AutoIt Error imposible eliminar

Hola, he leido en varios temas del foro como solucionar el problema, pero en la mayoria indicais que si nos ocurre el problema debemos postear un nuevo tema ya que cada script que se crea es personalizado.

Siempre he podido solucionar problemas con malwarebytes, entrando a registros y siguiendo tutoriales de internet pero no me hago con este “virus” o eso creo que es.

Me salen 3 ventanas cada vez que inicio el ordenador windows 8 indicando en una ventana AutoIt Error Line 0 (File “C:\Users\Administrador”): Error: Error opening the file

Decir que el ordendor no es mio y siempre que ha tenido un problema a mi padre se lo ha solucionado otra persona. Es sospechoso que el ordenador usa la carpeta USUARIOS ADMINISTRATOR 1 y en la ventana me dice que el error esta en ADMINISTRATOR a secas, por si aporta o se me escapa algo.

Muchas gracias por vuestra ayuda, sois semidioses. Salu2.

hola @coitia, bienvenido al nuevo foro infospyware. Vamos a intentar eliminar a este virus.

:one: CCleaner

Descarga, instala y/o actualiza Ccleaner

Consulta si es necesario su manual

  • Abres Ccleaner. Pestaña Custom Clean (Limpieza personalizada). Dejas como está configurada predeterminadamente :arrow_forward: haces clic en Analyze (Analizar) y esperas que termine :arrow_forward: clic en Run Cleaner (Ejecutar Limpiador).

:two: Malewarebytes Anti-Maleware

Descarga, actualiza y ejecuta Malwarebytes’ Anti-Malware , revisa en detalle el manual, para que sepas usarlo y configurarlo. Te doy las instrucciones de esta versión 3:

  • Realiza un Análisis Personalizado (Scan > Custom Scan > botón Configure Scan) , marcando Todas las casillas de la derecha y de la Izquierda actualizando si te lo pide. Ver la imagen mostrada para mayor claridad.
  • Pulsar en “Eliminar Seleccionados” para enviarlo a la cuarentena y Reinicias el sistema.
  • Para acceder posteriormente al informe del análisis: Informes >> Registro de análisis >> Pulsar en >> Exportar >> Copiar al Portapapeles, y lo pegas en tu respuesta

imagen

:three: AdwCleaner

Descarga AdwCleaner | InfoSpyware en el escritorio.

• Cierra también todos los programas que tengas abiertos.

• Ejecuta Adwcleaner.exe (Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador.)

• Pulsar en el botón Escanear , y espera a que se realice el proceso, inmediatamente pulsa sobre el botón Limpiar .

• Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas .

• Guardas el reporte que te aparecerá y lo anexas en un mensaje.

• El informe también se puede encontrar en C:\Archivos de programa o C: Archivos de programa(x86), si el sistema es de 64 bits –Adwcleaner- AdwCleaner[CX].txt

:four: ZHPCleaner

Ejecutar ZHPCleaner siguiendo su manual. Anexas el reporte en un nuevo mensaje del foro.

:five: CCleaner

  • clic en la pestaña Registro :arrow_forward: clic en buscar problemas y esperas que termine :arrow_forward: clic en Reparar Seleccionadas y haces una copia de seguridad

imagen

1 me gusta

Hola, gracias por tu ayuda!

Analisis de malwarebytes ya habia hecho antes (no este tan completo) y eliminado los archivos corruptos. Tambien lo de registro de ccleaner y limpieza.

Aquí una foto del error (mentira el foro no me deja, la pongo en el siguiente post)

Me equivoqué al decir que era win8 es win10

Resultados de malwarebytes (de momento ya no me sale esa ventana tras poner en cuarentena esos archivos)

Malwarebytes

-Detalles del registro-
Fecha del análisis: 13/10/19
Hora del análisis: 18:53
Archivo de registro: 0cf90b40-edda-11e9-9a1d-f0761c19cd02.json

-Información del software-
Versión: 3.8.3.2965
Versión de los componentes: 1.0.613
Versión del paquete de actualización: 1.0.12891
Licencia: Prueba

-Información del sistema-
SO: Windows 10 (Build 17134.1040)
CPU: x64
Sistema de archivos: NTFS
Usuario: IGNACIO\Administrador 1

-Resumen del análisis-
Tipo de análisis: Análisis personalizado
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 510117
Amenazas detectadas: 13
Amenazas en cuarentena: 13
Tiempo transcurrido: 10 hr, 28 min, 13 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Activado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 6
PUP.Optional.Segurazo, C:\Program Files (x86)\Segurazo\amd64, En cuarentena, [1539], [735211],1.0.12891
PUP.Optional.Segurazo, C:\Program Files (x86)\Segurazo\x86, En cuarentena, [1539], [735214],1.0.12891
PUP.Optional.Segurazo, C:\ProgramData\Segurazo\b\amd64, En cuarentena, [1539], [709093],1.0.12891
PUP.Optional.Segurazo, C:\ProgramData\Segurazo\b\x86, En cuarentena, [1539], [709093],1.0.12891
PUP.Optional.Segurazo, C:\ProgramData\Segurazo\b, En cuarentena, [1539], [709093],1.0.12891
PUP.Optional.Segurazo, C:\ProgramData\Segurazo, En cuarentena, [1539], [709093],1.0.12891

Archivo: 7
PUP.Optional.Segurazo, C:\Program Files (x86)\Segurazo\amd64\msdia140.dll, En cuarentena, [1539], [735211],1.0.12891
PUP.Optional.Segurazo, C:\Program Files (x86)\Segurazo\x86\msdia140.dll, En cuarentena, [1539], [735214],1.0.12891
PUP.Optional.Segurazo, C:\PROGRAM FILES (X86)\SEGURAZO\MICROSOFT.DIAGNOSTICS.TRACING.TRACEEVENT.DLL, En cuarentena, [1539], [735217],1.0.12891
PUP.Optional.Segurazo, C:\ProgramData\Segurazo\b\amd64\msdia140.dll, En cuarentena, [1539], [709093],1.0.12891
PUP.Optional.Segurazo, C:\ProgramData\Segurazo\b\x86\msdia140.dll, En cuarentena, [1539], [709093],1.0.12891
PUP.Optional.Segurazo, C:\ProgramData\Segurazo\b\Microsoft.Diagnostics.Tracing.TraceEvent.dll, En cuarentena, [1539], [709093],1.0.12891
PUP.Optional.Segurazo, C:\ProgramData\Segurazo\b\System.Threading.dll, En cuarentena, [1539], [709093],1.0.12891

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

Aqui estan los archivos de los otros programas que me pides, no se cuales de ellos necesitas ya que cada programa me generaba dos. Supongo que para ti sera facil saber cual es.

Añado los otros en el siguiente post

ZHPCleaner (S).txt (3,4 KB) ZHPCleaner ®.txt (3,2 KB)

AdwCleaner[S00].txt (8,3 KB) AdwCleaner[C00].txt (4,8 KB)

Gracias por los informes. Malewarebyte Antimaleware detectó la presencia del Malware Segurazo. Este malware se presenta como software antivirus que incluye protección en tiempo real, detección de amenazas y protección de datos y contraseñas. Sin embargo, este software es en realidad una aplicación potencialmente no deseada porque se distribuye a través de asistentes (descarga o instalación) de otro software. Es muy común que los usuarios descarguen e instalen software de este tipo involuntariamente.

Bien, los programas antimaleware han hecho su trabajo. Confirma en las próximas 48 horas que el problema de Autoit ha sido resuelto. En caso contrario infórmame y seguimos limpiando el PC.

1 me gusta

Vamos a ver si hay algún resto de malewares usando una herramienta avanzada como Farbar Recovery Scan Tool:

Realiza lo siguiente:

1.- Desactiva temporalmente tu antivirus y cualquier programa de seguridad.

2.- Descarga Farbar Recovery Scan Tool. en el escritorio, seleccionando la versión adecuada para la arquitectura (32 o 64bits) de su equipo. >> Como saber si mi Windows es de 32 o 64 bits.?

  • Ejecuta FRST.exe.

  • En el mensaje de la ventana del Disclaimer, pulsamos Yes

  • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.

  • Se abrirán dos (2) archivos (Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

Guía: Como Ejecutar FRST

3.- En tu próxima respuesta, pega los reportes generados.

Guía : ¿Como Pegar reportes en el Foro?

Esperamos esos reporte.

1 me gusta

hola frica, vale lo voy a hacer esta tarde o mañana. La ventana de AutoIt me sigue saltando

El uso del programa FRST solucionará esas ventanas de Autoit. Por favor no demore tanto las respouesta porque dificulta la resolución de su problema, al dar tiempo que pueda entrar algún otro maleware en su equipo.

Espero esos informes. Un saludo.

1 me gusta

FRST

Ran by Administrador 1 (administrator) on IGNACIO (LENOVO 80EU) (21-10-2019 17:01:33)
Running from C:\Users\Administrador 1\Desktop
Loaded Profiles: Administrador 1 & Administrador (Available Profiles: Administrador 1 & Administrador)
Platform: Windows 10 Home Version 1803 17134.1069 (X64) Language: Español (España, internacional)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(CyberLink Corp. -> CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(LENOVO (UNITED STATES) INC. -> Lenovo) C:\Users\Administrador 1\AppData\Local\Apps\2.0\9BAZNJ5K.74M\Q4YH6KW3.849\lsb...tion_91a10ba61c75c82d_0001.0006_f185aae74f563194\LSB.exe
(LENOVO -> Lenovo) C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\UpdateAssistant\UpdateAssistant.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\UpdateAssistant\UpdateAssistant.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20218.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19072.18011.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\DeviceCensus.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\UNP\UpdateNotificationMgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\backgroundTaskHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
(Nitro PDF Software -> Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Piriform Software Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCUpdate.exe
(Realtek Semiconductor Corp. -> Realtek semiconductor) C:\Windows\RTFTrack.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-30] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [268680 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [5455880 2017-03-10] (Realtek Semiconductor Corp. -> Realtek semiconductor)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10212019170001502\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10212019170001906\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2524779702-1519077474-4215319357-1003\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [24552064 2019-10-15] (Piriform Software Ltd -> Piriform Ltd)
HKU\S-1-5-21-2524779702-1519077474-4215319357-1003\...\Run: [649237e4] => C:\ProgramData\Intel\Wireless\0a35612\gdhabbc.exe [943784 2019-10-19] (AutoIt Consulting Ltd -> AutoIt Team)
HKU\S-1-5-21-2524779702-1519077474-4215319357-1003\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-2524779702-1519077474-4215319357-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10212019170002146\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [24552064 2019-10-15] (Piriform Software Ltd -> Piriform Ltd)
HKU\S-1-5-21-2524779702-1519077474-4215319357-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10212019170002146\...\Run: [649237e4] => C:\ProgramData\Intel\Wireless\0a35612\gdhabbc.exe [943784 2019-10-19] (AutoIt Consulting Ltd -> AutoIt Team)
HKU\S-1-5-21-2524779702-1519077474-4215319357-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10212019170002146\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-2524779702-1519077474-4215319357-500\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2524779702-1519077474-4215319357-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10212019170003557\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\77.0.3865.120\Installer\chrmstp.exe [2019-10-15] (Google LLC -> Google LLC)
GroupPolicy: Restriction ? <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06675493-6C6C-411A-B3DC-575414C9A12F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-15] (Piriform Software Ltd -> Piriform Ltd)
Task: {1011AC19-0B7C-487F-B465-0A888947E7EE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {160D4B6F-7100-461E-81E4-1CFF2F1ED569} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)
Task: {1C3C037E-A06F-4670-ADC4-2C96C951867C} - System32\Tasks\{D9EACE0E-8E16-426C-830C-62B67F4B413B} => C:\WINDOWS\system32\pcalua.exe -a "C:\Users\Administrador 1\AppData\Roaming\0V1L2Z2Z1T1I1L1T\Microsoft Excel Packages\uninstaller.exe" -c /Uninst /NM="Microsoft Excel Packages" /AN="0V1L2Z2Z1T1I1L1T" /MBN="Microsoft Excel Packages" /mnl
Task: {20953A0B-C935-405E-914C-C4EABB81E0F3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-11-27] (Google Inc -> Google Inc.)
Task: {2F3034B1-C4A7-48BE-ABE1-F662989713CD} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {2F4ABDE0-2EA7-4A7C-A403-F1AD28F3657C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {364019A7-0B16-4E22-B9C1-CA8E48EFB9C7} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {381692CF-4F38-4BD0-B988-B87B295E84C5} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {3ABFE87E-85FA-4F96-94D2-F0FAD15C2944} - System32\Tasks\Uninstaller_SkipUac_Administrador_1 => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: {4CD43A98-89C0-452A-AB8D-220E2A36F19E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-11-27] (Google Inc -> Google Inc.)
Task: {5312D0F0-BE4C-4484-9714-5E9BA5920333} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3933576 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
Task: {559409F2-4FF0-4F5F-A989-CFD57D443981} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [16864 2015-12-10] (LENOVO -> Lenovo)
Task: {5A3FB241-0B11-4EA5-BC66-0D9F1B406040} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM => {C8367320-6F85-11E0-A1F0-0800200C9A66} C:\WINDOWS\System32\BthTelemetry.dll [33280 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
Task: {5ADA1DC9-41AA-4F92-AEC0-C5FD5D3974A4} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {76A6FB2F-B4A1-43C0-8BE7-1795D60EE623} - System32\Tasks\{B5FAC7D3-DE3F-401B-BE1E-91980B604138} => C:\WINDOWS\system32\pcalua.exe -a "C:\Users\Administrador 1\AppData\Local\{BAA98CF5-9E01-E04D-F399-C5A5D7F1393D}\uninstall.exe" -c /Uninstall /s /noun /DelSelfDir
Task: {76AE8AE3-B285-4A6C-B46A-C4A993F736F9} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1873288 2019-09-18] (AVAST Software s.r.o. -> AVAST Software)
Task: {7E6A94E1-A645-4E7E-90CE-1C59C9E7844A} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {7E82DEE3-4956-47EE-935C-B81BD270B058} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {89DCB1FD-9CE8-4079-AB46-4D05188D1C83} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {95825F6A-5E16-40DA-9B06-D5D9CB7F7320} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {994591F7-2272-4139-B9B8-5B6138124AED} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {AAB791BB-AB30-4097-B79E-0D46F19BAD14} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {B080CAF9-C2D5-4B57-B5EB-DAAB4E864D8F} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {C1983F91-6E1F-4D9C-A90B-EB295DCD8BF0} - \Lenovo\Lenovo Service Bridge\S-1-5-21-2524779702-1519077474-4215319357-1003 -> No File <==== ATTENTION
Task: {C2B6BE0A-6E0F-4B63-A1E0-BE9528AFF629} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {C7449F8E-D90D-4447-9E92-FA4155394981} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [95192 2013-03-08] (CyberLink Corp. -> CyberLink Corp.)
Task: {C7B9F1F7-634E-4274-8F31-D4C0AD9C5CF3} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {D5547A88-C5A6-4CE2-8607-246856C2BA78} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {E95162AA-7B3F-4885-8DDD-8E6BA8AFE260} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-15] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {F21BDB35-F3D4-4042-8B49-C3632DEBB88F} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {FCD9849B-D491-4C34-81D4-4A21B27AF935} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [4213848 2017-03-10] (Synaptics Incorporated -> Synaptics Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrador_1.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{27827e1d-abf8-4e5f-898e-be85161c9ce0}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{27827e1d-abf8-4e5f-898e-be85161c9ce0}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8cc88296-39e9-4257-839e-004fbc700af2}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{8cc88296-39e9-4257-839e-004fbc700af2}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-2524779702-1519077474-4215319357-1003\Software\Microsoft\Internet Explorer\Main,Search Page =  hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2524779702-1519077474-4215319357-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-2524779702-1519077474-4215319357-1003\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-2524779702-1519077474-4215319357-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://home.microsoft.com/search/search.asp
HKU\S-1-5-21-2524779702-1519077474-4215319357-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10212019170002146\Software\Microsoft\Internet Explorer\Main,Search Page =  hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2524779702-1519077474-4215319357-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10212019170002146\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-2524779702-1519077474-4215319357-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10212019170002146\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-2524779702-1519077474-4215319357-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10212019170002146\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://home.microsoft.com/search/search.asp
SearchScopes: HKLM -> DefaultScope {9A2BC87B-860E-4B39-99C2-5417EC29E037} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {9A2BC87B-860E-4B39-99C2-5417EC29E037} URL = 
SearchScopes: HKU\S-1-5-21-2524779702-1519077474-4215319357-1003 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = 
SearchScopes: HKU\S-1-5-21-2524779702-1519077474-4215319357-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10212019170002146 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = 

