Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-08-2019 Ran by Rolando (administrator) on ROLANDO1 (Gigabyte Technology Co., Ltd. OPTIMA G700v SI-4248) (10-08-2019 12:31:56) Running from C:\Users\Rolando\Downloads Loaded Profiles: Rolando (Available Profiles: Rolando) Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: Español (España, internacional) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe (Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation -> Intel Corporation) C:\Program Files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner.exe (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RP7.EXE (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_TATIRWE.EXE (Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files\Wondershare\MirrorGo\DriverInstall.exe (Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files\Wondershare\WAF\2.4.3.227\WsAppService.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [976832 2010-06-09] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1092304 2016-03-14] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-1645975853-1618061702-513004773-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATIRWE.EXE [380400 2014-11-13] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) HKU\S-1-5-21-1645975853-1618061702-513004773-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [16835256 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd) HKU\S-1-5-21-1645975853-1618061702-513004773-1000\...\Run: [GoogleChromeAutoLaunch_B501AD29EAAAEA29F5BE2250F4F3EF86] => C:\Program Files\Google\Chrome\Application\chrome.exe [1535472 2019-08-05] (Google LLC -> Google LLC) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\76.0.3809.100\Installer\chrmstp.exe [2019-08-07] (Google LLC -> Google LLC) FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0F716FD5-0E46-46E5-82E3-D8AA22BE89D9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [153168 2017-09-04] (Google Inc -> Google Inc.) Task: {4A413A37-558E-4B2D-A116-FE2D2C29EDBD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [153168 2017-09-04] (Google Inc -> Google Inc.) Task: {4D071752-9882-4BD4-8703-50A27F44B25F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16835256 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd) Task: {6C298338-744D-4223-8846-A1460C516D75} - System32\Tasks\EPSON L395 Series Update {59F13078-A8AF-4B2B-A998-1325C5E49D70} => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TTSRWE.EXE [690536 2013-11-21] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) Task: {8DAA152A-707F-44F6-81F0-6295F6C6318B} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd) Task: {8E58B9ED-A6E9-4E41-8EF7-9E97AFF3099F} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe Task: {A77F7092-3EB6-4E5A-9085-E0113DCDD296} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe Task: {B1B55E9B-9F16-45C1-B9C1-EF663191CAF6} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe Task: {C12F0B7F-0C82-4919-9B8E-B2036FB703FE} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\EPSON L395 Series Update {59F13078-A8AF-4B2B-A998-1325C5E49D70}.job => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TTSRWE.EXE:/EXE:{59F13078-A8AF-4B2B-A998-1325C5E49D70} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: 127.0.0.1 validation.sls.microsoft.com Tcpip\..\Interfaces\{31B0A7EC-20DF-44DB-A37E-3CFF01D7C1D3}: [NameServer] 200.49.130.44,200.42.4.204 HKLM\System\...\Parameters\PersistentRoutes: [0.0.0.0,0.0.0.0,192.168.0.1,-1] Internet Explorer: ================== BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2014-11-14] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation) Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2014-11-14] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) DPF: {83202D14-0AF7-493D-BBD8-53194FE0BFDB} hxxps://wsec06.bancogalicia.com.ar/Content/Components/GaliciaEnroll/GalCryptoComponents1020.cab DPF: {D37BB1D6-A878-4721-9A64-77E6C9D44865} hxxps://wsec06.bancogalicia.com.ar/Content/Components/GaliciaCryptoClient/GalCryptoComponents1020.cab DPF: {EA2267D1-FC6B-4268-A2B7-0B556F9BA2A7} hxxps://wsec06.bancogalicia.com.ar/Content/Components/GalVerifReq/GalVerifReq.CAB FireFox: ======== FF ProfilePath: C:\Users\Rolando\AppData\Roaming\Mozilla\Firefox\Profiles\lhwzzoin.default [2019-05-07] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [2017-09-03] (Adobe Systems Incorporated -> ) FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2010-08-18] (Adobe Systems, Inc.) [File not signed] FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC) FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox-branding.js [2010-09-14] FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox-l10n.js [2010-09-14] FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox.js [2010-09-14] FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\reporter.js [2010-09-14] Chrome: ======= CHR Profile: C:\Users\Rolando\AppData\Local\Google\Chrome\User Data\Default [2019-08-10] CHR Extension: (Presentaciones) - C:\Users\Rolando\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-03-27] CHR Extension: (Documentos) - C:\Users\Rolando\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-03-27] CHR Extension: (Google Drive) - C:\Users\Rolando\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-10-04] CHR Extension: (YourTV Chrome extension) - C:\Users\Rolando\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdlhpbalhdjobabgbacbgclpjjelainj [2019-05-09] CHR Extension: (YouTube) - C:\Users\Rolando\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-04] CHR Extension: (Avast SafePrice | Comparaciones, ofertas y cupones) - C:\Users\Rolando\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-08-07] CHR Extension: (Hojas de cálculo) - C:\Users\Rolando\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-03-27] CHR Extension: (Cablevisión Flow) - C:\Users\Rolando\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfbnbmbkemlokfckhdoaakhjogffkinc [2018-11-24] CHR Extension: (Documentos de Google sin conexión) - C:\Users\Rolando\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-21] CHR Extension: (Avast Online Security) - C:\Users\Rolando\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-08-07] CHR Extension: (AVG SafePrice | Comparaciones, ofertas y cupones) - C:\Users\Rolando\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbckjcfnjmoiinpgddefodcighgikkgn [2019-06-05] CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Rolando\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-10] CHR Extension: (Gmail) - C:\Users\Rolando\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-29] CHR Extension: (Chrome Media Router) - C:\Users\Rolando\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-08] CHR HKLM\...\Chrome\Extension: [bdlhpbalhdjobabgbacbgclpjjelainj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [279024 2013-11-04] (Intel Corporation - Software and Firmware Products -> Intel Corporation) R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [223560 2016-04-18] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) R2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RP7.EXE [143424 2013-04-14] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) R3 ICCS; C:\Program Files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [169752 2012-04-24] (Intel Corporation -> Intel Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5394136 2019-06-26] (Malwarebytes Corporation -> Malwarebytes) R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Windows -> Microsoft Corporation) R2 WsAppService; C:\Program Files\Wondershare\WAF\2.4.3.227\WsAppService.exe [492768 2017-06-21] (Wondershare Technology Co.,Ltd -> Wondershare) R2 WsDrvInst; C:\Program Files\Wondershare\MirrorGo\DriverInstall.exe [111328 2017-05-05] (Wondershare Technology Co.,Ltd -> Wondershare) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [109184 2017-01-16] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) R3 e1cexpress; C:\Windows\System32\DRIVERS\e1c6232.sys [368392 2014-05-02] (Intel Corporation -> Intel Corporation) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [128552 