Conexion a escritorio remoto/ centro de sincronizacion


#1

Hola

Antes que nada quiero agradecer su apoyo para revisar y actualizar uno de mis equipos que había sido hackeado, particularmente agradecer a Sanmar.

Una vez más los molesto con su apoyo, ya que el equipo de mi hermana también fue afectado por esa gente sin escrúpulos. Ella detecto algo extraño al querer guardar en word un archivo y le pregunto si quería compartir en línea, lo cual no le solicitaba antes. Nunca hemos habilitado el escritorio remoto, ya que no compartimos archivos o red entre nosotros. Sin embargo, aparecían en inicio como los programas recientes fax, escritorio remoto y el centro de sincronización.

Revisando el task manager aparecen procesos de escritorio remoto, entre otros como servicio de red de office y de svchost.exe

y revisando el escritorio remoto, aparece en blanco, pero si doy clic en la opcion de red Pc conectase a escritorio remoto, me dice que ya hay una sesión.

Anexo reportes de FRST y Addition

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20.12.2018
Ran by Moyete (administrator) on MOYETE-PC (21-12-2018 16:58:01)
Running from C:\Users\Moyete\Desktop
Loaded Profiles: Moyete (Available Profiles: Moyete)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
(Visicom Media Inc.) C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\mstsc.exe
(Microsoft Corporation) C:\Windows\System32\mmc.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\msconfig.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\mmc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\SnippingTool.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

"Path" (C:\Program Files\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\ -> %SystemRoot%\System32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\) <==== Repaired successfully
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe [153296 2018-05-30] (Panda Security, S.L.)
HKLM\...\Run: [Panda Security URL Filtering] => "C:\Program Files\Panda Security URL Filtering\Panda_URL_Filtering.exe"
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle Corporation)
HKU\S-1-5-21-2713976509-1318226811-4177288055-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [13594584 2018-06-24] (Piriform Ltd)
HKLM\...\Drivers32: [MSVideo8] => C:\Windows\System32\VfWWDM32.dll [56832 2010-11-20] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.2.9.84 10.2.9.100
Tcpip\..\Interfaces\{5AD1119D-D7FA-43B3-8085-3D39E8DF931D}: [DhcpNameServer] 10.2.9.84 10.2.9.100

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2713976509-1318226811-4177288055-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
HKU\S-1-5-21-2713976509-1318226811-4177288055-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-006
SearchScopes: HKLM -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2713976509-1318226811-4177288055-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2713976509-1318226811-4177288055-1000 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://pandasecurity.mystart.com/results.php?pr=vmn&gen=ms&id=pandasafeweb&v=2_0&idate=2018-11-05&ent=ch_675&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2713976509-1318226811-4177288055-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_191\bin\ssv.dll [2018-12-12] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-12-12] (Oracle Corporation)
Toolbar: HKLM - Panda Safe Web - {b60873b9-51aa-4566-b2fc-c16de2ec8bff} -  No File

FireFox:
========
FF DefaultProfile: 904qasv3.default
FF ProfilePath: C:\Users\Moyete\AppData\Roaming\Mozilla\Firefox\Profiles\904qasv3.default [2018-12-21]
FF Extension: (Malwarebytes Browser Extension) - C:\Users\Moyete\AppData\Roaming\Mozilla\Firefox\Profiles\904qasv3.default\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2018-12-13]
FF Plugin: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-12-12] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-12-12] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-04] (Adobe Systems Inc.)