FireFox:
========
FF DefaultProfile: vlok0ro3.default
FF ProfilePath: C:\Users\Administrador 1\AppData\Roaming\Mozilla\Firefox\Profiles\vlok0ro3.default [2019-10-21]
FF Homepage: Mozilla\Firefox\Profiles\vlok0ro3.default -> hxxps://www.msn.com/?pc=SK216&ocid=SK216DHP&osmkt=es-es|hxxps://www.google.es/
FF Extension: (Bing Search) - C:\Users\Administrador 1\AppData\Roaming\Mozilla\Firefox\Profiles\vlok0ro3.default\Extensions\[email protected] [2018-05-06] [Legacy]
FF Extension: (Avast SafePrice) - C:\Users\Administrador 1\AppData\Roaming\Mozilla\Firefox\Profiles\vlok0ro3.default\Extensions\[email protected] [2017-12-29] [UpdateUrl:hxxps://firefoxext.avcdn.net/firefoxext/avast/sp/update.json]
FF Extension: (Avast Online Security) - C:\Users\Administrador 1\AppData\Roaming\Mozilla\Firefox\Profiles\vlok0ro3.default\Extensions\[email protected] [2018-06-23]
FF Extension: (Google Code Correction) - C:\Users\Administrador 1\AppData\Roaming\Mozilla\Firefox\Profiles\vlok0ro3.default\features\{7235a5bd-3889-4026-92a9-0f5cac7831ac}\[email protected] [2018-06-23] [Legacy]
FF SearchPlugin: C:\Users\Administrador 1\AppData\Roaming\Mozilla\Firefox\Profiles\vlok0ro3.default\searchplugins\bing-.xml [2018-05-06]
FF HKU\S-1-5-21-2524779702-1519077474-4215319357-500\...\Firefox\Extensions: [{FCF36B88-1BBA-487f-B64B-D2E8980A9293}] - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension
FF Extension: (No Name) - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension [2014-10-15] [not signed]
FF HKU\S-1-5-21-2524779702-1519077474-4215319357-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10212019170003557\...\Firefox\Extensions: [{FCF36B88-1BBA-487f-B64B-D2E8980A9293}] - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-03] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-03] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2013-12-12] (Nitro PDF Software -> Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.302\npGoogleUpdate3.dll [2019-10-07] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.302\npGoogleUpdate3.dll [2019-10-07] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-10-11] (Adobe Inc. -> Adobe Systems Inc.)

Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> msn.com
CHR StartupUrls: Default -> "hxxps://www.google.es/"
CHR Profile: C:\Users\Administrador 1\AppData\Local\Google\Chrome\User Data\Default [2019-10-21]
CHR Extension: (Presentaciones) - C:\Users\Administrador 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Documentos) - C:\Users\Administrador 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Administrador 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-27]
CHR Extension: (YouTube) - C:\Users\Administrador 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-27]
CHR Extension: (Adblock Plus - bloqueador de anuncios gratis) - C:\Users\Administrador 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-08-26]
CHR Extension: (Búsqueda de Google) - C:\Users\Administrador 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-27]
CHR Extension: (Hojas de cálculo) - C:\Users\Administrador 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Administrador 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-17]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Administrador 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-09-30]
CHR Extension: (Gmail) - C:\Users\Administrador 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-23]
CHR Extension: (Chrome Media Router) - C:\Users\Administrador 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-09-12]
CHR Profile: C:\Users\Administrador 1\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-10-13]
CHR Profile: C:\Users\Administrador 1\AppData\Local\Google\Chrome\User Data\System Profile [2019-10-13]
CHR HKU\S-1-5-21-2524779702-1519077474-4215319357-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2524779702-1519077474-4215319357-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10212019170002146\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

