Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-07-2019 Ran by Jesus (administrator) on HPCOMPAQ (Hewlett-Packard HP d530 CMT(DC577AV)) (11-07-2019 18:44:52) Running from C:\Users\Jesus\Desktop Loaded Profiles: Jesus (Available Profiles: Jesus) Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: Español (España, internacional) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () [File not signed] C:\Program Files\ASUS USB-N13 Wireless LAN Driver\WPSService20.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Nero AG -> Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (Nero AG -> Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (Prolific Technology Inc.) [File not signed] C:\Windows\System32\IoctlSvc.exe (Shenzhen Moyea Software -> ) C:\Program Files\Common Files\Appkeys\yytool.exe istry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NBKeyScan] => C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2221352 2008-12-02] (Nero AG -> Nero AG) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1002984 2016-11-14] (Microsoft Corporation -> Microsoft Corporation) HKLM\...\Run: [MSSE] => C:\Program Files\Microsoft Security Essentials\msseces.exe [1093208 2010-06-01] (Microsoft Corporation -> Microsoft Corporation) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-1081597828-3468294824-614267853-1000\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1840424 2008-12-12] (Nero AG -> Nero AG) HKU\S-1-5-21-1081597828-3468294824-614267853-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1 HKU\S-1-5-21-1081597828-3468294824-614267853-1000\...\Policies\Explorer: [NoSaveSettings] 0 HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 HKLM\...\Drivers32: [vidc.i420] => C:\Windows\system32\lvcodec2.dll [305000 2017-12-14] (Logitech, Inc. -> Logitech Inc.) HKLM\Software\Microsoft\Active Setup\Installed Components: [{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] -> C:\Windows\system32\advpack.dll [2009-07-14] (Microsoft Windows -> Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ST5UNST Uninstaller.LNK [2019-01-31] ShortcutTarget: ST5UNST Uninstaller.LNK -> C:\Windows\ST5UNST.EXE (Microsoft Corporation) [File not signed] GroupPolicy: Restriction ? <==== ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION CHR HKU\S-1-5-21-1081597828-3468294824-614267853-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0D9F9892-18B1-4093-B21C-D9F435B89B59} - System32\Tasks\{2DB42293-1F51-41EC-9F8E-99776A7DCB77} => C:\Windows\system32\pcalua.exe -a C:\Users\Jesus\Desktop\vcredist_x64.exe -d C:\Users\Jesus\Desktop Task: {17CD6126-66AE-482A-8A72-37E8957141F9} - \{0D0F0947-7F0F-0D09-0411-7F057F09117E} -> No File <==== ATTENTION Task: {29D3979F-0E19-44D0-A052-C2BD2B691266} - System32\Tasks\{87A46C48-B1F8-47EA-AA3C-6A3AAE8140D0} => C:\Windows\system32\pcalua.exe -a C:\Users\Jesus\Desktop\vcredist_x86.exe -d C:\Users\Jesus\Desktop Task: {400DA2B2-5D5D-44C5-AF8A-A8E706671273} - System32\Tasks\{494DB375-A215-4FB2-83C0-CF96388B8615} => C:\Windows\system32\pcalua.exe -a C:\Users\Jesus\Downloads\covermania.exe -d C:\Users\Jesus\Downloads Task: {4166E8E5-9828-4C03-AAAA-5F8042511660} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [14679256 2019-01-10] (Piriform Software Ltd -> Piriform Software Ltd) Task: {4EA38C87-2444-425E-B204-41906463FEC0} - System32\Tasks\{AAABCBF9-8CDD-41CC-8455-FA3CA8EB4656} => C:\Windows\system32\pcalua.exe -a C:\Users\Jesus\Desktop\vcredist_x86.exe -d C:\Users\Jesus\Desktop Task: {572630E7-55A5-4B22-8E94-4810612ADD35} - System32\Tasks\{10CA7B48-7836-49E8-9091-105D97BF26E8} => C:\Windows\system32\pcalua.exe -a "C:\Users\Jesus\Desktop\Disco duro HP Barcelona\descar programas\covermania.exe" -d "C:\Users\Jesus\Desktop\Disco duro HP Barcelona\descar programas" Task: {6E877B5C-7D70-4504-9407-486E7C90ECBF} - System32\Tasks\{BADEFD76-A40E-4940-B0DC-8A24058A3AA1} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe" -d "C:\Program Files\VS Revo Group\Revo Uninstaller Pro" Task: {700111B5-CF89-4AC1-9EF5-DF52F6D08909} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [345824 2016-11-14] (Microsoft Corporation -> Microsoft Corporation) Task: {7A5188BA-C71C-4B0A-A2E3-28D6A7104730} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [601424 2018-12-16] (Oracle America, Inc. -> Oracle Corporation) Task: {9989F82F-F111-41FD-9EA1-42AC818A93A3} - System32\Tasks\{3C197E48-B381-4E29-8EB0-214D56994696} => C:\Windows\system32\pcalua.exe -a C:\Users\Jesus\AppData\Local\Temp\jre-8u211-windows-au.exe -d C:\Windows\system32 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION Task: {AAC507DB-49FF-4B4E-ACBB-0073EF9927AF} - System32\Tasks\{C8E5A939-72EE-4066-AC8A-AC33C72D40F1} => C:\Windows\system32\pcalua.exe -a C:\Users\Jesus\AppData\Local\Temp\jre-8u151-windows-au.exe -d C:\Windows\system32 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION Task: {B025D82E-5872-44F5-9D9A-E86193A9FB8A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Task: {B2EFB78B-75C2-4964-8A92-C9042F8AD28C} - System32\Tasks\{5DE9A448-1CDC-401A-9A38-9E949F087244} => C:\Windows\system32\pcalua.exe -a "H:\Nueva carpeta\Nueva carpeta\disco del compaq presario 6 del 2014\documentos yprog\Programas\covermania.exe" Task: {B4E27ACD-11DB-45F2-8C2C-EB1AE5176240} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-07] (Piriform Software Ltd -> Piriform Software Ltd) Task: {D8F22DF8-23B6-41FB-9CF0-A54F350AD6D9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-07-10] (Adobe Inc. -> Adobe) Task: {DAAEBA77-ADA3-4A4B-BB4A-F1C3C3BC109D} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [345824 2016-11-14] (Microsoft Corporation -> Microsoft Corporation) Task: {F0746E05-9613-4473-B790-5BD52A5A0316} - System32\Tasks\{165116D1-8B58-4DDC-A568-43C3D1F08CE1} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\Program Files\VS Revo Group\Revo Uninstaller" (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 80.58.61.250 80.58.61.254 Tcpip\Parameters: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{01155619-D5B4-455B-86F3-80F74E8481EB}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{05436967-3380-4719-BFC3-133402B5FBAC}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{05436967-3380-4719-BFC3-133402B5FBAC}: [DhcpNameServer] 80.58.61.250 80.58.61.254 Tcpip\..\Interfaces\{1924F672-085B-441A-91F7-033E2479FF1B}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{1924F672-085B-441A-91F7-033E2479FF1B}: [DhcpNameServer] 8.8.8.8 Tcpip\..\Interfaces\{e29ac6c2-7037-11de-816d-806e6f6e6963}: [NameServer] 8.8.8.8 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://es.yahoo.com/?fr=fp-yie11 HKU\S-1-5-21-1081597828-3468294824-614267853-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-es/?ocid=iehp HKU\S-1-5-21-1081597828-3468294824-614267853-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://es.yahoo.com/?fr=fp-yie11 BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_201\bin\ssv.dll [2019-02-07] (Oracle America, Inc. -> Oracle Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-02-07] (Oracle America, Inc. -> Oracle Corporation) DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} hxxp://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab FireFox: ======== FF Plugin: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-02-07] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-02-07] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-03-25] (Adobe Inc. -> Adobe Systems Inc.) Chrome: ======= CHR Profile: C:\Users\Jesus\AppData\Local\Google\Chrome\User Data\Default [2019-06-27] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Leawo_service; C:\Program Files\Common Files\Appkeys\yytool.exe [942576 2015-08-11] (Shenzhen Moyea Software -> ) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5394136 2019-06-26] (Malwarebytes Corporation -> Malwarebytes) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [103696 2016-11-14] (Microsoft Corporation -> Microsoft Corporation) S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280864 2016-11-14] (Microsoft Corporation -> Microsoft Corporation) R2 PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Windows -> Microsoft Corporation) R2 WPSService20; C:\Program Files\ASUS USB-N13 Wireless LAN Driver\WPSService20.exe [96768 2014-05-06] () [File not signed] S2 bpwhajf; C:\Windows\system32\bpwhajf\siohiqgp.exe /d"C:\Users\Jesus\copjeaby.exe" ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL) R3 b57nd60x; C:\Windows\System32\DRIVERS\b57nd60x.sys [415000 2015-07-03] (Broadcom Corporation -> Broadcom Corporation) S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [47552 2017-12-19] (SurfRight B.V. -> ) R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2017-01-16] (Martin Malik - REALiX -> REALiX(tm)) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [241760 2019-07-11] (Malwarebytes Corporation -> Malwarebytes) S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security S.L -> Panda Security, S.L.) S3 RTL8187B; C:\Windows\System32\DRIVERS\wg111v3.sys [376832 2009-11-18] (Microsoft Windows Hardware Compatibility Publisher -> NETGEAR Inc. ) S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [3238616 2015-10-08] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation ) R3 smwdm; C:\Windows\System32\drivers\smwdm.sys [220992 2005-03-28] (Microsoft Windows Hardware Compatibility Publisher -> Analog Devices, Inc.) S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2015-06-17] (Apple, Inc.) [File not signed] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-07-11 18:44 - 2019-07-11 18:47 - 000014368 _____ C:\Users\Jesus\Desktop\FRST.txt 2019-07-11 18:44 - 2019-07-11 18:44 - 000000000 ____D C:\FRST 2019-07-11 18:41 - 2019-07-11 18:44 - 000000554 _____ C:\Users\Jesus\Desktop\JRT.txt 2019-07-11 18:38 - 2019-07-11 18:38 - 000002620 _____ C:\Users\Jesus\Desktop\AdwCleaner[C00].txt 2019-07-11 18:37 - 2019-07-11 18:37 - 000241760 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2019-07-11 18:31 - 2019-07-11 18:31 - 000000000 ____D C:\Users\Jesus\AppData\Local\mbam 2019-07-11 18:30 - 2019-07-11 18:30 - 000001957 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2019-07-11 18:30 - 2019-07-11 18:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2019-07-11 18:29 - 2019-07-11 18:29 - 000000000 ____D C:\Program Files\Malwarebytes 2019-07-11 18:29 - 2019-01-08 16:32 - 000128552 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys 2019-07-11 18:26 - 2019-07-11 18:26 - 001446912 _____ (Farbar) C:\Users\Jesus\Desktop\FRST.exe 2019-07-11 18:22 - 2019-07-11 18:22 - 001790024 _____ (Malwarebytes) C:\Users\Jesus\Desktop\JRT.exe 2019-07-11 18:21 - 2019-07-11 18:21 - 007025360 _____ (Malwarebytes) C:\Users\Jesus\Desktop\adwcleaner_7.3.exe 2019-07-11 18:20 - 2019-07-11 18:20 - 064522520 _____ (Malwarebytes ) C:\Users\Jesus\Desktop\mb3-setup-consumer-3.8.3.2965-1.0.613-1.0.11482.exe 2019-07-11 16:38 - 2019-07-11 16:42 - 000000000 ____D C:\Program Files\Microsoft Security Essentials 2019-07-11 16:36 - 2019-07-11 16:36 - 000000055 _____ C:\Users\Jesus\AppData\Roaming\mbam.context.scan 2019-07-11 16:35 - 2019-07-11 16:47 - 000000000 ____D C:\Users\Jesus\Desktop\nuevo Malwarebytes 2019-06-28 19:41 - 2013-04-29 08:17 - 000047632 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys 2019-06-27 18:00 - 2019-06-27 18:00 - 000001146 _____ C:\Users\Public\Documents\_readme.txt 2019-06-27 18:00 - 2019-06-27 18:00 - 000001146 _____ C:\ProgramData\_readme.txt 2019-06-27 17:59 - 2019-06-28 19:48 - 000000000 ____D C:\Users\Jesus\AppData\Local\f69c7d41-8f50-489b-b568-9de6f7fac37f 2019-06-27 17:59 - 2019-06-27 17:59 - 000001146 _____ C:\Users\Jesus\_readme.txt 2019-06-27 17:59 - 2019-06-27 17:59 - 000000000 ____D C:\SystemID 2019-06-27 17:38 - 2019-07-11 18:35 - 000000000 ____D C:\AdwCleaner 2019-06-27 16:54 - 2019-06-28 22:41 - 007648856 _____ C:\Windows\ntbtlog.txt 2019-06-27 16:52 - 2019-06-28 19:48 - 000000000 ____D C:\Users\Jesus\AppData\Roaming\Intel Rapid 2019-06-27 16:51 - 2019-06-27 16:51 - 000000000 ____D C:\Windows\system32\bpwhajf 2019-06-27 16:50 - 2019-07-11 15:43 - 000000000 ____D C:\ProgramData\cf4620d67a 2019-06-27 16:50 - 2019-06-27 16:51 - 000000000 _____ C:\ProgramData\0 2019-06-27 16:50 - 2019-06-27 16:50 - 000000000 ____D C:\Program Files (x86) 2019-06-27 16:44 - 2019-06-28 19:48 - 000000000 ____D C:\Users\Jesus\AppData\Local\App 2019-06-27 15:38 - 2019-06-27 15:38 - 000000000 ____D C:\ProgramData\{535BC512-FCF5-C288-8DE1-0B4E8D06521F} 2019-06-27 15:38 - 2019-06-27 15:38 - 000000000 ____D C:\ProgramData\{154D6452-5DB5-849E-CD40-1D08CDA74459} 2019-06-27 15:37 - 2019-06-27 15:37 - 000000000 ____D C:\ProgramData\{456B9E1A-A7FD-D4B8-85BA-3B58855D6209} ==================== One month (modified) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-07-11 18:44 - 2009-07-14 06:34 - 000014336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2019-07-11 18:44 - 2009-07-14 06:34 - 000014336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2019-07-11 18:36 - 2014-10-11 09:08 - 000000000 _____ C:\Windows\system32\Drivers\lvuvc.hs 2019-07-11 18:36 - 2009-07-14 06:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2019-07-11 18:29 - 2015-12-12 11:50 - 000000000 ____D C:\ProgramData\Malwarebytes 2019-07-11 16:38 - 2014-10-11 20:20 - 000001060 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2019-07-11 15:46 - 2014-10-10 14:31 - 000001051 _____ C:\Users\Jesus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2019-07-10 16:37 - 2014-10-10 17:43 - 000842296 _____ (Adobe) C:\Windows\system32\FlashPlayerApp.exe 2019-07-10 16:37 - 2014-10-10 17:43 - 000175160 _____ (Adobe) C:\Windows\system32\FlashPlayerCPLApp.cpl 2019-07-10 16:36 - 2019-04-30 08:49 - 000722944 _____ C:\Users\Jesus\AppData\Local\sha.db 2019-07-10 16:35 - 2019-02-23 10:46 - 000001033 _____ C:\Users\Jesus\Desktop\Internet Explorer.lnk 2019-07-10 16:35 - 2014-10-10 17:43 - 000000000 ____D C:\Windows\system32\Macromed 2019-06-28 22:38 - 2019-04-30 08:38 - 000000000 ____D C:\Users\Jesus\Desktop\Revo Uninstaller Pro 3.1.8 + Crack 2019-06-27 18:21 - 2016-12-16 12:01 - 000000000 ____D C:\ProgramData\panda_url_filtering 2019-06-27 18:21 - 2016-02-14 21:31 - 000000000 ____D C:\ProgramData\Leawo 2019-06-27 18:21 - 2015-12-12 18:46 - 000000000 ____D C:\ProgramData\TuneUp Software 2019-06-27 18:04 - 2017-12-22 19:43 - 000013834 _____ C:\ProgramData\agent.1513964574.bdinstall.bin.nusar 2019-06-27 18:04 - 2017-12-22 10:59 - 000048815 _____ C:\ProgramData\agent.1513933099.bdinstall.bin.nusar 2019-06-27 17:59 - 2018-01-02 21:20 - 000000000 ____D C:\Log 2019-06-27 17:59 - 2017-01-01 19:25 - 000000000 ____D C:\32788R22FWJFW 2019-06-27 17:59 - 2017-01-01 13:36 - 000000000 ____D C:\Qoobox 2019-06-27 17:59 - 2016-02-09 19:52 - 000000000 ____D C:\ADCDA2 2019-06-27 17:59 - 2016-01-30 12:46 - 000000000 ____D C:\FSTool 2019-06-27 17:59 - 2016-01-16 10:46 - 000000000 ____D C:\swsetup 2019-06-27 17:59 - 2016-01-16 10:34 - 000000000 ____D C:\3DP 2019-06-27 17:59 - 2015-12-13 10:09 - 000000000 ____D C:\5c2442cc8343137fe983b496da 2019-06-27 17:59 - 2014-10-10 17:24 - 000000000 ____D C:\OEMSettings 2019-06-27 17:59 - 2014-10-10 14:28 - 000000000 ____D C:\Users\Jesus\AppData\Local\VirtualStore 2019-06-27 17:59 - 2014-10-10 14:28 - 000000000 ____D C:\Users\Jesus 2019-06-27 17:59 - 1980-01-04 17:49 - 000000000 ____D C:\_PoliFix 2019-06-27 17:59 - 1980-01-04 15:58 - 000000000 ____D C:\_AT-Destroyer 2019-06-27 16:39 - 2017-02-26 15:05 - 000001239 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk 2019-06-27 16:39 - 2017-02-26 15:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro 2019-06-27 15:40 - 2019-04-30 08:51 - 000000000 ____D C:\ProgramData\{2F48096D-308A-BE9B-F22D-1832F2CA4163} 2019-06-27 15:39 - 2019-04-30 08:51 - 000000000 ____D C:\ProgramData\{EBC7031C-3AFB-7A14-8327-97F683C0CEA7} 2019-06-26 21:23 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\system32\NDF 2019-06-26 21:21 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\inf 2019-06-26 18:48 - 2016-01-31 11:14 - 000000000 ____D C:\Program Files\CCleaner 2019-06-26 17:26 - 2014-10-10 15:31 - 000000000 ____D C:\Users\Jesus\AppData\Local\ElevatedDiagnostics ==================== Files in the root of some directories ================ 2019-04-30 08:52 - 2019-04-30 08:52 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll 2019-04-30 08:53 - 2019-04-30 08:53 - 001246160 _____ (Mozilla Foundation) C:\ProgramData\nss3.dll 2018-11-16 09:27 - 2018-11-22 18:16 - 000000099 _____ () C:\Users\Jesus\AppData\Roaming\default.pls 2016-01-16 10:13 - 2016-01-16 10:13 - 000034898 _____ () C:\Users\Jesus\AppData\Roaming\ICSW_1H1T1I1T2X1L1Q1TtJ1V0O1E1P1C1T1V0I0C.txt 2019-07-11 16:36 - 2019-07-11 16:36 - 000000055 _____ () C:\Users\Jesus\AppData\Roaming\mbam.context.scan 2016-01-16 11:18 - 2016-01-16 11:18 - 000000047 _____ () C:\Users\Jesus\AppData\Roaming\WB.CFG 2019-04-30 08:50 - 2019-04-30 08:50 - 000054272 _____ () C:\Users\Jesus\AppData\Local\ApplicationHosting.dat 2019-04-30 08:49 - 2019-04-30 08:49 - 000140800 _____ () C:\Users\Jesus\AppData\Local\installer.dat 2019-04-30 08:50 - 2019-04-30 08:50 - 000126464 _____ () C:\Users\Jesus\AppData\Local\lobby.dat 2016-02-06 20:01 - 2018-11-15 11:20 - 000007648 _____ () C:\Users\Jesus\AppData\Local\Resmon.ResmonCfg 2019-04-30 08:49 - 2019-07-10 16:36 - 000722944 _____ () C:\Users\Jesus\AppData\Local\sha.db ==================== SigCheck =============================== (There is no automatic fix for files that do not pass verification.) LastRegBack: 2018-11-23 13:54 ==================== End of FRST.txt ============================ ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NBKeyScan] => C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2221352 2008-12-02] (Nero AG -> Nero AG) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1002984 2016-11-14] (Microsoft Corporation -> Microsoft Corporation) HKLM\...