Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 3-07-2019 Ran by Guillermo (administrator) on GUILLERMO-PC (Hewlett-Packard TouchSmart 600) (04-07-2019 19:07:12) Running from C:\Users\Guillermo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q516PX71 Loaded Profiles: Guillermo & UpdatusUser (Available Profiles: Guillermo & UpdatusUser) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Español (España, internacional) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Adobe Inc. -> Adobe) C:\Windows\System32\Macromed\Flash\FlashUtil64_32_0_0_207_ActiveX.exe (Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe (Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Auslogics Labs Pty Ltd -> A˜uslogics) C:\Program Files (x86)\Auslogics\Duplicate File Finder\DuplicateFileFinder.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\75.4.141\QtWebEngineProcess.exe (Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\75.4.141\QtWebEngineProcess.exe (Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe (Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe (Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe (Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe (hxxp://www.emule-project.net) [File not signed] C:\Program Files (x86)\eMule\emule.exe (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wisptis.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wisptis.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Nero AG -> Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Piriform Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Shenzhen Jia Xing Investment Co., Ltd. -> AimerSoft) C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe (Shenzhen Yi Xing Investment Co., Ltd. -> iSkySoft) C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe (TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe (TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe (WinZip Computing LLC -> Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe (Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.242\WsAppService.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (WinZip Computing LLC -> Nico Mak Computing) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc. -> Apple Inc.) HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [316392 2018-05-11] (Adobe Systems Incorporated -> Adobe Systems, Incorporated) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation -> Microsoft Corporation) HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe [1971856 2016-03-21] (Wondershare software CO., LIMITED -> ) HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [318128 2016-11-16] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2138272 2016-10-08] (Shenzhen Yi Xing Investment Co., Ltd. -> iSkySoft) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [5580608 2019-06-24] (Dropbox, Inc -> Dropbox, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle America, Inc. -> Oracle Corporation) HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2138272 2016-10-08] (Shenzhen Jia Xing Investment Co., Ltd. -> AimerSoft) HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-21-3766905851-4103078425-132140337-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [46956856 2019-06-25] (Google LLC -> ) HKU\S-1-5-21-3766905851-4103078425-132140337-1000\...\Run: [KiesPDLR.exe] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1023664 2016-11-16] (Samsung Electronics CO., LTD. -> Samsung) HKU\S-1-5-21-3766905851-4103078425-132140337-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18630056 2018-09-10] (Piriform Ltd -> Piriform Ltd) HKU\S-1-5-21-3766905851-4103078425-132140337-1000\...\Run: [Spotify] => C:\Users\Guillermo\AppData\Roaming\Spotify\Spotify.exe [25817832 2019-05-20] (Spotify AB -> Spotify Ltd) HKU\S-1-5-21-3766905851-4103078425-132140337-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-21-3766905851-4103078425-132140337-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> HKLM\...\Drivers32: [VIDC.FMVC] => C:\Windows\SysWOW64\fmcodec.dll [77824 2008-08-18] (Fox Magic Software) [File not signed] HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.100\Installer\chrmstp.exe [2019-06-25] (Google LLC -> Google LLC) HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2019-05-03] (Adobe Inc. -> Adobe Systems, Inc.) HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2012-07-17] (Microsoft Corporation -> Microsoft Corp.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BackupRemind.lnk [2017-04-20] ShortcutTarget: BackupRemind.lnk -> C:\Program Files (x86)\Wondershare\Wondershare Dr.Fone para Android(Spanish ES)\Addins\AndroidBackupRestore\BackupRemind.exe (No File) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-03-17] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.11.266\SSScheduler.exe (No File) Startup: C:\Users\Guillermo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recorte de pantalla e Inicio rápido de OneNote 2007.lnk [2017-04-23] ShortcutTarget: Recorte de pantalla e Inicio rápido de OneNote 2007.