Chrome: 
=======
CHR Profile: C:\Users\Moyete\AppData\Local\Google\Chrome\User Data\Default [2018-12-21]
CHR Extension: (Presentaciones) - C:\Users\Moyete\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Dr.Web Anti-Virus Link Checker) - C:\Users\Moyete\AppData\Local\Google\Chrome\User Data\Default\Extensions\aleggpabliehgbeagmfhnodcijcmbonb [2018-12-14]
CHR Extension: (Documentos) - C:\Users\Moyete\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\Moyete\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-15]
CHR Extension: (AdGuard AdBlocker) - C:\Users\Moyete\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2018-12-14]
CHR Extension: (YouTube) - C:\Users\Moyete\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-15]
CHR Extension: (Adobe Acrobat) - C:\Users\Moyete\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-05-15]
CHR Extension: (Panda Smart Shopping) - C:\Users\Moyete\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcbhdhpamoencpdogjnmnbjddipfkpad [2018-11-05]
CHR Extension: (Hojas de cálculo) - C:\Users\Moyete\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Moyete\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-21]
CHR Extension: (Malwarebytes Browser Extension) - C:\Users\Moyete\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2018-12-13]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Moyete\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Gmail) - C:\Users\Moyete\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-15]
CHR Extension: (Chrome Media Router) - C:\Users\Moyete\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-09]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [fcbhdhpamoencpdogjnmnbjddipfkpad] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 avast; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-03-26] (AVAST Software)
S3 avastm; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-03-26] (AVAST Software)
S3 GoogleChromeElevationService; C:\Program Files\Google\Chrome\Application\71.0.3578.98\elevation_service.exe [375776 2018-12-11] (Google Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5073376 2018-09-19] (Malwarebytes)
R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe [109024 2017-11-08] (Panda Security, S.L.)
S3 Panda VPN Service; C:\Program Files\Panda Security\Panda Security Protection\Hydra.Sdk.Windows.Service.exe [320848 2017-11-19] ()
R2 PandaAgent; C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [86104 2016-07-19] (Panda Security, S.L.)
R2 panda_url_filtering; C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe [236528 2016-11-22] (Visicom Media Inc.)
R2 PSUAService; C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe [48784 2018-05-30] (Panda Security, S.L.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [109456 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 ICAM5USB; C:\Windows\System32\Drivers\Icam5USB.sys [100992 2001-08-17] (Microsoft Corporation)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [230120 2018-12-21] (Malwarebytes)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [108880 2017-11-03] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [222424 2017-11-03] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [132296 2017-11-03] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [147112 2017-11-03] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [83040 2017-09-18] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [128816 2017-11-03] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [84664 2017-11-03] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [140664 2017-11-03] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [329032 2017-11-03] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [226256 2017-11-03] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [127664 2017-11-03] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [275984 2017-11-03] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [123416 2017-11-03] (Panda Security, S.L.)
R3 NxpCap; C:\Windows\System32\DRIVERS\NxpCap.sys [1363200 2017-05-15] (NXP Semiconductors Germany GmbH)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [162392 2017-11-08] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [131160 2018-01-22] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [177240 2018-01-30] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [133544 2017-11-06] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [144856 2017-11-07] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [119136 2017-11-06] (Panda Security, S.L.)
U3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [60592 2017-05-22] (Panda Security, S.L.)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [147344 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 panda_url_filteringd; \??\C:\Program Files\Panda Security URL Filtering\panda_url_filteringd.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-21 16:58 - 2018-12-21 16:58 - 000015707 _____ C:\Users\Moyete\Desktop\FRST.txt