2A PARTE DEL FRST

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6085360 2019-10-04] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [996880 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [184064 2017-01-13] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373688 2017-06-12] (Intel(R) pGFX -> Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Trusted Connect Service -> Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-03] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
S3 LenovoSetSvr; C:\Program Files (x86)\Lenovo\Lenovo Settings\LenovoSetSvr.exe [389680 2014-10-15] (Lenovo (Beijing) Limited -> Lenovo(beijing) Limited)
S3 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2014-10-15] (Lenovo (Beijing) Limited -> Lenovo(beijing) Limited)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
S3 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-12] (Nitro PDF Software -> Nitro PDF Software)
R2 nlsX86cc; C:\WINDOWS\SysWOW64\NLSSRV32.EXE [69640 2013-12-12] (Nitro PDF Software -> Nalpeiron Ltd.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [251480 2017-03-10] (Synaptics Incorporated -> Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4413440 2019-03-14] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107160 2019-02-16] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37616 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [204824 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [274456 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [209552 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [65120 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [16304 2019-10-03] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [276952 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42736 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [171520 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110320 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [83792 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [848432 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [460448 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [236024 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [316528 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 ElRawDisk; C:\WINDOWS\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation -> EldoS Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2019-10-16] (Malwarebytes Corporation -> Malwarebytes)
R1 HWiNFO32; C:\WINDOWS\SysWoW64\drivers\HWiNFO64A.SYS [27552 2017-03-10] (Martin Malik - REALiX -> REALiX(tm))
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [231168 2017-01-13] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2019-10-16] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [224408 2019-10-16] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2019-10-19] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-10-19] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [116832 2019-10-16] (Malwarebytes Corporation -> Malwarebytes)
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3517200 2017-03-10] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
S3 Rockusb; C:\WINDOWS\System32\drivers\rockusb.sys [69920 2016-04-01] (Fuzhou Rockchip Electronics Co., Ltd. -> Fuzhou Rockchip Electronics Co,Ltd.)
S3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [329184 2017-03-10] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [947712 2017-03-10] (Realtek Semiconductor Corp. -> Realtek )
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3146760 2017-03-10] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
S3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-03] (Synaptics Incorporated -> Synaptics Incorporated)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] (CyberLink -> "CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-10-21 17:01 - 2019-10-21 17:04 - 000033041 _____ C:\Users\Administrador 1\Desktop\FRST.txt
2019-10-21 17:00 - 2019-10-21 17:03 - 000000000 ____D C:\FRST
2019-10-21 16:59 - 2019-10-21 17:00 - 001617408 _____ (Farbar) C:\Users\Administrador 1\Desktop\FRST64.exe
2019-10-20 23:10 - 2019-10-20 23:10 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-10-19 21:00 - 2019-10-19 21:00 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-10-19 20:58 - 2019-10-19 20:58 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-10-19 20:57 - 2019-10-19 20:57 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-10-16 03:17 - 2019-10-16 03:17 - 000224408 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-10-16 03:17 - 2019-10-16 03:17 - 000199768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-10-16 03:17 - 2019-10-16 03:17 - 000116832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-10-15 22:55 - 2019-10-20 23:30 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2019-10-14 09:15 - 2019-10-14 09:15 - 000005410 _____ C:\Users\Administrador 1\Desktop\cc_20191014_091502.reg
2019-10-14 09:11 - 2019-10-14 09:11 - 000003247 _____ C:\Users\Administrador 1\Desktop\ZHPCleaner (R).txt
2019-10-14 09:07 - 2019-10-14 09:07 - 000003477 _____ C:\Users\Administrador 1\Desktop\ZHPCleaner (S).txt
2019-10-14 08:57 - 2019-10-14 09:13 - 000000000 ____D C:\Users\Administrador 1\AppData\Roaming\ZHP
2019-10-14 08:57 - 2019-10-14 08:57 - 000000898 _____ C:\Users\Administrador 1\Desktop\ZHPCleaner.lnk
2019-10-14 08:57 - 2019-10-14 08:57 - 000000000 ____D C:\Users\Administrador 1\AppData\Local\ZHP
2019-10-14 08:56 - 2019-10-14 08:56 - 003335552 _____ (Nicolas Coolman) C:\Users\Administrador 1\Desktop\ZHPCleaner.exe
2019-10-14 08:42 - 2019-10-14 08:42 - 000004867 _____ C:\Users\Administrador 1\Desktop\AdwCleaner[C00].txt
2019-10-14 08:39 - 2019-10-14 08:39 - 000008454 _____ C:\Users\Administrador 1\Desktop\AdwCleaner[S00].txt
2019-10-14 08:38 - 2019-10-14 08:40 - 000000000 ____D C:\AdwCleaner
2019-10-14 08:36 - 2019-10-14 08:36 - 000003200 _____ C:\Users\Administrador 1\Desktop\dfg.txt
2019-10-13 19:10 - 2019-10-13 19:11 - 007636680 _____ (Malwarebytes) C:\Users\Administrador 1\Desktop\adwcleaner_7.4.1.exe
2019-10-13 17:50 - 2019-10-02 07:04 - 007519896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-10-13 17:50 - 2019-10-02 06:47 - 006564368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-10-13 17:50 - 2019-10-02 06:40 - 025857024 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-10-13 17:50 - 2019-10-02 06:32 - 022735872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-10-13 17:50 - 2019-09-10 09:17 - 023862272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2019-10-13 17:49 - 2019-10-06 03:43 - 000783360 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-10-13 17:49 - 2019-10-06 03:43 - 000674304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-10-13 17:49 - 2019-10-02 13:14 - 000349216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2019-10-13 17:49 - 2019-10-02 13:10 - 004527072 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-10-13 17:49 - 2019-10-02 13:10 - 001640376 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2019-10-13 17:49 - 2019-10-02 13:10 - 001616608 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-10-13 17:49 - 2019-10-02 13:08 - 002394960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2019-10-13 17:49 - 2019-10-02 13:08 - 001047568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2019-10-13 17:49 - 2019-10-02 12:53 - 004852736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2019-10-13 17:49 - 2019-10-02 12:52 - 012835840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-10-13 17:49 - 2019-10-02 12:52 - 008627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2019-10-13 17:49 - 2019-10-02 12:50 - 004491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2019-10-13 17:49 - 2019-10-02 12:50 - 002019840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2019-10-13 17:49 - 2019-10-02 12:48 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2019-10-13 17:49 - 2019-10-02 12:47 - 000957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2019-10-13 17:49 - 2019-10-02 12:47 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2019-10-13 17:49 - 2019-10-02 12:47 - 000488960 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2019-10-13 17:49 - 2019-10-02 12:46 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-10-13 17:49 - 2019-10-02 12:46 - 001289216 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2019-10-13 17:49 - 2019-10-02 12:46 - 000740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2019-10-13 17:49 - 2019-10-02 10:56 - 001628488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2019-10-13 17:49 - 2019-10-02 10:53 - 000917816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2019-10-13 17:49 - 2019-10-02 10:52 - 002206424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL
2019-10-13 17:49 - 2019-10-02 10:46 - 012037120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-10-13 17:49 - 2019-10-02 10:44 - 007991296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2019-10-13 17:49 - 2019-10-02 10:42 - 003397120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2019-10-13 17:49 - 2019-10-02 10:41 - 000901120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2019-10-13 17:49 - 2019-10-02 10:41 - 000704000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2019-10-13 17:49 - 2019-10-02 07:21 - 002417744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2019-10-13 17:49 - 2019-10-02 07:20 - 003180080 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2019-10-13 17:49 - 2019-10-02 07:19 - 000374584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2019-10-13 17:49 - 2019-10-02 07:05 - 000092472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
2019-10-13 17:49 - 2019-10-02 07:04 - 002774120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-10-13 17:49 - 2019-10-02 07:04 - 001098064 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-10-13 17:49 - 2019-10-02 07:04 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-10-13 17:49 - 2019-10-02 07:04 - 000494096 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2019-10-13 17:49 - 2019-10-02 07:03 - 000778024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-10-13 17:49 - 2019-10-02 07:02 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-10-13 17:49 - 2019-10-02 07:02 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-10-13 17:49 - 2019-10-02 07:02 - 001027384 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-10-13 17:49 - 2019-10-02 07:02 - 000568104 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-10-13 17:49 - 2019-10-02 07:02 - 000210448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys
2019-10-13 17:49 - 2019-10-02 07:02 - 000194352 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2019-10-13 17:49 - 2019-10-02 07:01 - 002468048 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-10-13 17:49 - 2019-10-02 07:01 - 001288928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2019-10-13 17:49 - 2019-10-02 07:01 - 000723728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-10-13 17:49 - 2019-10-02 07:01 - 000722744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2019-10-13 17:49 - 2019-10-02 07:01 - 000527160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2019-10-13 17:49 - 2019-10-02 07:01 - 000491208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2019-10-13 17:49 - 2019-10-02 07:01 - 000439504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2019-10-13 17:49 - 2019-10-02 07:01 - 000435728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-10-13 17:49 - 2019-10-02 07:00 - 009080632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-10-13 17:49 - 2019-10-02 07:00 - 002570824 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-10-13 17:49 - 2019-10-02 07:00 - 002371504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2019-10-13 17:49 - 2019-10-02 07:00 - 000433168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2019-10-13 17:49 - 2019-10-02 07:00 - 000209936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2019-10-13 17:49 - 2019-10-02 06:59 - 001784696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2019-10-13 17:49 - 2019-10-02 06:59 - 001459120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-10-13 17:49 - 2019-10-02 06:59 - 001260776 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-10-13 17:49 - 2019-10-02 06:59 - 001141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-10-13 17:49 - 2019-10-02 06:59 - 000983936 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-10-13 17:49 - 2019-10-02 06:59 - 000930616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2019-10-13 17:49 - 2019-10-02 06:59 - 000604984 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-10-13 17:49 - 2019-10-02 06:59 - 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-10-13 17:49 - 2019-10-02 06:49 - 000550512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2019-10-13 17:49 - 2019-10-02 06:49 - 000434728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2019-10-13 17:49 - 2019-10-02 06:49 - 000385000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2019-10-13 17:49 - 2019-10-02 06:49 - 000191800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2019-10-13 17:49 - 2019-10-02 06:48 - 002331480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2019-10-13 17:49 - 2019-10-02 06:48 - 001990056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-10-13 17:49 - 2019-10-02 06:48 - 000666248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-10-13 17:49 - 2019-10-02 06:48 - 000380216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-10-13 17:49 - 2019-10-02 06:47 - 004789944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-10-13 17:49 - 2019-10-02 06:47 - 002260928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-10-13 17:49 - 2019-10-02 06:47 - 001979752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-10-13 17:49 - 2019-10-02 06:47 - 001380312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2019-10-13 17:49 - 2019-10-02 06:47 - 001130784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-10-13 17:49 - 2019-10-02 06:47 - 001020280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2019-10-13 17:49 - 2019-10-02 06:47 - 000829752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2019-10-13 17:49 - 2019-10-02 06:47 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2019-10-13 17:49 - 2019-10-02 06:38 - 022016000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-10-13 17:49 - 2019-10-02 06:32 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-10-13 17:49 - 2019-10-02 06:31 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-10-13 17:49 - 2019-10-02 06:31 - 004388864 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-10-13 17:49 - 2019-10-02 06:30 - 019385856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-10-13 17:49 - 2019-10-02 06:30 - 003403264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-10-13 17:49 - 2019-10-02 06:29 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2019-10-13 17:49 - 2019-10-02 06:29 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2019-10-13 17:49 - 2019-10-02 06:28 - 007573504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-10-13 17:49 - 2019-10-02 06:28 - 004771840 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2019-10-13 17:49 - 2019-10-02 06:28 - 002929152 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsservices.dll
2019-10-13 17:49 - 2019-10-02 06:28 - 001827328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-10-13 17:49 - 2019-10-02 06:27 - 005769728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-10-13 17:49 - 2019-10-02 06:27 - 003554304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2019-10-13 17:49 - 2019-10-02 06:27 - 002126336 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2019-10-13 17:49 - 2019-10-02 06:27 - 001308160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2019-10-13 17:49 - 2019-10-02 06:27 - 000929280 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-10-13 17:49 - 2019-10-02 06:27 - 000487936 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-10-13 17:49 - 2019-10-02 06:27 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-10-13 17:49 - 2019-10-02 06:27 - 000201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2019-10-13 17:49 - 2019-10-02 06:26 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-10-13 17:49 - 2019-10-02 06:26 - 000468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2019-10-13 17:49 - 2019-10-02 06:25 - 003091456 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2019-10-13 17:49 - 2019-10-02 06:25 - 002738688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2019-10-13 17:49 - 2019-10-02 06:25 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2019-10-13 17:49 - 2019-10-02 06:25 - 002179072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-10-13 17:49 - 2019-10-02 06:25 - 001540096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2019-10-13 17:49 - 2019-10-02 06:25 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-10-13 17:49 - 2019-10-02 06:25 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-10-13 17:49 - 2019-10-02 06:24 - 002379264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-10-13 17:49 - 2019-10-02 06:24 - 001563648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-10-13 17:49 - 2019-10-02 06:24 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2019-10-13 17:49 - 2019-10-02 06:24 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2019-10-13 17:49 - 2019-10-02 06:23 - 004938240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-10-13 17:49 - 2019-10-02 06:23 - 004517376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-10-13 17:49 - 2019-10-02 06:23 - 002166272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-10-13 17:49 - 2019-10-02 06:23 - 001724928 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2019-10-13 17:49 - 2019-10-02 06:23 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2019-10-13 17:49 - 2019-10-02 06:23 - 000629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-10-13 17:49 - 2019-10-02 06:22 - 001418240 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2019-10-13 17:49 - 2019-10-02 06:22 - 001110016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2019-10-13 17:49 - 2019-10-02 06:22 - 000545280 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-10-13 17:49 - 2019-10-02 06:22 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-10-13 17:49 - 2019-10-02 06:22 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-10-13 17:49 - 2019-10-02 06:22 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2019-10-13 17:49 - 2019-09-10 09:16 - 019525632 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2019-10-13 17:49 - 2019-09-10 03:20 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-10-13 17:49 - 2019-08-13 16:42 - 000331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-10-13 17:49 - 2019-07-09 05:23 - 001213264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2019-10-13 17:48 - 2019-10-02 12:53 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-10-13 17:48 - 2019-10-02 12:50 - 000810496 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2019-10-13 17:48 - 2019-10-02 12:49 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2019-10-13 17:48 - 2019-10-02 12:48 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2019-10-13 17:48 - 2019-10-02 12:48 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2019-10-13 17:48 - 2019-10-02 12:46 - 000210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2019-10-13 17:48 - 2019-10-02 12:45 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2019-10-13 17:48 - 2019-10-02 12:45 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngOnline.dll
2019-10-13 17:48 - 2019-10-02 10:42 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2019-10-13 17:48 - 2019-10-02 10:41 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2019-10-13 17:48 - 2019-10-02 07:03 - 000193040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2019-10-13 17:48 - 2019-10-02 07:01 - 000159864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2019-10-13 17:48 - 2019-10-02 07:00 - 000248880 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2019-10-13 17:48 - 2019-10-02 07:00 - 000039032 _____ (Microsoft Corporation) C:\WINDOWS\system32\NtlmShared.dll
2019-10-13 17:48 - 2019-10-02 06:49 - 000146712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2019-10-13 17:48 - 2019-10-02 06:48 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NtlmShared.dll
2019-10-13 17:48 - 2019-10-02 06:47 - 000607248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2019-10-13 17:48 - 2019-10-02 06:29 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2019-10-13 17:48 - 2019-10-02 06:28 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2019-10-13 17:48 - 2019-10-02 06:28 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2019-10-13 17:48 - 2019-10-02 06:28 - 000085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2019-10-13 17:48 - 2019-10-02 06:28 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2019-10-13 17:48 - 2019-10-02 06:28 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2019-10-13 17:48 - 2019-10-02 06:27 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2019-10-13 17:48 - 2019-10-02 06:26 - 000908800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
2019-10-13 17:48 - 2019-10-02 06:26 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2019-10-13 17:48 - 2019-10-02 06:26 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2019-10-13 17:48 - 2019-10-02 06:26 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2019-10-13 17:48 - 2019-10-02 06:25 - 001862656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsservices.dll
2019-10-13 17:48 - 2019-10-02 06:25 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2019-10-13 17:48 - 2019-10-02 06:25 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-10-13 17:48 - 2019-10-02 06:25 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2019-10-13 17:48 - 2019-10-02 06:25 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2019-10-13 17:48 - 2019-10-02 06:24 - 000857088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2019-10-13 17:48 - 2019-10-02 06:24 - 000582144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2019-10-13 17:48 - 2019-10-02 06:23 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2019-10-13 17:48 - 2019-10-02 06:23 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2019-10-13 17:48 - 2019-10-02 06:23 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2019-10-13 17:48 - 2019-10-02 06:22 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2019-10-13 17:48 - 2019-10-02 06:22 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2019-10-13 17:48 - 2019-10-02 06:22 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2019-10-13 17:48 - 2019-10-02 05:05 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
2019-10-13 17:48 - 2019-09-19 09:02 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-10-13 17:48 - 2019-09-10 08:56 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-10-13 17:48 - 2019-09-10 03:20 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2019-10-13 17:39 - 2019-03-28 11:11 - 000029232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2019-10-13 17:39 - 2019-03-28 08:35 - 000622832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp140_clr0400.dll
2019-10-13 17:39 - 2019-03-28 08:35 - 000433448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp140_clr0400.dll
2019-10-13 17:39 - 2019-03-28 08:35 - 000087296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vcruntime140_clr0400.dll
2019-10-13 17:39 - 2019-03-28 08:35 - 000083768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vcruntime140_clr0400.dll
2019-10-13 17:38 - 2019-03-28 11:11 - 000017968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr100_clr0400.dll
2019-10-13 17:38 - 2019-03-28 11:09 - 000032816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2019-10-13 17:38 - 2019-03-28 11:09 - 000017968 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr100_clr0400.dll
2019-10-13 17:38 - 2019-03-28 08:35 - 000772176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_clr0400.dll
2019-10-13 17:38 - 2019-03-28 08:35 - 000702400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase_clr0400.dll
2019-10-13 17:09 - 2019-10-20 23:30 - 000002988 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2019-10-13 17:09 - 2019-10-20 23:30 - 000002238 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC
2019-10-13 17:09 - 2019-10-15 23:09 - 000000000 ____D C:\Program Files\CCleaner
2019-10-13 17:09 - 2019-10-13 17:09 - 000000876 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-10-13 17:02 - 2019-10-13 17:03 - 025441808 _____ (Piriform Software Ltd) C:\Users\Administrador 1\Desktop\ccsetup562.exe
2019-10-13 15:09 - 2019-10-13 15:09 - 000000000 ____D C:\Users\Administrador 1\AppData\Local\mbam
2019-10-13 15:08 - 2019-10-13 15:08 - 000000000 ____D C:\Users\Administrador 1\AppData\Local\mbamtray
2019-10-13 15:06 - 2019-10-13 15:06 - 000001931 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-10-13 15:06 - 2019-06-26 13:00 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-10-13 15:05 - 2019-10-16 03:17 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-10-13 15:05 - 2019-10-13 15:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-10-13 15:05 - 2019-10-13 15:05 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-10-13 15:05 - 2019-10-13 15:05 - 000000000 ____D C:\Program Files\Malwarebytes
2019-10-11 23:35 - 2019-10-11 23:35 - 068944013 _____ C:\Users\Administrador 1\Downloads\Artico [1080p][Castellano][wWw.EliteTorrent.IO].rar
2019-10-07 22:54 - 2019-10-11 23:46 - 000000000 ____D C:\Program Files (x86)\Glary Utilities
2019-10-07 22:50 - 2019-10-12 07:46 - 000000000 ____D C:\Program Files (x86)\Chromium
2019-10-07 22:49 - 2019-10-07 22:49 - 000000000 ____D C:\ProgramData\{56F76ACB-7EDF-12B3-2687-3A9BCE6FE243}
2019-10-07 22:48 - 2019-10-07 22:48 - 006685656 _____ (Glarysoft Ltd ) C:\Users\Administrador 1\Downloads\glary_utilities_pro.exe
2019-10-06 15:09 - 2019-10-06 15:34 - 2723405824 ____R C:\Users\Administrador 1\Downloads\Dragged Across Concrete [BluRay RIP][AC3 2.0 Castellano][2019].avi
2019-10-06 15:09 - 2019-10-06 15:09 - 000107815 _____ C:\Users\Administrador 1\Desktop\Dragged_Across_Concrete.torrent
2019-10-06 14:53 - 2019-10-06 14:53 - 000000000 ____D C:\Users\Administrador 1\Downloads\El Hijo [1080p][Castellano][wWw.EliteTorrent.IO]
2019-10-06 14:52 - 2019-10-06 14:53 - 000011620 _____ C:\Users\Administrador 1\Desktop\El_Hijo_1080p_Castellano.torrent
2019-10-05 00:06 - 2019-10-05 00:06 - 000017800 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2019-10-04 23:54 - 2019-10-20 14:39 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2019-10-04 23:52 - 2019-10-03 22:55 - 000355720 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2019-10-04 23:08 - 2019-09-13 13:02 - 004040008 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2019-10-04 23:08 - 2019-09-13 12:57 - 021409376 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-10-04 23:08 - 2019-09-13 12:47 - 006588416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2019-10-04 23:08 - 2019-09-13 12:40 - 003614208 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-10-04 23:08 - 2019-09-13 11:15 - 020400656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-10-04 23:08 - 2019-09-13 11:15 - 003701184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2019-10-04 23:08 - 2019-09-13 11:00 - 002882048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-10-04 23:08 - 2019-09-13 06:58 - 007900880 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2019-10-04 23:08 - 2019-09-13 06:49 - 005627280 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-10-04 23:08 - 2019-09-13 06:48 - 003290584 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-10-04 23:08 - 2019-09-13 06:47 - 007445856 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-10-04 23:08 - 2019-09-13 06:35 - 006052272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-10-04 23:08 - 2019-09-13 06:27 - 016598528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-10-04 23:08 - 2019-09-13 06:24 - 013878784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-10-04 23:07 - 2019-09-13 13:03 - 000586680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2019-10-04 23:07 - 2019-09-13 12:57 - 001517480 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2019-10-04 23:07 - 2019-09-13 12:57 - 001375456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2019-10-04 23:07 - 2019-09-13 12:56 - 000341392 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSrvPolicyManager.dll
2019-10-04 23:07 - 2019-09-13 12:44 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2019-10-04 23:07 - 2019-09-13 12:44 - 000124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2019-10-04 23:07 - 2019-09-13 12:41 - 001644032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2019-10-04 23:07 - 2019-09-13 12:41 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2019-10-04 23:07 - 2019-09-13 12:40 - 001725952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2019-10-04 23:07 - 2019-09-13 12:40 - 000806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2019-10-04 23:07 - 2019-09-13 12:40 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2019-10-04 23:07 - 2019-09-13 12:40 - 000402944 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2019-10-04 23:07 - 2019-09-13 12:40 - 000351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Narrator.exe
2019-10-04 23:07 - 2019-09-13 12:40 - 000326656 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2019-10-04 23:07 - 2019-09-13 12:39 - 002085888 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2019-10-04 23:07 - 2019-09-13 12:39 - 001262592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2019-10-04 23:07 - 2019-09-13 12:39 - 000305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2019-10-04 23:07 - 2019-09-13 11:18 - 000470512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2019-10-04 23:07 - 2019-09-13 11:17 - 001026280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2019-10-04 23:07 - 2019-09-13 11:16 - 001320128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2019-10-04 23:07 - 2019-09-13 11:05 - 005659136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2019-10-04 23:07 - 2019-09-13 11:01 - 001300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2019-10-04 23:07 - 2019-09-13 11:01 - 000622592 _____ (Microsoft Corporation) 

