Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-11-2016 ([color=red]ATTENTION: ====> FRSTversion is 995 days old and could be outdated[/color]) Ran by USER (administrator) on TS-410-011 (12-08-2019 09:47:18) Running from C:\Users\USER\Desktop Loaded Profiles: USER (Available Profiles: USER) Platform: Windows 8.1 Pro (Update) (X64) Language: Inglés (Estados Unidos) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Qihoo 360 Technology Co. Ltd.) C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe (SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe (Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe (QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIRCE.EXE (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe (QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\360TsLiveUpd.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1150760 2018-04-06] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\360Tray.exe [345000 2019-07-03] (QIHU 360 SOFTWARE CO. LIMITED) HKU\S-1-5-21-3656506250-1004275624-1601521956-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIRCE.EXE [417776 2014-11-14] (SEIKO EPSON CORPORATION) ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: 0.0.0.0 keystone.mwbsys.com Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{E7D99F22-F7B8-4F77-B8B4-4ABB3956D760}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.uy HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.uy HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKU\S-1-5-21-3656506250-1004275624-1601521956-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.uy HKU\S-1-5-21-3656506250-1004275624-1601521956-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-xl/?ocid=iehp BHO: No Name -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> No File BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon64.dll [2019-07-03] (Qihu 360 Software Co., Ltd.) BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION) BHO-x32: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon.dll [2019-07-03] (Qihu 360 Software Co., Ltd.) Toolbar: HKLM - No Name - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - No File Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION) FireFox: ======== FF DefaultProfile: 2202i9l3.default-1530624877979 FF ProfilePath: Profiles/2202i9l3.default-1530624877979 [not found] FF ProfilePath: C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\2202i9l3.default-1530624877979 [2019-08-11] FF Homepage: Mozilla\Firefox\Profiles\2202i9l3.default-1530624877979 -> hxxp://www.google.com.uy FF Extension: (ETP Search Volume Study) - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\2202i9l3.default-1530624877979\Extensions\etp-search-volume-study@shield.mozilla.org.xpi [2019-07-25] FF Extension: (360 Internet Protection) - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\2202i9l3.default-1530624877979\Extensions\InternetProtection@360safe.com.xpi [2019-08-11] FF Extension: (uBlock Origin) - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\2202i9l3.default-1530624877979\Extensions\uBlock0@raymondhill.net.xpi [2019-08-11] FF Extension: (Firefox Monitor) - C:\Program Files\Mozilla Firefox\browser\features\fxmonitor@mozilla.org.xpi [2019-07-17] [not signed] FF Extension: (Firefox Screenshots) - C:\Program Files\Mozilla Firefox\browser\features\screenshots@mozilla.org.xpi [2019-07-17] [not signed] FF Extension: (WebCompat Reporter) - C:\Program Files\Mozilla Firefox\browser\features\webcompat-reporter@mozilla.org.xpi [2019-07-17] [not signed] FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2018-09-11] [not