01-11] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Aplicación auxiliar de inicio de sesión de Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corporation -> Microsoft Corp.) BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2016-01-11] (Oracle America, Inc. -> Oracle Corporation) Toolbar: HKU\S-1-5-21-233006258-18527085-3623643150-1001 -> No Name - {093F479D-712E-46CD-9E06-62E734A05F68} - No File DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File FireFox: ======== FF ProfilePath: C:\Users\Pc\AppData\Roaming\Oxford University Press\MosaicLevel3Ipack\Profiles\qdj1qm5z.default [2018-02-14] FF ProfilePath: C:\Users\Pc\AppData\Roaming\Oxford University Press\MosaicIpackLevel4\Profiles\33gue1yg.default [2018-03-04] FF ProfilePath: C:\Users\Pc\AppData\Roaming\Oxford University Press\EnglishPlusIpack3\Profiles\zhsdy5sm.default [2013-09-16] FF ProfilePath: C:\Users\Pc\AppData\Roaming\Mozilla\Firefox\Profiles\319cxptg.default [2019-04-25] FF Homepage: Mozilla\Firefox\Profiles\319cxptg.default -> hxxp://google.com FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [2010-10-01] [Legacy] [not signed] FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2011-08-08] [Legacy] [not signed] FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-08-10] [Legacy] [not signed] FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-16] [Legacy] [not signed] FF SearchPlugin: C:\Users\Pc\AppData\Roaming\Mozilla\Firefox\Profiles\319cxptg.default\searchplugins\McSiteAdvisor.xml [2018-06-08] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_171.dll [2019-04-09] (Adobe Inc. -> ) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_171.dll [2019-04-09] (Adobe Inc. -> ) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> D:\Picasa3\npPicasa3.dll [2014-01-06] (Google Inc -> Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2016-01-11] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2016-01-11] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2008-11-13] (Microsoft Corporation -> Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-30] (Google Inc -> Google LLC) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-30] (Google Inc -> Google LLC) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems, Incorporated -> Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-233006258-18527085-3623643150-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Pc\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Software Sarl -> Skype Limited) FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\firefox-branding.js [2010-01-16] FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\firefox-l10n.js [2010-01-16] FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\firefox.js [2010-01-16] FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\reporter.js [2010-01-16] Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\Pc\AppData\Local\Google\Chrome\User Data\Default [2019-04-29] CHR Extension: (Documentos) - C:\Users\Pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13] CHR Extension: (Google Drive) - C:\Users\Pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17] CHR Extension: (YouTube) - C:\Users\Pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25] CHR Extension: (Búsqueda de Google) - C:\Users\Pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27] CHR Extension: (Hojas de cálculo) - C:\Users\Pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13] CHR Extension: (Documentos de Google sin conexión) - C:\Users\Pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-16] CHR Extension: (Show Image Info) - C:\Users\Pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbihagiibpgbmmfcdkbnlnoiegmkeiki [2017-01-26] CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-05] CHR Extension: (Gmail) - C:\Users\Pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-29] CHR Extension: (Chrome Media Router) - C:\Users\Pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-03-22] CHR Profile: C:\Users\Pc\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-04-25] CHR Profile: C:\Users\Pc\AppData\Local\Google\Chrome\User Data\System Profile [2019-04-25] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [202752 2010-05-05] (Microsoft Windows Hardware Compatibility Publisher -> AMD) S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6660888 2019-04-24] (AVAST Software s.r.o. -> AVAST Software) S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-08] (AVAST Software s.r.o. -> AVAST Software) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [362488 2019-04-24] (AVAST Software s.r.o. -> AVAST Software) S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-08] (AVAST