AutoIt v3 Script (Beta)

alfon · 13 Diciembre, 2019 19:19

Hola, desde hace unos días me aparece la dichosa ventanita al encender el pc con este bicho… Le pasé el MalwareBytes y el adwcleaner… Los 2 primeros analisis de malwarebytes dieron resultados. el adwcleaner nada. Parece que todo sigue igual, pasé otra vez malwarebytes y no encuentra nada… Os cuelgo el reporte a continuación a ver si alguien sabe por dónde tirar. Muchas gracias de antemano. Saludos.

alfon · 13 Diciembre, 2019 19:20

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 13/12/19
Hora del análisis: 19:50
Archivo de registro: 6960aac6-1dd9-11ea-92ee-408d5c4a079c.json

-Información del software-
Versión: 4.0.4.49
Versión de los componentes: 1.0.770
Versión del paquete de actualización: 1.0.16120
Licencia: Gratis

-Información del sistema-
SO: Windows 10 (Build 18362.535)
CPU: x64
Sistema de archivos: NTFS
Usuario: DESKTOP-EV3DJ0V\casa

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 330385
Amenazas detectadas: 0
Amenazas en cuarentena: 0
Tiempo transcurrido: 5 min, 48 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 0
(No hay elementos maliciosos detectados)

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

Si sirviera para algo les puedo colgar los reportes anteriores, donde si encontró amenazas.

Miguelgrado · 13 Diciembre, 2019 19:23

Desactiva Temporalmente tu antivirus y cualquier programa de seguridad.
Descarga a Tu Escritorio >> Esto es muy importante<<.,Fabar Recovery Scan Tool, considerando la versión adecuada para tu equipo. (32 o 64 bits) ¿Cómo saber si mi Windows es de 32 o 64 bits?
Doble clic para ejecutar Frst.exe. En la ventana del Disclaimer, presiona Yes.
En la nueva ventana que se abre, presiona el botón Scan y espera a que concluya el análisis.
Se abrirán dos (2) archivos (Logs), Frst.txt y Addition.txt, que estarán grabados en Tu escritorio.

En Tu próxima respuesta, copias y pegas los dos reportes Frst.txt y Addition.txt de FRST

Nota: Si el/los reportes solicitados no entraran en una sola respuesta porque superan la cantidad de caracteres permitidos, puedes utilizar dos o mas respuestas para pegarlos completamente.

alfon · 13 Diciembre, 2019 19:37

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2019
Ran by casa (administrator) on DESKTOP-EV3DJ0V (Gigabyte Technology Co., Ltd. H81M-S2H) (13-12-2019 20:28:18)
Running from C:\Users\casa\Downloads
Loaded Profiles: casa (Available Profiles: casa & torrecasa)
Platform: Windows 10 Pro Version 1903 18362.535 (X64) Language: Español (España, internacional)
Default browser: "C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" -- "%1"
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(AVAST Software s.r.o. -> ) C:\Program Files\AVAST Software\Avast\AvastNM.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler64.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1910.0.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19101.10711.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Unified Intents AB -> Unified Intents AB) C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe
(Wondershare software CO., LIMITED -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [268680 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare software CO., LIMITED -> Wondershare)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] () [File not signed]
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) [File not signed]
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1814117895-116575333-4275017759-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [24552064 2019-10-15] (Piriform Software Ltd -> Piriform Ltd)
HKU\S-1-5-21-1814117895-116575333-4275017759-1001\...\Run: [Unified Remote V3] => C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe [3187384 2017-12-13] (Unified Intents AB -> Unified Intents AB)
HKU\S-1-5-21-1814117895-116575333-4275017759-1001\...\Run: [bc44851a] => C:\ProgramData\Intel\Wireless\87d31c7\kbigdfd.exe [943784 2019-12-09] (AutoIt Consulting Ltd -> AutoIt Team)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.79\Installer\chrmstp.exe [2019-12-12] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\77.2.2153.120\Installer\chrmstp.exe [2019-11-27] (AVAST Software s.r.o. -> AVAST Software)
GroupPolicy: Restriction - Chrome <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01E5182A-34D4-4417-8F12-BAF8E7BD246C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4321688 2019-12-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {03B5648F-65B4-47A5-B910-5A98287B801E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24671608 2019-12-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {09E78840-2A24-4CF8-A7BD-A1EFD1EE3865} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-11-02] (Google Inc -> Google Inc.)
Task: {0BFFC6A7-2E53-49C1-9647-CA55D11E2A20} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [112984 2019-12-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {0E8B7F8E-C65D-4F6D-ACB7-E8C7D7B2D07B} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1373592 2019-12-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {1A042246-704F-42E9-98CF-F5F729F3A632} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-15] (Piriform Software Ltd -> Piriform Ltd)
Task: {2349A78D-5340-4524-B82C-268088B55DAA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4321688 2019-12-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {2731ABD4-67E9-4F19-AAE1-3896A867C875} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {3221657D-29B6-4CF4-ADDB-E8AA0EDC2815} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-12-10] (Adobe Inc. -> Adobe)
Task: {32AE4F30-137A-4108-9944-B2B91BE53015} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1857552 2019-11-05] (AVAST Software s.r.o. -> AVAST Software)
Task: {3310DDA8-DDE1-4684-A1AA-A337D57A193C} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {5537D847-9941-478B-B98F-F77ABC7CCB0F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-11-02] (Google Inc -> Google Inc.)
Task: {56EA4DB4-698F-4A9D-8B2D-F881F4687BFA} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1373592 2019-12-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {663310F4-9DBB-4376-9822-8CEE89FF961B} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-15] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {724A3D38-D159-451E-86EC-EE2F75FD82F3} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {793EBD08-79CA-4777-867E-1326C469A4F4} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1857552 2019-11-05] (AVAST Software s.r.o. -> AVAST Software)
Task: {8E6D611B-52BD-4556-97F7-361D9BAB60FF} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-04-08] (AVAST Software s.r.o. -> AVAST Software)
Task: {8E8C6D85-D0FB-4644-9C0E-9A2927F0AAEE} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-04-08] (AVAST Software s.r.o. -> AVAST Software)
Task: {A2878B1C-FE64-4318-B447-A5A033837780} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1873288 2019-09-19] (AVAST Software s.r.o. -> AVAST Software)
Task: {CD2EC266-A9E8-4CEE-BD75-05CD6A9E419B} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24671608 2019-12-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {D4F7A447-AA63-47B3-A056-E2B16F43B4C9} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_303_pepper.exe [1453112 2019-12-10] (Adobe Inc. -> Adobe)
Task: {E582B78E-DF61-4933-9D0A-235E2D8D727F} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [112984 2019-12-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {FE96D043-6C87-45C9-9B2F-BD0E15469A0E} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3933576 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 212.231.6.7 46.6.113.34
Tcpip\..\Interfaces\{feb16e0a-4ed1-4a50-8247-90d7dc1bc6e2}: [DhcpNameServer] 212.231.6.7 46.6.113.34

Internet Explorer:
==================
HKU\S-1-5-21-1814117895-116575333-4275017759-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.es/
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-12-07] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2019-12-07] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-03-28] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2019-09-19] (Evernote Corporation -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-03-28] (Oracle America, Inc. -> Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-07] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-03-28] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-03-28] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-12-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-12-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-05] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-05] (Google Inc -> Google LLC)