3A PARTE DEL FRST

2019-10-04 23:07 - 2019-09-13 11:00 - 001530880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2019-10-04 23:07 - 2019-09-13 10:59 - 002017280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2019-10-04 23:07 - 2019-09-13 06:58 - 001613096 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2019-10-04 23:07 - 2019-09-13 06:56 - 005821448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2019-10-04 23:07 - 2019-09-13 06:56 - 001299472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2019-10-04 23:07 - 2019-09-13 06:49 - 000274792 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2019-10-04 23:07 - 2019-09-13 06:48 - 001659704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2019-10-04 23:07 - 2019-09-13 06:48 - 001363536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2019-10-04 23:07 - 2019-09-13 06:48 - 000722744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2019-10-04 23:07 - 2019-09-13 06:48 - 000710240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-10-04 23:07 - 2019-09-13 06:48 - 000170296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-10-04 23:07 - 2019-09-13 06:47 - 001947168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2019-10-04 23:07 - 2019-09-13 06:47 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-10-04 23:07 - 2019-09-13 06:47 - 000275768 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-10-04 23:07 - 2019-09-13 06:47 - 000081720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys
2019-10-04 23:07 - 2019-09-13 06:47 - 000039736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msfs.sys
2019-10-04 23:07 - 2019-09-13 06:36 - 002478152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-10-04 23:07 - 2019-09-13 06:36 - 001252152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContentDeliveryManager.Utilities.dll
2019-10-04 23:07 - 2019-09-13 06:35 - 001559272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2019-10-04 23:07 - 2019-09-13 06:23 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_BackgroundApps.dll
2019-10-04 23:07 - 2019-09-13 06:21 - 000153600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_AppExecutionAlias.dll
2019-10-04 23:07 - 2019-09-13 06:21 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
2019-10-04 23:07 - 2019-09-13 06:21 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2019-10-04 23:07 - 2019-09-13 06:21 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\edpnotify.exe
2019-10-04 23:07 - 2019-09-13 06:21 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2019-10-04 23:07 - 2019-09-13 06:20 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2019-10-04 23:07 - 2019-09-13 06:20 - 000202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2019-10-04 23:07 - 2019-09-13 06:20 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerCsp.dll
2019-10-04 23:07 - 2019-09-13 06:20 - 000166912 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2019-10-04 23:07 - 2019-09-13 06:19 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2019-10-04 23:07 - 2019-09-13 06:18 - 000567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-10-04 23:07 - 2019-09-13 06:18 - 000273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2019-10-04 23:07 - 2019-09-13 06:17 - 003148288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2019-10-04 23:07 - 2019-09-13 06:17 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2019-10-04 23:07 - 2019-09-13 06:17 - 000267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2019-10-04 23:07 - 2019-09-13 06:17 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2019-10-04 23:07 - 2019-09-13 06:17 - 000114176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BitLockerCsp.dll
2019-10-04 23:07 - 2019-09-13 06:17 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2019-10-04 23:07 - 2019-09-13 06:16 - 000910336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2019-10-04 23:07 - 2019-09-13 06:16 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2019-10-04 23:07 - 2019-09-13 06:15 - 002913792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-10-04 23:07 - 2019-09-13 06:15 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-10-04 23:07 - 2019-09-13 06:15 - 001023488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2019-10-04 23:07 - 2019-09-13 06:15 - 000840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2019-10-04 23:07 - 2019-09-13 06:15 - 000517120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2019-10-04 23:07 - 2019-09-13 06:15 - 000504832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2019-10-04 23:07 - 2019-09-13 06:15 - 000403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\DavSyncProvider.dll
2019-10-04 23:07 - 2019-09-13 06:15 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2019-10-04 23:07 - 2019-09-13 06:14 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2019-10-04 23:07 - 2019-09-13 06:14 - 001809408 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-10-04 23:07 - 2019-09-13 06:14 - 001222144 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-10-04 23:07 - 2019-09-13 06:14 - 000848384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2019-10-04 23:07 - 2019-09-13 06:14 - 000602112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2019-10-04 23:07 - 2019-09-13 06:14 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-10-04 23:07 - 2019-09-13 06:14 - 000257536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2019-10-04 23:07 - 2019-09-13 06:13 - 002893312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2019-10-04 23:07 - 2019-09-13 06:13 - 001371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\MiracastReceiver.dll
2019-10-04 23:07 - 2019-09-13 06:13 - 001154048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-10-04 23:07 - 2019-09-13 06:13 - 000927232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2019-10-04 23:07 - 2019-09-13 06:13 - 000910848 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-10-04 23:07 - 2019-09-13 06:13 - 000845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2019-10-04 23:07 - 2019-09-13 06:13 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2019-10-04 23:07 - 2019-09-13 06:12 - 001634304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-10-04 23:07 - 2019-09-13 06:12 - 000627712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2019-10-04 23:07 - 2019-09-13 06:12 - 000372736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2019-10-04 23:07 - 2019-09-13 06:12 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapibase.dll
2019-10-04 23:07 - 2019-09-13 06:11 - 000979456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MiracastReceiver.dll
2019-10-04 23:07 - 2019-09-13 06:11 - 000782336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-10-04 23:07 - 2019-09-13 06:11 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2019-10-04 23:07 - 2019-09-13 06:11 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll
2019-10-04 23:07 - 2019-09-13 06:11 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2019-10-04 23:07 - 2019-09-13 06:11 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DavSyncProvider.dll
2019-10-03 23:00 - 2019-10-03 23:00 - 000848432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2019-10-03 23:00 - 2019-10-03 23:00 - 000460448 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2019-10-03 22:56 - 2019-10-03 22:55 - 000316528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2019-10-03 22:56 - 2019-10-03 22:55 - 000276952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2019-10-03 22:56 - 2019-10-03 22:55 - 000274456 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2019-10-03 22:56 - 2019-10-03 22:55 - 000236024 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2019-10-03 22:56 - 2019-10-03 22:55 - 000209552 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2019-10-03 22:56 - 2019-10-03 22:55 - 000204824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2019-10-03 22:56 - 2019-10-03 22:55 - 000171520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2019-10-03 22:56 - 2019-10-03 22:55 - 000110320 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2019-10-03 22:56 - 2019-10-03 22:55 - 000083792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2019-10-03 22:56 - 2019-10-03 22:55 - 000065120 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2019-10-03 22:56 - 2019-10-03 22:55 - 000042736 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2019-10-03 22:56 - 2019-10-03 22:55 - 000037616 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2019-10-03 22:56 - 2019-10-03 22:55 - 000016304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
2019-09-29 23:36 - 2019-09-04 12:16 - 001721144 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2019-09-29 23:36 - 2019-09-04 12:16 - 000740664 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2019-09-29 23:36 - 2019-09-04 07:19 - 000513336 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2019-09-29 23:36 - 2019-09-04 06:48 - 007057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2019-09-29 23:36 - 2019-09-04 06:44 - 003687424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-09-29 23:36 - 2019-09-04 06:43 - 004849664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-09-29 23:36 - 2019-08-13 06:17 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-09-29 23:36 - 2019-07-09 09:43 - 004718080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-09-29 23:35 - 2019-09-04 12:16 - 002871608 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2019-09-29 23:35 - 2019-09-04 12:16 - 000810808 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2019-09-29 23:35 - 2019-09-04 12:16 - 000324408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-09-29 23:35 - 2019-09-04 12:15 - 000637752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2019-09-29 23:35 - 2019-09-04 12:15 - 000464696 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2019-09-29 23:35 - 2019-09-04 12:15 - 000164152 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2019-09-29 23:35 - 2019-09-04 12:15 - 000071480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2019-09-29 23:35 - 2019-09-04 12:06 - 000541200 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2019-09-29 23:35 - 2019-09-04 12:06 - 000402016 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll
2019-09-29 23:35 - 2019-09-04 12:01 - 000790936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-09-29 23:35 - 2019-09-04 12:01 - 000396088 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2019-09-29 23:35 - 2019-09-04 12:00 - 001632112 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-09-29 23:35 - 2019-09-04 11:45 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-09-29 23:35 - 2019-09-04 11:42 - 000167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\NcaSvc.dll
2019-09-29 23:35 - 2019-09-04 11:39 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2019-09-29 23:35 - 2019-09-04 10:52 - 001453624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-09-29 23:35 - 2019-09-04 10:51 - 000662328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-09-29 23:35 - 2019-09-04 10:51 - 000322360 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2019-09-29 23:35 - 2019-09-04 10:50 - 000356896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll
2019-09-29 23:35 - 2019-09-04 07:24 - 000705336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2019-09-29 23:35 - 2019-09-04 07:19 - 000511288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2019-09-29 23:35 - 2019-09-04 07:19 - 000036152 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2019-09-29 23:35 - 2019-09-04 07:15 - 000500744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2019-09-29 23:35 - 2019-09-04 07:15 - 000323904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2019-09-29 23:35 - 2019-09-04 07:14 - 001934808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2019-09-29 23:35 - 2019-09-04 07:14 - 001209696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2019-09-29 23:35 - 2019-09-04 07:14 - 000594032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2019-09-29 23:35 - 2019-09-04 07:14 - 000420984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xbgmengine.dll
2019-09-29 23:35 - 2019-09-04 07:14 - 000361752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2019-09-29 23:35 - 2019-09-04 07:13 - 000735680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-09-29 23:35 - 2019-09-04 07:13 - 000692352 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2019-09-29 23:35 - 2019-09-04 07:13 - 000545808 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-09-29 23:35 - 2019-09-04 07:13 - 000383288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2019-09-29 23:35 - 2019-09-04 07:13 - 000335672 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2019-09-29 23:35 - 2019-09-04 07:13 - 000129040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2019-09-29 23:35 - 2019-09-04 07:10 - 000415544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2019-09-29 23:35 - 2019-09-04 07:04 - 000286616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2019-09-29 23:35 - 2019-09-04 07:03 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2019-09-29 23:35 - 2019-09-04 07:03 - 000538192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2019-09-29 23:35 - 2019-09-04 07:02 - 001805872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2019-09-29 23:35 - 2019-09-04 07:02 - 000560600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2019-09-29 23:35 - 2019-09-04 06:46 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2019-09-29 23:35 - 2019-09-04 06:45 - 005883904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2019-09-29 23:35 - 2019-09-04 06:44 - 006647296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2019-09-29 23:35 - 2019-09-04 06:43 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-09-29 23:35 - 2019-09-04 06:43 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2019-09-29 23:35 - 2019-09-04 06:43 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2019-09-29 23:35 - 2019-09-04 06:43 - 000282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2019-09-29 23:35 - 2019-09-04 06:43 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2019-09-29 23:35 - 2019-09-04 06:42 - 006032384 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2019-09-29 23:35 - 2019-09-04 06:42 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2019-09-29 23:35 - 2019-09-04 06:42 - 001765888 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-09-29 23:35 - 2019-09-04 06:42 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2019-09-29 23:35 - 2019-09-04 06:41 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2019-09-29 23:35 - 2019-09-04 06:41 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2019-09-29 23:35 - 2019-09-04 06:41 - 001347584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2019-09-29 23:35 - 2019-09-04 06:41 - 000686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2019-09-29 23:35 - 2019-09-04 06:41 - 000379904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2019-09-29 23:35 - 2019-09-04 06:40 - 002602496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2019-09-29 23:35 - 2019-09-04 06:40 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2019-09-29 23:35 - 2019-09-04 06:40 - 001232384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2019-09-29 23:35 - 2019-09-04 06:40 - 000978944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2019-09-29 23:35 - 2019-09-04 06:40 - 000851968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2019-09-29 23:35 - 2019-09-04 06:39 - 003203072 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2019-09-29 23:35 - 2019-09-04 06:39 - 001920512 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2019-09-29 23:35 - 2019-09-04 06:39 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2019-09-29 23:35 - 2019-09-04 06:39 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2019-09-29 23:35 - 2019-09-04 06:39 - 000976896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2019-09-29 23:35 - 2019-09-04 06:39 - 000961536 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-09-29 23:35 - 2019-09-04 06:39 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2019-09-29 23:35 - 2019-09-04 06:39 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2019-09-29 23:35 - 2019-09-04 06:39 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2019-09-29 23:35 - 2019-09-04 06:38 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-09-29 23:35 - 2019-09-04 06:38 - 000884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2019-09-29 23:35 - 2019-08-16 00:55 - 000786072 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-09-29 23:35 - 2019-08-16 00:55 - 000604000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-09-29 23:35 - 2019-08-13 20:21 - 000665400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2019-09-29 23:35 - 2019-08-13 20:21 - 000221016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll
2019-09-29 23:35 - 2019-08-13 20:20 - 000106560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe
2019-09-29 23:35 - 2019-08-13 20:06 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2019-09-29 23:35 - 2019-08-13 20:06 - 000067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ComputerDefaults.exe
2019-09-29 23:35 - 2019-08-13 17:06 - 000443632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2019-09-29 23:35 - 2019-08-13 17:04 - 001651040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2019-09-29 23:35 - 2019-08-13 17:04 - 001585304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2019-09-29 23:35 - 2019-08-13 16:45 - 002969600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-09-29 23:35 - 2019-08-13 16:43 - 000624128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2019-09-29 23:35 - 2019-08-13 16:40 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-09-29 23:35 - 2019-08-13 12:09 - 000771384 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2019-09-29 23:35 - 2019-08-13 12:09 - 000571688 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe
2019-09-29 23:35 - 2019-08-13 12:08 - 000117240 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
2019-09-29 23:35 - 2019-08-13 11:51 - 000905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\slui.exe
2019-09-29 23:35 - 2019-08-13 11:50 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll
2019-09-29 23:35 - 2019-08-13 11:49 - 001060864 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2019-09-29 23:35 - 2019-08-13 11:49 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ComputerDefaults.exe
2019-09-29 23:35 - 2019-08-13 11:46 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2019-09-29 23:35 - 2019-08-13 06:54 - 000790208 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll
2019-09-29 23:35 - 2019-08-13 06:46 - 000611640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-09-29 23:35 - 2019-08-13 06:46 - 000510288 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2019-09-29 23:35 - 2019-08-13 06:45 - 002718736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-09-29 23:35 - 2019-08-13 06:44 - 002161288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2019-09-29 23:35 - 2019-08-13 06:44 - 001793472 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2019-09-29 23:35 - 2019-08-13 06:16 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
2019-09-29 23:35 - 2019-08-13 06:15 - 001626112 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2019-09-29 23:35 - 2019-08-13 06:13 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2019-09-29 23:35 - 2019-08-13 06:13 - 000137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Storage.dll
2019-09-29 23:35 - 2019-08-13 06:12 - 000205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll
2019-09-29 23:35 - 2019-08-13 06:11 - 000737280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2019-09-29 23:35 - 2019-08-13 06:11 - 000302592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2019-09-29 23:35 - 2019-08-13 04:51 - 000421376 _____ (curl, hxxps://curl.haxx.se/) C:\WINDOWS\system32\curl.exe
2019-09-29 23:35 - 2019-08-13 04:49 - 000806328 _____ C:\WINDOWS\SysWOW64\locale.nls
2019-09-29 23:35 - 2019-08-13 04:49 - 000806328 _____ C:\WINDOWS\system32\locale.nls