signed] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_223.dll [2019-07-09] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_223.dll [2019-07-09] () FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google LLC) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google LLC) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-02] (Adobe Systems Inc.) Chrome: ======= CHR StartupUrls: Default -> "hxxps://www.google.com.uy/" CHR Profile: C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default [2019-08-11] CHR Extension: (Presentaciones) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12] CHR Extension: (Documentos) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12] CHR Extension: (Google Drive) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-24] CHR Extension: (YouTube) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-27] CHR Extension: (Hojas de cálculo) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12] CHR Extension: (Documentos de Google sin conexión) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-16] CHR Extension: (Uberwords) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgoolbpigpolpnmgcppgjiohgkehcfod [2018-06-02] CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03] CHR Extension: (Gmail) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-03-26] CHR Extension: (Chrome Media Router) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-07] CHR HKLM-x32\...\Chrome\Extension: [glcimepnljoholdmjchkloafkggfoijh] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-07-09] (Adobe) R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [681400 2018-11-21] (SEIKO EPSON CORPORATION) R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [145224 2016-01-13] (Seiko Epson Corporation) S3 GoogleChromeElevationService; C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.100\elevation_service.exe [1096176 2019-08-05] (Google LLC) R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed] R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes) R2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [960576 2019-07-03] (Qihoo 360 Technology Co. Ltd.) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11969880 2019-07-03] (TeamViewer GmbH) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-04-02] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-04-02] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 360AntiHacker; C:\WINDOWS\System32\Drivers\360AntiHacker64.sys [190384 2019-07-03] (360.cn) R3 360AvFlt; C:\WINDOWS\System32\DRIVERS\360AvFlt.sys [86248 2019-07-03] (360.cn) R3 360AvFlt; C:\Windows\SysWOW64\DRIVERS\360AvFlt.sys [86248 2019-07-03] (360.cn) R1 360Box64; C:\WINDOWS\System32\DRIVERS\360Box64.sys [335280 2019-07-03] (360.cn) S3 360Camera; C:\WINDOWS\System32\Drivers\360Camera64.sys [49088 2019-07-03] (360.cn) R1 360FsFlt; C:\WINDOWS\System32\DRIVERS\360FsFlt.sys [454208 2019-07-03] (360.cn) R1 360netmon; C:\WINDOWS\System32\DRIVERS\360netmon.sys [96424 2019-07-03] (360.cn) S3 athr; C:\WINDOWS\system32\DRIVERS\athwbx.sys [3859968 2013-08-22] (Qualcomm Atheros Communications, Inc.) R1 BAPIDRV; C:\WINDOWS\System32\DRIVERS\BAPIDRV64.sys [217520 2019-07-03] (360.cn) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-08-21] () R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [192960 2019-08-11] (Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [101824 2019-08-11] (Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [45472 2019-08-11] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [253888 2019-08-11] (Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [94144 2019-08-12] (Malwarebytes) S3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [288328 2013-01-23] (Realtek Semiconductor Corp.) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44024 2015-04-02] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [264000 2015-04-02] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114496 2015-04-02] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-08-12 09:47 - 2019-08-12 09:48 - 00012576 _____ C:\Users\USER\Desktop\FRST.txt 2019-08-12 09:44 - 2019-08-12 09:47 - 00000000 ____D C:\FRST 2019-08-12 09:43 - 2016-11-20 10:40 - 03910208 _____ C:\Users\USER\Desktop\adwcleaner_6.030.exe 2019-08-12 09:42 - 2019-08-12 09:45 - 00000000 ____D C:\Users\USER\Desktop\ParaSaberQueEs 2019-08-12 09:42 - 2016-11-20 11:01 - 02413056 _____ (Farbar) C:\Users\USER\Desktop\FRST64.exe 2019-08-11 14:16 - 2019-08-12 09:47 - 00094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2019-08-11 14:16 - 2019-08-11 14:16 - 00253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2019-08-11 14:16 - 2019-08-11 14:16 - 00192960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys 2019-08-11 14:16 - 2019-08-11 14:16 - 00101824 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2019-08-11 14:16 - 2019-08-11 14:16 - 00045472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2019-08-11 14:16 - 2019-08-11 14:16 - 00001890 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2019-08-11 14:16 - 2019-08-11 14:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2019-08-11 14:16 - 2017-08-21 07:20 - 00077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys 2019-08-11 14:15 - 2019-08-11 14:15 - 00000000 ____D C:\ProgramData\MB2Migration 2019-08-11 14:15 - 2019-08-11 14:15 - 00000000 ____D C:\Program Files\Malwarebytes 2019-08-11 14:11 - 2019-08-11 14:11 - 00000000 __SHD C:\Users\USER\AppData\Roaming\360Quarant 2019-08-11 14:04 - 2019-08-11 14:04 - 00000000 __SHD C:\$360Section 2019-08-11 14:00 - 2019-08-11 14:00 - 00000000 ____D C:\ProgramData\360sd 2019-08-11 13:56 - 2019-08-11 14:04 - 00000000 ____D C:\ProgramData\360Quarant 2019-08-11 13:54 - 2019-08-11 14:05 - 00000000 ____D C:\Users\USER\AppData\LocalLow\360WD 2019-08-11 13:54 - 2019-08-11 13:56 - 00000000 ____D C:\Users\USER\AppData\Roaming\360safe 2019-08-11 13:54 - 2019-08-11 13:54 - 00000000 ____D C:\ProgramData\360TotalSecurity 2019-08-11 13:54 - 2019-07-03 01:24 - 00086248 _____ (360.cn) C:\WINDOWS\SysWOW64\Drivers\360AvFlt.sys 2019-08-11 13:53 - 2019-08-11 13:53 - 00001176 _____ C:\Users\Public\Desktop\360 Total Security.lnk 2019-08-11 13:53 - 2019-08-11 13:53 - 00000000 _RSHD C:\360SANDBOX 2019-08-11 13:53 - 2019-08-11 13:53 - 00000000 ____D C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\360 Security Center 2019-08-11 13:53 - 2019-08-11 13:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360 Security Center 2019-08-11 13:53 - 2019-08-11 13:53 - 00000000 ____D C:\ProgramData\360safe 2019-08-11 13:53 - 2019-07-03 01:24 - 00454208 _____ (360.cn) C:\WINDOWS\system32\Drivers\360fsflt.sys 2019-08-11 13:53 - 2019-07-03 01:24 - 00335280 _____ (360.cn) C:\WINDOWS\system32\Drivers\360Box64.sys 2019-08-11 13:53 - 2019-07-03 01:24 - 00217520 _____ (360.cn) C:\WINDOWS\system32\Drivers\BAPIDRV64.SYS 2019-08-11 13:53 - 2019-07-03 01:24 - 00190384 _____ (360.cn) C:\WINDOWS\system32\Drivers\360AntiHacker64.sys 2019-08-11 13:53 - 2019-07-03 01:24 - 00096424 _____ (360.cn) C:\WINDOWS\system32\Drivers\360netmon.sys 2019-08-11 13:53 - 2019-07-03 01:24 - 00086248 _____ (360.cn) C:\WINDOWS\system32\Drivers\360AvFlt.sys 