Chrome: 
=======
CHR Profile: C:\Users\casa\AppData\Local\Google\Chrome\User Data\Default [2019-12-13]
CHR Extension: (Presentaciones) - C:\Users\casa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Documentos) - C:\Users\casa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\casa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-02]
CHR Extension: (YouTube) - C:\Users\casa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-02]
CHR Extension: (Adblock Plus - bloqueador de anuncios gratis) - C:\Users\casa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-10-27]
CHR Extension: (Búsqueda de Google) - C:\Users\casa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02]
CHR Extension: (New Finds) - C:\Users\casa\AppData\Local\Google\Chrome\User Data\Default\Extensions\eckgjkpmngckgnbbfnbkoejaldaimgjh [2017-05-28]
CHR Extension: (Hojas de cálculo) - C:\Users\casa\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\casa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-22]
CHR Extension: (Avast Online Security) - C:\Users\casa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-07-17]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\casa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-03]
CHR Extension: (Gmail) - C:\Users\casa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-29]
CHR Extension: (Chrome Media Router) - C:\Users\casa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-10-29]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6085360 2019-10-04] (AVAST Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-04-08] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [996880 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-04-08] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\77.2.2153.120\elevation_service.exe [970088 2019-11-05] (AVAST Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11345992 2019-11-28] (Microsoft Corporation -> Microsoft Corporation)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072 2016-07-29] (Disc Soft Ltd -> Disc Soft Ltd)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [365040 2017-10-20] (Intel(R) pGFX -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6960640 2019-11-26] (Malwarebytes Inc -> Malwarebytes)
R2 RemoteServerWin; C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe [3187384 2017-12-13] (Unified Intents AB -> Unified Intents AB)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5796168 2019-09-11] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\NisSrv.exe [3004048 2019-10-16] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MsMpEng.exe [103384 2019-10-16] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37616 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [204824 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [274456 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [209552 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [65120 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [16304 2019-10-02] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [276952 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42736 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [161544 2019-11-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110320 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [83792 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [848432 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [460448 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
S2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [236024 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [316528 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R3 BrSerIb; C:\WINDOWS\system32\DRIVERS\BrSerIb.sys [95344 2012-07-31] (Brother Industries, Ltd. -> Brother Industries Ltd.)
S3 BrSerIf; C:\WINDOWS\system32\DRIVERS\BrSerIf.sys [97280 2006-12-12] (Brother Industries Ltd.) [File not signed]
S3 BrUsbSer; C:\WINDOWS\system32\DRIVERS\BrUsbSer.sys [19584 2006-09-02] (Brother Industries Ltd.) [File not signed]
R3 BrUsbSIb; C:\WINDOWS\system32\DRIVERS\BrUsbSIb.sys [21872 2012-06-22] (Brother Industries, Ltd. -> Brother Industries Ltd.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-08-24] (Disc Soft Ltd -> Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-08-24] (Disc Soft Ltd -> Disc Soft Ltd)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [216544 2019-12-13] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-11-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [278344 2019-12-13] (Malwarebytes Inc -> Malwarebytes)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] (MiniTool Solution Ltd -> )
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [662528 2019-03-19] (Microsoft Windows -> Realtek )
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Apple, Inc.) [File not signed]
R3 uvhid; C:\WINDOWS\System32\drivers\uvhid.sys [25592 2015-11-05] (Unified Intents AB -> Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46688 2019-10-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [350136 2019-10-16] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54200 2019-10-16] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-12-13 20:28 - 2019-12-13 20:29 - 000027355 _____ C:\Users\casa\Downloads\FRST.txt
2019-12-13 20:27 - 2019-12-13 20:28 - 000000000 ____D C:\FRST
2019-12-13 20:27 - 2019-12-13 20:27 - 002263552 _____ (Farbar) C:\Users\casa\Downloads\FRST64.exe
2019-12-13 19:49 - 2019-12-13 19:49 - 000278344 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-12-13 19:49 - 2019-12-13 19:49 - 000216544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-12-13 19:13 - 2019-12-13 19:13 - 000000000 ____D C:\Users\casa\AppData\LocalLow\Apple Computer
2019-12-13 19:13 - 2019-12-13 19:13 - 000000000 ____D C:\Users\casa\AppData\Local\Macroplant,_LLC
2019-12-13 19:12 - 2019-12-13 19:23 - 000000000 ____D C:\Program Files (x86)\Sharepod
2019-12-13 19:11 - 2019-12-13 19:11 - 007350408 _____ (Macroplant LLC ) C:\Users\casa\Downloads\Sharepod-4.2.0.exe
2019-12-13 18:45 - 2019-12-13 18:47 - 000000000 ____D C:\Users\casa\AppData\Roaming\WindSolutions
2019-12-13 18:45 - 2019-12-13 18:47 - 000000000 ____D C:\ProgramData\WindSolutions
2019-12-13 18:45 - 2019-12-13 18:45 - 008998368 _____ (Ursa Minor Ltd.) C:\Users\casa\Downloads\Install_CopyTransControlCenter.exe
2019-12-12 15:49 - 2019-12-12 15:49 - 001610752 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2019-12-12 15:49 - 2019-12-12 15:49 - 001098928 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2019-12-12 15:48 - 2019-12-12 15:49 - 025443840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 018020352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 009927992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-12-12 15:48 - 2019-12-12 15:48 - 007905000 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 007754240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 007600448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 007278592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 007263992 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 006516648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 006083832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 005943296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 005914112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 005764664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 004129416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 003729408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-12-12 15:48 - 2019-12-12 15:48 - 003703296 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 002800640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-12-12 15:48 - 2019-12-12 15:48 - 002762296 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 002716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-12-12 15:48 - 2019-12-12 15:48 - 002698768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-12-12 15:48 - 2019-12-12 15:48 - 002494432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 002284544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 002188816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 002147328 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 002082208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 001757304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-12-12 15:48 - 2019-12-12 15:48 - 001748480 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 001743888 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 001697280 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 001664904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 001656600 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 001647072 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 001539584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 001512528 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-12-12 15:48 - 2019-12-12 15:48 - 001496080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 001451520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe
2019-12-12 15:48 - 2019-12-12 15:48 - 001413840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 001399312 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-12-12 15:48 - 2019-12-12 15:48 - 001366128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-12-12 15:48 - 2019-12-12 15:48 - 001261464 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 001182448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-12-12 15:48 - 2019-12-12 15:48 - 001149712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-12-12 15:48 - 2019-12-12 15:48 - 001072952 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-12-12 15:48 - 2019-12-12 15:48 - 001066496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 001054864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 001006904 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 000986936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2019-12-12 15:48 - 2019-12-12 15:48 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 000878080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 000842552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 000826368 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2019-12-12 15:48 - 2019-12-12 15:48 - 000822416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-12-12 15:48 - 2019-12-12 15:48 - 000797112 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 000774456 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-12-12 15:48 - 2019-12-12 15:48 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 000674280 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2019-12-12 15:48 - 2019-12-12 15:48 - 000673456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-12-12 15:48 - 2019-12-12 15:48 - 000646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 000598016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-12-12 15:48 - 2019-12-12 15:48 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 000593128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2019-12-12 15:48 - 2019-12-12 15:48 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2019-12-12 15:48 - 2019-12-12 15:48 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 000530944 _____ (Microsoft Corporation) C:\WINDOWS\system32\usosvc.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 000524264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 000513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-12-12 15:48 - 2019-12-12 15:48 - 000511000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 000457216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2019-12-12 15:48 - 2019-12-12 15:48 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 000422712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2019-12-12 15:48 - 2019-12-12 15:48 - 000406480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2019-12-12 15:48 - 2019-12-12 15:48 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2019-12-12 15:48 - 2019-12-12 15:48 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2019-12-12 15:48 - 2019-12-12 15:48 - 000210744 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 000127272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2019-12-12 15:48 - 2019-12-12 15:48 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 000097080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 000089536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\CustomInstallExec.exe
2019-12-12 15:48 - 2019-12-12 15:48 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 000067112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsManagementServiceWinRt.ProxyStub.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelineprxy.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevQueryBroker.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 000032056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2019-12-12 15:48 - 2019-12-12 15:48 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilotdiag.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2019-12-12 15:48 - 2019-12-12 15:48 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2019-12-12 11:22 - 2019-12-12 11:22 - 000000000 ____D C:\Users\casa\Evernote
2019-12-12 11:22 - 2019-12-12 11:22 - 000000000 ____D C:\Users\casa\AppData\LocalLow\Evernote
2019-12-12 11:21 - 2019-12-12 11:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2019-12-12 11:21 - 2019-12-12 11:21 - 000000000 ____D C:\Program Files (x86)\Evernote
2019-12-12 11:16 - 2019-12-12 11:17 - 130774496 _____ (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Users\casa\Downloads\Evernote_6.21.2.8716.exe
2019-12-11 14:53 - 2019-12-11 14:53 - 000024690 _____ C:\Users\casa\Downloads\lista actualizada 11-12-19.xlsx
2019-12-11 09:13 - 2019-12-11 09:13 - 008218800 _____ (Malwarebytes) C:\Users\casa\Downloads\adwcleaner_8.0.0 (1).exe
2019-12-10 13:11 - 2019-12-10 13:11 - 005133880 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2019-12-01 00:54 - 2019-12-01 00:54 - 000000000 ____D C:\testintel2
2019-11-26 10:38 - 2019-11-26 10:38 - 000002032 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-11-26 10:38 - 2019-11-26 10:38 - 000002032 _____ C:\ProgramData\Desktop\Malwarebytes.lnk