2019-09-29 23:35 - 2019-08-13 02:57 - 001312256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-09-29 23:35 - 2019-08-13 02:57 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-09-29 23:35 - 2019-08-07 14:58 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2019-09-29 23:35 - 2019-08-07 14:55 - 000424448 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2PGraph.dll
2019-09-29 23:35 - 2019-08-07 14:55 - 000210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2P.dll
2019-09-29 23:35 - 2019-08-07 14:54 - 004783104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2019-09-29 23:35 - 2019-08-07 14:53 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2019-09-29 23:35 - 2019-08-07 14:52 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-09-29 23:35 - 2019-08-07 14:30 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2019-09-29 23:35 - 2019-08-07 14:30 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-09-29 23:35 - 2019-08-07 14:26 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2P.dll
2019-09-29 23:35 - 2019-08-07 14:25 - 004175360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2019-09-29 23:35 - 2019-08-07 14:24 - 001472000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-09-29 23:35 - 2019-08-07 10:09 - 001328440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2019-09-29 23:35 - 2019-08-07 10:09 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-09-29 23:35 - 2019-08-07 10:09 - 000095008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-09-29 23:35 - 2019-08-07 10:08 - 002810680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-09-29 23:35 - 2019-08-07 10:08 - 001566736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2019-09-29 23:35 - 2019-08-07 10:08 - 000494992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2019-09-29 23:35 - 2019-08-07 10:08 - 000227744 _____ (Microsoft Corporation) C:\WINDOWS\system32\xmllite.dll
2019-09-29 23:35 - 2019-08-07 10:08 - 000130840 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2019-09-29 23:35 - 2019-08-07 10:08 - 000091568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys
2019-09-29 23:35 - 2019-08-07 10:07 - 001031696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2019-09-29 23:35 - 2019-08-07 10:07 - 000115728 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2019-09-29 23:35 - 2019-08-07 09:57 - 000081256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-09-29 23:35 - 2019-08-07 09:56 - 001427768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2019-09-29 23:35 - 2019-08-07 09:56 - 000357336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2019-09-29 23:35 - 2019-08-07 09:56 - 000192608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xmllite.dll
2019-09-29 23:35 - 2019-08-07 09:56 - 000101400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2019-09-29 23:35 - 2019-08-07 09:38 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2019-09-29 23:35 - 2019-08-07 09:38 - 000113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShellExtFramework.dll
2019-09-29 23:35 - 2019-08-07 09:37 - 000386048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Diagnostics.dll
2019-09-29 23:35 - 2019-08-07 09:37 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\appsruprov.dll
2019-09-29 23:35 - 2019-08-07 09:37 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2019-09-29 23:35 - 2019-08-07 09:36 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2019-09-29 23:35 - 2019-08-07 09:36 - 000354816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-09-29 23:35 - 2019-08-07 09:36 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Diagnostics.dll
2019-09-29 23:35 - 2019-08-07 09:36 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll
2019-09-29 23:35 - 2019-08-07 09:35 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-09-29 23:35 - 2019-08-07 09:35 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2019-09-29 23:35 - 2019-08-07 09:35 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2019-09-29 23:35 - 2019-08-07 09:35 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll
2019-09-29 23:35 - 2019-08-07 09:34 - 001680384 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShell.dll
2019-09-29 23:35 - 2019-08-07 09:34 - 000521216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2019-09-29 23:35 - 2019-08-07 09:34 - 000278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ComposableShellProxyStub.dll
2019-09-29 23:35 - 2019-08-07 09:34 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2019-09-29 23:35 - 2019-08-07 09:33 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ssdpsrv.dll
2019-09-29 23:35 - 2019-08-07 09:32 - 001235968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2019-09-29 23:35 - 2019-08-07 09:32 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2019-09-29 23:35 - 2019-08-07 09:32 - 000318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-09-29 23:35 - 2019-08-07 09:32 - 000275968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2019-09-29 23:35 - 2019-08-07 09:32 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ComposableShellProxyStub.dll
2019-09-29 23:35 - 2019-08-07 09:31 - 001421312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2019-09-29 23:35 - 2019-08-07 09:31 - 000947200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2019-09-29 23:35 - 2019-08-07 09:31 - 000367616 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2019-09-29 23:35 - 2019-07-11 03:30 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-09-29 23:35 - 2019-07-09 10:07 - 000506088 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2019-09-29 23:35 - 2019-07-09 09:39 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2019-09-29 23:35 - 2019-07-09 09:37 - 000517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll
2019-09-29 23:35 - 2019-07-09 09:37 - 000167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe
2019-09-29 23:35 - 2019-07-09 08:37 - 000485888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll
2019-09-29 23:35 - 2019-07-09 05:29 - 000230200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2019-09-29 23:35 - 2019-07-09 05:29 - 000031032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\uefi.sys
2019-09-29 23:35 - 2019-07-09 05:21 - 000133136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2019-09-29 23:35 - 2019-07-09 05:20 - 000227640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2019-09-29 23:35 - 2019-07-09 05:19 - 001674216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2019-09-29 23:35 - 2019-07-09 05:19 - 000799248 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2019-09-29 23:35 - 2019-07-09 05:19 - 000767232 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2019-09-29 23:35 - 2019-07-09 05:19 - 000152104 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll
2019-09-29 23:35 - 2019-07-09 05:19 - 000142352 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2019-09-29 23:35 - 2019-07-09 05:19 - 000046608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\werkernel.sys
2019-09-29 23:35 - 2019-07-09 05:12 - 001286528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2019-09-29 23:35 - 2019-07-09 05:12 - 000573808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2019-09-29 23:35 - 2019-07-09 05:12 - 000125504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll
2019-09-29 23:35 - 2019-07-09 05:11 - 000576528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2019-09-29 23:35 - 2019-07-09 05:11 - 000108560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2019-09-29 23:35 - 2019-07-09 04:51 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2019-09-29 23:35 - 2019-07-09 04:51 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DuCsps.dll
2019-09-29 23:35 - 2019-07-09 04:51 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2019-09-29 23:35 - 2019-07-09 04:50 - 001003008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-09-29 23:35 - 2019-07-09 04:50 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2019-09-29 23:35 - 2019-07-09 04:50 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-09-29 23:35 - 2019-07-09 04:50 - 000659456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2019-09-29 23:35 - 2019-07-09 04:50 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2019-09-29 23:35 - 2019-07-09 04:48 - 000697344 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2019-09-29 23:35 - 2019-07-09 04:48 - 000335360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2019-09-29 23:35 - 2019-07-09 04:48 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2019-09-29 23:35 - 2019-07-09 04:48 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2019-09-29 23:35 - 2019-07-09 04:46 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll
2019-09-29 23:35 - 2019-07-09 04:46 - 000300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2019-09-29 23:35 - 2019-07-09 04:45 - 001400832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-09-29 23:35 - 2019-07-09 04:45 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2019-09-29 23:35 - 2019-07-09 04:44 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-09-29 23:35 - 2019-07-09 04:44 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2019-09-29 23:35 - 2019-07-09 04:43 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2019-09-29 23:35 - 2019-07-09 04:43 - 000582144 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2019-09-29 23:34 - 2019-09-04 11:44 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2019-09-29 23:34 - 2019-09-04 06:45 - 000294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2019-09-29 23:34 - 2019-09-04 06:45 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ws2ifsl.sys
2019-09-29 23:34 - 2019-09-04 06:43 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2019-09-29 23:34 - 2019-09-04 06:40 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2019-09-29 23:34 - 2019-09-04 06:40 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2019-09-29 23:34 - 2019-09-04 06:38 - 000705024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2019-09-29 23:34 - 2019-08-13 16:44 - 000163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll
2019-09-29 23:34 - 2019-08-13 16:43 - 000202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.Ngc.dll
2019-09-29 23:34 - 2019-08-13 16:42 - 000252416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2019-09-29 23:34 - 2019-08-13 06:12 - 000300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2019-09-29 23:34 - 2019-08-13 06:12 - 000244224 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll
2019-09-29 23:34 - 2019-08-13 06:11 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-09-29 23:34 - 2019-08-13 06:08 - 000320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2019-09-29 23:34 - 2019-08-13 02:57 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2019-09-29 23:34 - 2019-08-07 14:53 - 000202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2pnetsh.dll
2019-09-29 23:34 - 2019-08-07 14:51 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll
2019-09-29 23:34 - 2019-08-07 14:26 - 000366592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2PGraph.dll
2019-09-29 23:34 - 2019-08-07 14:24 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\p2pnetsh.dll
2019-09-29 23:34 - 2019-08-07 09:36 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2019-09-29 23:34 - 2019-08-07 09:36 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-09-29 23:34 - 2019-08-07 09:35 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-09-29 23:34 - 2019-08-07 09:35 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys
2019-09-29 23:34 - 2019-08-07 09:34 - 000786432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2019-09-29 23:34 - 2019-08-07 09:33 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2019-09-29 23:34 - 2019-07-09 09:44 - 000039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsUpdateElevatedInstaller.exe
2019-09-29 23:34 - 2019-07-09 09:43 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdshext.dll
2019-09-29 23:34 - 2019-07-09 09:39 - 001210880 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdclt.exe
2019-09-29 23:34 - 2019-07-09 09:39 - 001193472 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdengin2.dll
2019-09-29 23:34 - 2019-07-09 08:38 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2019-09-29 23:34 - 2019-07-09 04:56 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
2019-09-29 23:34 - 2019-07-09 04:55 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetDriverInstall.dll
2019-09-29 23:34 - 2019-07-09 04:55 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-09-29 23:34 - 2019-07-09 04:52 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2019-09-29 23:34 - 2019-07-09 04:51 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2019-09-29 23:34 - 2019-07-09 04:50 - 000141312 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2019-09-29 23:34 - 2019-07-09 04:50 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2019-09-29 23:34 - 2019-07-09 04:50 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdcpw.dll
2019-09-29 23:34 - 2019-07-09 04:50 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-09-29 23:34 - 2019-07-09 04:49 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetDriverInstall.dll
2019-09-29 23:34 - 2019-06-20 04:21 - 000058882 _____ C:\WINDOWS\system32\srms.dat
2019-09-29 23:09 - 2019-10-13 14:44 - 000000000 ____D C:\Users\Administrador 1\AppData\LocalLow\uTorrent
2019-09-29 13:38 - 2019-09-29 16:22 - 000000000 ____D C:\Users\Administrador 1\Downloads\Keepers [BluRay Rip][AC3 5.1 Castellano][2019][www.descargas2020.ORG][www.pctnew.ORG]
2019-09-26 21:11 - 2019-10-13 14:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2019-09-26 21:11 - 2019-09-26 21:11 - 000001402 _____ C:\Users\Public\Desktop\Skype.lnk
2019-09-21 16:37 - 2019-09-21 18:00 - 000000000 ____D C:\WINDOWS\UpdateAssistant
==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-10-21 17:05 - 2018-07-25 22:47 - 000004224 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{7FEA9ADD-1497-4516-BC45-BE58EEC47E3B}
2019-10-21 17:05 - 2018-04-12 01:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-10-21 16:57 - 2018-07-20 21:24 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-10-20 23:30 - 2018-07-22 17:00 - 000003550 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2019-10-20 23:30 - 2018-07-22 17:00 - 000003326 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2019-10-20 23:30 - 2018-07-22 17:00 - 000002752 _____ C:\WINDOWS\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2524779702-1519077474-4215319357-1001
2019-10-20 23:30 - 2018-07-22 17:00 - 000002548 _____ C:\WINDOWS\system32\Tasks\{D9EACE0E-8E16-426C-830C-62B67F4B413B}
2019-10-20 23:30 - 2018-07-22 17:00 - 000002400 _____ C:\WINDOWS\system32\Tasks\{B5FAC7D3-DE3F-401B-BE1E-91980B604138}
2019-10-20 23:30 - 2018-07-22 17:00 - 000002320 _____ C:\WINDOWS\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2524779702-1519077474-4215319357-500
2019-10-20 23:30 - 2018-07-22 17:00 - 000002268 _____ C:\WINDOWS\system32\Tasks\Uninstaller_SkipUac_Administrador_1
2019-10-20 23:30 - 2018-07-22 17:00 - 000002060 _____ C:\WINDOWS\system32\Tasks\PDVDServ Task
2019-10-20 23:30 - 2018-07-22 17:00 - 000002048 _____ C:\WINDOWS\system32\Tasks\Synaptics TouchPad Enhancements
2019-10-20 23:30 - 2018-07-22 17:00 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software
2019-10-20 23:30 - 2017-03-10 22:44 - 000000314 _____ C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrador_1.job
2019-10-19 21:00 - 2018-07-22 16:32 - 000000000 ____D C:\Users\Administrador 1
2019-10-19 21:00 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-10-19 21:00 - 2016-01-19 00:57 - 000000000 __SHD C:\Users\Administrador 1\IntelGraphicsProfiles
2019-10-19 20:55 - 2018-07-22 17:00 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-10-18 23:20 - 2018-04-12 01:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-10-17 23:50 - 2018-07-22 16:44 - 001772030 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-10-17 23:50 - 2018-04-12 18:18 - 000788782 _____ C:\WINDOWS\system32\perfh00A.dat
2019-10-17 23:50 - 2018-04-12 18:18 - 000155876 _____ C:\WINDOWS\system32\perfc00A.dat
2019-10-17 23:50 - 2018-04-12 01:36 - 000000000 ____D C:\WINDOWS\INF
2019-10-15 23:23 - 2018-04-12 01:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-10-15 23:08 - 2018-04-11 23:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-10-15 22:52 - 2015-11-26 23:41 - 000000000 ____D C:\Users\Administrador 1\AppData\Local\Adobe
2019-10-15 22:25 - 2015-11-27 00:18 - 000002310 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-10-15 22:25 - 2015-11-27 00:18 - 000002269 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-10-14 09:12 - 2017-03-10 22:24 - 000000000 ____D C:\ProgramData\IObit
2019-10-14 08:40 - 2017-03-10 22:26 - 000000000 ____D C:\Users\Administrador 1\AppData\LocalLow\IObit
2019-10-14 08:40 - 2017-03-10 22:25 - 000000000 ____D C:\Users\Administrador 1\AppData\Roaming\IObit
2019-10-14 08:22 - 2018-07-20 21:24 - 000412544 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-10-14 08:16 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-10-14 08:16 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2019-10-14 08:16 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2019-10-14 08:16 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2019-10-14 08:16 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-10-14 08:16 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-10-14 08:16 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-10-14 08:16 - 2018-04-11 23:04 - 000000000 ____D C:\WINDOWS\system32\Dism
2019-10-13 17:14 - 2015-12-13 20:20 - 000000000 ____D C:\Users\Administrador 1\AppData\Roaming\uTorrent
2019-10-13 17:13 - 2018-06-29 00:35 - 000000000 ___DC C:\WINDOWS\Panther
2019-10-13 17:13 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-10-13 17:13 - 2016-08-19 00:07 - 000000000 ____D C:\Users\Administrador 1\AppData\Local\CrashDumps
2019-10-13 15:23 - 2018-07-22 16:32 - 000000000 ____D C:\Users\Administrator
2019-10-13 15:06 - 2018-04-12 01:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-10-12 07:47 - 2018-02-18 23:51 - 000000000 ____D C:\Users\Administrador 1\AppData\Local\Packages
2019-10-12 07:43 - 2018-10-25 20:10 - 000000000 ____D C:\Program Files\WinRAR
2019-10-09 22:35 - 2016-01-01 21:35 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-10-09 20:44 - 2016-01-01 21:35 - 127230528 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-10-07 23:03 - 2015-12-24 21:26 - 000000000 ____D C:\Users\Administrador 1\AppData\Roaming\GlarySoft
2019-10-07 22:03 - 2015-11-27 00:16 - 000000000 ____D C:\Program Files (x86)\Google
2019-10-05 16:51 - 2017-11-04 22:29 - 000000000 ___RD C:\Users\Administrador 1\3D Objects
2019-10-05 16:51 - 2015-01-15 04:33 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-10-05 16:46 - 2015-11-26 23:46 - 000000000 ____D C:\Users\Administrador 1\AppData\Local\PackageStaging
2019-10-05 00:12 - 2017-03-12 21:15 - 000002099 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2019-10-05 00:12 - 2017-03-12 21:15 - 000002087 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2019-10-03 22:56 - 2015-11-27 00:43 - 000000000 ____D C:\ProgramData\AVAST Software
2019-09-30 20:01 - 2018-04-12 01:38 - 000000000 ___SD C:\WINDOWS\system32\UNP
2019-09-30 20:01 - 2018-04-12 01:38 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2019-09-30 20:00 - 2018-04-12 01:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2019-09-30 20:00 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\ShellComponents
2019-09-30 20:00 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\Provisioning
2019-09-30 20:00 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2019-09-29 23:07 - 2019-03-19 14:34 - 000000000 ___HD C:\$WINDOWS.~BT
2019-09-29 21:09 - 2018-04-11 23:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-09-29 21:01 - 2018-07-22 16:58 - 000024768 _____ C:\WINDOWS\diagwrn.xml
2019-09-29 21:01 - 2018-07-22 16:58 - 000024768 _____ C:\WINDOWS\diagerr.xml
2019-09-29 20:57 - 2016-09-06 22:53 - 000000000 ____D C:\Users\Administrador 1\AppData\Local\AVAST Software
2019-09-26 21:12 - 2015-11-26 23:51 - 000000000 ____D C:\Users\Administrador 1\AppData\Roaming\Skype
2019-09-24 23:35 - 2015-12-30 21:08 - 000000000 ____D C:\Users\Administrador 1\AppData\Roaming\Nitro PDF
2019-09-24 23:03 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\Registration