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation) Startup: C:\Users\Guillermo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Supervisar alertas de tinta - .lnk [2016-01-17] ShortcutAndArgument: Supervisar alertas de tinta - .lnk -> C:\Windows\system32\RunDll32.exe => "C:\Program Files\HP\HP ENVY 4500 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN54N340PP060F;CONNECTION=USB;MONITOR=1; Startup: C:\Users\Guillermo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Supervisar alertas de tinta - HP ENVY 4500 series.lnk [2019-07-04] ShortcutAndArgument: Supervisar alertas de tinta - HP ENVY 4500 series.lnk -> C:\Windows\system32\RunDll32.exe => "C:\Program Files\HP\HP ENVY 4500 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN54N340PP060F;CONNECTION=USB;MONITOR=1; FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {04752E02-5841-4355-886E-37B9B935187A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [569416 2016-02-23] (Apple Inc. -> Apple Inc.) Task: {076C5331-A9E9-4108-A136-2F5AE6A17495} - System32\Tasks\{94677C7C-34AD-4EAE-85D1-E43268D3BF46} => C:\Windows\system32\pcalua.exe -a "C:\Users\Guillermo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0Z0PRL6Y\flash-disinfector-.exe" -d C:\Users\Guillermo\Desktop Task: {09B27906-2096-4759-8EC6-F50F1AAA1DC5} - System32\Tasks\{109820E8-5B1F-4044-ACB9-1BCE53D33471} => C:\Program Files (x86)\Sony\ReaderDesktop\Reader.exe Task: {0AD79B1B-D270-4F23-9014-4287EC56A68F} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Guillermo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SW6G9R7W\esetonlinescanner_enu.exe Task: {0E6A0E5D-1ACD-4AF4-A52D-584EFC55CFAE} - System32\Tasks\{F89EA053-6896-4AE9-9661-03E89D7424F3} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\DriverUpdate\UninstallStub.exe" -c --log {84a89263-aa96-41d0-8345-77a704a76b4c} Task: {1057FC2D-B141-47A7-AA0D-5EC36370154E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-06-25] (Adobe Inc. -> Adobe) Task: {12E7F305-2AA6-4C25-96DF-B8702FAE73DA} - System32\Tasks\SafeZone scheduled Autoupdate 1449268735 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe Task: {1CC92861-DCEE-4FFE-A6EE-C37AA684A69D} - System32\Tasks\{E3EE25B0-A82D-4ED6-8C5C-43BED6B4EFAA} => C:\Users\Guillermo\Downloads\Flash_Disinfector (1).exe Task: {2202E64F-B18F-4B98-8923-AA0E3EF49367} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-09-06] (Google Inc -> Google Inc.) Task: {2454A53C-740E-49E9-AB4D-70511181899B} - System32\Tasks\Auslogics\Duplicate File Finder\Start Duplicate File Finder оn Guillermo logon => C:\Program Files (x86)\Auslogics\Duplicate File Finder\DuplicateFileFinder.exe [2097736 2019-03-25] (Auslogics Labs Pty Ltd -> A˜uslogics) Task: {35EA4F01-1C59-4431-9C09-614185EA7EFA} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Task: {3C0E5986-4E8A-4441-923B-73965F2BBBC2} - System32\Tasks\{387A284F-3D0D-4F27-B2C9-9A7F8DC36290} => C:\Users\Guillermo\Downloads\OneDriveSetup.exe Task: {3C37689C-0851-4F77-8C80-30F489238A20} - System32\Tasks\Microsoft_MKC_Logon_Task_ceip.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ceip.exe [39664 2018-07-19] (Microsoft Corporation -> Microsoft) Task: {40B22F1E-930A-4816-BC60-5E667D2E60DD} - System32\Tasks\HP AR Program Upload - dda7ed2bad0040419454f4bfc83e0b587c6b53faf9cc474c87c1b433acea301b => C:\Program Files\HP\HP ENVY 4500 series\bin\HPRewards.exe [3495944 2014-07-21] (Hewlett Packard -> TODO: ) Task: {4729EB33-C936-4CB4-817C-0126FBE909A6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Task: {4D3F119F-B733-495F-84BF-E14FCD4F447E} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-04-29] (Dropbox, Inc -> Dropbox, Inc.) Task: {50968BEC-8369-4475-B1FE-D35B8525041C} - System32\Tasks\{E43E143A-DB27-42A9-B77A-39F5DDD52C79} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Photodex Presenter\uninst.exe" Task: {680474B1-E5C1-4EAB-AD41-3765E60EDB08} - System32\Tasks\{69098C8F-77EE-4FA8-B3A2-05A59DA75543} => C:\Windows\system32\pcalua.exe -a "C:\Users\Guillermo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1NE9ZZET\FFInstOnline.exe" -d C:\Users\Guillermo\Desktop Task: {703F94AE-E757-416E-A95B-36E0EA2D3BC1} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_207_Plugin.exe [1457208 2019-06-25] (Adobe Inc. -> Adobe) Task: {77A7BEE2-BCEC-41A4-A2E2-9DFF4E2A4D10} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1919760 2018-07-19] (Microsoft Corporation -> Microsoft Corporation) Task: {7AD2F12F-12FA-4A46-9F69-C0267A65731F} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2558224 2018-07-19] (Microsoft Corporation -> Microsoft Corporation) Task: {8527202D-A205-4C3B-8ED7-6D653805556D} - System32\Tasks\HP AR Program Upload - b0a33a17d16642c7aa8e6fc10b7d545df5057a3ada97468f8bd78c63f6bca636 => C:\Program Files\HP\HP ENVY 4500 series\bin\HPRewards.exe [3495944 2014-07-21] (Hewlett Packard -> TODO: ) Task: {953854AA-13CF-4FE9-A266-DA79B72F3049} - System32\Tasks\{95B5EF61-4EF3-463E-AE70-19A4BF3AA9EA} => C:\Program Files (x86)\Sony\ReaderDesktop\Reader.exe Task: {9AE0F5B2-293C-4C97-B186-51C831E2C4C8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [13797712 2018-09-10] (Piriform Ltd -> Piriform Ltd) Task: {9FCEC62F-A8DE-40CC-9656-495A1BD6FD86} - System32\Tasks\HP AR Program Upload - c3c95f9a4f024d0495fcb1e57ed0c40ef51942c3771e47b1a0af5e636154bf1e => C:\Program Files\HP\HP ENVY 4500 series\bin\HPRewards.exe [3495944 2014-07-21] (Hewlett Packard -> TODO: ) Task: {A0047B08-9A1C-4C6C-AF92-D1FFF09CA129} - System32\Tasks\HP AR Program Upload - 