Software s.r.o. -> AVAST Software) S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\72.0.1174.122\elevation_service.exe [1070600 2019-03-06] (AVAST Software s.r.o. -> AVAST Software) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2013-11-11] (Even Balance, Inc. -> ) R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [107832 2013-11-11] (Even Balance, Inc. -> ) R2 Rezip; C:\Windows\SysWOW64\Rezip.exe [311296 2009-03-05] () [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [6789632 2010-05-05] (Microsoft Windows Hardware Compatibility Publisher -> ATI Technologies Inc.) R3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [221184 2010-05-05] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL) R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37104 2019-04-24] (AVAST Software s.r.o. -> AVAST Software) R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [205400 2019-04-24] (AVAST Software s.r.o. -> AVAST Software) R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [254128 2019-04-24] (AVAST Software s.r.o. -> AVAST Software) R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [196000 2019-04-24] (AVAST Software s.r.o. -> AVAST Software) R0 aswblog; C:\Windows\System32\drivers\aswblog.sys [320624 2019-04-24] (AVAST Software s.r.o. -> AVAST Software) R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [57888 2019-04-24] (AVAST Software s.r.o. -> AVAST Software) R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [257832 2019-04-24] (AVAST Software s.r.o. -> AVAST Software) R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42288 2019-04-24] (AVAST Software s.r.o. -> AVAST Software) R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [166848 2019-04-24] (AVAST Software s.r.o. -> AVAST Software) R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [112520 2019-04-24] (AVAST Software s.r.o. -> AVAST Software) R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [88160 2019-04-24] (AVAST Software s.r.o. -> AVAST Software) R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1031000 2019-04-24] (AVAST Software s.r.o. -> AVAST Software) R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [476776 2019-04-24] (AVAST Software s.r.o. -> AVAST Software) S2 aswStm; C:\Windows\System32\drivers\aswStm.sys [220640 2019-04-24] (AVAST Software s.r.o. -> AVAST Software) R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [385848 2019-04-24] (AVAST Software s.r.o. -> AVAST Software) R3 athr; C:\Windows\System32\DRIVERS\athrx.sys [1573888 2009-12-14] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.) R3 AtiHdmiService; C:\Windows\System32\drivers\AtiHdmi.sys [116736 2010-01-29] (Microsoft Windows Hardware Compatibility Publisher -> ATI Technologies, Inc.) S3 atikmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [6789632 2010-05-05] (Microsoft Windows Hardware Compatibility Publisher -> ATI Technologies Inc.) S3 cmshusbser; C:\Windows\System32\DRIVERS\cmshusbser.sys [127232 2014-10-29] (Microsoft Windows Hardware Compatibility Publisher -> QUALCOMM Incorporated) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes) R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [136192 2010-04-01] (Microsoft Windows Hardware Compatibility Publisher -> ELAN Microelectronics Corp.) S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [246224 2010-03-25] (TestCertforWDK -> Huawei Technologies Co., Ltd.) S3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [117504 2010-03-25] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.) S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [114304 2010-03-25] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.) S3 Impcd; C:\Windows\System32\DRIVERS\Impcd.sys [158976 2010-02-27] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [198512 2019-04-24] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [127136 2019-04-29] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [73912 2019-04-29] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [274416 2019-04-29] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [104784 2019-04-29] (Malwarebytes Corporation -> Malwarebytes) S3 nmwcdnsux64; C:\Windows\System32\drivers\nmwcdnsux64.sys [171008 2011-08-17] (Microsoft Windows Hardware Compatibility Publisher -> Nokia) S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> ) S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] (MiniTool Solution Ltd -> ) S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Microsoft Windows Hardware Compatibility Publisher -> Research In Motion Limited) S3 RTL8167; C:\Windows\System32\DRIVERS\Rt64win7.sys [187392 2009-06-10] (Microsoft Windows -> Realtek Corporation ) S3 rtport; C:\Windows\SysWOW64\drivers\rtport.sys [15144 2010-07-05] (Realtek Semiconductor Corp -> Windows (R) 2003 DDK 3790 provider) R1 SABI; C:\Windows\system32\Drivers\SABI.sys [13824 2010-03-31] (Microsoft Windows Hardware Compatibility Publisher -> SAMSUNG ELECTRONICS) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2011-11-03] () [File not signed] U3 agmvc5gw; C:\Windows\System32\Drivers\agmvc5gw.sys [0 0000-00-00] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 EverestDriver; \??