alfon · 13 Diciembre, 2019 19:38

2019-11-26 10:38 - 2019-11-26 10:38 - 000000000 ____D C:\Users\casa\AppData\Local\cache
2019-11-24 15:44 - 2019-11-24 15:44 - 000000000 ____D C:\testintel
2019-11-14 00:37 - 2019-11-14 00:37 - 025901056 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 022627840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 019849216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 009711616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 008011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 007195648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 007015936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 006232576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 005501952 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 004578816 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 004307968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 003487232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 002956472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 002399232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 002369552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.AppAgent.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 002158080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.ModernAppAgent.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 001866272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 001718584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 001659192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.AppAgent.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 001616696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 001387024 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 001312256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 001283072 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 001185792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AgentService.exe
2019-11-14 00:37 - 2019-11-14 00:37 - 001182720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.CommonBridge.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 001126912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplySettingsTemplateCatalog.exe
2019-11-14 00:37 - 2019-11-14 00:37 - 001059840 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2019-11-14 00:37 - 2019-11-14 00:37 - 001047352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 000960040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 000842752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 000827192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 000816952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 000762880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.PrinterCustomActions.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 000743224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 000741376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.Office2013CustomActions.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 000689664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 000666640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 000516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 000512512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.Office2013CustomActions.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 000496640 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 000494904 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 000429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.CscUnpinTool.exe
2019-11-14 00:37 - 2019-11-14 00:37 - 000396088 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 000380928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 000327680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\upnphost.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 000287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.ManagedEventLogging.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 000282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.ConfigWrapper.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 000259384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVFileSystemMetadata.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 000249856 _____ (Gracenote, Inc.) C:\WINDOWS\SysWOW64\gnsdk_fp.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 000230200 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamMap.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2019-11-14 00:37 - 2019-11-14 00:37 - 000219136 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscinterop.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 000214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\DiagSvc.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 000214016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.CmUtil.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 000186880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2019-11-14 00:37 - 2019-11-14 00:37 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscinterop.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 000122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcXtrnal.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2019-11-14 00:37 - 2019-11-14 00:37 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.SyncController.exe
2019-11-14 00:37 - 2019-11-14 00:37 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.Common.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2019-11-14 00:37 - 2019-11-14 00:37 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iemigplugin.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\reg.exe
2019-11-14 00:37 - 2019-11-14 00:37 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.ModernAppCore.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\udhisapi.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 000055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UevAppMonitor.exe
2019-11-14 00:37 - 2019-11-14 00:37 - 000054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.CabUtil.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 000047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.EventLogMessages.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.Office2010CustomActions.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\UevAgentPolicyGenerator.exe
2019-11-14 00:37 - 2019-11-14 00:37 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.Office2010CustomActions.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\upnpcont.exe
2019-11-14 00:37 - 2019-11-14 00:37 - 000030720 _____ C:\WINDOWS\system32\uwfservicingapi.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimsg.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimsg.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.Management.WmiAccess.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.Management.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 000020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.ModernAppData.WinRT.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.SyncCommon.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.Common.WinRT.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.LocalSyncProvider.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcXtrnal.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.ModernSync.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 000013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\UevTemplateBaselineGenerator.exe
2019-11-14 00:37 - 2019-11-14 00:37 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\UevTemplateConfigItemGenerator.exe
2019-11-14 00:37 - 2019-11-14 00:37 - 000011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.SmbSyncProvider.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 000009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spwmp.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 000008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.MonitorSyncProvider.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.SyncConditions.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 000005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdxm.ocx
2019-11-14 00:37 - 2019-11-14 00:37 - 000005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxmasf.dll
2019-11-14 00:37 - 2019-11-14 00:37 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmploc.DLL
2019-11-14 00:36 - 2019-11-14 00:36 - 004150272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AI.MachineLearning.dll
2019-11-14 00:36 - 2019-11-14 00:36 - 003742544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll
2019-11-14 00:36 - 2019-11-14 00:36 - 002586816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-11-14 00:36 - 2019-11-14 00:36 - 002562048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2019-11-14 00:36 - 2019-11-14 00:36 - 002305536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2019-11-14 00:36 - 2019-11-14 00:36 - 002258848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-11-14 00:36 - 2019-11-14 00:36 - 001691648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-11-14 00:36 - 2019-11-14 00:36 - 001189376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Graphics.Display.DisplayEnhancementService.dll
2019-11-14 00:36 - 2019-11-14 00:36 - 001017680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2019-11-14 00:36 - 2019-11-14 00:36 - 001007616 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-11-14 00:36 - 2019-11-14 00:36 - 000892696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2019-11-14 00:36 - 2019-11-14 00:36 - 000822072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2019-11-14 00:36 - 2019-11-14 00:36 - 000768528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2019-11-14 00:36 - 2019-11-14 00:36 - 000679152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-11-14 00:36 - 2019-11-14 00:36 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2019-11-14 00:36 - 2019-11-14 00:36 - 000669352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2019-11-14 00:36 - 2019-11-14 00:36 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2019-11-14 00:36 - 2019-11-14 00:36 - 000487424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.FileExplorer.dll
2019-11-14 00:36 - 2019-11-14 00:36 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2019-11-14 00:36 - 2019-11-14 00:36 - 000455168 _____ (Microsoft Corporation) C:\WINDOWS\system32\upnphost.dll
2019-11-14 00:36 - 2019-11-14 00:36 - 000453632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2019-11-14 00:36 - 2019-11-14 00:36 - 000452920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2019-11-14 00:36 - 2019-11-14 00:36 - 000415544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2019-11-14 00:36 - 2019-11-14 00:36 - 000404904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2019-11-14 00:36 - 2019-11-14 00:36 - 000382976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2019-11-14 00:36 - 2019-11-14 00:36 - 000380944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-11-14 00:36 - 2019-11-14 00:36 - 000354816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Magnify.exe
2019-11-14 00:36 - 2019-11-14 00:36 - 000332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2019-11-14 00:36 - 2019-11-14 00:36 - 000327680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-11-14 00:36 - 2019-11-14 00:36 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2019-11-14 00:36 - 2019-11-14 00:36 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2019-11-14 00:36 - 2019-11-14 00:36 - 000283136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2019-11-14 00:36 - 2019-11-14 00:36 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-11-14 00:36 - 2019-11-14 00:36 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2019-11-14 00:36 - 2019-11-14 00:36 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmd.exe
2019-11-14 00:36 - 2019-11-14 00:36 - 000211968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFilterHost.exe
2019-11-14 00:36 - 2019-11-14 00:36 - 000199680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\accessibilitycpl.dll
2019-11-14 00:36 - 2019-11-14 00:36 - 000199480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2019-11-14 00:36 - 2019-11-14 00:36 - 000193800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll
2019-11-14 00:36 - 2019-11-14 00:36 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2019-11-14 00:36 - 2019-11-14 00:36 - 000162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll
2019-11-14 00:36 - 2019-11-14 00:36 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2019-11-14 00:36 - 2019-11-14 00:36 - 000136536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\omadmapi.dll
2019-11-14 00:36 - 2019-11-14 00:36 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwbase.dll
2019-11-14 00:36 - 2019-11-14 00:36 - 000126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinHvPlatform.dll
2019-11-14 00:36 - 2019-11-14 00:36 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Utilman.exe