\Run: [MSSE] => C:\Program Files\Microsoft Security Essentials\msseces.exe [1093208 2010-06-01] (Microsoft Corporation -> Microsoft Corporation) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-1081597828-3468294824-614267853-1000\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1840424 2008-12-12] (Nero AG -> Nero AG) HKU\S-1-5-21-1081597828-3468294824-614267853-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1 HKU\S-1-5-21-1081597828-3468294824-614267853-1000\...\Policies\Explorer: [NoSaveSettings] 0 HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 HKLM\...\Drivers32: [vidc.i420] => C:\Windows\system32\lvcodec2.dll [305000 2017-12-14] (Logitech, Inc. -> Logitech Inc.) HKLM\Software\Microsoft\Active Setup\Installed Components: [{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] -> C:\Windows\system32\advpack.dll [2009-07-14] (Microsoft Windows -> Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ST5UNST Uninstaller.LNK [2019-01-31] ShortcutTarget: ST5UNST Uninstaller.LNK -> C:\Windows\ST5UNST.EXE (Microsoft Corporation) [File not signed] GroupPolicy: Restriction ? <==== ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION CHR HKU\S-1-5-21-1081597828-3468294824-614267853-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0D9F9892-18B1-4093-B21C-D9F435B89B59} - System32\Tasks\{2DB42293-1F51-41EC-9F8E-99776A7DCB77} => C:\Windows\system32\pcalua.exe -a C:\Users\Jesus\Desktop\vcredist_x64.exe -d C:\Users\Jesus\Desktop Task: {17CD6126-66AE-482A-8A72-37E8957141F9} - \{0D0F0947-7F0F-0D09-0411-7F057F09117E} -> No File <==== ATTENTION Task: {29D3979F-0E19-44D0-A052-C2BD2B691266} - System32\Tasks\{87A46C48-B1F8-47EA-AA3C-6A3AAE8140D0} => C:\Windows\system32\pcalua.exe -a C:\Users\Jesus\Desktop\vcredist_x86.exe -d C:\Users\Jesus\Desktop Task: {400DA2B2-5D5D-44C5-AF8A-A8E706671273} - System32\Tasks\{494DB375-A215-4FB2-83C0-CF96388B8615} => C:\Windows\system32\pcalua.exe -a C:\Users\Jesus\Downloads\covermania.exe -d C:\Users\Jesus\Downloads Task: {4166E8E5-9828-4C03-AAAA-5F8042511660} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [14679256 2019-01-10] (Piriform Software Ltd -> Piriform Software Ltd) Task: {4EA38C87-2444-425E-B204-41906463FEC0} - System32\Tasks\{AAABCBF9-8CDD-41CC-8455-FA3CA8EB4656} => C:\Windows\system32\pcalua.exe -a C:\Users\Jesus\Desktop\vcredist_x86.exe -d C:\Users\Jesus\Desktop Task: {572630E7-55A5-4B22-8E94-4810612ADD35} - System32\Tasks\{10CA7B48-7836-49E8-9091-105D97BF26E8} => C:\Windows\system32\pcalua.exe -a "C:\Users\Jesus\Desktop\Disco duro HP Barcelona\descar programas\covermania.exe" -d "C:\Users\Jesus\Desktop\Disco duro HP Barcelona\descar programas" Task: {6E877B5C-7D70-4504-9407-486E7C90ECBF} - System32\Tasks\{BADEFD76-A40E-4940-B0DC-8A24058A3AA1} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe" -d "C:\Program Files\VS Revo Group\Revo Uninstaller Pro" Task: {731CCB58-546D-46F4-83F4-02A9EC897451} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [345824 2016-11-14] (Microsoft Corporation -> Microsoft Corporation) Task: {7A5188BA-C71C-4B0A-A2E3-28D6A7104730} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [601424 2018-12-16] (Oracle America, Inc. -> Oracle Corporation) Task: {9989F82F-F111-41FD-9EA1-42AC818A93A3} - System32\Tasks\{3C197E48-B381-4E29-8EB0-214D56994696} => C:\Windows\system32\pcalua.exe -a C:\Users\Jesus\AppData\Local\Temp\jre-8u211-windows-au.exe -d C:\Windows\system32 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION Task: {AAC507DB-49FF-4B4E-ACBB-0073EF9927AF} - System32\Tasks\{C8E5A939-72EE-4066-AC8A-AC33C72D40F1} => C:\Windows\system32\pcalua.exe -a C:\Users\Jesus\AppData\Local\Temp\jre-8u151-windows-au.exe -d C:\Windows\system32 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION Task: {B025D82E-5872-44F5-9D9A-E86193A9FB8A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Task: {B2EFB78B-75C2-4964-8A92-C9042F8AD28C} - System32\Tasks\{5DE9A448-1CDC-401A-9A38-9E949F087244} => C:\Windows\system32\pcalua.exe -a "H:\Nueva carpeta\Nueva carpeta\disco del compaq presario 6 del 2014\documentos yprog\Programas\covermania.exe" Task: {B4E27ACD-11DB-45F2-8C2C-EB1AE5176240} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-07] (Piriform Software Ltd -> Piriform Software Ltd) Task: {D8F22DF8-23B6-41FB-9CF0-A54F350AD6D9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-07-10] (Adobe Inc. -> Adobe) Task: {E1037EB5-7FD6-4D0D-A1BF-2320E9145CA9} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [345824 2016-11-14] (Microsoft Corporation -> Microsoft Corporation) Task: {F0746E05-9613-4473-B790-5BD52A5A0316} - System32\Tasks\{165116D1-8B58-4DDC-A568-43C3D1F08CE1} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\Program Files\VS Revo Group\Revo Uninstaller" (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 80.58.61.250 80.58.61.254 Tcpip\Parameters: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{01155619-D5B4-455B-86F3-80F74E8481EB}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{05436967-3380-4719-BFC3-133402B5FBAC}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{05436967-3380-4719-BFC3-133402B5FBAC}: [DhcpNameServer] 80.58.61.250 80.58.61.254 Tcpip\..\Interfaces\{1924F672-085B-441A-91F7-033E2479FF1B}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{1924F672-085B-441A-91F7-033E2479FF1B}: [DhcpNameServer] 8.8.8.8 Tcpip\..\Interfaces\{e29ac6c2-7037-11de-816d-806e6f6e6963}: [NameServer] 8.8.8.8 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://es.yahoo.com/?fr=fp-yie11 HKU\S-1-5-21-1081597828-3468294824-614267853-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-es/?ocid=iehp HKU\S-1-5-21-1081597828-3468294824-614267853-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://es.yahoo.com/?fr=fp-yie11 BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_201\bin\ssv.dll [2019-02-07] (Oracle America, Inc. -> Oracle Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-02-07] (Oracle America, Inc. -> Oracle Corporation) DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} hxxp://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab FireFox: ======== FF Plugin: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-02-07] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-02-07] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-03-25] (Adobe Inc. -> Adobe Systems Inc.) Chrome: ======= CHR Profile: C:\Users\Jesus\AppData\Local\Google\Chrome\User Data\Default [2019-06-27] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Leawo_service; C:\Program Files\Common Files\Appkeys\yytool.exe [942576 2015-08-11] (Shenzhen Moyea Software -> ) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5394136 2019-06-26] (Malwarebytes Corporation -> Malwarebytes) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [103696 2016-11-14] (Microsoft Corporation -> Microsoft Corporation) S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280864 2016-11-14] (Microsoft Corporation -> Microsoft Corporation) R2 PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Windows -> Microsoft Corporation) R2 WPSService20; C:\Program Files\ASUS USB-N13 Wireless LAN Driver\WPSService20.exe [96768 2014-05-06] () [File not signed] S2 bpwhajf; C:\Windows\system32\bpwhajf\siohiqgp.exe /d"C:\Users\Jesus\copjeaby.exe" ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL) R3 b57nd60x; C:\Windows\System32\DRIVERS\b57nd60x.sys [415000 2015-07-03] (Broadcom Corporation -> Broadcom Corporation) S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [47552 2017-12-19] (SurfRight B.V. -> ) R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2017-01-16] (Martin Malik - REALiX -> REALiX(tm)) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [241760 2019-07-11] (Malwarebytes Corporation -> Malwarebytes) S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security S.L -> Panda Security, S.L.) S3 RTL8187B; C:\Windows\System32\DRIVERS\wg111v3.sys [376832 2009-11-18] (Microsoft Windows Hardware Compatibility Publisher -> NETGEAR Inc. ) S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [3238616 2015-10-08] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation ) R3 smwdm; C:\Windows\System32\drivers\smwdm.sys [220992 2005-03-28] (Microsoft Windows Hardware Compatibility Publisher -> Analog