==================== Files in the root of some directories ================

2015-11-26 23:50 - 2015-12-27 20:02 - 000001880 _____ () C:\Users\Administrador 1\AppData\Roaming\AbsoluteReminder.xml
2016-03-20 21:57 - 2016-04-17 19:57 - 000000137 _____ () C:\Users\Administrador 1\AppData\Roaming\WB.CFG
2016-07-30 21:59 - 2016-07-30 21:59 - 000000036 _____ () C:\Users\Administrador 1\AppData\Local\housecall.guid.cache

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================````

Ahora el Addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-10-2019
Ran by Administrador 1 (21-10-2019 17:06:22)
Running from C:\Users\Administrador 1\Desktop
Windows 10 Home Version 1803 17134.1069 (X64) (2018-07-22 15:02:55)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-2524779702-1519077474-4215319357-500 - Administrator - Disabled) => C:\Users\Administrator
Administrador 1 (S-1-5-21-2524779702-1519077474-4215319357-1003 - Administrator - Enabled) => C:\Users\Administrador 1
DefaultAccount (S-1-5-21-2524779702-1519077474-4215319357-503 - Limited - Disabled)
Invitado (S-1-5-21-2524779702-1519077474-4215319357-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2524779702-1519077474-4215319357-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.021.20048 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.8.2393 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.62 - Piriform)
Dependency Package Update (HKLM\...\{5252431C-288E-409D-ADCF-24407E0E6F70}) (Version: 1.6.25.00 - Lenovo Inc.) Hidden
Dependency Package Update (HKLM\...\{FFED38DF-94DC-4FF9-96C1-A6990EDA6B03}) (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 77.0.3865.120 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.301 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden
Hightail for Lenovo (HKLM\...\{2F10E937-F6D7-4174-8AB9-B299E8FC5CEC}) (Version: 2.4.97.2857 - Hightail, Inc.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.22.1760 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.25.00 - Lenovo Group Limited)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10260 - Realtek Semiconductor Corp.)
Lenovo FusionEngine  (HKLM-x32\...\Lenovo FusionEngine) (Version: 1.0.13.0 - Lenovo, Inc.)
Lenovo Mobile Phone Wireless Import (HKLM-x32\...\{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}) (Version: 1.1.1.9 - Lenovo) Hidden
Lenovo Mobile Phone Wireless Import (HKLM-x32\...\InstallShield_{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}) (Version: 1.1.1.9 - Lenovo)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.2326 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.2326 - CyberLink Corp.)
Lenovo Password Manager (HKLM-x32\...\{70EE2BAA-F82A-4B8A-950E-649EFD64D5B9}) (Version: 1.10.8.0 - Lenovo Group Limited)
Lenovo PowerDVD10 (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5108.52 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5108.52 - CyberLink Corp.)
Lenovo Security Suite (HKLM-x32\...\{184F6D30-2A4C-4BDD-85FF-BE4ABBB4232C}) (Version: 1.0.1.15 - Lenovo)
Lenovo Service Bridge (HKU\S-1-5-21-2524779702-1519077474-4215319357-1003\...\cbe8636f7dd0cf1d) (Version: 1.6.2.0 - Lenovo)
Lenovo Service Bridge (HKU\S-1-5-21-2524779702-1519077474-4215319357-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10212019170002146\...\cbe8636f7dd0cf1d) (Version: 1.6.2.0 - Lenovo)
Lenovo Settings (HKLM-x32\...\{42F8AFC3-7944-46CC-9689-94FF9869D0A7}) (Version: 1.0.0.42 - Nombre de su organización) Hidden
Lenovo Settings (HKLM-x32\...\InstallShield_{42F8AFC3-7944-46CC-9689-94FF9869D0A7}) (Version: 1.0.0.42 - Nombre de su organización)
LG United Mobile Drivers (HKLM-x32\...\{4DE95ED9-0A29-4C4F-8463-35857CF9BA36}) (Version: 3.14.1 - LG Electronics)
Malwarebytes versión 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Nitro Pro 9 (HKLM\...\{58D922F3-9C4A-4F2E-B338-72AD6A748CA7}) (Version: 9.0.5.9 - Nitro)
Paquete de controladores de Windows - Lenovo (ACPIVPC) System  (09/24/2013 19.29.2.34) (HKLM\...\EE9B1F2037C580F36D92FA431CC02BFF04C31F15) (Version: 09/24/2013 19.29.2.34 - Lenovo)
Paquete de controladores de Windows - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.29093 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7525 - Realtek Semiconductor Corp.)
Skype versión 8.53 (HKLM-x32\...\Skype_is1) (Version: 8.53 - Skype Technologies S.A.)
Software Intel® PROSet/Wireless (HKLM-x32\...\{86b86e21-7c9b-4baa-b284-69ce4a918661}) (Version: 16.10.0 - Intel Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
UpdateAssistant (HKLM\...\{C4BE7550-ECE1-417D-A787-01266DC1F5A6}) (Version: 1.22.0.0 - Microsoft Corporation) Hidden

Packages:
=========
Correo y Calendario -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20218.0_x64__8wekyb3d8bbwe [2019-09-24] (Microsoft Corporation) [MS Ad]
Hightail for Lenovo -> C:\Program Files\WindowsApps\YouSendIt.HighTailForLenovo_1.3.0.1278_neutral__069rkrpjefrbc [2016-01-20] (Hightail)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_4.27.32.0_x86__k1h2ywk1493x8 [2019-03-28] (LENOVO INC.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-12] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-12] (Microsoft Corporation) [MS Ad]
Microsoft News: Noticias destacadas en español -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.32.12463.0_x64__8wekyb3d8bbwe [2019-09-12] (Microsoft Corporation) [MS Ad]
MSN El Tiempo -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.32.12463.0_x64__8wekyb3d8bbwe [2019-09-12] (Microsoft Corporation) [MS Ad]
Phone Companion -> C:\Program Files\WindowsApps\E0469640.DeviceCollaboration_2.0.0.9_x64__5grkq8ppsgwt4 [2015-08-02] (LENOVO INC)
PowerDVD for Lenovo Idea -> C:\Program Files\WindowsApps\CyberLinkCorp.id.PowerDVDforLenovoIdea_1.1.2618.24808_x86__hgg5mn3xps74a [2015-08-02] (CYBERLINK COM CORPORATION)
Teléfono Microsoft -> C:\Program Files\WindowsApps\Microsoft.CommsPhone_3.43.20002.1000_x64__8wekyb3d8bbwe [2018-09-10] (Microsoft Corporation)
Traductor -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_5.6.0.0_x64__8wekyb3d8bbwe [2019-07-31] (Microsoft Corporation)
txtr ebooks Lenovo Edition -> C:\Program Files\WindowsApps\txtr.txtrReaderLenovoEdition_1.1.13.12_x86__g057jjhb9dtk6 [2016-01-20] (txtr)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc. (YouSendIt Inc.) -> Hightail Inc.)
ShellIconOverlayIdentifiers: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc. (YouSendIt Inc.) -> Hightail Inc.)
ShellIconOverlayIdentifiers: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc. (YouSendIt Inc.) -> Hightail Inc.)
ShellIconOverlayIdentifiers: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc. (YouSendIt Inc.) -> Hightail Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc. (YouSendIt Inc.) -> Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc. (YouSendIt Inc.) -> Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc. (YouSendIt Inc.) -> Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc. (YouSendIt Inc.) -> Hightail Inc.)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [NP8ShellExtension] -> {9C4B85B8-956C-49BF-9BA5-101384E562B2} => C:\Program Files\Common Files\Nitro\Pro\9.0\NPShellExtension64.dll [2013-12-12] (Nitro PDF Software -> Nitro PDF)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [000LenovoFoldersContextMenu] -> {D2DB7BAA-9E12-4640-825C-B1EB36A3809A} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc. (YouSendIt Inc.) -> Hightail Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-06-12] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers1_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers4_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers5_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File

==================== Codecs (Whitelisted) ==================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) ==============

2013-08-30 21:18 - 2013-08-30 21:18 - 000517120 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\ISDI2.dll
2013-08-30 21:18 - 2013-08-30 21:18 - 000286720 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\PsiData.dll
2014-10-15 15:33 - 2014-10-15 15:33 - 000348160 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Lenovo\PowerDVD10\MSVCR71.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences [386]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2019-01-11 23:22 - 000000832 _____ C:\WINDOWS\system32\drivers\etc\hosts


2016-11-01 20:24 - 2019-04-07 20:40 - 000000438 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Lenovo\FusionEngine;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10212019170001502\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10212019170001906\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2524779702-1519077474-4215319357-1003\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img2.jpg
HKU\S-1-5-21-2524779702-1519077474-4215319357-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10212019170002146\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img2.jpg
HKU\S-1-5-21-2524779702-1519077474-4215319357-500\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2524779702-1519077474-4215319357-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10212019170003557\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "Energy Manager"
HKLM\...\StartupApproved\Run: => "PhoneCompanion"
HKLM\...\StartupApproved\Run: => "Lenovo Utility"
HKLM\...\StartupApproved\Run: => "PasswordManager"
HKU\S-1-5-21-2524779702-1519077474-4215319357-1003\...\StartupApproved\Run: => "BingSvc"
HKU\S-1-5-21-2524779702-1519077474-4215319357-1003\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2524779702-1519077474-4215319357-1003\...\StartupApproved\Run: => "Chromium"
HKU\S-1-5-21-2524779702-1519077474-4215319357-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10212019170002146\...\StartupApproved\Run: => "BingSvc"
HKU\S-1-5-21-2524779702-1519077474-4215319357-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10212019170002146\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2524779702-1519077474-4215319357-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10212019170002146\...\StartupApproved\Run: => "Chromium"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{6745F7DD-058D-4C9F-A353-B61B2FEE2733}] => (Allow) C:\Program Files\Lenovo PhotoMasterImport\PhotoMasterImport.exe (Lenovo (Beijing) Limited -> Lenovo)
FirewallRules: [{50DE06BF-F00C-4694-AF04-87A8777BF78E}] => (Allow) LPort=55100
FirewallRules: [{8BFDEB6D-767D-42C0-98D1-35C00CC99A5A}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{D2C03D87-E388-4EB1-A862-C044EEC7D776}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{E372AD7B-E707-4D88-82AB-567B4FEE56DD}] => (Allow) C:\Users\Administrador 1\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{D2B7FF3A-55CE-4B28-A290-4463016192D1}] => (Allow) C:\Users\Administrador 1\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{61138917-0F14-4045-A16F-8334AE757CA7}] => (Allow) %systemroot%\system32\alg.exe No File
FirewallRules: [{2C8FABB2-3162-428D-A61E-E84002A799EC}] => (Allow) %systemroot%\system32\alg.exe No File
FirewallRules: [{46249026-BB67-478E-BDC2-A3A9FF13F00F}] => (Allow) %systemroot%\system32\alg.exe No File
FirewallRules: [{CFED9981-BF91-4E90-9ECC-A36B2D423F78}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A0ED3FD1-CAD5-45F0-9F52-B3E1D9DA5CC8}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{27C9D5CE-EE08-4421-8E51-61E02CB9F639}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

29-09-2019 23:33:12 Windows Update
04-10-2019 23:02:48 Windows Update
09-10-2019 20:41:40 Windows Update
14-10-2019 09:08:58 ZHPcleaner

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/13/2019 03:11:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: notepad.exe, versión: 10.0.17134.1, marca de tiempo: 0x2a425e19
Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x176f3160
Identificador del proceso con errores: 0x22fc
Hora de inicio de la aplicación con errores: 0x01d581c39dcf59b6
Ruta de acceso de la aplicación con errores: C:\WINDOWS\SysWOW64\notepad.exe
Ruta de acceso del módulo con errores: unknown
Identificador del informe: e0aa8ae1-9377-4c5a-8af8-1ea15b8a58e7
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (10/13/2019 03:10:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: notepad.exe, versión: 10.0.17134.1, marca de tiempo: 0x2a425e19
Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x12d53160
Identificador del proceso con errores: 0x22fc
Hora de inicio de la aplicación con errores: 0x01d581c39dcf59b6
Ruta de acceso de la aplicación con errores: C:\WINDOWS\SysWOW64\notepad.exe
Ruta de acceso del módulo con errores: unknown
Identificador del informe: 96451dd6-1531-4238-80ae-ac1cc4d70a36
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (10/13/2019 02:53:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: BingSvc.exe, versión: 1.0.6.0, marca de tiempo: 0x5624ba98
Nombre del módulo con errores: KERNELBASE.dll, versión: 10.0.17134.1038, marca de tiempo: 0xfb27b0e5
Código de excepción: 0x0eedfade
Desplazamiento de errores: 0x00114592
Identificador del proceso con errores: 0x202c
Hora de inicio de la aplicación con errores: 0x01d581c392a9b436
Ruta de acceso de la aplicación con errores: C:\Users\Administrador 1\AppData\Local\Microsoft\BingSvc\BingSvc.exe
Ruta de acceso del módulo con errores: C:\WINDOWS\System32\KERNELBASE.dll
Identificador del informe: 0e677821-3564-400f-9891-1108193b61a3
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (10/13/2019 02:51:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: BingSvc.exe, versión: 1.0.6.0, marca de tiempo: 0x5624ba98
Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
Código de excepción: 0xc00001a5
Desplazamiento de errores: 0x10570f15
Identificador del proceso con errores: 0x202c
Hora de inicio de la aplicación con errores: 0x01d581c392a9b436
Ruta de acceso de la aplicación con errores: C:\Users\Administrador 1\AppData\Local\Microsoft\BingSvc\BingSvc.exe
Ruta de acceso del módulo con errores: unknown
Identificador del informe: cb144055-2ef4-461b-a483-8ad993986668
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (10/13/2019 02:36:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: segurazoclient.exe, versión: 1.0.14.9, marca de tiempo: 0x5d6ec01f
Nombre del módulo con errores: KERNELBASE.dll, versión: 10.0.17134.1038, marca de tiempo: 0x006c1586
Código de excepción: 0xc06d007e
Desplazamiento de errores: 0x000000000003a388
Identificador del proceso con errores: 0x4ac
Hora de inicio de la aplicación con errores: 0x01d581c2e2cd5288
Ruta de acceso de la aplicación con errores: C:\Program Files (x86)\Segurazo\segurazoclient.exe
Ruta de acceso del módulo con errores: C:\WINDOWS\System32\KERNELBASE.dll
Identificador del informe: a5439da2-443e-4b2e-b94a-c38301252829
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (10/13/2019 02:35:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: segurazoclient.exe, versión: 1.0.14.9, marca de tiempo: 0x5d6ec01f
Nombre del módulo con errores: KERNELBASE.dll, versión: 10.0.17134.1038, marca de tiempo: 0x006c1586
Código de excepción: 0xc06d007e
Desplazamiento de errores: 0x000000000003a388
Identificador del proceso con errores: 0x654
Hora de inicio de la aplicación con errores: 0x01d581c2bb5004c1
Ruta de acceso de la aplicación con errores: C:\Program Files (x86)\Segurazo\segurazoclient.exe
Ruta de acceso del módulo con errores: C:\WINDOWS\System32\KERNELBASE.dll
Identificador del informe: 4f33d8fa-0b9a-49b1-8cff-140fe2ffcc67
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (10/13/2019 02:34:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: segurazoclient.exe, versión: 1.0.14.9, marca de tiempo: 0x5d6ec01f
Nombre del módulo con errores: KERNELBASE.dll, versión: 10.0.17134.1038, marca de tiempo: 0x006c1586
Código de excepción: 0xc06d007e
Desplazamiento de errores: 0x000000000003a388
Identificador del proceso con errores: 0x25c8
Hora de inicio de la aplicación con errores: 0x01d581c29598661c
Ruta de acceso de la aplicación con errores: C:\Program Files (x86)\Segurazo\segurazoclient.exe
Ruta de acceso del módulo con errores: C:\WINDOWS\System32\KERNELBASE.dll
Identificador del informe: ef657eb4-1194-44b6-ac85-18daee1f8c53
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (10/13/2019 02:33:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: dwm.exe, versión: 10.0.17134.1, marca de tiempo: 0xf5178e97
Nombre del módulo con errores: dwmcore.dll, versión: 10.0.17134.858, marca de tiempo: 0x377d0966
Código de excepción: 0xc00001ad
Desplazamiento de errores: 0x00000000001cdce2
Identificador del proceso con errores: 0x1ee8
Hora de inicio de la aplicación con errores: 0x01d581c26bf2e473
Ruta de acceso de la aplicación con errores: C:\WINDOWS\system32\dwm.exe
Ruta de acceso del módulo con errores: C:\WINDOWS\system32\dwmcore.dll
Identificador del informe: 9325d653-ab9f-4725-bb72-2b46ae93b6a8
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:


System errors:
=============
Error: (10/21/2019 05:03:54 PM) (Source: DCOM) (EventID: 10016) (User: IGNACIO)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 y APPID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 al usuario Ignacio\Administrador 1 con SID (S-1-5-21-2524779702-1519077474-4215319357-1003) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (10/21/2019 04:58:40 PM) (Source: DCOM) (EventID: 10016) (User: IGNACIO)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 y APPID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 al usuario Ignacio\Administrador 1 con SID (S-1-5-21-2524779702-1519077474-4215319357-1003) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (10/21/2019 04:58:32 PM) (Source: DCOM) (EventID: 10016) (User: IGNACIO)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario Ignacio\Administrador 1 con SID (S-1-5-21-2524779702-1519077474-4215319357-1003) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (10/20/2019 11:15:38 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: El servidor {E60687F7-01A1-40AA-86AC-DB1CBF673334} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (10/20/2019 11:08:52 PM) (Source: DCOM) (EventID: 10016) (User: IGNACIO)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario Ignacio\Administrador 1 con SID (S-1-5-21-2524779702-1519077474-4215319357-1003) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (10/20/2019 06:30:10 PM) (Source: DCOM) (EventID: 10016) (User: IGNACIO)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario Ignacio\Administrador 1 con SID (S-1-5-21-2524779702-1519077474-4215319357-1003) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (10/20/2019 06:28:30 PM) (Source: DCOM) (EventID: 10016) (User: IGNACIO)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario Ignacio\Administrador 1 con SID (S-1-5-21-2524779702-1519077474-4215319357-1003) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (10/20/2019 02:54:24 PM) (Source: DCOM) (EventID: 10016) (User: IGNACIO)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario Ignacio\Administrador 1 con SID (S-1-5-21-2524779702-1519077474-4215319357-1003) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.