2019-11-14 00:36 - 2019-11-14 00:36 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EaseOfAccessDialog.exe
2019-11-14 00:36 - 2019-11-14 00:36 - 000093496 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-11-14 00:36 - 2019-11-14 00:36 - 000084488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhvr.sys
2019-11-14 00:36 - 2019-11-14 00:36 - 000084488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-11-14 00:36 - 2019-11-14 00:36 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2019-11-14 00:36 - 2019-11-14 00:36 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sethc.exe
2019-11-14 00:36 - 2019-11-14 00:36 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usp10.dll
2019-11-14 00:36 - 2019-11-14 00:36 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\reg.exe
2019-11-14 00:36 - 2019-11-14 00:36 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\udhisapi.dll
2019-11-14 00:36 - 2019-11-14 00:36 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AtBroker.exe
2019-11-14 00:36 - 2019-11-14 00:36 - 000061240 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvhostsvc.dll
2019-11-14 00:36 - 2019-11-14 00:36 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssprxy.dll
2019-11-14 00:36 - 2019-11-14 00:36 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\upnpcont.exe
2019-11-14 00:36 - 2019-11-14 00:36 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2019-11-14 00:36 - 2019-11-14 00:36 - 000038912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2019-11-14 00:36 - 2019-11-14 00:36 - 000021304 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
2019-11-14 00:36 - 2019-11-14 00:36 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfapigp.dll
2019-11-14 00:36 - 2019-11-14 00:36 - 000013824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDJPN.DLL
2019-11-14 00:36 - 2019-11-14 00:36 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbd106.dll
2019-11-14 00:36 - 2019-11-14 00:36 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 014816256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 006435840 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 005112320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 004047360 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 003967920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2019-11-14 00:35 - 2019-11-14 00:35 - 003791360 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 003752960 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 003371928 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 002988344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-11-14 00:35 - 2019-11-14 00:35 - 002871848 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2019-11-14 00:35 - 2019-11-14 00:35 - 002772272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 002703872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 002576384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 001974824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-11-14 00:35 - 2019-11-14 00:35 - 001916984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 001856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 001726480 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 001394168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 001348096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 001327064 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 001257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 001171704 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 001154656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 000982840 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 000975872 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 000874936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 000864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 000844800 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2019-11-14 00:35 - 2019-11-14 00:35 - 000832000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 000811536 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 000768488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 000747320 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 000700416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BTAGService.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 000642560 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2019-11-14 00:35 - 2019-11-14 00:35 - 000638264 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 000632320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 000618496 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 000606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 000604984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 000599552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 000598528 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 000586768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2019-11-14 00:35 - 2019-11-14 00:35 - 000517432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2019-11-14 00:35 - 2019-11-14 00:35 - 000514576 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 000513336 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 000492032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Narrator.exe
2019-11-14 00:35 - 2019-11-14 00:35 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 000477712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2019-11-14 00:35 - 2019-11-14 00:35 - 000477184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 000466928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 000465208 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 000461320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 000446464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Magnify.exe
2019-11-14 00:35 - 2019-11-14 00:35 - 000443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 000435200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 000381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 000375720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 000372752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2019-11-14 00:35 - 2019-11-14 00:35 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2019-11-14 00:35 - 2019-11-14 00:35 - 000324624 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 000283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 000251512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 000247856 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 000225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 000220472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2019-11-14 00:35 - 2019-11-14 00:35 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 000202552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2019-11-14 00:35 - 2019-11-14 00:35 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Win32CompatibilityAppraiserCSP.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 000164776 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 000164368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2019-11-14 00:35 - 2019-11-14 00:35 - 000159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmvdsitf.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SpatialAudioLicenseSrv.exe
2019-11-14 00:35 - 2019-11-14 00:35 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tunnel.sys
2019-11-14 00:35 - 2019-11-14 00:35 - 000118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Utilman.exe
2019-11-14 00:35 - 2019-11-14 00:35 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\EaseOfAccessDialog.exe
2019-11-14 00:35 - 2019-11-14 00:35 - 000113160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2019-11-14 00:35 - 2019-11-14 00:35 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssitlb.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 000111104 _____ (Microsoft Corporation) C:\WINDOWS\system32\AxInstSv.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\sethc.exe
2019-11-14 00:35 - 2019-11-14 00:35 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2019-11-14 00:35 - 2019-11-14 00:35 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AtBroker.exe
2019-11-14 00:35 - 2019-11-14 00:35 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usp10.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 000073024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 000071480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ApiSetHost.AppExecutionAlias.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcadm.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AxInstUI.exe
2019-11-14 00:35 - 2019-11-14 00:35 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2019-11-14 00:35 - 2019-11-14 00:35 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
2019-11-14 00:35 - 2019-11-14 00:35 - 000047616 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscntrs.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2019-11-14 00:35 - 2019-11-14 00:35 - 000036368 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2019-11-14 00:35 - 2019-11-14 00:35 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winnsi.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2019-11-14 00:35 - 2019-11-14 00:35 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\posetup.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\nsisvc.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 000028344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winnsi.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidtel.exe
2019-11-14 00:35 - 2019-11-14 00:35 - 000024792 _____ (Microsoft Corporation) C:\WINDOWS\system32\nsi.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 000020352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nsi.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\applockerfltr.sys
2019-11-14 00:35 - 2019-11-14 00:35 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaevts.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 000012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\pacjsworker.exe
2019-11-14 00:35 - 2019-11-14 00:35 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-11-14 00:35 - 2019-11-14 00:35 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tier2punctuations.dll
2019-11-14 00:34 - 2019-11-14 00:34 - 017787904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-11-14 00:34 - 2019-11-14 00:34 - 007849424 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2019-11-14 00:34 - 2019-11-14 00:34 - 006227104 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-11-14 00:34 - 2019-11-14 00:34 - 006166016 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-11-14 00:34 - 2019-11-14 00:34 - 005890048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AI.MachineLearning.dll
2019-11-14 00:34 - 2019-11-14 00:34 - 004615616 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2019-11-14 00:34 - 2019-11-14 00:34 - 004140544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2019-11-14 00:34 - 2019-11-14 00:34 - 004005888 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-11-14 00:34 - 2019-11-14 00:34 - 003968512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tellib.dll
2019-11-14 00:34 - 2019-11-14 00:34 - 003591208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-11-14 00:34 - 2019-11-14 00:34 - 003387392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2019-11-14 00:34 - 2019-11-14 00:34 - 003263488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2019-11-14 00:34 - 2019-11-14 00:34 - 003105792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-11-14 00:34 - 2019-11-14 00:34 - 003084800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2019-11-14 00:34 - 2019-11-14 00:34 - 002870784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2019-11-14 00:34 - 2019-11-14 00:34 - 002126112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2019-11-14 00:34 - 2019-11-14 00:34 - 002120704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcDesktopMonSvc.dll