\C:\Users\Pc\AppData\Local\Temp\Rar$EX53.520\kerneld.amd64 [X] <==== ATTENTION ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-04-29 22:09 - 2019-04-29 22:13 - 000034262 _____ C:\Users\Pc\Downloads\FRST.txt 2019-04-29 22:09 - 2019-04-29 22:09 - 000000000 ____D C:\FRST 2019-04-29 22:07 - 2019-04-29 22:08 - 002429952 _____ (Farbar) C:\Users\Pc\Downloads\FRST64.exe 2019-04-29 18:14 - 2019-04-29 18:14 - 000073912 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2019-04-29 18:09 - 2019-04-29 18:09 - 000127136 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2019-04-29 18:09 - 2019-04-29 18:09 - 000104784 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2019-04-29 18:03 - 2019-04-29 18:03 - 000000000 ___HD C:\OneDriveTemp 2019-04-29 18:01 - 2019-04-29 18:01 - 000274416 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2019-04-27 12:56 - 2019-04-27 12:56 - 005330140 _____ C:\Users\Pc\Downloads\Día do Libro 19.mp4 2019-04-26 20:44 - 2019-04-26 20:44 - 000000000 ____D C:\Users\Pc\Downloads\Photos 2019-04-26 20:43 - 2019-04-26 20:44 - 010047208 _____ C:\Users\Pc\Downloads\Photos.zip 2019-04-25 13:23 - 2019-04-25 13:23 - 000013858 _____ C:\Users\Pc\Desktop\ZHPCleaner (R).txt 2019-04-25 13:22 - 2019-04-25 13:22 - 000014532 _____ C:\Users\Pc\Desktop\ZHPCleaner (S).txt 2019-04-25 12:22 - 2019-04-25 12:23 - 000000000 ____D C:\AdwCleaner 2019-04-24 22:20 - 2019-04-25 13:23 - 000000000 ____D C:\Users\Pc\AppData\Roaming\ZHP 2019-04-24 22:20 - 2019-04-24 22:20 - 000000827 _____ C:\Users\Pc\Desktop\ZHPCleaner.lnk 2019-04-24 22:20 - 2019-04-24 22:20 - 000000000 ____D C:\Users\Pc\AppData\Local\ZHP 2019-04-24 22:19 - 2019-04-24 22:20 - 021254208 _____ (Piriform Software Ltd) C:\Users\Pc\Downloads\ccsetup556.exe 2019-04-24 22:19 - 2019-04-24 22:19 - 003133312 _____ C:\Users\Pc\Downloads\ZHPCleaner.exe 2019-04-24 22:19 - 2019-04-24 22:19 - 000000000 ____D C:\Users\Pc\AppData\Local\mbam 2019-04-24 22:18 - 2019-04-24 22:18 - 007025360 _____ (Malwarebytes) C:\Users\Pc\Downloads\adwcleaner_7.3.exe 2019-04-24 22:18 - 2019-04-24 22:18 - 000198512 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2019-04-24 22:18 - 2019-04-24 22:18 - 000000000 ____D C:\Users\Pc\AppData\Local\mbamtray 2019-04-24 22:17 - 2019-04-24 22:17 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2019-04-24 22:17 - 2019-04-24 22:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2019-04-24 22:17 - 2019-04-24 22:17 - 000000000 ____D C:\Program Files\Malwarebytes 2019-04-24 22:17 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys 2019-04-24 22:16 - 2019-04-24 22:16 - 062879864 _____ (Malwarebytes ) C:\Users\Pc\Downloads\mb3-setup-consumer-3.7.1.2839-1.0.563-1.0.10310.exe 2019-04-24 18:33 - 2019-04-24 18:33 - 001406333 _____ C:\Users\Pc\Desktop\milagros.pdf 2019-04-24 18:30 - 2019-04-24 18:30 - 001393260 _____ C:\Users\Pc\Desktop\lucía contrato.pdf 2019-04-24 17:44 - 2019-04-24 17:44 - 000000000 ____D C:\Users\Pc\AppData\Roaming\HPPSDr 2019-04-24 17:29 - 2019-04-24 17:29 - 000000077 _____ C:\Windows\system32\Drivers\aswSP.sys.sum 2019-04-24 17:28 - 2019-04-24 17:25 - 000362888 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2019-04-24 17:11 - 2019-04-24 17:11 - 000000000 ____D C:\Users\Pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2019-04-17 13:12 - 2019-04-24 17:44 - 000002000 _____ C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk 2019-04-08 15:08 - 2019-04-08 15:08 - 000102633 _____ C:\Users\Pc\Downloads\CAMBIO HORAIO OPORTO ALEMANIA.pdf 2019-04-03 16:28 - 2019-04-03 17:34 - 000013624 _____ C:\Users\Pc\Desktop\nobel.odt ==================== One month (modified) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-04-29 21:56 - 2012-09-24 14:15 - 000000838 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2019-04-29 20:41 - 2015-12-14 23:23 - 000001088 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2019-04-29 19:50 - 2011-10-24 13:40 - 000001104 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-233006258-18527085-3623643150-1001UA.job 2019-04-29 18:27 - 2009-07-14 06:45 - 000022976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2019-04-29 18:27 - 2009-07-14 06:45 - 