Devices, Inc.) S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2015-06-17] (Apple, Inc.) [File not signed] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-07-11 18:48 - 2019-07-11 18:54 - 000022335 _____ C:\Users\Jesus\Desktop\Addition.txt 2019-07-11 18:44 - 2019-07-11 18:56 - 000035465 _____ C:\Users\Jesus\Desktop\FRST.txt 2019-07-11 18:44 - 2019-07-11 18:54 - 000000000 ____D C:\FRST 2019-07-11 18:41 - 2019-07-11 18:44 - 000000554 _____ C:\Users\Jesus\Desktop\JRT.txt 2019-07-11 18:38 - 2019-07-11 18:38 - 000002620 _____ C:\Users\Jesus\Desktop\AdwCleaner[C00].txt 2019-07-11 18:37 - 2019-07-11 18:37 - 000241760 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2019-07-11 18:31 - 2019-07-11 18:31 - 000000000 ____D C:\Users\Jesus\AppData\Local\mbam 2019-07-11 18:30 - 2019-07-11 18:30 - 000001957 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2019-07-11 18:30 - 2019-07-11 18:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2019-07-11 18:29 - 2019-07-11 18:29 - 000000000 ____D C:\Program Files\Malwarebytes 2019-07-11 18:29 - 2019-01-08 16:32 - 000128552 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys 2019-07-11 18:26 - 2019-07-11 18:26 - 001446912 _____ (Farbar) C:\Users\Jesus\Desktop\FRST.exe 2019-07-11 18:22 - 2019-07-11 18:22 - 001790024 _____ (Malwarebytes) C:\Users\Jesus\Desktop\JRT.exe 2019-07-11 18:21 - 2019-07-11 18:21 - 007025360 _____ (Malwarebytes) C:\Users\Jesus\Desktop\adwcleaner_7.3.exe 2019-07-11 18:20 - 2019-07-11 18:20 - 064522520 _____ (Malwarebytes ) C:\Users\Jesus\Desktop\mb3-setup-consumer-3.8.3.2965-1.0.613-1.0.11482.exe 2019-07-11 16:38 - 2019-07-11 16:42 - 000000000 ____D C:\Program Files\Microsoft Security Essentials 2019-07-11 16:36 - 2019-07-11 16:36 - 000000055 _____ C:\Users\Jesus\AppData\Roaming\mbam.context.scan 2019-07-11 16:35 - 2019-07-11 16:47 - 000000000 ____D C:\Users\Jesus\Desktop\nuevo Malwarebytes 2019-06-28 19:41 - 2013-04-29 08:17 - 000047632 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys 2019-06-27 18:00 - 2019-06-27 18:00 - 000001146 _____ C:\Users\Public\Documents\_readme.txt 2019-06-27 18:00 - 2019-06-27 18:00 - 000001146 _____ C:\ProgramData\_readme.txt 2019-06-27 17:59 - 2019-06-28 19:48 - 000000000 ____D C:\Users\Jesus\AppData\Local\f69c7d41-8f50-489b-b568-9de6f7fac37f 2019-06-27 17:59 - 2019-06-27 17:59 - 000001146 _____ C:\Users\Jesus\_readme.txt 2019-06-27 17:59 - 2019-06-27 17:59 - 000000000 ____D C:\SystemID 2019-06-27 17:38 - 2019-07-11 18:35 - 000000000 ____D C:\AdwCleaner 2019-06-27 16:54 - 2019-06-28 22:41 - 007648856 _____ C:\Windows\ntbtlog.txt 2019-06-27 16:52 - 2019-06-28 19:48 - 000000000 ____D C:\Users\Jesus\AppData\Roaming\Intel Rapid 2019-06-27 16:51 - 2019-06-27 16:51 - 000000000 ____D C:\Windows\system32\bpwhajf 2019-06-27 16:50 - 2019-07-11 15:43 - 000000000 ____D C:\ProgramData\cf4620d67a 2019-06-27 16:50 - 2019-06-27 16:51 - 000000000 _____ C:\ProgramData\0 2019-06-27 16:50 - 2019-06-27 16:50 - 000000000 ____D C:\Program Files (x86) 2019-06-27 16:44 - 2019-06-28 19:48 - 000000000 ____D C:\Users\Jesus\AppData\Local\App 2019-06-27 15:38 - 2019-06-27 15:38 - 000000000 ____D C:\ProgramData\{535BC512-FCF5-C288-8DE1-0B4E8D06521F} 2019-06-27 15:38 - 2019-06-27 15:38 - 000000000 ____D C:\ProgramData\{154D6452-5DB5-849E-CD40-1D08CDA74459} 2019-06-27 15:37 - 2019-06-27 15:37 - 000000000 ____D C:\ProgramData\{456B9E1A-A7FD-D4B8-85BA-3B58855D6209} ==================== One month (modified) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-07-11 18:53 - 2014-10-10 20:34 - 000689028 _____ C:\Windows\system32\perfh007.dat 2019-07-11 18:53 - 2014-10-10 20:34 - 000149000 _____ C:\Windows\system32\perfc007.dat 2019-07-11 18:53 - 2014-10-10 14:31 - 002515748 _____ C:\Windows\system32\PerfStringBackup.INI 2019-07-11 18:53 - 2009-07-14 10:48 - 000747622 _____ C:\Windows\system32\perfh00A.dat 2019-07-11 18:53 - 2009-07-14 10:48 - 000159094 _____ C:\Windows\system32\perfc00A.dat 2019-07-11 18:53 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\inf 2019-07-11 18:44 - 2009-07-14 06:34 - 000014336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2019-07-11 18:44 - 2009-07-14 06:34 - 000014336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2019-07-11 18:36 - 2014-10-11 09:08 - 000000000 _____ C:\Windows\system32\Drivers\lvuvc.hs 2019-07-11 18:36 - 2009-07-14 06:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2019-07-11 