2019-11-14 00:34 - 2019-11-14 00:34 - 002114048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-11-14 00:34 - 2019-11-14 00:34 - 001942528 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-11-14 00:34 - 2019-11-14 00:34 - 001920512 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2019-11-14 00:34 - 2019-11-14 00:34 - 001687040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2019-11-14 00:34 - 2019-11-14 00:34 - 001428992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2019-11-14 00:34 - 2019-11-14 00:34 - 001413912 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2019-11-14 00:34 - 2019-11-14 00:34 - 001259416 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2019-11-14 00:34 - 2019-11-14 00:34 - 001094656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2019-11-14 00:34 - 2019-11-14 00:34 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2019-11-14 00:34 - 2019-11-14 00:34 - 001069064 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2019-11-14 00:34 - 2019-11-14 00:34 - 001062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-11-14 00:34 - 2019-11-14 00:34 - 001027000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2019-11-14 00:34 - 2019-11-14 00:34 - 000913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2019-11-14 00:34 - 2019-11-14 00:34 - 000911824 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-11-14 00:34 - 2019-11-14 00:34 - 000874536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-11-14 00:34 - 2019-11-14 00:34 - 000849920 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2019-11-14 00:34 - 2019-11-14 00:34 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2019-11-14 00:34 - 2019-11-14 00:34 - 000750080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2019-11-14 00:34 - 2019-11-14 00:34 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2019-11-14 00:34 - 2019-11-14 00:34 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\agentactivationruntimewindows.dll
2019-11-14 00:34 - 2019-11-14 00:34 - 000704000 _____ (Microsoft Corporation) C:\WINDOWS\system32\agentactivationruntime.dll
2019-11-14 00:34 - 2019-11-14 00:34 - 000657424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-11-14 00:34 - 2019-11-14 00:34 - 000649728 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicesFlowBroker.dll
2019-11-14 00:34 - 2019-11-14 00:34 - 000644096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2019-11-14 00:34 - 2019-11-14 00:34 - 000589592 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2019-11-14 00:34 - 2019-11-14 00:34 - 000563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2019-11-14 00:34 - 2019-11-14 00:34 - 000552448 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2019-11-14 00:34 - 2019-11-14 00:34 - 000551736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Vid.sys
2019-11-14 00:34 - 2019-11-14 00:34 - 000534528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.UserService.dll
2019-11-14 00:34 - 2019-11-14 00:34 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2019-11-14 00:34 - 2019-11-14 00:34 - 000522176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2019-11-14 00:34 - 2019-11-14 00:34 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.ConversationalAgent.dll
2019-11-14 00:34 - 2019-11-14 00:34 - 000441144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-11-14 00:34 - 2019-11-14 00:34 - 000416016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2019-11-14 00:34 - 2019-11-14 00:34 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2019-11-14 00:34 - 2019-11-14 00:34 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2019-11-14 00:34 - 2019-11-14 00:34 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2019-11-14 00:34 - 2019-11-14 00:34 - 000359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\MbbCx.sys
2019-11-14 00:34 - 2019-11-14 00:34 - 000350720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SpeechPrivacy.dll
2019-11-14 00:34 - 2019-11-14 00:34 - 000322504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2019-11-14 00:34 - 2019-11-14 00:34 - 000292664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2019-11-14 00:34 - 2019-11-14 00:34 - 000291256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2019-11-14 00:34 - 2019-11-14 00:34 - 000280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmd.exe
2019-11-14 00:34 - 2019-11-14 00:34 - 000278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2019-11-14 00:34 - 2019-11-14 00:34 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2019-11-14 00:34 - 2019-11-14 00:34 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2019-11-14 00:34 - 2019-11-14 00:34 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateDeploymentProvider.dll
2019-11-14 00:34 - 2019-11-14 00:34 - 000250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2019-11-14 00:34 - 2019-11-14 00:34 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2019-11-14 00:34 - 2019-11-14 00:34 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2019-11-14 00:34 - 2019-11-14 00:34 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsbas.dll
2019-11-14 00:34 - 2019-11-14 00:34 - 000237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\accessibilitycpl.dll
2019-11-14 00:34 - 2019-11-14 00:34 - 000235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2019-11-14 00:34 - 2019-11-14 00:34 - 000204816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-11-14 00:34 - 2019-11-14 00:34 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2019-11-14 00:34 - 2019-11-14 00:34 - 000184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\AarSvc.dll
2019-11-14 00:34 - 2019-11-14 00:34 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmvdsitf.dll
2019-11-14 00:34 - 2019-11-14 00:34 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatialAudioLicenseSrv.exe
2019-11-14 00:34 - 2019-11-14 00:34 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwbase.dll
2019-11-14 00:34 - 2019-11-14 00:34 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2019-11-14 00:34 - 2019-11-14 00:34 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2019-11-14 00:34 - 2019-11-14 00:34 - 000132608 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2019-11-14 00:34 - 2019-11-14 00:34 - 000129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcDecoderHost.exe
2019-11-14 00:34 - 2019-11-14 00:34 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssitlb.dll
2019-11-14 00:34 - 2019-11-14 00:34 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplicationControlCSP.dll
2019-11-14 00:34 - 2019-11-14 00:34 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2019-11-14 00:34 - 2019-11-14 00:34 - 000108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2019-11-14 00:34 - 2019-11-14 00:34 - 000105488 _____ (Microsoft Corporation) C:\WINDOWS\system32\icfupgd.dll
2019-11-14 00:34 - 2019-11-14 00:34 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2019-11-14 00:34 - 2019-11-14 00:34 - 000088568 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2019-11-14 00:34 - 2019-11-14 00:34 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApiSetHost.AppExecutionAlias.dll
2019-11-14 00:34 - 2019-11-14 00:34 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2019-11-14 00:34 - 2019-11-14 00:34 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2019-11-14 00:34 - 2019-11-14 00:34 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2019-11-14 00:34 - 2019-11-14 00:34 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\audioresourceregistrar.dll
2019-11-14 00:34 - 2019-11-14 00:34 - 000047208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2019-11-14 00:34 - 2019-11-14 00:34 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthMini.SYS
2019-11-14 00:34 - 2019-11-14 00:34 - 000027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscisvif.dll
2019-11-14 00:34 - 2019-11-14 00:34 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfapigp.dll
2019-11-14 00:34 - 2019-11-14 00:34 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscproxystub.dll
2019-11-14 00:34 - 2019-11-14 00:34 - 000016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsilog.dll
2019-11-14 00:34 - 2019-11-14 00:34 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\dstokenclean.exe
2019-11-14 00:34 - 2019-11-14 00:34 - 000009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscadminui.exe
2019-11-14 00:11 - 2019-11-14 00:11 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2019-11-14 00:11 - 2019-11-14 00:11 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-12-13 20:21 - 2019-08-30 00:47 - 000004216 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{12B90BB7-10F8-444D-AC84-046D4DCBC0E8}
2019-12-13 20:21 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-12-13 20:00 - 2015-11-03 22:23 - 000000000 ____D C:\Program Files\KMSpico
2019-12-13 19:48 - 2018-10-15 02:17 - 000000000 ____D C:\Users\casa\AppData\Local\CrashDumps
2019-12-13 19:42 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-12-13 19:40 - 2019-08-30 00:27 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-12-13 19:32 - 2019-08-30 00:40 - 001684180 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-12-13 19:32 - 2019-03-19 12:59 - 000752490 _____ C:\WINDOWS\system32\perfh00A.dat
2019-12-13 19:32 - 2019-03-19 12:59 - 000148070 _____ C:\WINDOWS\system32\perfc00A.dat
2019-12-13 19:32 - 2019-03-19 05:50 - 000000000 ____D C:\WINDOWS\INF
2019-12-13 19:29 - 2015-11-02 04:23 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-12-13 19:28 - 2017-10-17 20:13 - 000000000 ___RD C:\Users\casa\3D Objects
2019-12-13 19:28 - 2017-06-23 17:14 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-12-13 19:28 - 2015-11-02 04:23 - 000000000 __SHD C:\Users\casa\IntelGraphicsProfiles
2019-12-13 19:27 - 2019-08-30 00:47 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-12-13 19:27 - 2019-08-30 00:27 - 000455136 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-12-13 19:26 - 2019-03-19 05:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-12-13 19:25 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SystemResources
2019-12-13 19:25 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-12-13 19:25 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-12-13 18:02 - 2019-03-19 05:52 - 000000000 ___HD C:\Program Files\WindowsApps
2019-12-13 15:39 - 2015-11-29 15:47 - 000000000 ____D C:\ProgramData\Unified Remote
2019-12-13 12:05 - 2016-04-10 13:11 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-12-13 07:36 - 2019-08-30 00:47 - 000003608 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player PPAPI Notifier
2019-12-13 07:36 - 2019-08-30 00:47 - 000003550 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2019-12-13 07:36 - 2019-08-30 00:47 - 000003326 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2019-12-13 07:36 - 2019-08-30 00:47 - 000003286 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player Updater
2019-12-13 07:36 - 2019-08-30 00:47 - 000002988 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2019-12-13 07:36 - 2019-08-30 00:47 - 000002858 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1814117895-116575333-4275017759-1001
2019-12-13 07:36 - 2019-08-30 00:47 - 000002218 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC
2019-12-13 07:36 - 2019-08-30 00:47 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software
2019-12-12 23:18 - 2015-11-03 18:23 - 000000000 ____D C:\Users\casa\AppData\Roaming\vlc
2019-12-12 21:23 - 2015-11-02 20:13 - 000002270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-12-12 19:19 - 2019-10-04 17:45 - 000040960 _____ C:\Users\casa\Desktop\Calendari Teatre 2019-20.xls
2019-12-12 18:36 - 2016-06-10 16:50 - 000000000 ____D C:\Users\casa\AppData\Roaming\Audacity
2019-12-12 15:51 - 2019-03-19 05:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-12-12 14:15 - 2017-12-01 08:42 - 000000000 ____D C:\Users\casa\AppData\Local\Packages
2019-12-12 11:29 - 2015-11-03 18:09 - 000000000 ___RD C:\Users\casa\Desktop\El churro
2019-12-12 11:22 - 2019-08-29 06:50 - 000000000 ____D C:\Users\casa
2019-12-12 11:07 - 2019-08-30 00:47 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2019-12-11 11:18 - 2015-11-02 04:33 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-12-11 11:16 - 2015-11-02 04:33 - 129221664 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-12-11 00:48 - 2018-05-22 17:09 - 000000000 ____D C:\Users\casa\AppData\Local\PlaceholderTileLogoFolder
2019-12-10 15:15 - 2019-08-29 06:50 - 000000000 ____D C:\Users\torrecasa
2019-12-10 13:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-12-10 13:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-12-05 18:52 - 2019-07-13 13:07 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-11-27 17:48 - 2019-08-30 00:47 - 000003856 _____ C:\WINDOWS\system32\Tasks\Avast Secure Browser Heartbeat Task (Hourly)
2019-11-27 17:48 - 2019-08-30 00:47 - 000003272 _____ C:\WINDOWS\system32\Tasks\Avast Secure Browser Heartbeat Task (Logon)
2019-11-27 17:48 - 2018-04-08 20:24 - 000002467 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2019-11-26 10:37 - 2019-07-13 13:07 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-11-25 04:57 - 2019-08-29 06:50 - 000002405 _____ C:\Users\casa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-11-25 04:57 - 2015-11-02 04:26 - 000000000 ___RD C:\Users\casa\OneDrive
2019-11-14 20:57 - 2019-03-19 05:52 - 000000000 ___RD C:\WINDOWS\PrintDialog
2019-11-14 20:57 - 2019-03-19 05:52 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2019-11-14 20:57 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\appraiser
2019-11-14 20:57 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\ShellComponents
2019-11-14 20:57 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2019-11-14 20:57 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\DiagTrack
2019-11-13 16:45 - 2016-10-03 11:31 - 000000146 _____ C:\Users\casa\Desktop\Sonido - Acceso directo.lnk