2018-12-21 16:57 - 2018-12-21 16:58 - 000000000 ____D C:\FRST
2018-12-21 16:55 - 2018-12-21 16:55 - 001778176 _____ (Farbar) C:\Users\Moyete\Desktop\FRST.exe
2018-12-21 15:31 - 2018-12-21 15:31 - 000230120 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-12-21 15:31 - 2017-05-22 04:29 - 000060592 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2018-12-21 10:04 - 2018-12-21 10:04 - 000018432 _____ C:\Users\Moyete\Downloads\VIDEO_TS (4).IFO
2018-12-21 10:04 - 2018-12-21 10:04 - 000018432 _____ C:\Users\Moyete\Downloads\VIDEO_TS (3).IFO
2018-12-21 10:04 - 2018-12-21 10:04 - 000018432 _____ C:\Users\Moyete\Downloads\VIDEO_TS (2).IFO
2018-12-21 10:03 - 2018-12-21 10:03 - 000018432 _____ C:\Users\Moyete\Downloads\VIDEO_TS.IFO
2018-12-21 10:03 - 2018-12-21 10:03 - 000018432 _____ C:\Users\Moyete\Downloads\VIDEO_TS (1).IFO
2018-12-21 09:56 - 2018-12-21 09:56 - 000008192 _____ C:\Users\Moyete\Downloads\VIDEO_TS.VOB
2018-12-21 09:54 - 2018-12-21 09:54 - 000159744 _____ C:\Users\Moyete\Downloads\VTS_01_0.VOB
2018-12-21 09:54 - 2018-12-21 09:54 - 000045056 _____ C:\Users\Moyete\Downloads\VTS_01_0.IFO
2018-12-13 10:39 - 2018-12-13 10:39 - 000000000 ____D C:\KVRT_Data
2018-12-12 21:28 - 2018-12-13 01:42 - 000262144 _____ C:\Windows\system32\config\ELAM
2018-12-12 21:22 - 2018-12-12 22:27 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2018-12-12 20:51 - 2018-12-12 20:51 - 002378800 _____ (Kaspersky Lab) C:\Users\Moyete\Downloads\kfa18.0.0.405abes_13158.exe
2018-12-12 18:25 - 2018-12-12 18:25 - 000000000 ____D C:\Program Files\Common Files\Oracle
2018-12-12 18:18 - 2018-12-12 18:18 - 000000000 ____D C:\Program Files\Common Files\Java
2018-12-11 15:48 - 2018-12-11 15:49 - 000413977 _____ C:\Users\Moyete\Downloads\statement_807716624.pdf
2018-12-03 09:19 - 2018-12-03 09:19 - 000313992 _____ C:\Users\Moyete\Downloads\565820400418 (10).pdf
2018-11-23 10:30 - 2018-11-23 10:30 - 000038063 _____ C:\Users\Moyete\Downloads\SAT_20181123113051.pdf
2018-11-23 10:24 - 2018-11-23 10:24 - 000042572 _____ C:\Users\Moyete\Downloads\Acuse.384739458.AcusePdf.pdfraul vazquez oct 2018.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-21 16:57 - 2009-07-13 22:34 - 000021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-12-21 16:57 - 2009-07-13 22:34 - 000021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-12-21 15:47 - 2017-05-19 15:32 - 000000000 ____D C:\Users\Moyete\Documents\Fax
2018-12-21 15:47 - 2009-07-13 20:37 - 000000000 ____D C:\Windows\ModemLogs
2018-12-21 15:45 - 2017-05-15 13:53 - 000000000 ____D C:\Users\Moyete\AppData\LocalLow\Mozilla
2018-12-21 15:30 - 2009-07-13 22:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-12-21 14:44 - 2018-11-05 10:28 - 000000000 ____D C:\Program Files\Panda Security URL Filtering
2018-12-20 11:12 - 2010-11-20 18:30 - 000747396 _____ C:\Windows\system32\perfh00A.dat
2018-12-20 11:12 - 2010-11-20 18:30 - 000158868 _____ C:\Windows\system32\perfc00A.dat
2018-12-20 11:12 - 2010-11-20 15:01 - 001676890 _____ C:\Windows\system32\PerfStringBackup.INI
2018-12-20 11:12 - 2009-07-13 20:37 - 000000000 ____D C:\Windows\inf
2018-12-20 11:10 - 2017-05-19 15:34 - 000000000 ____D C:\Users\Moyete\Documents\irmi
2018-12-20 11:05 - 2017-05-15 13:35 - 000000000 ____D C:\Users\Moyete\AppData\Local\Microsoft Help
2018-12-14 17:25 - 2017-05-15 13:52 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2018-12-14 17:25 - 2017-05-15 13:52 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-12-13 10:32 - 2017-05-15 14:02 - 000000000 ____D C:\Program Files\AVAST Software
2018-12-13 10:32 - 2017-05-15 14:01 - 000000000 ____D C:\ProgramData\AVAST Software
2018-12-13 01:41 - 2017-05-15 14:06 - 000000000 ____D C:\Program Files\Common Files\AV
2018-12-12 22:25 - 2017-12-13 21:23 - 000000000 ____D C:\Users\Moyete\AppData\Local\AVAST Software
2018-12-12 19:27 - 2009-07-13 20:37 - 000000000 __RHD C:\Users\Public\Libraries
2018-12-12 18:26 - 2017-05-15 13:49 - 000002168 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-12-12 18:25 - 2017-05-15 13:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-12-12 18:25 - 2017-05-15 13:55 - 000000000 ____D C:\Program Files\Java
2018-12-12 18:16 - 2017-05-15 13:55 - 000096632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2018-12-12 10:03 - 2017-05-15 14:01 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-12-11 15:56 - 2018-11-19 10:04 - 000129248 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
2018-12-09 15:10 - 2018-11-04 15:48 - 000000000 ____D C:\Users\Moyete\AppData\Local\ESET
2018-11-29 09:38 - 2017-05-15 13:44 - 000000408 _____ C:\Windows\Tasks\Driver Easy Scheduled Scan.job
2018-11-24 10:39 - 2018-03-26 10:37 - 000002373 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2018-11-24 10:39 - 2018-03-26 10:37 - 000002330 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
2018-11-23 10:32 - 2017-05-19 11:10 - 000000000 ____D C:\Users\Moyete\AppData\Roaming\PrimoPDF