2019-08-11 13:53 - 2019-07-03 01:24 - 00049088 _____ (360.cn) C:\WINDOWS\system32\Drivers\360Camera64.sys 2019-08-11 13:51 - 2019-08-11 13:51 - 00000000 ____D C:\Program Files (x86)\360 2019-08-11 13:42 - 2019-08-11 13:42 - 00000000 ____D C:\Users\USER\AppData\Roaming\Baidu 2019-08-09 20:19 - 2019-08-09 20:19 - 00028979 _____ C:\Users\USER\Downloads\2° Pago Brou- Tarjeta.pdf 2019-08-06 19:17 - 2019-08-06 19:13 - 00044032 _____ C:\Users\USER\Downloads\C00551-201907-$-190806-092707.xls 2019-08-06 14:46 - 2019-08-06 14:46 - 00294657 _____ C:\Users\USER\Desktop\Seguro- Certificado.pdf 2019-08-06 14:44 - 2019-08-06 14:44 - 00223139 _____ C:\Users\USER\Desktop\Seguro- Pago.pdf 2019-08-06 11:57 - 2019-08-06 11:57 - 00000000 ____D C:\Users\USER\AppData\Local\TeamViewer 2019-08-06 11:55 - 2019-08-06 11:55 - 00000990 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 14.lnk 2019-08-06 11:55 - 2019-08-06 11:55 - 00000978 _____ C:\Users\Public\Desktop\TeamViewer 14.lnk 2019-08-05 19:56 - 2019-08-05 19:56 - 00032001 _____ C:\Users\USER\Downloads\Certificado Correa (2).pdf 2019-08-05 10:43 - 2019-08-05 10:43 - 00015454 _____ C:\Users\USER\Downloads\Estado de Cuenta FUCAC.pdf 2019-07-29 21:05 - 2019-07-29 21:05 - 00028996 _____ C:\Users\USER\Downloads\comprobantePagoDeServicio (31).pdf 2019-07-26 16:28 - 2019-07-26 16:28 - 00110094 _____ C:\Users\USER\Downloads\Sal-9661.pdf 2019-07-26 16:26 - 2019-07-26 16:26 - 00110756 _____ C:\Users\USER\Downloads\Sal-9147.pdf 2019-07-26 13:24 - 2019-07-26 13:24 - 00002208 _____ C:\Users\USER\Desktop\Google Chrome (2).lnk 2019-07-26 13:24 - 2019-07-26 13:24 - 00001701 _____ C:\Users\USER\Desktop\Formulario1302_02.lnk 2019-07-25 15:56 - 2019-07-25 15:56 - 00065599 _____ C:\Users\USER\Downloads\Solicitud de seguro - Escritura.pdf 2019-07-25 15:00 - 2019-07-25 15:00 - 00028908 _____ C:\Users\USER\Downloads\Transferencua U$S.pdf 2019-07-25 14:34 - 2019-08-08 14:50 - 00000000 ____D C:\Users\USER\Desktop\Alex- Agosto 2019-07-25 13:56 - 2019-07-25 13:56 - 00000000 ____D C:\Program Files\AVAST Software 2019-07-25 13:55 - 2019-07-25 13:56 - 00000000 ____D C:\ProgramData\AVAST Software 2019-07-25 13:55 - 2019-07-25 13:55 - 00000841 _____ C:\Users\Public\Desktop\CCleaner.lnk 2019-07-25 13:51 - 2019-07-25 13:51 - 00508178 _____ C:\Users\USER\Downloads\Ose-Mahoma.pdf 2019-07-25 13:46 - 2019-07-25 13:47 - 00000943 _____ C:\Users\Public\Desktop\Firefox.lnk 2019-07-25 13:46 - 2019-07-25 13:47 - 00000000 ____D C:\Program Files\Mozilla Firefox 2019-07-25 13:46 - 2019-07-25 13:46 - 00000955 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2019-07-25 13:46 - 2019-07-25 13:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2019-07-25 13:45 - 2019-07-25 13:45 - 00285496 _____ (Mozilla) C:\Users\USER\Downloads\Firefox Installer (1).exe 2019-07-20 13:28 - 2019-07-20 13:28 - 01968943 _____ C:\Users\USER\Downloads\Crochet.html 2019-07-20 13:28 - 2019-07-20 13:28 - 00000000 ____D C:\Users\USER\Downloads\Crochet_files 2019-07-20 13:26 - 2019-07-20 13:26 - 00188152 _____ C:\Users\USER\Downloads\Sandalias.html 2019-07-20 13:26 - 2019-07-20 13:26 - 00000000 ____D C:\Users\USER\Downloads\Sandalias_files 2019-07-20 13:24 - 2019-07-20 13:25 - 00236532 _____ C:\Users\USER\Downloads\Pompones.htm 2019-07-20 13:23 - 2019-07-20 13:23 - 00000000 ____D C:\Users\USER\Downloads\Zapatillas_files 2019-07-20 13:22 - 2019-07-20 13:23 - 01876179 _____ C:\Users\USER\Downloads\Zapatillas.html 2019-07-20 13:21 - 2019-07-20 13:21 - 00384687 _____ C:\Users\USER\Downloads\Pantuflas.htm 2019-07-20 13:05 - 2019-07-20 13:05 - 00092218 _____ C:\Users\USER\Downloads\Correa- Trabajo- 8.pdf 2019-07-20 12:14 - 2019-07-20 12:14 - 00029163 _____ C:\Users\USER\Downloads\Transferencia dólares.pdf 2019-07-20 12:14 - 2019-07-20 12:14 - 00029163 _____ C:\Users\USER\Downloads\comprobanteTransaccion (6).pdf 2019-07-20 12:12 - 2019-07-20 12:12 - 00028863 _____ C:\Users\USER\Downloads\comprobanteTransferencia (47).pdf ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-08-12 09:43 - 2015-05-27 10:20 - 00807752 _____ C:\WINDOWS\system32\perfh00A.dat 2019-08-12 09:43 - 2015-05-27 10:20 - 00166140 _____ C:\WINDOWS\system32\perfc00A.dat 2019-08-12 09:43 - 2014-11-21 05:43 - 01829802 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2019-08-12 09:43 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\Inf 2019-08-11 18:01 - 2019-06-13 21:18 - 00000000 ____D C:\Users\USER\Desktop\Alex- Resumen 2019-08-11 17:40 - 2019-01-09 13:40 - 00000941 _____ C:\WINDOWS\Tasks\EPSON XP-240 Series Update {08AC8E61-9891-4DA5-A363-EBBA11FCD8D5}.job 2019-08-11 16:39 - 2018-07-03 10:34 - 00000000 ____D C:\Users\USER\AppData\LocalLow\Mozilla 2019-08-11 14:34 - 2015-03-25 16:03 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3656506250-1004275624-1601521956-1001 2019-08-11 14:15 - 2017-10-28 09:48 - 00004128 _____ C:\WINDOWS\System32\Tasks\CCleaner Update 2019-08-11 14:15 - 2016-11-28 08:47 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2019-08-11 14:15 - 2016-11-19 18:02 - 00000000 ____D C:\ProgramData\Malwarebytes 2019-08-11 14:07 - 2016-11-24 12:59 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2019-08-11 14:06 - 2013-08-22 11:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2019-08-11 13:46 - 2016-07-20 12:15 - 00000000 ____D C:\ProgramData\Baidu Security 2019-08-09 11:01 - 2016-07-20 12:06 - 00004476 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2019-08-07 08:53 - 2013-08-22 10:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI 2019-08-06 19:49 - 2016-11-27 12:08 - 00002249 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2019-08-06 19:13 - 2016-07-21 17:17 - 00121176 _____ C:\Users\USER\AppData\Local\GDIPFONTCACHEV1.DAT 2019-08-06 14:16 - 2016-07-21 09:58 - 00000000 ____D C:\ProgramData\HP 2019-08-06 14:16 - 2016-07-21 09:58 - 00000000 ____D C:\Program Files (x86)\HP 2019-08-06 14:15 - 2018-03-24 09:45 - 00000000 ____D C:\WINDOWS\system32\appmgmt 2019-08-06 12:10 - 2013-08-22 11:44 - 00479480 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2019-08-02 12:52 - 2016-10-03 11:11 - 00000000 ____D C:\Users\USER\Desktop\Requetebien 2019-08-02 11:34 - 2017-10-24 17:11 - 00000044 _____ C:\WINDOWS\XP-240.ini 2019-08-02 11:17 - 2017-10-24 16:27 - 00000164 _____ C:\Users\Public\Desktop\Manual Epson XP-241.url 2019-08-02 11:17 - 2017-10-24 16:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software 2019-08-02 11:17 - 2017-10-24 16:17 - 00000000 ____D C:\Program Files (x86)\EPSON Software 2019-08-02 11:17 - 2017-10-24 16:14 - 00000000 ____D C:\ProgramData\EPSON 2019-08-01 13:00 - 2018-03-20 22:23 - 00000000 ____D C:\Users\USER\Desktop\DGI 2019-07-25 14:10 - 2015-03-25 15:55 - 00000000 ____D C:\Users\USER\AppData\Local\Packages 2019-07-25 13:55 - 2016-11-21 21:00 - 00000000 ____D C:\Program Files\CCleaner 2019-07-20 09:44 - 2013-08-22 12:36 - 00000000 ____D C:\WINDOWS\system32\NDF ==================== Files in the root of some directories ======= 2016-07-21 09:57 - 2016-07-21 09:57 - 0000057 _____ () C:\ProgramData\Ament.ini ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2019-08-07 08:05 ==================== End of FRST.txt ============================