738c1ce7cae5451997c3d0186e58853f8d0bf7b740374d93a6e668d151476d1d => C:\Program Files\HP\HP ENVY 4500 series\bin\HPRewards.exe [3495944 2014-07-21] (Hewlett Packard -> TODO: ) Task: {A41D80C8-0DC1-4544-A884-A6DA199B8EFA} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [1992936 2018-07-19] (Microsoft Corporation -> Microsoft) Task: {ACEE6890-6B3E-452C-A93E-381162A83CBE} - System32\Tasks\HP AR Program Upload - b24140de937f4023a9d389f4091cee36185b4fd63bf444e89088bfffd8168b68 => C:\Program Files\HP\HP ENVY 4500 series\bin\HPRewards.exe [3495944 2014-07-21] (Hewlett Packard -> TODO: ) Task: {B4CC5698-8265-4618-9317-8809B455188B} - System32\Tasks\Java(TM) Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle America, Inc. -> Oracle Corporation) Task: {B6C6B812-9BF6-437C-985C-5FA1D84B2EAF} - System32\Tasks\HP AR Program Upload - d7c11523cb044e3d806442c0e0e61df9b6cee5036dfa4240854f6ded94c55b26 => C:\Program Files\HP\HP ENVY 4500 series\bin\HPRewards.exe [3495944 2014-07-21] (Hewlett Packard -> TODO: ) Task: {BB4E75AF-5E72-4ED5-984A-EF14C16D02F9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-09-06] (Google Inc -> Google Inc.) Task: {BC262F47-2965-4CEA-8908-48BCB38D9140} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-04] (Piriform Software Ltd -> Piriform Software Ltd) Task: {BC743986-92C8-4EFC-A0EF-EAB41E7A8D86} - System32\Tasks\{F931AED5-1C38-47EB-8B84-075DDCA59E5A} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller" Task: {BD389198-231B-438E-ABEC-7CEE202F7B38} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Guillermo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SW6G9R7W\esetonlinescanner_enu.exe Task: {E1AA63F7-369E-46C2-9630-B9B007191CBC} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe Task: {E6044D87-5E45-4F80-8313-190473125A7D} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1919760 2018-07-19] (Microsoft Corporation -> Microsoft Corporation) Task: {E7D42EB8-C943-4A3D-B151-20294728EB98} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2558224 2018-07-19] (Microsoft Corporation -> Microsoft Corporation) Task: {E849E77D-594C-4017-97EF-E8B71359629E} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-04-29] (Dropbox, Inc -> Dropbox, Inc.) Task: {ECE4AE08-CB50-427B-9ED3-FEB4EA4A8CC1} - System32\Tasks\{BC1058A1-2A8A-47B6-8094-AD255E4FB8C1} => C:\Windows\system32\pcalua.exe -a "C:\Users\Guillermo\Downloads\Flash_Disinfector (1).exe" -d C:\Users\Guillermo\Desktop Task: {F10856FF-E78C-43C2-93F1-D64C82F8AD1A} - System32\Tasks\{85113CBA-0B55-4D32-A74F-4D8055A065CB} => C:\Windows\system32\pcalua.exe -a "C:\Users\Guillermo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\008U2UV4\Flash_Disinfector.exe" -d C:\Users\Guillermo\Desktop Task: {F6203757-325D-49AC-AFF5-6A2E39E0F548} - System32\Tasks\HPCustParticipation HP ENVY 4500 series => C:\Program Files\HP\HP ENVY 4500 series\Bin\HPCustPartic.exe [5745672 2014-07-21] (Hewlett Packard -> Hewlett-Packard Development Company, LP) Task: {F623015B-F51F-4E2A-8B63-9CF7B3C96C47} - System32\Tasks\HP Photo Creations Communicator => C:\Users\Guillermo\AppData\Roaming\HP Photo Creations\Communicator.exe [186368 2011-10-21] (Visan Industries -> ) Task: {FA075B51-C1AF-4542-811B-CC09262D23B8} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1} Task: {FD424264-09AC-4566-9CAB-2668910A8D3D} - System32\Tasks\OneDrive Standalone Update Task v2 => C:\Users\Guillermo\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\Users\Guillermo\AppData\Roaming\HP Photo Creations\Communicator.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{3762D9F0-89D6-47C7-87EC-CA02A809D0DB}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{B1B4DA6C-5D5A-4FC4-95A4-13D7EB1B642F}: [DhcpNameServer] 172.20.10.1 Tcpip\..\Interfaces\{D0C9297C-9496-4F0D-98B9-363ABF2F7EBD}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{F189B969-30AA-4983-8141-8B4824A458EE}: [DhcpNameServer] 172.20.10.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-3766905851-4103078425-132140337-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_191\bin\ssv.dll [2018-11-05] (Oracle America, Inc. -> Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc -> Google Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-11-05] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\ProgramData\Wondershare\Video Converter Ultimate\WSBrowserAppMgr.dll [2016-03-21] (Wondershare software CO., LIMITED -> Wondershare) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll [2018-11-05] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Aplicación auxiliar de inicio de sesión en la cuenta Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc -> Google Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-11-05] (Oracle America, Inc. -> Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc -> Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc -> Google Inc.) Toolbar: HKU\S-1-5-21-3766905851-4103078425-132140337-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc -> Google Inc.) DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab DPF: HKLM-x32 {B178DBD1-25DF-4187-9BE0-05D123B91B98} hxxps://servicios4.jcyl.es/websigner/cab/WebSigner2.cab Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Skype Software Sarl -> Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Skype Software Sarl -> Microsoft Corporation) Handler: WSKVAllmytubechrome - No CLSID Value Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - No File FireFox: ======== FF ProfilePath: C:\Users\Guillermo\AppData\Roaming\Mozilla\Firefox\Profiles\51yf51w6.default [2019-07-04] FF NewTab: Mozilla\Firefox\Profiles\51yf51w6.default -> about:newtab FF Extension: (Avast SafePrice) - C:\Users\Guillermo\AppData\Roaming\Mozilla\Firefox\Profiles\51yf51w6.default\Extensions\sp@avast.com.xpi [2019-01-09] [UpdateUrl:hxxps://firefoxext.avcdn.net/firefoxext/avast/sp/update.json] FF Extension: (Avast Online Security) - C:\Users\Guillermo\AppData\Roaming\Mozilla\Firefox\Profiles\51yf51w6.default\Extensions\wrc@avast.com.xpi [2019-01-09] FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 => not found FF HKLM-x32\...