2019-01-08] (Malwarebytes Corporation -> Malwarebytes) R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [801776 2013-12-10] (Intel Corporation - Software and Firmware Products -> Intel Corporation) R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [173512 2019-08-10] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [190624 2019-08-10] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [64296 2019-08-10] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [241760 2019-08-10] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [86768 2019-08-10] (Malwarebytes Corporation -> Malwarebytes) R3 MEI; C:\Windows\System32\DRIVERS\TeeDriver.sys [155424 2015-07-28] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [147072 2017-01-16] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) U1 aswbdisk; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-08-10 12:31 - 2019-08-10 12:36 - 000016262 _____ C:\Users\Rolando\Downloads\FRST.txt 2019-08-10 12:31 - 2019-08-10 12:31 - 000000000 ____D C:\Users\Rolando\Downloads\FRST-OlderVersion 2019-08-10 12:28 - 2019-08-10 12:30 - 000049462 _____ C:\Users\Rolando\Documents\cc_20190810_122857.reg 2019-08-10 12:25 - 2019-08-10 12:25 - 000190624 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2019-08-10 12:25 - 2019-08-10 12:25 - 000086768 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2019-08-10 12:25 - 2019-08-10 12:25 - 000064296 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2019-08-10 12:01 - 2019-08-10 12:01 - 000241760 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2019-08-10 11:53 - 2019-08-10 11:54 - 011018472 _____ (AVAST Software) C:\Users\Rolando\Downloads\avastclear (1).exe 2019-08-10 11:44 - 2019-08-10 11:53 - 011018472 _____ (AVAST Software) C:\Users\Rolando\Downloads\avastclear.exe 2019-08-10 10:57 - 2019-08-10 10:58 - 012767776 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Rolando\Downloads\avgclear.exe 2019-08-09 12:29 - 2019-08-08 18:57 - 000001522 _____ C:\Users\Rolando\Documents\malwarebyte - copia.txt 2019-08-09 12:29 - 2019-08-08 18:37 - 000002508 _____ C:\Users\Rolando\Documents\ZHPCleaner (R) - copia.txt 2019-08-09 12:29 - 2019-08-08 18:21 - 000002339 _____ C:\Users\Rolando\Documents\ZHPCleaner (S) - copia.txt 2019-08-09 09:05 - 2019-08-09 09:05 - 000000000 _____ C:\Windows\system32\last.dump 2019-08-08 19:41 - 2019-08-08 19:42 - 000028825 _____ C:\Users\Rolando\Documents\Addition.txt 2019-08-08 19:40 - 2019-08-10 12:31 - 000000000 ____D C:\FRST 2019-08-08 19:40 - 2019-08-08 19:42 - 000031794 _____ C:\Users\Rolando\Documents\FRST.txt 2019-08-08 19:39 - 2019-08-10 12:31 - 001448960 _____ (Farbar) C:\Users\Rolando\Downloads\FRST.exe 2019-08-08 18:57 - 2019-08-08 18:57 - 000001522 _____ C:\Users\Rolando\Documents\malwarebyte.txt 2019-08-08 18:45 - 2019-08-08 18:45 - 000002487 _____ C:\Users\Rolando\Documents\ZHPCleane.txt 2019-08-08 16:59 - 2019-08-08 16:59 - 000001528 _____ C:\Users\Rolando\Documents\malwarebytes.txt 2019-08-08 12:16 - 2019-08-08 12:17 - 000123498 _____ C:\Users\Rolando\Documents\cc_20190808_121623.reg 2019-08-08 12:03 - 2019-08-08 12:03 - 000000073 _____ C:\Users\Rolando\Downloads\Ayuda pc lenta - Ayuda General - ForoSpyware.url 2019-08-08 12:02 - 2019-08-08 12:02 - 000000965 _____ C:\Users\Public\Desktop\CCleaner.lnk 2019-08-08 12:02 - 2019-08-08 12:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2019-08-08 12:02 - 2019-08-08 12:02 - 000000000 ____D C:\Program Files\CCleaner 2019-08-08 12:01 - 2019-08-08 18:37 - 000000000 ____D C:\Users\Rolando\AppData\Roaming\ZHP 2019-08-08 12:01 - 2019-08-08 12:01 - 000000832 _____ C:\Users\Rolando\Desktop\ZHPCleaner.lnk 2019-08-08 12:01 - 2019-08-08 12:01 - 000000000 ____D C:\Users\Rolando\AppData\Local\ZHP 2019-08-08 12:01 - 2019-08-08 12:01 - 000000000 ____D C:\Users\Rolando\AppData\Local\mbam 2019-08-08 12:00 - 2019-08-10 11:59 - 000173512 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2019-08-08 12:00 - 2019-08-08 12:37 - 000000000 ____D C:\AdwCleaner 2019-08-08 12:00 - 2019-08-08 12:00 - 000002020 