==================== Files in the root of some directories ========

2017-11-07 21:20 - 2017-11-07 21:20 - 000000600 ___SH () C:\Users\casa\AppData\Local\7d1997db57d9a4ee768d19.68008180
2017-04-17 18:20 - 2017-05-05 19:22 - 000465408 _____ (Dirección General de la Policía) C:\Users\casa\AppData\Local\DNIeService.exe
2019-09-15 13:24 - 2019-09-15 13:24 - 000007605 _____ () C:\Users\casa\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

alfon · 13 Diciembre, 2019 19:39

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2019
Ran by casa (13-12-2019 20:29:45)
Running from C:\Users\casa\Downloads
Windows 10 Pro Version 1903 18362.535 (X64) (2019-08-29 23:48:30)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-1814117895-116575333-4275017759-500 - Administrator - Disabled)
casa (S-1-5-21-1814117895-116575333-4275017759-1001 - Administrator - Enabled) => C:\Users\casa
DefaultAccount (S-1-5-21-1814117895-116575333-4275017759-503 - Limited - Disabled)
Invitado (S-1-5-21-1814117895-116575333-4275017759-501 - Limited - Disabled)
torrecasa (S-1-5-21-1814117895-116575333-4275017759-1002 - Limited - Enabled) => C:\Users\torrecasa
WDAGUtilityAccount (S-1-5-21-1814117895-116575333-4275017759-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1814117895-116575333-4275017759-1001\...\uTorrent) (Version: 3.5.5.45271 - BitTorrent Inc.)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.303 - Adobe)
Antares Autotune Evo VST RTAS v6.0.9 (HKLM-x32\...\Antares Autotune Evo VST RTAS_is1) (Version:  - )
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Audiograbber 1.83 SE  (HKLM-x32\...\Audiograbber) (Version: 1.83 SE  - Audiograbber)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.8.2393 - AVAST Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 77.2.2153.120 - Los creadores de Avast Secure Browser)
Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.136.333 - AVAST Software) Hidden
Avidemux 2.7 - 64 bits (HKLM-x32\...\Avidemux 2.7 - 64 bits (64-bit)) (Version: 2.7.0.170814 - )
Brother MFL-Pro Suite MFC-5890CN (HKLM-x32\...\{20E970DF-A7B2-4345-9DEB-72213A29645E}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.61 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.6.5931 - CDBurnerXP)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Edirol HQ Orchestral VSTi v1.03 (HKLM-x32\...\Edirol HQ Orchestral VSTi v1.03) (Version:  - )
Evernote v. 6.21.2 (HKLM-x32\...\{50BD5F92-DB34-11E9-A489-005056951CAD}) (Version: 6.21.2.8716 - Evernote Corp.)
FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version:  - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version:  - Image-Line)
FormatFactory 3.6.0.0 (HKLM-x32\...\FormatFactory) (Version: 3.6.0.0 - Format Factory)
Galería de fotos (HKLM-x32\...\{198CEF22-A27F-4DC7-9B66-2C22A4B1CA09}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 79.0.3945.79 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.341 - Google LLC) Hidden
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
Instalable DNIe (HKLM\...\{B4A6EF31-AC22-4BE2-A714-581FC66DBFAF}) (Version: 13.1.0 - Cuerpo Nacional de Policía)
Intel(R) C++ Redistributables on IA-32 (HKLM-x32\...\{317059CB-7642-4F2E-89C0-62E69D4074B7}) (Version: 15.0.148 - Intel Corporation)
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{2DD3C090-2986-4970-B3CB-87BB4C8AC4A5}) (Version: 15.0.148 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4835 - Intel Corporation)
Interlok driver setup x64 (HKLM\...\{25613C10-27D2-410B-942B-D922D5C3A7BE}) (Version: 5.8.13 - PACE Anti-Piracy)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
LADSPA_plugins-win-0.4.15 (HKLM-x32\...\LADSPA_plugins-win_is1) (Version:  - Audacity Team)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LXFree for Java (HKLM-x32\...\{A415B951-C5DF-41CE-884C-A46BD31878A3}) (Version: 1.8.2.0 - Claude Heintz Design)
Malwarebytes version 4.0.4.49 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.0.4.49 - Malwarebytes)
Melodyne Runtime 4.1 (x64) (HKLM\...\{59E4B5CE-8453-4F63-A098-44AE2EB0EC78}) (Version: 1.0.0 - Celemony Software GmbH)
Microsoft Office Profesional Plus 2016 - es-es (HKLM\...\ProPlusRetail - es-es) (Version: 16.0.12228.20364 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 16.0.12228.20364 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1814117895-116575333-4275017759-1001\...\OneDriveSetup.exe) (Version: 19.192.0926.0012 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{9C82436F-F19C-42A4-B476-F87A28A95BF9}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.12228.20364 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.12228.20364 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.12228.20364 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0407-0000-0000000FF1CE}) (Version: 16.0.12228.20364 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0C0A-0000-0000000FF1CE}) (Version: 16.0.12228.20364 - Microsoft Corporation) Hidden
Paquete de idioma de Microsoft Visual Studio 2010 Tools para Office Runtime (x64) - ESN (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ESN) (Version: 10.0.50903 - Microsoft Corporation)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
ReWire (HKLM\...\{4481A621-E317-411C-8926-864AACDF509B}) (Version: 1.00.0000 - Waves)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
Unified Remote (HKLM-x32\...\{415B4714-4F8C-49C6-B310-881EAF892CFB}_is1) (Version: 3.6.1 - Unified Intents AB)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F814D094-197F-43C8-87FA-3210BB780486}) (Version: 2.53.0.0 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows Driver Package - Dirección General de la Policía (UMPass) SmartCard  (12/15/2016 1.0.2.5) (HKLM\...\3A8235ACF0CF89B7EACE136B69B0B68ADC94D283) (Version: 12/15/2016 1.0.2.5 - Dirección General de la Policía)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.70 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)
Yamaha Steinberg USB Driver (HKLM\...\{D58E72D3-4EF3-4EDC-AF17-89DBA0E3D1AA}) (Version: 1.9.6 - Yamaha Corporation) Hidden
Yamaha Steinberg USB Driver (HKLM-x32\...\InstallShield_{D58E72D3-4EF3-4EDC-AF17-89DBA0E3D1AA}) (Version: 1.9.6 - Yamaha Corporation)

Packages:
=========
Complemento de Fotos -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2019-12-09] (Microsoft Corporation)
Complemento de motor del medio de Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-12-09] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-16] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-16] (Microsoft Corporation) [MS Ad]
Microsoft News: Noticias destacadas en español -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.33.13094.0_x64__8wekyb3d8bbwe [2019-11-14] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.5.12061.0_x64__8wekyb3d8bbwe [2019-12-10] (Microsoft Studios) [MS Ad]
MSN El Tiempo -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.33.13253.0_x64__8wekyb3d8bbwe [2019-11-27] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-10-20] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [msacm.vorbis] => C:\WINDOWS\system32\vorbis.acm [1470976 2015-03-11] (HMS hxxp://hp.vector.co.jp/authors/VA012897/) [File not signed]
HKLM\...\Drivers32: [msacm.vorbis] => C:\Windows\SysWOW64\vorbis.acm [1554944 2015-03-11] (HMS hxxp://hp.vector.co.jp/authors/VA012897/) [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2019-05-20 14:11 - 2009-02-27 15:38 - 000139264 ____R () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2016-01-09 21:27 - 2014-05-19 17:19 - 000137728 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2016-01-09 21:27 - 2014-09-11 18:09 - 001498112 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2019-05-20 14:11 - 2012-06-05 14:59 - 000025299 ____R (Brother Industries, Ltd) [File not signed] C:\Program Files (x86)\Brother\Brmfcmon\brlm03a.dll
2019-05-20 14:11 - 2008-08-18 17:27 - 000122880 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\Brmfcmon\brlmw03a.dll
2019-05-20 14:11 - 2011-04-08 10:14 - 000163840 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\Brmfcmon\BRMFCWNDSpa.dll
2019-05-20 14:11 - 2010-03-10 17:16 - 000770048 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\ControlCenter3\brccDCtl.dll
2019-05-20 14:11 - 2012-10-09 14:30 - 000372736 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\ControlCenter3\brccFCtl.dll
2019-05-20 14:11 - 2009-09-28 12:38 - 005390336 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\ControlCenter3\brccimg.dll
2019-05-20 14:11 - 2010-03-29 04:22 - 000159744 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\ControlCenter3\brccspa.dll
2015-12-14 14:15 - 2010-04-24 05:00 - 000336896 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNMLM9W.DLL
2019-05-20 14:11 - 2003-06-29 23:00 - 000259584 ____N (LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\Brother\ControlCenter3\LTDIS12n.dll
2019-05-20 14:11 - 2005-07-04 23:00 - 000131584 ____N (LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\Brother\ControlCenter3\LTFIL12n.DLL
2019-05-20 14:11 - 2003-06-29 23:00 - 000406016 ____N (LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\Brother\ControlCenter3\LTKRN12n.dll
2015-11-29 15:47 - 2016-10-10 04:27 - 000556544 _____ (Soft Service Company) [File not signed] C:\Program Files (x86)\Unified Remote 3\wcl.dll
2019-04-17 12:32 - 2016-09-23 13:08 - 001283584 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Unified Remote 3\LIBEAY32MD.dll
2019-04-17 12:32 - 2016-09-23 13:08 - 000255488 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Unified Remote 3\SSLEAY32MD.dll
2016-01-09 21:27 - 2014-09-11 18:10 - 000708608 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-1814117895-116575333-4275017759-1001\Software\Classes\regfile: regedit.exe "%1" <==== ATTENTION

==================== Internet Explorer trusted/restricted ==========

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-1814117895-116575333-4275017759-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1814117895-116575333-4275017759-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1814117895-116575333-4275017759-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1814117895-116575333-4275017759-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1814117895-116575333-4275017759-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1814117895-116575333-4275017759-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1814117895-116575333-4275017759-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-1814117895-116575333-4275017759-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-1814117895-116575333-4275017759-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1814117895-116575333-4275017759-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-1814117895-116575333-4275017759-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1814117895-116575333-4275017759-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1814117895-116575333-4275017759-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1814117895-116575333-4275017759-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1814117895-116575333-4275017759-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1814117895-116575333-4275017759-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1814117895-116575333-4275017759-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1814117895-116575333-4275017759-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1814117895-116575333-4275017759-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1814117895-116575333-4275017759-1001\...\1001movie.com -> 1001movie.com

There are 6091 more sites.