18:29 - 2015-12-12 11:50 - 000000000 ____D C:\ProgramData\Malwarebytes 2019-07-11 16:38 - 2014-10-11 20:20 - 000001060 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2019-07-11 15:46 - 2014-10-10 14:31 - 000001051 _____ C:\Users\Jesus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2019-07-10 16:37 - 2014-10-10 17:43 - 000842296 _____ (Adobe) C:\Windows\system32\FlashPlayerApp.exe 2019-07-10 16:37 - 2014-10-10 17:43 - 000175160 _____ (Adobe) C:\Windows\system32\FlashPlayerCPLApp.cpl 2019-07-10 16:36 - 2019-04-30 08:49 - 000722944 _____ C:\Users\Jesus\AppData\Local\sha.db 2019-07-10 16:35 - 2019-02-23 10:46 - 000001033 _____ C:\Users\Jesus\Desktop\Internet Explorer.lnk 2019-07-10 16:35 - 2014-10-10 17:43 - 000000000 ____D C:\Windows\system32\Macromed 2019-06-28 22:38 - 2019-04-30 08:38 - 000000000 ____D C:\Users\Jesus\Desktop\Revo Uninstaller Pro 3.1.8 + Crack 2019-06-27 18:21 - 2016-12-16 12:01 - 000000000 ____D C:\ProgramData\panda_url_filtering 2019-06-27 18:21 - 2016-02-14 21:31 - 000000000 ____D C:\ProgramData\Leawo 2019-06-27 18:21 - 2015-12-12 18:46 - 000000000 ____D C:\ProgramData\TuneUp Software 2019-06-27 18:04 - 2017-12-22 19:43 - 000013834 _____ C:\ProgramData\agent.1513964574.bdinstall.bin.nusar 2019-06-27 18:04 - 2017-12-22 10:59 - 000048815 _____ C:\ProgramData\agent.1513933099.bdinstall.bin.nusar 2019-06-27 17:59 - 2018-01-02 21:20 - 000000000 ____D C:\Log 2019-06-27 17:59 - 2017-01-01 19:25 - 000000000 ____D C:\32788R22FWJFW 2019-06-27 17:59 - 2017-01-01 13:36 - 000000000 ____D C:\Qoobox 2019-06-27 17:59 - 2016-02-09 19:52 - 000000000 ____D C:\ADCDA2 2019-06-27 17:59 - 2016-01-30 12:46 - 000000000 ____D C:\FSTool 2019-06-27 17:59 - 2016-01-16 10:46 - 000000000 ____D C:\swsetup 2019-06-27 17:59 - 2016-01-16 10:34 - 000000000 ____D C:\3DP 2019-06-27 17:59 - 2015-12-13 10:09 - 000000000 ____D C:\5c2442cc8343137fe983b496da 2019-06-27 17:59 - 2014-10-10 17:24 - 000000000 ____D C:\OEMSettings 2019-06-27 17:59 - 2014-10-10 14:28 - 000000000 ____D C:\Users\Jesus\AppData\Local\VirtualStore 2019-06-27 17:59 - 2014-10-10 14:28 - 000000000 ____D C:\Users\Jesus 2019-06-27 17:59 - 1980-01-04 17:49 - 000000000 ____D C:\_PoliFix 2019-06-27 17:59 - 1980-01-04 15:58 - 000000000 ____D C:\_AT-Destroyer 2019-06-27 16:39 - 2017-02-26 15:05 - 000001239 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk 2019-06-27 16:39 - 2017-02-26 15:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro 2019-06-27 15:40 - 2019-04-30 08:51 - 000000000 ____D C:\ProgramData\{2F48096D-308A-BE9B-F22D-1832F2CA4163} 2019-06-27 15:39 - 2019-04-30 08:51 - 000000000 ____D C:\ProgramData\{EBC7031C-3AFB-7A14-8327-97F683C0CEA7} 2019-06-26 21:23 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\system32\NDF 2019-06-26 18:48 - 2016-01-31 11:14 - 000000000 ____D C:\Program Files\CCleaner 2019-06-26 17:26 - 2014-10-10 15:31 - 000000000 ____D C:\Users\Jesus\AppData\Local\ElevatedDiagnostics ==================== Files in the root of some directories ================ 2019-04-30 08:52 - 2019-04-30 08:52 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll 2019-04-30 08:53 - 2019-04-30 08:53 - 001246160 _____ (Mozilla Foundation) C:\ProgramData\nss3.dll 2018-11-16 09:27 - 2018-11-22 18:16 - 000000099 _____ () C:\Users\Jesus\AppData\Roaming\default.pls 2016-01-16 10:13 - 2016-01-16 10:13 - 000034898 _____ () C:\Users\Jesus\AppData\Roaming\ICSW_1H1T1I1T2X1L1Q1TtJ1V0O1E1P1C1T1V0I0C.txt 2019-07-11 16:36 - 2019-07-11 16:36 - 000000055 _____ () C:\Users\Jesus\AppData\Roaming\mbam.context.scan 2016-01-16 11:18 - 2016-01-16 11:18 - 000000047 _____ () C:\Users\Jesus\AppData\Roaming\WB.CFG 2019-04-30 08:50 - 2019-04-30 08:50 - 000054272 _____ () C:\Users\Jesus\AppData\Local\ApplicationHosting.dat 2019-04-30 08:49 - 2019-04-30 08:49 - 000140800 _____ () C:\Users\Jesus\AppData\Local\installer.dat 2019-04-30 08:50 - 2019-04-30 08:50 - 000126464 _____ () C:\Users\Jesus\AppData\Local\lobby.dat 2016-02-06 20:01 - 2018-11-15 11:20 - 000007648 _____ () C:\Users\Jesus\AppData\Local\Resmon.ResmonCfg 2019-04-30 08:49 - 2019-07-10 16:36 - 000722944 _____ () C:\Users\Jesus\AppData\Local\sha.db ==================== SigCheck =============================== (There is no automatic fix for files that do not pass verification.) LastRegBack: 2018-11-23 13:54 ==================== End of FRST.txt ============================