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2019-08-08 12:00 - 2019-08-08 12:00 - 000000000 ____D C:\Users\Rolando\AppData\Local\mbamtray 2019-08-08 12:00 - 2019-08-08 12:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2019-08-08 12:00 - 2019-08-08 12:00 - 000000000 ____D C:\ProgramData\Malwarebytes 2019-08-08 12:00 - 2019-08-08 12:00 - 000000000 ____D C:\Program Files\Malwarebytes 2019-08-08 12:00 - 2019-01-08 16:32 - 000128552 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys 2019-08-08 11:58 - 2019-08-08 11:59 - 020891464 _____ (Piriform Software Ltd) C:\Users\Rolando\Downloads\ccsetup560.exe 2019-08-08 11:57 - 2019-08-08 11:57 - 003118464 _____ (Nicolas Coolman) C:\Users\Rolando\Downloads\ZHPCleaner.exe 2019-08-08 11:56 - 2019-08-08 11:57 - 007623880 _____ (Malwarebytes) C:\Users\Rolando\Downloads\adwcleaner_7.4.exe 2019-08-08 11:56 - 2019-08-08 11:56 - 064881672 _____ (Malwarebytes ) C:\Users\Rolando\Downloads\mb3-setup-consumer-3.8.3.2965-1.0.613-1.0.11897.exe 2019-08-07 08:56 - 2019-08-07 08:56 - 000000000 _____ C:\unp18694826.tmp 2019-08-06 12:14 - 2019-08-06 12:14 - 000000000 ___HD C:\$AV_ASW 2019-08-06 11:53 - 2019-08-10 12:01 - 000000000 ____D C:\ProgramData\AVAST Software 2019-08-06 11:53 - 2019-08-06 11:53 - 000230080 _____ (AVAST Software) C:\Users\Rolando\Downloads\avast_free_antivirus_setup_online.exe 2019-07-31 16:00 - 2019-07-31 16:00 - 000000000 __SHD C:\found.001 2019-07-29 16:00 - 2019-07-29 16:00 - 000000000 __SHD C:\found.000 ==================== One month (modified) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-08-10 12:23 - 2009-07-14 01:34 - 000021088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2019-08-10 12:23 - 2009-07-14 01:34 - 000021088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2019-08-10 12:04 - 2018-03-27 18:04 - 000000917 _____ C:\Windows\Tasks\EPSON L395 Series Update {59F13078-A8AF-4B2B-A998-1325C5E49D70}.job 2019-08-10 12:01 - 2009-07-14 01:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2019-08-10 11:12 - 2018-03-27 19:49 - 000000000 ____D C:\Users\Rolando\AppData\Local\AVG 2019-08-08 18:40 - 2017-09-04 09:47 - 000088560 _____ C:\Users\Rolando\AppData\Local\GDIPFONTCACHEV1.DAT 2019-08-08 17:02 - 2009-07-14 01:33 - 000347808 _____ C:\Windows\system32\FNTCACHE.DAT 2019-08-08 17:00 - 2009-07-13 23:37 - 000000000 ____D C:\Windows\inf 2019-08-08 12:37 - 2018-06-07 10:31 - 000000000 ____D C:\Users\Rolando\AppData\Roaming\Samsung 2019-08-08 12:37 - 2018-06-07 10:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung 2019-08-08 12:37 - 2018-06-07 10:25 - 000000000 ____D C:\Program Files\Samsung 2019-08-08 12:15 - 2017-09-03 18:17 - 000000000 ____D C:\Windows\Panther 2019-08-07 16:37 - 2019-04-01 20:05 - 002930397 _____ C:\Users\Rolando\Desktop\TERMOLAR - PRECIOS EXW 2018 ARG (DIST).xlsx 2019-08-07 08:57 - 2017-09-04 09:47 - 000002168 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2019-08-07 08:57 - 2017-09-04 09:47 - 000002127 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2019-08-06 12:14 - 2017-09-03 22:51 - 000000000 ____D C:\Program Files\Winamp 2019-08-03 21:10 - 2018-11-03 21:21 - 000000000 ____D C:\Windows\system32\MRT 2019-08-03 21:10 - 2018-11-03 21:19 - 133475400 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2019-08-01 18:08 - 2010-11-20 21:30 - 000694148 _____ C:\Windows\system32\perfh00A.dat 2019-08-01 18:08 - 2010-11-20 21:30 - 000134242 _____ C:\Windows\system32\perfc00A.dat 2019-08-01 18:08 - 2010-11-20 18:01 - 001530242 _____ C:\Windows\system32\PerfStringBackup.INI 2019-08-01 16:51 - 2019-04-01 20:45 - 002930191 _____ C:\Users\Rolando\Desktop\TERMOLAR - PEDIDO PRECIOS EXW 2018 ARG (DIST).xlsx ==================== Files in the root of some directories ================ 2018-03-29 19:16 - 2018-03-29 19:16 - 000000017 _____ () C:\Users\Rolando\AppData\Local\resmon.resmoncfg ==================== SigCheck =============================== (There is no automatic fix for files that do not pass verification.) LastRegBack: 2019-08-01 09:23 ==================== End of FRST.txt ============================