\Firefox\Extensions: [ISVCU@iSkysoft.com] - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com => not found FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi FF Extension: (Wondershare Video Converter Ultimate) - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi [2017-08-03] [Legacy] FF HKU\S-1-5-21-3766905851-4103078425-132140337-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 => not found FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_207.dll [2019-06-25] (Adobe Inc. -> ) FF Plugin: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-11-05] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-11-05] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-04-07] (Adobe Systems Incorporated -> Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_207.dll [2019-06-25] (Adobe Inc. -> ) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] (Apple Inc. -> ) FF Plugin-x32: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-11-05] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-11-05] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN -> VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-03] (Adobe Inc. -> Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-04-07] (Adobe Systems Incorporated -> Adobe Systems) FF Plugin ProgramFiles/Appdata: C:\Users\Guillermo\AppData\Roaming\mozilla\plugins\npPxPlay.dll [2016-04-19] Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxps://www.google.com/ CHR StartupUrls: Default -> "hxxps://www.google.es/","hxxps://www.google.com/","hxxps://www.google.com/","hxxps://www.google.com/" CHR Profile: C:\Users\Guillermo\AppData\Local\Google\Chrome\User Data\Default [2019-06-27] CHR Extension: (Google Drive) - C:\Users\Guillermo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-08] CHR Extension: (ColorZilla) - C:\Users\Guillermo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2017-08-30] CHR Extension: (Adblock Plus - bloqueador de anuncios gratis) - C:\Users\Guillermo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-05-18] CHR Extension: (Tampermonkey) - C:\Users\Guillermo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2019-05-18] CHR Extension: (Documentos de Google sin conexión) - C:\Users\Guillermo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-11-03] CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Guillermo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-04] CHR Extension: (Chrome Media Router) - C:\Users\Guillermo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-05-18] CHR HKU\S-1-5-21-3766905851-4103078425-132140337-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\GUILLE~1\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2017-05-04] CHR HKU\S-1-5-21-3766905851-4103078425-132140337-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-3766905851-4103078425-132140337-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) HKLM\SYSTEM\CurrentControlSet\Services\aswSP <==== ATTENTION (Rootkit!) HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt <==== ATTENTION (Rootkit!) R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2321384 2018-05-11] (Adobe Systems Incorporated -> Adobe Systems, Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2128872 2018-05-11] (Adobe Systems Incorporated -> Adobe Systems, Incorporated) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc. -> Apple Inc.) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-04-29] (Dropbox, Inc -> Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-04-29] (Dropbox, Inc -> Dropbox, Inc.) R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51024 2019-06-24] (Dropbox, Inc -> Dropbox, Inc.) S2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [384512 2016-06-27] (Digital Wave Ltd.) [File not signed] R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed] S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2945312 2016-01-14] (IObit Information Technology -> IObit) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation) R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.242\WsAppService.exe [495720 2018-08-29] (Wondershare Technology Co.,Ltd -> Wondershare) S2 WsDrvInst; C:\Program Files (x86)\Wondershare\drfone\Library\DriverInstaller\DriverInstall.exe [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL) R3 AVerAVF2; C:\Windows\System32\DRIVERS\AVerAVF2.sys [1212416 2010-11-11] (Microsoft Windows Hardware Compatibility Publisher -> AVerMedia TECHNOLOGIES, Inc.) S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [120416 2018-01-12] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.