000022976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2019-04-29 18:21 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\system32\NDF 2019-04-29 18:03 - 2019-03-22 19:50 - 000000000 ___RD C:\Users\Pc\OneDrive 2019-04-29 18:01 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2019-04-28 18:48 - 2010-06-01 23:56 - 000747986 _____ C:\Windows\system32\perfh00A.dat 2019-04-28 18:48 - 2010-06-01 23:56 - 000159426 _____ C:\Windows\system32\perfc00A.dat 2019-04-28 18:48 - 2009-07-14 07:13 - 001678290 _____ C:\Windows\system32\PerfStringBackup.INI 2019-04-28 18:48 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf 2019-04-28 18:47 - 2018-07-17 10:37 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software 2019-04-27 22:50 - 2011-10-24 13:40 - 000001082 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-233006258-18527085-3623643150-1001Core.job 2019-04-25 13:34 - 2011-11-03 22:10 - 000000000 ____D C:\Users\Pc\AppData\Local\ElevatedDiagnostics 2019-04-24 22:22 - 2013-02-04 23:05 - 000000822 _____ C:\Users\Public\Desktop\CCleaner.lnk 2019-04-24 22:18 - 2013-02-04 23:04 - 000000000 ____D C:\ProgramData\Malwarebytes 2019-04-24 17:46 - 2018-06-08 17:48 - 000000000 ____D C:\ProgramData\HP 2019-04-24 17:29 - 2018-06-08 18:18 - 000476776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2019-04-24 17:29 - 2018-06-08 18:18 - 000385848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2019-04-24 17:26 - 2019-02-15 21:22 - 000257832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys 2019-04-24 17:26 - 2018-10-20 08:55 - 000042288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys 2019-04-24 17:26 - 2018-06-08 18:18 - 000220640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2019-04-24 17:26 - 2018-06-08 18:18 - 000166848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2019-04-24 17:26 - 2018-06-08 18:18 - 000112520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2019-04-24 17:26 - 2018-06-08 18:18 - 000088160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2019-04-24 17:25 - 2019-01-25 13:42 - 000254128 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys 2019-04-24 17:25 - 2019-01-04 12:02 - 000320624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswblog.sys 2019-04-24 17:25 - 2019-01-04 12:02 - 000196000 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys 2019-04-24 17:25 - 2019-01-04 12:02 - 000057888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys 2019-04-24 17:25 - 2019-01-04 12:02 - 000037104 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys 2019-04-24 17:25 - 2018-06-08 18:18 - 001031000 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2019-04-24 17:25 - 2018-06-08 18:18 - 000205400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys 2019-04-24 17:12 - 2012-02-02 00:01 - 000000000 ____D C:\Users\Pc\AppData\Roaming\Dropbox 2019-04-19 11:21 - 2012-02-02 00:05 - 000000000 ___RD C:\Users\Pc\Dropbox 2019-04-17 21:10 - 2019-03-22 19:50 - 000002177 _____ C:\Users\Pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk 2019-04-17 13:12 - 2018-06-08 17:52 - 000000000 ____D C:\Program Files (x86)\HP 2019-04-17 10:28 - 2014-03-10 12:19 - 001652876 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2019-04-11 06:43 - 2015-12-14 23:24 - 000002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2019-04-09 22:56 - 2012-09-24 14:15 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe 2019-04-09 22:56 - 2012-09-24 14:15 - 000000000 ____D C:\Windows\system32\Macromed 2019-04-09 22:56 - 2011-08-10 12:28 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2019-04-07 13:05 - 2014-10-17 18:59 - 000000000 ____D C:\Users\Pc\AppData\Roaming\TeamViewer 2019-04-07 13:05 - 2013-06-06 18:46 - 000000000 ____D C:\Users\Pc\AppData\Roaming\uTorrent 2019-04-07 13:04 - 2012-02-12 17:46 - 000000000 ____D C:\Windows\Minidump ==================== Files in the root of some directories ======= 2005-04-08 04:16 - 2015-12-14 22:28 - 006437723 ____H () C:\Users\Pc\AppData\Roaming\Pclog.dat 2010-10-02 13:22 - 2011-09-15 17:44 - 000001318 _____ () C:\Users\Pc\AppData\Roaming\wklnhst.dat 2010-10-14 16:40 - 2015-05-04 17:42 - 000030208 _____ () C:\Users\Pc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2016-11-29 16:33 - 2016-11-29 16:33 - 000465920 _____ (Dirección General de la Policía) C:\Users\Pc\AppData\Local\DNIeService.exe 2012-03-15 21:44 - 2012-03-15 21:44 - 000017408 _____ () C:\Users\Pc\AppData\Local\WebpageIcons.db ==================== SigCheck =============================== (There is no automatic fix for files that do not pass verification.) LastRegBack: 2019-04-23 10:27 ==================== End of FRST.txt ============================