CodeIntegrity:
===================================

Date: 2019-10-20 21:52:28.134
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2019-10-20 21:52:27.915
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2019-10-13 15:42:25.569
Description: 
Windows blocked file \Device\HarddiskVolume5\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-10-13 15:42:25.548
Description: 
Windows blocked file \Device\HarddiskVolume5\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-10-13 15:42:25.516
Description: 
Windows blocked file \Device\HarddiskVolume5\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-10-13 15:42:25.008
Description: 
Windows blocked file \Device\HarddiskVolume5\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-10-13 15:42:24.978
Description: 
Windows blocked file \Device\HarddiskVolume5\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-10-13 15:42:24.845
Description: 
Windows blocked file \Device\HarddiskVolume5\Windows\System32\scrobj.dll which has been disallowed for protected processes.

==================== Memory info =========================== 

BIOS: LENOVO 9DCN26WW(V2.07) 09/23/2014
Motherboard: LENOVO Lenovo B50-70
Processor: Intel(R) Core(TM) i3-4005U CPU @ 1.70GHz
Percentage of memory in use: 87%
Total physical RAM: 4016.96 MB
Available physical RAM: 516.95 MB
Total Virtual: 5104.96 MB
Available Virtual: 1502.1 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:423.87 GB) (Free:344.62 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:20.79 GB) NTFS

\\?\Volume{d47386cd-1990-4c0a-a763-dd25d0d4b018}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.68 GB) NTFS
\\?\Volume{961cc492-8852-4900-bcce-d4dd7bddbad2}\ (PBR_DRV) (Fixed) (Total:14.56 GB) (Free:5.08 GB) NTFS
\\?\Volume{83a2600a-a04f-4ce0-9373-7e25421f4c69}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: B0EA46C5)

Partition: GPT.

==================== End of Addition.txt ============================

Informes recibidor perfectamente eviados.

Dame un par de dias para que lo analice y te envíe el fichero para solucionar los problemas detectados.

Un saludo.

1 me gusta

@Emanuel, cuando en un tema se pide por parte de un Colaborador del Foro una herramienta como FRST y se ponen los informes, estos se analizan en profundidad y se dan las respuestas + script adecuadas por parte del Colaborador.

Y NO se interfiere en el tema dando instrucciones por tu cuenta, :face_with_raised_eyebrow: YA llevas un tiempo en este Foro y deberias saber cómo trabajamos o actuamos. :roll_eyes:

Saludos.

1 me gusta

Ya tenemos el log de FRST analizado.

1.- Muy Importante >>> Realizar una copia de Seguridad de su Registro.

  • Descarga DelFix en el escritorio de Windows.
  • Clic Derecho, “Ejecutar como Administrador”.
  • En la ventana principal, marca solamente la casilla “Create Registry Backup”.
  • Clic en Run.

Al terminar se abrirá un reporte llamado DelFix.txt, guárdelo por si fuera necesario y cierre la herramienta…

2.- Desactiva Temporalmente tu antivirus.

3.- Abre un nuevo archivo Notepad/Bloc de Notas y copia y pega este contenido:


Start
CloseProcesses:
CreateRestorePoint:

HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-2524779702-1519077474-4215319357-1003\...\Run: [649237e4] => C:\ProgramData\Intel\Wireless\0a35612\gdhabbc.exe [943784 2019-10-19] (AutoIt Consulting Ltd -> AutoIt Team)
HKU\S-1-5-21-2524779702-1519077474-4215319357-1003\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-2524779702-1519077474-4215319357-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10212019170002146\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-2524779702-1519077474-4215319357-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10212019170002146\...\Run: [649237e4] => C:\ProgramData\Intel\Wireless\0a35612\gdhabbc.exe [943784 2019-10-19] (AutoIt Consulting Ltd -> AutoIt Team)
C:\ProgramData\Intel\Wireless\0a35612
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {1011AC19-0B7C-487F-B465-0A888947E7EE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {1C3C037E-A06F-4670-ADC4-2C96C951867C} - System32\Tasks\{D9EACE0E-8E16-426C-830C-62B67F4B413B} => C:\WINDOWS\system32\pcalua.exe -a "C:\Users\Administrador 1\AppData\Roaming\0V1L2Z2Z1T1I1L1T\Microsoft Excel Packages\uninstaller.exe" -c /Uninst /NM="Microsoft Excel Packages" /AN="0V1L2Z2Z1T1I1L1T" /MBN="Microsoft Excel Packages" /mnl
Task: {2F3034B1-C4A7-48BE-ABE1-F662989713CD} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {2F4ABDE0-2EA7-4A7C-A403-F1AD28F3657C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {364019A7-0B16-4E22-B9C1-CA8E48EFB9C7} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {381692CF-4F38-4BD0-B988-B87B295E84C5} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {3ABFE87E-85FA-4F96-94D2-F0FAD15C2944} - System32\Tasks\Uninstaller_SkipUac_Administrador_1 => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: {76A6FB2F-B4A1-43C0-8BE7-1795D60EE623} - System32\Tasks\{B5FAC7D3-DE3F-401B-BE1E-91980B604138} => C:\WINDOWS\system32\pcalua.exe -a "C:\Users\Administrador 1\AppData\Local\{BAA98CF5-9E01-E04D-F399-C5A5D7F1393D}\uninstall.exe" -c /Uninstall /s /noun /DelSelfDir
Task: {7E6A94E1-A645-4E7E-90CE-1C59C9E7844A} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {89DCB1FD-9CE8-4079-AB46-4D05188D1C83} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {95825F6A-5E16-40DA-9B06-D5D9CB7F7320} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {AAB791BB-AB30-4097-B79E-0D46F19BAD14} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {C1983F91-6E1F-4D9C-A90B-EB295DCD8BF0} - \Lenovo\Lenovo Service Bridge\S-1-5-21-2524779702-1519077474-4215319357-1003 -> No File <==== ATTENTION
Task: {C2B6BE0A-6E0F-4B63-A1E0-BE9528AFF629} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {C7B9F1F7-634E-4274-8F31-D4C0AD9C5CF3} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {D5547A88-C5A6-4CE2-8607-246856C2BA78} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {F21BDB35-F3D4-4042-8B49-C3632DEBB88F} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
HKU\S-1-5-21-2524779702-1519077474-4215319357-1003\Software\Microsoft\Internet Explorer\Main,Search Page =  hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2524779702-1519077474-4215319357-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-2524779702-1519077474-4215319357-1003\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-2524779702-1519077474-4215319357-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://home.microsoft.com/search/search.asp
HKU\S-1-5-21-2524779702-1519077474-4215319357-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10212019170002146\Software\Microsoft\Internet Explorer\Main,Search Page =  hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2524779702-1519077474-4215319357-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10212019170002146\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-2524779702-1519077474-4215319357-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10212019170002146\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-2524779702-1519077474-4215319357-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10212019170002146\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://home.microsoft.com/search/search.asp
SearchScopes: HKLM -> DefaultScope {9A2BC87B-860E-4B39-99C2-5417EC29E037} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {9A2BC87B-860E-4B39-99C2-5417EC29E037} URL = 
SearchScopes: HKU\S-1-5-21-2524779702-1519077474-4215319357-1003 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = 
SearchScopes: HKU\S-1-5-21-2524779702-1519077474-4215319357-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10212019170002146 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = 
FF Homepage: Mozilla\Firefox\Profiles\vlok0ro3.default -> hxxps://www.msn.com/?pc=SK216&ocid=SK216DHP&osmkt=es-es|hxxps://www.google.es/
FF Extension: (Bing Search) - C:\Users\Administrador 1\AppData\Roaming\Mozilla\Firefox\Profiles\vlok0ro3.default\Extensions\[email protected] [2018-05-06] [Legacy]
FF SearchPlugin: C:\Users\Administrador 1\AppData\Roaming\Mozilla\Firefox\Profiles\vlok0ro3.default\searchplugins\bing-.xml [2018-05-06]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.302\npGoogleUpdate3.dll [2019-10-07] (Google Inc -> Google LLC)
CHR Extension: (Chrome Media Router) - C:\Users\Administrador 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-09-12]
CHR HKU\S-1-5-21-2524779702-1519077474-4215319357-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2524779702-1519077474-4215319357-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10212019170002146\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
2019-10-19 21:00 - 2019-10-19 21:00 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-10-07 22:54 - 2019-10-11 23:46 - 000000000 ____D C:\Program Files (x86)\Glary Utilities
2019-10-07 22:50 - 2019-10-12 07:46 - 000000000 ____D C:\Program Files (x86)\Chromium
2019-10-07 22:49 - 2019-10-07 22:49 - 000000000 ____D C:\ProgramData\{56F76ACB-7EDF-12B3-2687-3A9BCE6FE243}
2019-10-14 09:12 - 2017-03-10 22:24 - 000000000 ____D C:\ProgramData\IObit
2019-10-14 08:40 - 2017-03-10 22:26 - 000000000 ____D C:\Users\Administrador 1\AppData\LocalLow\IObit
2019-10-14 08:40 - 2017-03-10 22:25 - 000000000 ____D C:\Users\Administrador 1\AppData\Roaming\IObit
2019-10-07 23:03 - 2015-12-24 21:26 - 000000000 ____D C:\Users\Administrador 1\AppData\Roaming\GlarySoft
2019-10-20 23:30 - 2018-07-22 17:00 - 000002548 _____ C:\WINDOWS\system32\Tasks\{D9EACE0E-8E16-426C-830C-62B67F4B413B}
2019-10-20 23:30 - 2018-07-22 17:00 - 000002400 _____ C:\WINDOWS\system32\Tasks\{B5FAC7D3-DE3F-401B-BE1E-91980B604138}
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers1_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers4_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers5_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
AlternateDataStreams: C:\Windows:nlsPreferences [386]
FirewallRules: [{61138917-0F14-4045-A16F-8334AE757CA7}] => (Allow) %systemroot%\system32\alg.exe No File
FirewallRules: [{2C8FABB2-3162-428D-A61E-E84002A799EC}] => (Allow) %systemroot%\system32\alg.exe No File
FirewallRules: [{46249026-BB67-478E-BDC2-A3A9FF13F00F}] => (Allow) %systemroot%\system32\alg.exe No File

CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
  • Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.

Nota: Es necesario que el ejecutable Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajara.

Y ahora usa esta Faq de Windows ¿Cómo iniciar Windows en Modo Seguro (Aplicable a Windows 10)?, para trabajar desde el modo Seguro de Windows. (Usa el Metodo 1 y si no puedes, usa el Metodo 2 ).

  • Ejecutas Frst.exe.
  • Presionas el botón Fix y aguardas a que termine.
  • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
  • Lo pegas en tu próxima respuesta.

Y una última cosa más. ¿Usas la extensión de Firefox Avast Safeprice? Si no es así entonces se instaló en su navegador sin previo aviso. Puedes eliminarla si lo deseas.

1 me gusta

Hola Frica, me puedes explicar asi por encima que ha hecho ese script?

aqui te dejo el reporte, gracias

Ran by Administrador 1 (23-10-2019 18:20:05) Run:1
Running from C:\Users\Administrador 1\Desktop
Loaded Profiles: Administrador 1 (Available Profiles: Administrador 1 & Administrador)
Boot Mode: Safe Mode (with Networking)
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-2524779702-1519077474-4215319357-1003\...\Run: [649237e4] => C:\ProgramData\Intel\Wireless\0a35612\gdhabbc.exe [943784 2019-10-19] (AutoIt Consulting Ltd -> AutoIt Team)
HKU\S-1-5-21-2524779702-1519077474-4215319357-1003\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-2524779702-1519077474-4215319357-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10212019170002146\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-2524779702-1519077474-4215319357-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10212019170002146\...\Run: [649237e4] => C:\ProgramData\Intel\Wireless\0a35612\gdhabbc.exe [943784 2019-10-19] (AutoIt Consulting Ltd -> AutoIt Team)
C:\ProgramData\Intel\Wireless\0a35612
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {1011AC19-0B7C-487F-B465-0A888947E7EE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {1C3C037E-A06F-4670-ADC4-2C96C951867C} - System32\Tasks\{D9EACE0E-8E16-426C-830C-62B67F4B413B} => C:\WINDOWS\system32\pcalua.exe -a "C:\Users\Administrador 1\AppData\Roaming\0V1L2Z2Z1T1I1L1T\Microsoft Excel Packages\uninstaller.exe" -c /Uninst /NM="Microsoft Excel Packages" /AN="0V1L2Z2Z1T1I1L1T" /MBN="Microsoft Excel Packages" /mnl
Task: {2F3034B1-C4A7-48BE-ABE1-F662989713CD} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {2F4ABDE0-2EA7-4A7C-A403-F1AD28F3657C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {364019A7-0B16-4E22-B9C1-CA8E48EFB9C7} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {381692CF-4F38-4BD0-B988-B87B295E84C5} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {3ABFE87E-85FA-4F96-94D2-F0FAD15C2944} - System32\Tasks\Uninstaller_SkipUac_Administrador_1 => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: {76A6FB2F-B4A1-43C0-8BE7-1795D60EE623} - System32\Tasks\{B5FAC7D3-DE3F-401B-BE1E-91980B604138} => C:\WINDOWS\system32\pcalua.exe -a "C:\Users\Administrador 1\AppData\Local\{BAA98CF5-9E01-E04D-F399-C5A5D7F1393D}\uninstall.exe" -c /Uninstall /s /noun /DelSelfDir
Task: {7E6A94E1-A645-4E7E-90CE-1C59C9E7844A} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {89DCB1FD-9CE8-4079-AB46-4D05188D1C83} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {95825F6A-5E16-40DA-9B06-D5D9CB7F7320} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {AAB791BB-AB30-4097-B79E-0D46F19BAD14} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {C1983F91-6E1F-4D9C-A90B-EB295DCD8BF0} - \Lenovo\Lenovo Service Bridge\S-1-5-21-2524779702-1519077474-4215319357-1003 -> No File <==== ATTENTION
Task: {C2B6BE0A-6E0F-4B63-A1E0-BE9528AFF629} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {C7B9F1F7-634E-4274-8F31-D4C0AD9C5CF3} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {D5547A88-C5A6-4CE2-8607-246856C2BA78} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {F21BDB35-F3D4-4042-8B49-C3632DEBB88F} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
HKU\S-1-5-21-2524779702-1519077474-4215319357-1003\Software\Microsoft\Internet Explorer\Main,Search Page =  hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2524779702-1519077474-4215319357-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-2524779702-1519077474-4215319357-1003\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-2524779702-1519077474-4215319357-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://home.microsoft.com/search/search.asp
HKU\S-1-5-21-2524779702-1519077474-4215319357-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10212019170002146\Software\Microsoft\Internet Explorer\Main,Search Page =  hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2524779702-1519077474-4215319357-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10212019170002146\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-2524779702-1519077474-4215319357-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10212019170002146\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-2524779702-1519077474-4215319357-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10212019170002146\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://home.microsoft.com/search/search.asp
SearchScopes: HKLM -> DefaultScope {9A2BC87B-860E-4B39-99C2-5417EC29E037} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {9A2BC87B-860E-4B39-99C2-5417EC29E037} URL = 
SearchScopes: HKU\S-1-5-21-2524779702-1519077474-4215319357-1003 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = 
SearchScopes: HKU\S-1-5-21-2524779702-1519077474-4215319357-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10212019170002146 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = 
FF Homepage: Mozilla\Firefox\Profiles\vlok0ro3.default -> hxxps://www.msn.com/?pc=SK216&ocid=SK216DHP&osmkt=es-es|hxxps://www.google.es/
FF Extension: (Bing Search) - C:\Users\Administrador 1\AppData\Roaming\Mozilla\Firefox\Profiles\vlok0ro3.default\Extensions\[email protected] [2018-05-06] [Legacy]
FF SearchPlugin: C:\Users\Administrador 1\AppData\Roaming\Mozilla\Firefox\Profiles\vlok0ro3.default\searchplugins\bing-.xml [2018-05-06]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.302\npGoogleUpdate3.dll [2019-10-07] (Google Inc -> Google LLC)
CHR Extension: (Chrome Media Router) - C:\Users\Administrador 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-09-12]
CHR HKU\S-1-5-21-2524779702-1519077474-4215319357-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2524779702-1519077474-4215319357-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10212019170002146\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
2019-10-19 21:00 - 2019-10-19 21:00 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-10-07 22:54 - 2019-10-11 23:46 - 000000000 ____D C:\Program Files (x86)\Glary Utilities
2019-10-07 22:50 - 2019-10-12 07:46 - 000000000 ____D C:\Program Files (x86)\Chromium
2019-10-07 22:49 - 2019-10-07 22:49 - 000000000 ____D C:\ProgramData\{56F76ACB-7EDF-12B3-2687-3A9BCE6FE243}
2019-10-14 09:12 - 2017-03-10 22:24 - 000000000 ____D C:\ProgramData\IObit
2019-10-14 08:40 - 2017-03-10 22:26 - 000000000 ____D C:\Users\Administrador 1\AppData\LocalLow\IObit
2019-10-14 08:40 - 2017-03-10 22:25 - 000000000 ____D C:\Users\Administrador 1\AppData\Roaming\IObit
2019-10-07 23:03 - 2015-12-24 21:26 - 000000000 ____D C:\Users\Administrador 1\AppData\Roaming\GlarySoft
2019-10-20 23:30 - 2018-07-22 17:00 - 000002548 _____ C:\WINDOWS\system32\Tasks\{D9EACE0E-8E16-426C-830C-62B67F4B413B}
2019-10-20 23:30 - 2018-07-22 17:00 - 000002400 _____ C:\WINDOWS\system32\Tasks\{B5FAC7D3-DE3F-401B-BE1E-91980B604138}
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers1_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers4_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers5_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
AlternateDataStreams: C:\Windows:nlsPreferences [386]
FirewallRules: [{61138917-0F14-4045-A16F-8334AE757CA7}] => (Allow) %systemroot%\system32\alg.exe No File
FirewallRules: [{2C8FABB2-3162-428D-A61E-E84002A799EC}] => (Allow) %systemroot%\system32\alg.exe No File
FirewallRules: [{46249026-BB67-478E-BDC2-A3A9FF13F00F}] => (Allow) %systemroot%\system32\alg.exe No File

CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
*****************

Processes closed successfully.
Error: Restore point can only be created in normal mode.
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
"HKU\S-1-5-21-2524779702-1519077474-4215319357-1003\Software\Microsoft\Windows\CurrentVersion\Run\\649237e4" => removed successfully
"HKU\S-1-5-21-2524779702-1519077474-4215319357-1003\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NolowDiskSpaceChecks" => removed successfully
HKU\S-1-5-21-2524779702-1519077474-4215319357-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10212019170002146\...\Policies\Explorer: [NolowDiskSpaceChecks] 1 => Error ({ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}): No automatic fix found for this entry.
HKU\S-1-5-21-2524779702-1519077474-4215319357-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10212019170002146\...\Run: [649237e4] => C:\ProgramData\Intel\Wireless\0a35612\gdhabbc.exe [943784 2019-10-19] (AutoIt Consulting Ltd -> AutoIt Team) => Error ({ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}): No automatic fix found for this entry.
C:\ProgramData\Intel\Wireless\0a35612 => moved successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1011AC19-0B7C-487F-B465-0A888947E7EE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1011AC19-0B7C-487F-B465-0A888947E7EE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1C3C037E-A06F-4670-ADC4-2C96C951867C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1C3C037E-A06F-4670-ADC4-2C96C951867C}" => removed successfully
C:\WINDOWS\System32\Tasks\{D9EACE0E-8E16-426C-830C-62B67F4B413B} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D9EACE0E-8E16-426C-830C-62B67F4B413B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F3034B1-C4A7-48BE-ABE1-F662989713CD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F3034B1-C4A7-48BE-ABE1-F662989713CD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F4ABDE0-2EA7-4A7C-A403-F1AD28F3657C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F4ABDE0-2EA7-4A7C-A403-F1AD28F3657C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{364019A7-0B16-4E22-B9C1-CA8E48EFB9C7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{364019A7-0B16-4E22-B9C1-CA8E48EFB9C7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{381692CF-4F38-4BD0-B988-B87B295E84C5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{381692CF-4F38-4BD0-B988-B87B295E84C5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3ABFE87E-85FA-4F96-94D2-F0FAD15C2944}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3ABFE87E-85FA-4F96-94D2-F0FAD15C2944}" => removed successfully
C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_Administrador_1 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Uninstaller_SkipUac_Administrador_1" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{76A6FB2F-B4A1-43C0-8BE7-1795D60EE623}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{76A6FB2F-B4A1-43C0-8BE7-1795D60EE623}" => removed successfully
C:\WINDOWS\System32\Tasks\{B5FAC7D3-DE3F-401B-BE1E-91980B604138} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B5FAC7D3-DE3F-401B-BE1E-91980B604138}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7E6A94E1-A645-4E7E-90CE-1C59C9E7844A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E6A94E1-A645-4E7E-90CE-1C59C9E7844A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{89DCB1FD-9CE8-4079-AB46-4D05188D1C83}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{89DCB1FD-9CE8-4079-AB46-4D05188D1C83}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{95825F6A-5E16-40DA-9B06-D5D9CB7F7320}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{95825F6A-5E16-40DA-9B06-D5D9CB7F7320}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AAB791BB-AB30-4097-B79E-0D46F19BAD14}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AAB791BB-AB30-4097-B79E-0D46F19BAD14}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C1983F91-6E1F-4D9C-A90B-EB295DCD8BF0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C1983F91-6E1F-4D9C-A90B-EB295DCD8BF0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Lenovo Service Bridge\S-1-5-21-2524779702-1519077474-4215319357-1003" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C2B6BE0A-6E0F-4B63-A1E0-BE9528AFF629}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C2B6BE0A-6E0F-4B63-A1E0-BE9528AFF629}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C7B9F1F7-634E-4274-8F31-D4C0AD9C5CF3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C7B9F1F7-634E-4274-8F31-D4C0AD9C5CF3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D5547A88-C5A6-4CE2-8607-246856C2BA78}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D5547A88-C5A6-4CE2-8607-246856C2BA78}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F21BDB35-F3D4-4042-8B49-C3632DEBB88F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F21BDB35-F3D4-4042-8B49-C3632DEBB88F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => removed successfully
HKU\S-1-5-21-2524779702-1519077474-4215319357-1003\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-2524779702-1519077474-4215319357-1003\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
"HKU\S-1-5-21-2524779702-1519077474-4215319357-1003\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages" => removed successfully
HKU\S-1-5-21-2524779702-1519077474-4215319357-1003\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\S-1-5-21-2524779702-1519077474-4215319357-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10212019170002146\Software\Microsoft\Internet Explorer\Main,Search Page =  hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch => Error ({ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}): No automatic fix found for this entry.
HKU\S-1-5-21-2524779702-1519077474-4215319357-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10212019170002146\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome => Error ({ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}): No automatic fix found for this entry.
HKU\S-1-5-21-2524779702-1519077474-4215319357-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10212019170002146\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com => Error ({ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}): No automatic fix found for this entry.
HKU\S-1-5-21-2524779702-1519077474-4215319357-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10212019170002146\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://home.microsoft.com/search/search.asp => Error ({ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}): No automatic fix found for this entry.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKU\S-1-5-21-2524779702-1519077474-4215319357-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
SearchScopes: HKU\S-1-5-21-2524779702-1519077474-4215319357-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10212019170002146 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = => Error ({ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}): No automatic fix found for this entry.
"Firefox homepage" => removed successfully
C:\Users\Administrador 1\AppData\Roaming\Mozilla\Firefox\Profiles\vlok0ro3.default\Extensions\[email protected] => moved successfully
C:\Users\Administrador 1\AppData\Roaming\Mozilla\Firefox\Profiles\vlok0ro3.default\searchplugins\bing-.xml => moved successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.302\npGoogleUpdate3.dll [2019-10-07] (Google Inc" => not found
C:\Program Files (x86)\Google\Update\1.3.35.302\npGoogleUpdate3.dll => moved successfully
CHR Extension: (Chrome Media Router) - C:\Users\Administrador 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-09-12] => Error: No automatic fix found for this entry.
HKU\S-1-5-21-2524779702-1519077474-4215319357-1003\SOFTWARE\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd => removed successfully
CHR HKU\S-1-5-21-2524779702-1519077474-4215319357-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10212019170002146\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx => Error ({ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}): No automatic fix found for this entry.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => removed successfully
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat => moved successfully
C:\Program Files (x86)\Glary Utilities => moved successfully
C:\Program Files (x86)\Chromium => moved successfully
C:\ProgramData\{56F76ACB-7EDF-12B3-2687-3A9BCE6FE243} => moved successfully
C:\ProgramData\IObit => moved successfully
C:\Users\Administrador 1\AppData\LocalLow\IObit => moved successfully
C:\Users\Administrador 1\AppData\Roaming\IObit => moved successfully
C:\Users\Administrador 1\AppData\Roaming\GlarySoft => moved successfully
"C:\WINDOWS\system32\Tasks\{D9EACE0E-8E16-426C-830C-62B67F4B413B}" => not found
"C:\WINDOWS\system32\Tasks\{B5FAC7D3-DE3F-401B-BE1E-91980B604138}" => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
"HKU\\Software\Classes\*\ShellEx\ContextMenuHandlers\ FileSyncEx" => not found
"HKU\\Software\Classes\Directory\ShellEx\ContextMenuHandlers\ FileSyncEx" => not found
"HKU\\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\ FileSyncEx" => not found
C:\Windows => ":nlsPreferences" ADS removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{61138917-0F14-4045-A16F-8334AE757CA7}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2C8FABB2-3162-428D-A61E-E84002A799EC}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{46249026-BB67-478E-BDC2-A3A9FF13F00F}" => removed successfully

========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows

No se puede realizar ninguna operaci¢n en Ethernet mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Conexi¢n de  rea local* 13 mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Conexi¢n de  rea local* 4 mientras los medios
est‚n desconectados.

Adaptador de Ethernet Ethernet:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de LAN inal mbrica Conexi¢n de  rea local* 13:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de LAN inal mbrica Conexi¢n de  rea local* 4:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de LAN inal mbrica Wi-Fi:

   Sufijo DNS espec¡fico para la conexi¢n. . : 
   V¡nculo: direcci¢n IPv6 local. . . : fe80::85ab:5ae5:49dd:fb4c%7
   Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.1.100
   M scara de subred . . . . . . . . . . . . : 255.255.255.0
   Puerta de enlace predeterminada . . . . . : 192.168.1.1

========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

Unable to connect to BITS - 0x8007043c
El servicio no puede iniciarse en modo a prueba de errores



========= End of CMD: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= netsh advfirewall reset =========

Aceptar


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Aceptar


========= End of CMD: =========


========= netsh int ipv4 reset =========

Reenv¡o de compartimiento se restableci¢ correctamente.
Compartimiento se restableci¢ correctamente.
Protocolo de control se restableci¢ correctamente.
Solicitud de secuencia eco se restableci¢ correctamente.
Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de difusi¢n por proximidad (a se restableci¢ correctamente.
Direcciones de multidifusi¢n se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Posible se restableci¢ correctamente.
Directiva de prefijo se restableci¢ correctamente.
Vecino de proxy se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Prefijo de sitio se restableci¢ correctamente.
Subinterfaz se restableci¢ correctamente.
Patr¢n de reactivaci¢n se restableci¢ correctamente.
Resolver vecino se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.

 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= netsh int ipv6 reset =========

Reenv¡o de compartimiento se restableci¢ correctamente.
Compartimiento se restableci¢ correctamente.
Protocolo de control se restableci¢ correctamente.
Solicitud de secuencia eco se restableci¢ correctamente.
Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de difusi¢n por proximidad (a se restableci¢ correctamente.
Direcciones de multidifusi¢n se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Posible se restableci¢ correctamente.
Directiva de prefijo se restableci¢ correctamente.
Vecino de proxy se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Prefijo de sitio se restableci¢ correctamente.
Subinterfaz se restableci¢ correctamente.
Patr¢n de reactivaci¢n se restableci¢ correctamente.
Resolver vecino se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.

 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= RemoveProxy: =========

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232019181837080\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232019181837080\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-2524779702-1519077474-4215319357-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-2524779702-1519077474-4215319357-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-2524779702-1519077474-4215319357-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232019181837455\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-2524779702-1519077474-4215319357-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232019181837455\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 12083200 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 38405137 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 1973840 B
Edge => 24659 B
Chrome => 387029689 B
Firefox => 11693206 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 5462 B
NetworkService => 5462 B
Administrador 1 => 17593807 B
Administrator => 17611573 B

RecycleBin => 2414144 B
EmptyTemp: => 466.2 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 18:21:13 ====

Pues gracias a los informes creados por el programa FRST hemos detectado manualmente elementos que deben ser solucionados y que son los que aparecen en el fichero fix.txt.

Algunos de esos elementos está relacionado con el maleware Autoit y otros malewares (y que alguna de sus entradas no ha podido ser reparadas por los antimawares que le sugerí)

Pero también había problemas relacionados con tareas programadas y otros elementos (muchas de ellas hacían referencias a programas que ya no existen en el sistema), extensiones de navegadores de dudosa reputación, o bien instaladas sin que usted diera su consentimiento. También encontramos restos de programas que ya no están instalados, etc.

Como ves además de buscar entradas relacionadas con Autoit aprovechamos para eliminar otros elementos erróneos.

Veo que algunas entradas relacionadas con Autoit no han podido ser reparadas con este script (Autoit cambia de versión de vez en cuando y altera sus modificaciones al sistema). Por ello vamos a usar el programa antimalware Dr.Web que podría eliminar estos restos:

Uso de DrWebCureit

  1. Descarga y ejecuta DrWebCureIt >> https://www.infospyware.com/antivirus-gratis/drweb/ (en Windows 7 u 8 ejecutar como “Administrador”)
  2. Marca la casilla “Estoy de acuerdo en participar en las pruebas de mejora…” y pulsa el botón “Continuar”.
  3. Marque en “Seleccione objetos a escanear”. En la siguiente ventana, marque todos los objetos.
  4. Pulsar el botón “Comenzando Escaneo

Si lo desea, dedica unos segundos a leer el manual de DrCureIt

• Esta herramienta puede tardar muchísimo (horas) en realizar su escaner, pero ármate de paciencia y déjala que termine su trabajo.

• Su reporte es bastante largo. si te encuentra algo déjame solo la parte del reporte donde se expone las infecciones, en el log (recuerda poner el log en la config en mínimo, en el manual dice cómo hacerlo) dirá lo siguiente

-----------------------------------------------------------------------------
Startcuring
-----------------------------------------------------------------------------
1 me gusta

pues me dice que no se han detectado amenazas y ha tardado 20 min no se si he hecho algo mal

al final me dice que no hay nada infectado y “total 42 files are raised error condition”