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 12:04 - 2019-01-04 11:35 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %INTEL_DEV_REDIST%redist\intel64\compiler;%INTEL_DEV_REDIST%redist\ia32\compiler;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1814117895-116575333-4275017759-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\casa\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Papel tapiz de Galería fotográfica.jpg
DNS Servers: 212.231.6.7 - 46.6.113.34
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-1814117895-116575333-4275017759-1001\...\StartupApproved\Run: => "Unified Remote V3"
HKU\S-1-5-21-1814117895-116575333-4275017759-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{560184AC-FAA0-4BA7-961B-B7952551E950}] => (Allow) C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe (Unified Intents AB -> Unified Intents AB)
FirewallRules: [{2DE821DA-2627-463F-A20F-F338F894E949}] => (Allow) C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe (Unified Intents AB -> Unified Intents AB)
FirewallRules: [{066071CC-9936-4FEF-AF52-D92E944AAB23}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{674A080C-3611-4E96-8C11-08270F2FF1F7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B23056D7-CCCB-4CE4-8F30-09E634CA0EDD}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9829301D-F11E-4791-8D77-8617BFAC64C7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B01DD9AD-6E15-428A-9A4C-C7A4D3322B68}] => (Allow) C:\Users\casa\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{F2C7D496-EB1E-4084-80C3-3613AD6B5F5E}] => (Allow) C:\Users\casa\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{5202F3D6-A809-4EFA-A8FA-E1BF8C3426A0}] => (Allow) C:\Users\casa\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{12A31307-FC0A-43BA-B91A-54EC9524A827}] => (Allow) C:\Users\casa\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{D4628F42-3DE6-4D57-BCBD-D0FB39E9B42C}] => (Allow) C:\Users\casa\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{2DB03181-E5BC-4D3E-B09E-26761BA9F66E}] => (Allow) C:\Users\casa\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{5B1BA8B8-99CE-4AE5-B3A5-335E64503821}] => (Allow) C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe (Unified Intents AB -> Unified Intents AB)
FirewallRules: [{F9D1BAAC-C479-4874-99BF-F9A1FD2047D7}] => (Allow) C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe (Unified Intents AB -> Unified Intents AB)
FirewallRules: [{86F9E794-F008-4328-9670-F5C06B418F57}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [{ABB715C3-58D5-416B-BD3A-F90A12108B4B}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [{9A150884-D391-449E-8887-9174F25A83D3}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{18B9F320-F7B2-4993-B953-445033D1E0A3}] => (Allow) LPort=2869
FirewallRules: [{EE0974F0-4E11-4F6F-86AC-06BA01E24FB2}] => (Allow) LPort=1900
FirewallRules: [{FBCC1738-2C75-49A8-BAEA-6EE811B1A6D6}] => (Allow) C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe (Unified Intents AB -> Unified Intents AB)
FirewallRules: [{E9B649BD-D5F2-4321-86B9-AD1E96473471}] => (Allow) C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe (Unified Intents AB -> Unified Intents AB)
FirewallRules: [TCP Query User{6FB657B2-9209-4C47-AA03-AE7F3D03E3B8}C:\users\casa\desktop\programas utilidades\win10controllerserver\win10controller.exe] => (Allow) C:\users\casa\desktop\programas utilidades\win10controllerserver\win10controller.exe () [File not signed]
FirewallRules: [UDP Query User{54BADB23-6177-4610-8850-F7ACBA53DC57}C:\users\casa\desktop\programas utilidades\win10controllerserver\win10controller.exe] => (Allow) C:\users\casa\desktop\programas utilidades\win10controllerserver\win10controller.exe () [File not signed]
FirewallRules: [{21FCCDF6-C11B-4A20-9756-6115CBEA1D46}] => (Allow) C:\Users\casa\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{6A4F8DBB-04AA-4A0B-8C21-C614FC392C09}] => (Allow) C:\Users\casa\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [TCP Query User{54531C24-4D8B-4720-B460-9C041485E59D}C:\program files (x86)\freetime\formatfactory\formatfactory.exe] => (Allow) C:\program files (x86)\freetime\formatfactory\formatfactory.exe (chen jun hao -> Free Time) [File not signed]
FirewallRules: [UDP Query User{28DD27C5-2EA8-48F9-B702-9B204D65903B}C:\program files (x86)\freetime\formatfactory\formatfactory.exe] => (Allow) C:\program files (x86)\freetime\formatfactory\formatfactory.exe (chen jun hao -> Free Time) [File not signed]
FirewallRules: [{BBFC070E-0561-4B4F-9F3B-18613E2E6318}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{B3B4F1C0-D25F-41B7-80E6-D67AD4851E6C}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{D5056046-B652-4BE7-A648-C53BE71E7C4F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{EC982496-BE75-4748-B07E-F4A52E145962}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{63C89E3B-A47C-4307-B98D-9DE980D43E9D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

30-11-2019 23:31:38 Punto de control programado
09-12-2019 11:31:28 Punto de control programado
12-12-2019 11:21:15 Installed Evernote v. 6.21.2

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (12/13/2019 08:10:58 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (8148,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) al abrir un archivo de registro C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (12/13/2019 07:48:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: kbigdfd.exe, versión: 3.3.15.1, marca de tiempo: 0x5ab0f552
Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x038933bc
Identificador del proceso con errores: 0x1fb4
Hora de inicio de la aplicación con errores: 0x01d5b1e34a4ced7c
Ruta de acceso de la aplicación con errores: C:\ProgramData\Intel\Wireless\87d31c7\kbigdfd.exe
Ruta de acceso del módulo con errores: unknown
Identificador del informe: f44ae5fe-396d-44c5-8c1e-e1382b8fc980
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (12/13/2019 07:48:35 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (3884,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) al abrir un archivo de registro C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (12/13/2019 07:30:49 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT AUTHORITY)
Description: Windows no puede cargar el archivo DLL del contador extensible "C:\WINDOWS\system32\sysmain.dll" (código de error de Win32 126).

Error: (12/13/2019 07:19:44 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (3520,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) al abrir un archivo de registro C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (12/13/2019 07:09:31 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (128,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) al abrir un archivo de registro C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (12/13/2019 06:52:08 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (15108,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) al abrir un archivo de registro C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (12/13/2019 06:08:02 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (5156,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) al abrir un archivo de registro C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.


System errors:
=============
Error: (12/13/2019 07:36:23 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-EV3DJ0V)
Description: El servidor microsoft.windowscommunicationsapps_16005.12228.20356.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca no se registró con DCOM dentro del tiempo de espera requerido.

Error: (12/13/2019 07:36:22 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-EV3DJ0V)
Description: El servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (12/13/2019 07:36:22 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-EV3DJ0V)
Description: El servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (12/13/2019 07:36:22 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-EV3DJ0V)
Description: El servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (12/13/2019 07:36:22 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-EV3DJ0V)
Description: El servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (12/13/2019 07:36:22 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-EV3DJ0V)
Description: El servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (12/13/2019 07:36:22 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-EV3DJ0V)
Description: El servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (12/13/2019 07:36:22 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-EV3DJ0V)
Description: El servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} no se registró con DCOM dentro del tiempo de espera requerido.