(www.devguru.co.kr)) R1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation -> EldoS Corporation) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes) R3 FintekCIR; C:\Windows\System32\DRIVERS\FintekCIR.sys [30248 2009-11-14] (Feature Integration Technology Inc. -> Fintek) R3 hidkmdf; C:\Windows\System32\DRIVERS\hidkmdf.sys [14328 2009-09-17] (NextWindow -> Windows (R) Win 7 DDK provider) R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [199768 2019-07-03] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [224408 2019-07-03] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [73584 2019-07-04] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [275232 2019-07-04] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [106344 2019-07-03] (Malwarebytes Corporation -> Malwarebytes) S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [23040 2014-08-15] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.) R3 netr28x; C:\Windows\System32\DRIVERS\netr28x.sys [620544 2009-06-10] (Microsoft Windows -> Ralink Technology, Corp.) R3 NW1950; C:\Windows\System32\DRIVERS\NW1950.sys [25080 2009-09-17] (NextWindow -> ) R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation -> Corel Corporation) R3 RTL8167; C:\Windows\System32\DRIVERS\Rt64win7.sys [187392 2009-06-10] (Microsoft Windows -> Realtek Corporation ) S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [213088 2018-01-12] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.(www.devguru.co.kr)) S3 ss_conn_usb_driver; C:\Windows\System32\Drivers\ss_conn_usb_driver.sys [43648 2017-01-16] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-11-05] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.) U3 aswbdisk; no ImagePath S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X] S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X] S2 NEWDRIVER; \??\C:\Windows\SysWow64\WinVDEdrv6.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-07-04 11:57 - 2019-07-04 19:07 - 000000000 ____D C:\FRST 2019-07-04 11:31 - 2019-07-04 11:32 - 000287040 _____ C:\Windows\Minidump\070419-29671-01.dmp 2019-07-04 01:04 - 2019-07-04 01:04 - 000000000 ____D C:\Users\Guillermo\AppData\Roaming\AVAST Software 2019-07-04 01:02 - 2019-07-04 01:02 - 001030992 _____ (AVAST Software) C:\Windows\system32\Drivers\asw520b1c3f7b923526.tmp 2019-07-04 01:02 - 2019-07-04 01:02 - 000477288 _____ (AVAST Software) C:\Windows\system32\Drivers\asw321ab314b50cc9aa.tmp 2019-07-04 01:02 - 2019-07-04 01:02 - 000387392 _____ (AVAST Software) C:\Windows\system32\Drivers\asw08d94c1265f4fdd9.tmp 2019-07-04 01:02 - 2019-07-04 01:02 - 000363400 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2019-07-04 01:02 - 2019-07-04 01:02 - 000279336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswd1304946d1fadfad.tmp 2019-07-04 01:02 - 2019-07-04 01:02 - 000225816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswec6283670222a648.tmp 2019-07-04 01:02 - 2019-07-04 01:02 - 000209256 _____ (AVAST Software) C:\Windows\system32\Drivers\aswfa1f2101620f3bdd.tmp 2019-07-04 01:02 - 2019-07-04 01:02 - 000206056 _____ (AVAST Software) C:\Windows\system32\Drivers\aswba37e55fade00526.tmp 2019-07-04 01:02 - 2019-07-04 01:02 - 000169112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswa795e0d950ee8c8e.tmp 2019-07-04 01:02 - 2019-07-04 01:02 - 000112520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswe6a2f12baa0e51df.tmp 2019-07-04 01:02 - 2019-07-04 01:02 - 000088160 _____ (AVAST Software) C:\Windows\system32\Drivers\asw3e21a4275cf8a272.tmp 2019-07-04 01:02 - 2019-07-04 01:02 - 000061688 _____ (AVAST Software) C:\Windows\system32\Drivers\aswa2c2e980533ca072.tmp 2019-07-04 01:02 - 2019-07-04 01:02 - 000042504 _____ (AVAST Software) C:\Windows\system32\Drivers\asw4104f839626aa343.tmp 2019-07-04 01:02 - 2019-07-04 01:02 - 000037320 _____ (AVAST Software) C:\Windows\system32\Drivers\aswa929a3940b0f7047.tmp 2019-07-04 01:02 - 2019-07-04 01:01 - 000263224 _____ (AVAST Software) C:\Windows\system32\Drivers\asw42d2acb253bcd38b.tmp 2019-07-04 01:01 - 2019-07-04 01:01 - 000000000 ____D C:\Program Files\AVAST Software 2019-07-04 00:07 - 2019-07-04 00:29 - 000000000 ____D C:\Users\Guillermo\AppData\Roaming\ZHP 2019-07-03 23:33 - 2019-07-04 11:35 - 000073584 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2019-07-03 23:33 - 2019-07-03 23:33 - 000224408 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2019-07-03 23:33 - 2019-07-03 23:33 - 000106344 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2019-07-03 23:31 - 2019-07-04 11:34 - 000275232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2019-07-03 23:00 - 2019-07-03 23:00 - 000199768 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2019-07-03 22:59 - 2019-07-03 22:59 - 000001827 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2019-07-03 22:59 - 2019-07-03 22:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2019-07-03 22:59 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys 2019-07-03 21:26 - 2019-07-03 21:26 - 000331992 _____ C:\Windows\Minidump\070319-21153-01.dmp 2019-06-30 15:09 - 2019-06-30 15:09 - 000001049 _____ C:\Users\Guillermo\Desktop\WinDirStat.lnk 2019-06-29 22:19 - 2019-06-29 22:19 - 000002842 _____ C:\Users\Guillermo\Documents\AdwCleaner[S07].txt 2019-06-29 10:31 - 2019-06-29 10:31 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\73547312.sys 2019-06-29 10:27 - 2019-06-29 10:57 - 000000000 ____D C:\Users\Guillermo\Desktop\mbar 2019-06-29 10:09 - 2019-06-29 10:09 - 000000000 ____D C:\Program Files\Malwarebytes 2019-06-29 09:46 - 2019-06-29 09:58 - 000185482 _____ C:\Windows\ntbtlog.txt 2019-06-29 09:29 - 2019-06-29 09:29 - 000001494 _____ C:\Users\Guillermo\Desktop\adwcleaner_7.3 (1).exe - Acceso directo.lnk 2019-06-28 02:07 - 2019-06-29 22:32 - 000003876 _____ C:\Windows\System32\Tasks\EOSv3 Scheduler onLogOn 2019-06-28 02:07 - 2019-06-29 22:32 - 000003436 _____ C:\Windows\System32\Tasks\EOSv3 Scheduler onTime 2019-06-28 00:12 - 2019-06-28 00:12 - 000000000 ____D C:\Users\Guillermo\AppData\Local\mbam 2019-06-28 00:11 - 2019-06-28 00:11 - 000000000 ____D C:\Users\Guillermo\AppData\Local\mbamtray 2019-06-27 09:51 - 2019-07-04 18:42 - 000000426 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job 2019-06-27 09:51 - 2019-06-29 22:32 - 000003438 _____ C:\Windows\System32\Tasks\HP Photo Creations Communicator 2019-06-27 09:51 - 2019-06-27 09:51 - 000000000 ____D C:\Users\Guillermo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP 2019-06-27 09:51 - 2019-06-27 09:51 - 000000000 ____D C:\Users\Guillermo\AppData\Roaming\HP Photo Creations 2019-06-26 19:26 - 2014-04-07 18:12 - 005830397 _____ C:\Users\Guillermo\Documents\re13.jar 2019-06-26 19:26 - 2014-04-07 18:12 - 000811966 _____ C:\Users\Guillermo\Documents\MotorV7.jar 2019-06-26 19:26 - 2014-04-07 18:12 - 000391834 _____ C:\Users\Guillermo\Documents\log4j-1.2.15.jar 2019-06-26 19:26 - 2014-04-07 18:12 - 000335913 _____ C:\Users\Guillermo\Documents\looks-1.3.2.jar 2019-06-26 19:26 - 2014-04-07 18:12 - 000108791 _____ C:\Users\Guillermo\Documents\swingx.jar 2019-06-26 19:26 - 2014-04-07 18:12 - 000077191 _____ C:\Users\Guillermo\Documents\codbarras.jar 2019-06-26 19:26 - 2014-04-07 18:12 - 000069802 _____ C:\Users\Guillermo\Documents\versprog.jar 2019-06-26 19:26 - 2014-04-07 18:12 - 000062694 _____ C:\Users\Guillermo\Documents\avalon-framework-cvs-20020806.jar 2019-06-26 19:26 - 2014-04-07 18:12 - 000062694 _____ C:\Users\Guillermo\Documents\avalon-framework-cvs-20020806 - copia.jar 2019-06-26 19:26 - 2014-04-07 18:12 - 000044754 _____ C:\Users\Guillermo\Documents\jxlayer.jar 2019-06-26 19:26 - 2014-04-07 18:12 - 000023531 _____ C:\Users\Guillermo\Documents\AppleJavaExtensions.jar 2019-06-26 19:26 - 2014-04-07 18:12 - 000023531 _____ C:\Users\Guillermo\Documents\AppleJavaExtensions - copia.jar 2019-06-26 19:26 - 2014-04-07 18:12 - 000018516 _____ C:\Users\Guillermo\Documents\bigDecimal.jar 2019-06-26 19:26 - 2014-04-07 18:12 - 000018516 _____ C:\Users\Guillermo\Documents\bigDecimal - copia.jar 2019-06-26 19:26 - 2014-04-07 18:12 - 000000714 _____ C:\Users\Guillermo\Documents\irpf.jar 2019-06-26 16:56 - 2019-07-04 11:31 - 000000000 ____D C:\Windows\Minidump 2019-06-26 16:56 - 2019-06-26 16:56 - 000291232 _____ C:\Windows\Minidump\062619-41480-01.dmp 2019-06-26 09:08 - 2019-07-04 11:09 - 000000000 ____D C:\Users\Guillermo\Documents\Biblioteca de calibre 2019-06-26 08:49 - 2019-06-26 08:49 - 000000000 ____D C:\ProgramData\GlarySoft 2019-06-25 23:28 - 2019-06-25 23:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2019-06-25 22:22 - 2019-06-25 22:22 - 000001789 _____ C:\Users\UpdatusUser\Desktop\recoverit_setup_full4144.exe.lnk 2019-06-25 22:22 - 2019-06-25 22:22 - 000001763 _____ C:\Users\Guillermo\Desktop\recoverit_setup_full4144.exe.lnk 2019-06-25 22:04 - 2019-06-25 22:04 - 000000000 ____D C:\Users\Guillermo\Documents\recuperar archivos 2019-06-25 21:46 - 2019-06-25 21:46 - 000000000 ____D C:\Users\Guillermo\AppData\Local\DiskDrill 2019-06-25 21:46 - 2019-06-25 21:46 - 000000000 ____D C:\Users\Guillermo\AppData\Local\CrashRpt 2019-06-25 02:18 - 2019-06-25 21:26 - 000000000 ____D C:\Program Files\Wondershare 2019-06-25 02:09 - 2019-06-25 02:09 - 000000000 ____D C:\ProgramData\SystemAcCrux 2019-06-25 02:08 - 2019-06-25 02:08 - 000000000 ____D C:\Program Files\EaseUS 2019-06-25 02:00 - 2019-06-25 02:00 - 000002657 _____ C:\Users\Guillermo\Desktop\Microsoft Office Word 2007.lnk 2019-06-24 22:25 - 2019-06-24 22:41 - 000000000 ____D C:\Users\Guillermo\Desktop\Thumbs.ms 2019-06-24 22:22 - 2019-06-24 22:22 - 000000000 ____D C:\Users\Guillermo\AppData\Local\Nero 2019-06-24 22:19 - 2019-06-24 22:41 - 000000000 ____D C:\Users\Guillermo\Documents\Thumbs.ms 2019-06-24 14:12 - 2019-06-24 14:12 - 000051024 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe 2019-06-24 14:12 - 2019-06-24 14:12 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys 2019-06-24 14:12 - 2019-06-24 14:12 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys 2019-06-24 14:12 - 2019-06-24 14:12 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys ==================== One month (modified) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-07-04 19:00 - 2010-11-21 09:09 - 000750994 _____ C:\Windows\system32\perfh00A.dat 2019-07-04 19:00 - 2010-11-21 09:09 - 000160036 _____ C:\Windows\system32\perfc00A.dat 2019-07-04 19:00 - 2009-07-14 07:13 - 001685800 _____ C:\Windows\system32\PerfStringBackup.INI 2019-07-04 19:00 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf 2019-07-04 18:19 - 2017-04-29 11:48 - 000000998 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job 2019-07-04 14:19 - 2017-04-29 11:48 - 000000994 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job 2019-07-04 11:54 - 2015-12-03 15:46 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software 2019-07-04 11:43 - 2009-07-14 06:45 - 000029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2019-07-04 11:43 - 2009-07-14 06:45 - 000029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2019-07-04 11:36 - 2015-09-23 21:20 - 000000000 ___RD C:\Users\Guillermo\Google Drive 2019-07-04 11:36 - 2014-06-17 17:00 - 000000000 ____D C:\Users\UpdatusUser 2019-07-04 11:32 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2019-07-04 10:41 - 2018-05-13 02:15 - 000000000 ____D C:\Users\Guillermo\AppData\Local\AVAST Software 2019-07-04 10:41 - 2014-06-18 12:11 - 000000000 ____D C:\ProgramData\AVAST Software 2019-07-04 10:34 - 2014-06-17 16:57 - 000004010 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{3FB722E5-D56C-4060-BD6D-73910FBA28BF} 2019-07-03 22:59 - 2014-11-03 03:18 - 000000000 ____D C:\ProgramData\Malwarebytes 2019-07-03 22:38 - 2016-01-08 20:30 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2019-06-29 22:32 - 2019-03-11 20:46 - 000003204 _____ C:\Windows\System32\Tasks\{F89EA053-6896-4AE9-9661-03E89D7424F3} 2019-06-29 22:32 - 2018-10-05 10:28 - 000003668 _____ C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ceip.exe 2019-06-29 22:32 - 2018-10-05 10:28 - 000003118 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe 2019-06-29 22:32 - 2018-10-05 10:28 - 000003092 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe 2019-06-29 22:32 - 2018-10-05 10:28 - 000003090 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe 2019-06-29 22:32 - 2018-10-05 10:28 - 000003062 _____ C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe 2019-06-29 22:32 - 2018-10-05 10:28 - 000003060 _____ C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe 2019-06-29 22:32 - 2018-08-24 11:13 - 000003558 _____ C:\Windows\System32\Tasks\HP AR Program Upload - 738c1ce7cae5451997c3d0186e58853f8d0bf7b740374d93a6e668d151476d1d 2019-06-29 22:32 - 2018-04-05 19:52 - 000003556 _____ C:\Windows\System32\Tasks\HP AR Program Upload - d7c11523cb044e3d806442c0e0e61df9b6cee5036dfa4240854f6ded94c55b26 2019-06-29 22:32 - 2018-04-04 23:25 - 000004128 _____ C:\Windows\System32\Tasks\CCleaner Update 2019-06-29 22:32 - 2018-03-14 00:09 - 000004508 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier 2019-06-29 22:32 - 2018-01-24 23:29 - 000003558 _____ C:\Windows\System32\Tasks\HP AR Program Upload - b24140de937f4023a9d389f4091cee36185b4fd63bf444e89088bfffd8168b68 2019-06-29 22:32 - 2017-05-30 11:41 - 000002974 _____ C:\Windows\System32\Tasks\{387A284F-3D0D-4F27-B2C9-9A7F8DC36290} 2019-06-29 22:32 - 2017-05-30 11:26 - 000003188 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2 2019-06-29 22:32 - 2017-04-29 11:48 - 000004004 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA 2019-06-29 22:32 - 2017-04-29 11:48 - 000003752 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore 2019-06-29 22:32 - 2017-03-01 15:16 - 000003556 _____ C:\Windows\System32\Tasks\HP AR Program Upload - c3c95f9a4f024d0495fcb1e57ed0c40ef51942c3771e47b1a0af5e636154bf1e 2019-06-29 22:32 - 2016-09-08 10:56 - 000003556 _____ C:\Windows\System32\Tasks\HP AR Program Upload - dda7ed2bad0040419454f4bfc83e0b587c6b53faf9cc474c87c1b433acea301b 2019-06-29 22:32 - 2016-06-09 22:31 - 000003300 _____ C:\Windows\System32\Tasks\{69098C8F-77EE-4FA8-B3A2-05A59DA75543} 2019-06-29 22:32 - 2016-05-21 10:27 - 000003556 _____ C:\Windows\System32\Tasks\HP AR Program Upload - b0a33a17d16642c7aa8e6fc10b7d545df5057a3ada97468f8bd78c63f6bca636 2019-06-29 22:32 - 2016-04-29 19:36 - 000003118 _____ C:\Windows\System32\Tasks\{E43E143A-DB27-42A9-B77A-39F5DDD52C79} 2019-06-29 22:32 - 2016-04-29 09:18 - 000004320 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2019-06-29 22:32 - 2016-01-18 10:56 - 000002806 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2019-06-29 22:32 - 2015-12-05 00:39 - 000003048 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1449268735 2019-06-29 22:32 - 2015-11-10 19:56 - 000003632 _____ C:\Windows\System32\Tasks\HPCustParticipation HP ENVY 4500 series 2019-06-29 22:32 - 2015-09-12 13:40 - 000003312 _____ C:\Windows\System32\Tasks\{94677C7C-34AD-4EAE-85D1-E43268D3BF46} 2019-06-29 22:32 - 2015-09-12 11:08 - 000002990 _____ C:\Windows\System32\Tasks\{E3EE25B0-A82D-4ED6-8C5C-43BED6B4EFAA} 2019-06-29 22:32 - 2015-09-12 10:17 - 000003182 _____ C:\Windows\System32\Tasks\{BC1058A1-2A8A-47B6-8094-AD255E4FB8C1} 2019-06-29 22:32 - 2015-09-12 10:09 - 000003310 _____ C:\Windows\System32\Tasks\{85113CBA-0B55-4D32-A74F-4D8055A065CB} 2019-06-29 22:32 - 2014-12-28 23:29 - 000002986 _____ C:\Windows\System32\Tasks\{95B5EF61-4EF3-463E-AE70-19A4BF3AA9EA} 2019-06-29 22:32 - 2014-12-28 22:57 - 000002986 _____ C:\Windows\System32\Tasks\{109820E8-5B1F-4044-ACB9-1BCE53D33471} 2019-06-29 22:32 - 2014-12-25 12:25 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2019-06-29 22:32 - 2014-11-08 01:26 - 000003704 _____ C:\Windows\System32\Tasks\Java(TM) Platform SE Auto Updater 2019-06-29 22:32 - 2014-11-08 01:26 - 000003694 _____ C:\Windows\System32\Tasks\Adobe Reader and Acrobat Manager 2019-06-29 22:32 - 2014-10-23 02:42 - 000003278 _____ C:\Windows\System32\Tasks\{F931AED5-1C38-47EB-8B84-075DDCA59E5A} 2019-06-29 22:32 - 2014-06-17 18:34 - 000003534 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2019-06-29 22:32 - 2014-06-17 18:34 - 000003406 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2019-06-29 10:57 - 2016-01-19 14:59 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2019-06-28 03:36 - 2014-10-08 11:54 - 000000169 _____ C:\Users\Guillermo\AppData\Roaming\default.rss 2019-06-28 02:27 - 2015-02-20 20:41 - 000000000 ____D C:\Users\Guillermo\AppData\Local\CrashDumps 2019-06-28 02:03 - 2017-09-24 23:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google 2019-06-27 10:50 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\system32\NDF 2019-06-27 01:26 - 2015-07-05 21:22 - 000000000 ____D C:\Users\Guillermo\AppData\Roaming\uTorrent 2019-06-26 22:31 - 2014-06-20 10:09 - 000000000 ____D C:\Users\Guillermo\Documents\MARIA 2019-06-26 11:02 - 2019-01-09 15:28 - 000000000 ____D C:\Users\Guillermo\Documents\Wondershare Filmora 9 2019-06-26 11:00 - 2019-02-12 20:35 - 000000000 ____D C:\Users\Public\Documents\Keepvid 2019-06-26 11:00 - 2018-12-03 14:52 - 000000000 ____D C:\Users\Public\Documents\Wondershare 2019-06-26 09:53 - 2017-03-16 21:30 - 000000367 _____ C:\Users\Guillermo\AppData\Local\Lockdir6 2019-06-26 09:51 - 2017-03-16 21:30 - 000000030 _____ C:\Users\Public\Lockdir6.lg 2019-06-26 09:10 - 2014-10-11 11:36 - 000000000 ____D C:\Users\Guillermo\AppData\Roaming\calibre 2019-06-26 09:08 - 2014-11-28 20:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management 2019-06-26 09:04 - 2015-02-24 09:59 - 000000000 ____D C:\Program Files (x86)\Wondershare 2019-06-26 09:03 - 2015-10-04 14:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare 2019-06-26 09:02 - 2019-04-06 20:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics 2019-06-26 09:02 - 2019-04-06 20:18 - 000000000 ____D C:\Program Files (x86)\Auslogics 2019-06-26 09:02 - 2019-04-06 20:17 - 000000000 ____D C:\ProgramData\Auslogics 2019-06-26 09:00 - 2015-11-01 11:32 - 000000000 ____D C:\Program Files (x86)\Glarysoft 2019-06-26 08:51 - 2015-11-01 11:33 - 000000000 ____D C:\Users\Guillermo\AppData\Roaming\GlarySoft 2019-06-26 08:39 - 2014-06-17 16:53 - 000000000 ____D C:\Users\Guillermo 2019-06-25 23:29 - 2017-04-29 11:48 - 000000000 ____D C:\Program Files (x86)\Dropbox 2019-06-25 09:25 - 2014-11-24 23:36 - 000002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2019-06-25 02:17 - 2015-02-24 10:00 - 000000000 ____D C:\ProgramData\Wondershare 2019-06-25 02:09 - 2014-06-21 09:17 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe 2019-06-25 02:09 - 2014-06-21 09:17 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2019-06-25 02:09 - 2014-06-21 09:17 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2019-06-25 02:09 - 2014-06-21 09:17 - 000000000 ____D C:\Windows\system32\Macromed 2019-06-25 01:16 - 2019-05-18 17:25 - 000000000 ____D C:\Users\Guillermo\AppData\Roaming\ProductData 2019-06-25 01:16 - 2019-02-27 15:24 - 000000000 ____D C:\Users\Guillermo\AppData\Roaming\Spotify 2019-06-25 01:16 - 2018-11-05 13:03 - 000000000 ___RD C:\Users\Guillermo\Documents\Scanned Documents 2019-06-25 01:16 - 2017-04-20 22:15 - 000000000 ____D C:\Users\Guillermo\Documents\My Data Files 2019-06-25 01:16 - 2014-10-15 12:18 - 000000000 ____D C:\Users\Guillermo\Documents\My Books 2019-06-25 01:16 - 2014-06-20 10:23 - 000000000 ____D C:\Users\Guillermo\Documents\nero 2019-06-25 01:16 - 2014-06-20 10:20 - 000000000 ____D C:\Users\Guillermo\Documents\MIO 2019-06-25 01:15 - 2014-06-20 10:24 - 000000000 ____D C:\Users\Guillermo\Documents\photoshop CS5 portable 2019-06-25 01:15 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\registration 2019-06-25 01:14 - 2019-02-27 15:24 - 000000000 ____D C:\Users\Guillermo\AppData\Local\Spotify 2019-06-25 01:14 - 2018-11-05 13:03 - 000000000 ____D C:\Users\Guillermo\Documents\Fax 2019-06-22 09:39 - 2014-10-01 11:14 - 000000000 ____D C:\Users\Guillermo\AppData\Roaming\PhotoScape ==================== Files in the root of some directories ================ 2014-10-08 11:54 - 2019-06-28 03:36 - 000000169 _____ () C:\Users\Guillermo\AppData\Roaming\default.rss 2014-08-22 14:37 - 2016-04-21 11:26 - 000009341 _____ () C:\Users\Guillermo\AppData\Roaming\Microsoft Excel 97-2003.EML 2014-10-04 10:32 - 2014-10-04 10:32 - 000000055 _____ () C:\Users\Guillermo\AppData\Roaming\pcouffin.log 2014-06-21 08:41 - 2014-10-22 10:21 - 000000127 _____ () C:\Users\Guillermo\AppData\Roaming\WB.CFG 2014-10-13 10:08 - 2017-11-23 23:38 - 000005120 _____ () C:\Users\Guillermo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2018-02-15 01:44 - 2018-02-15 01:44 - 000004096 ____H () C:\Users\Guillermo\AppData\Local\keyfile3.drm 2017-03-16 21:30 - 2019-06-26 09:53 - 000000367 _____ () C:\Users\Guillermo\AppData\Local\Lockdir6 2016-02-06 12:42 - 2016-02-06 12:42 - 000000017 _____ () C:\Users\Guillermo\AppData\Local\resmon.resmoncfg ==================== SigCheck =============================== (There is no automatic fix for files that do not pass verification.) LastRegBack: 2019-07-04 01:30 ==================== End of FRST.txt ============================