Windows Defender:
===================================
Date: 2019-10-17 00:10:47.388
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para más información, consulta lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:MSIL/AutoKMS&threatid=2147711767&enterprise=0
Nombre: HackTool:MSIL/AutoKMS
Id.: 2147711767
Gravedad: Alta
Categoría: Herramienta
Ruta de acceso: file:_C:\Program Files\KMSpico\AutoPico.exe; file:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\AutoPico.lnk; file:_C:\WINDOWS\System32\Tasks\AutoPico Daily Restart->(UTF-16LE); regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{638FDE3A-9397-43CC-9D34-78A56E169077}; regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart; startup:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\AutoPico.lnk; taskscheduler:_C:\WINDOWS\System32\Tasks\AutoPico Daily Restart
Origen de detección: Equipo local
Tipo de detección: Concreto
Origen de detección: Protección en tiempo real
Usuario: NT AUTHORITY\SYSTEM
Nombre de proceso: C:\Windows\System32\svchost.exe
Versión de inteligencia de seguridad: AV: 1.303.1818.0, AS: 1.303.1818.0, NIS: 1.303.1818.0
Versión de motor: AM: 1.1.16400.2, NIS: 1.1.16400.2

Date: 2019-10-16 23:59:04.232
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para más información, consulta lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:MSIL/AutoKMS&threatid=2147711767&enterprise=0
Nombre: HackTool:MSIL/AutoKMS
Id.: 2147711767
Gravedad: Alta
Categoría: Herramienta
Ruta de acceso: file:_C:\Program Files\KMSpico\AutoPico.exe
Origen de detección: Equipo local
Tipo de detección: Concreto
Origen de detección: Protección en tiempo real
Usuario: NT AUTHORITY\SYSTEM
Nombre de proceso: C:\Windows\System32\svchost.exe
Versión de inteligencia de seguridad: AV: 1.303.1818.0, AS: 1.303.1818.0, NIS: 1.303.1818.0
Versión de motor: AM: 1.1.16400.2, NIS: 1.1.16400.2

Date: 2019-10-16 15:00:51.904
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para más información, consulta lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:MSIL/AutoKMS&threatid=2147711767&enterprise=0
Nombre: HackTool:MSIL/AutoKMS
Id.: 2147711767
Gravedad: Alta
Categoría: Herramienta
Ruta de acceso: file:_C:\Program Files\KMSpico\Service_KMS.exe; process:_pid:3808,ProcessStart:132157037426864138; service:_Service KMSELDI
Origen de detección: Equipo local
Tipo de detección: Concreto
Origen de detección: Sistema
Usuario: NT AUTHORITY\SYSTEM
Nombre de proceso: C:\Program Files\KMSpico\Service_KMS.exe
Versión de inteligencia de seguridad: AV: 1.303.1818.0, AS: 1.303.1818.0, NIS: 1.303.1818.0
Versión de motor: AM: 1.1.16400.2, NIS: 1.1.16400.2

Date: 2019-10-16 15:00:03.909
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para más información, consulta lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win64/AutoKMS&threatid=2147723334&enterprise=0
Nombre: HackTool:Win64/AutoKMS
Id.: 2147723334
Gravedad: Alta
Categoría: Herramienta
Ruta de acceso: file:_C:\Windows\SECOH-QAD.dll; file:_C:\Windows\SECOH-QAD.exe
Origen de detección: Equipo local
Tipo de detección: Concreto
Origen de detección: Protección en tiempo real
Usuario: NT AUTHORITY\SYSTEM
Nombre de proceso: C:\Windows\System32\svchost.exe
Versión de inteligencia de seguridad: AV: 1.303.1818.0, AS: 1.303.1818.0, NIS: 1.303.1818.0
Versión de motor: AM: 1.1.16400.2, NIS: 1.1.16400.2

Date: 2019-10-16 15:00:02.123
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para más información, consulta lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:MSIL/AutoKMS&threatid=2147711767&enterprise=0
Nombre: HackTool:MSIL/AutoKMS
Id.: 2147711767
Gravedad: Alta
Categoría: Herramienta
Ruta de acceso: file:_C:\Program Files\KMSpico\Service_KMS.exe
Origen de detección: Equipo local
Tipo de detección: Concreto
Origen de detección: Sistema
Usuario: NT AUTHORITY\SYSTEM
Nombre de proceso: Unknown
Versión de inteligencia de seguridad: AV: 1.303.1818.0, AS: 1.303.1818.0, NIS: 1.303.1818.0
Versión de motor: AM: 1.1.16400.2, NIS: 1.1.16400.2

CodeIntegrity:
===================================

Date: 2019-12-13 19:49:49.181
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2019-12-13 19:29:15.483
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.

Date: 2019-12-13 19:29:15.469
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.

Date: 2019-12-13 19:29:15.456
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.

Date: 2019-12-13 19:29:15.442
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.

Date: 2019-12-13 19:29:15.426
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.

Date: 2019-12-13 19:29:15.412
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.

Date: 2019-12-13 19:29:15.399
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.

==================== Memory info =========================== 

BIOS: American Megatrends Inc. F1 08/19/2014
Motherboard: Gigabyte Technology Co., Ltd. H81M-S2H
Processor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 46%
Total physical RAM: 8078.13 MB
Available physical RAM: 4297.41 MB
Total Virtual: 9358.13 MB
Available Virtual: 5378.28 MB

==================== Drives ================================

Drive c: (disco local) (Fixed) (Total:930.45 GB) (Free:794.44 GB) NTFS

\\?\Volume{e98ef070-94ec-4f5f-8f7c-e32c831bf373}\ () (Fixed) (Total:0.44 GB) (Free:0.42 GB) NTFS
\\?\Volume{fc964ad0-e4da-493f-b795-6bc7d6642931}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS
\\?\Volume{392bac62-7f70-44a9-b988-d0857f17b0e4}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 00088753)

Partition: GPT.

==================== End of Addition.txt =======================

Miguelgrado · 13 Diciembre, 2019 20:09

Primeramente, corta y pega frst.exe, en el escritorio, pues se indicaba mu claro que se ejecutase desde ahi.

Bien… y ahora sigue estos pasos, MUY Importante ~ Realiza una copia de seguridad del registro :

Para hacerlo descarga Delfix en tu escritorio.
Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona "Ejecutar como Administrador.")
Atención, ahora marca/selecciona únicamente la casilla "Create registry backup", las demás NO
Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

En el equipo con los demas programas cerrados:

Inicio >>> Ejecutar >>>Escribes notepad.exe.

Ahora copia y pega estos archivos dentro del Notepad:


Start
CreateRestorePoint:
CloseProcesses:

GroupPolicy: Restriction - Chrome <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKU\S-1-5-21-1814117895-116575333-4275017759-1001\...\Run: [bc44851a] => C:\ProgramData\Intel\Wireless\87d31c7\kbigdfd.exe [943784 2019-12-09] (AutoIt Consulting Ltd -> AutoIt Team)
C:\ProgramData\Intel\Wireless
Task: {724A3D38-D159-451E-86EC-EE2F75FD82F3} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
2017-11-07 21:20 - 2017-11-07 21:20 - 000000600 ___SH () C:\Users\casa\AppData\Local\7d1997db57d9a4ee768d19.68008180
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]
HKU\S-1-5-21-1814117895-116575333-4275017759-1001\Software\Classes\regfile: regedit.exe "%1" <==== ATTENTION


HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.<<

Nota: Es importante que la Hta Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no no trabajara.

Y ahora usa esta Faq de Windows ¿Cómo iniciar Windows en Modo Seguro (Aplicable a Windows 10)?, para trabajar desde ese modo de windows. (Usa el Metodo 1 y si no puedes, usa el Metodo 2)
Ejecutas Frst.exe.
Presionas el botón Fix y aguardas a que termine.
La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).

Lo pegas en tu próxima respuesta, comentado como va el problema

alfon · 13 Diciembre, 2019 20:49

Hola compañero, perdón por la cagada de no ejecutarlo desde el escritorio, le dí directamente al descargar… Ahora sí ejecuté delfix desde escritorio y allí guardé el archivo resultante. Tb guardé ahí el script que me mencionaste. Pero al intentar entrar a la carpeta descargas para mover el frst al escritorio, se queda pensando y no muestra el contenido de la carpeta…

Miguelgrado · 13 Diciembre, 2019 22:05

Reinicia el pc y trata de nuevo…

Si no,muevelo uns vez estes en modo seguro

alfon · 13 Diciembre, 2019 23:20

Buenas! Seguí los pasos y al reiniciar ya no aparece la ventanita del autolt v3 en inicio. solucionado pues! Mil gracias!!

Miguelgrado · 14 Diciembre, 2019 08:29

Para eliminar las herramientas usadas en la desinfección, realizas:

Descargas y Ejecutas >> Delfix, en tu escritorio.
Doble clic para ejecutarlo.(Si usas Windows Vista/7 /8 /10,presiona clic derecho y selecciona >>;Ejecutar como Administrador.)
Marca solamente la casilla Remove disinfection tools
Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

Si queda alguna herramienta, la desinstalas desde panel de Windows y aquellas que no estén listadas, se eliminan directamente.

Me alegro de haberte podido ayudar!

TEMA SOLUCIONADO

alfon · 14 Diciembre, 2019 17:09

Muchisimas gracias Miguelgrado. Aparte de que no apareció más creo que el pc anda más rápido… muchas gracias por tu ayuda y por la rapidez de respuesta. Saludos!

Miguelgrado · 14 Diciembre, 2019 17:26

De nada …

Saludos