Some files in TEMP:
====================
2018-12-12 18:13 - 2018-12-12 18:13 - 001892728 _____ (Oracle Corporation) C:\Users\Moyete\AppData\Local\Temp\jre-8u191-windows-au.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-12-14 18:13

==================== End of FRST.txt ============================

#2

File Addition

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20.12.2018
Ran by Moyete (21-12-2018 16:59:11)
Running from C:\Users\Moyete\Desktop
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2017-05-15 19:31:42)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-2713976509-1318226811-4177288055-500 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-2713976509-1318226811-4177288055-1002 - Limited - Enabled)
Invitado (S-1-5-21-2713976509-1318226811-4177288055-501 - Limited - Disabled)
Moyete (S-1-5-21-2713976509-1318226811-4177288055-1000 - Administrator - Enabled) => C:\Users\Moyete

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Dome (Enabled - Up to date) {CF440CD9-5435-10B1-04E0-7768B6F10320}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Panda Dome (Enabled - Up to date) {7425ED3D-720F-1F3F-3E50-4C1ACD76499D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Español (HKLM\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.010.20064 - Adobe Systems Incorporated)
Avast Secure Browser (HKLM\...\Avast Secure Browser) (Version: 70.0.917.102 - AVAST Software)
Avast Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.136.333 - AVAST Software) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.44 - Piriform)
CFDi Facturas (HKU\S-1-5-21-2713976509-1318226811-4177288055-1000\...\d30ebcb45a9312ef) (Version: 1.0.4.4 - Todo CFDi)
Driver Easy 5.5.0 (HKLM\...\DriverEasy_is1) (Version: 5.5.0 - Easeware)
Google Chrome (HKLM\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel(R) TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
Java 8 Update 191 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
Malwarebytes versión 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft .NET Framework 4.7 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 64.0 (x86 es-MX) (HKLM\...\Mozilla Firefox 64.0 (x86 es-MX)) (Version: 64.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 64.0.0.6914 - Mozilla)
Panda Devices Agent (HKLM\...\{3F9548B2-0B34-4453-A92E-35056B053F19}) (Version: 1.08.00 - Panda Security) Hidden
Panda Devices Agent (HKLM\...\Panda Devices Agent) (Version: 1.03.08 - Panda Security) Hidden
Panda Dome (HKLM\...\{F34B4AEC-F6E5-4693-9B6E-6A47C61A724A}) (Version: 9.13.00 - Panda Security) Hidden
Panda Dome (HKLM\...\Panda Universal Agent Endpoint) (Version: 18.06.00.0000 - Panda Security)
Panda Safe Web (HKLM\...\pandasecuritytb) (Version: 4.3.1.30 - Panda Security and Visicom Media Inc.)
Paquete de idioma de Microsoft Visual Studio 2010 Tools para Office Runtime (x86) - ESN (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - ESN) (Version: 10.0.50903 - Microsoft Corporation)
PrimoPDF -- brought to you by Nitro PDF Software (HKLM\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files\Panda Security\Panda Security Protection\PSUAShell.dll [2018-05-30] (Panda Security, S.L.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-09-23] (Intel Corporation)
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files\Panda Security\Panda Security Protection\PSUAShell.dll [2018-05-30] (Panda Security, S.L.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files\Panda Security\Panda Security Protection\PSUAShell.dll [2018-05-30] (Panda Security, S.L.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A6BA1F8-11A0-4348-B4D4-7E398390B97C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems Incorporated)
Task: {1CD747EC-49D6-45C2-A9B5-6035BAC327DD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-05-15] (Google Inc.)
Task: {30CD0020-5674-48EE-8D70-6F3716E8B9ED} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-03-26] (AVAST Software)
Task: {3D405EB9-09B8-4346-99F6-179A0EEB76AD} - System32\Tasks\Driver Easy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe [2017-03-23] (Easeware)
Task: {636C883C-1F19-4A9F-847A-BFE16C3990EE} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-03-26] (AVAST Software)
Task: {7831F38C-56C9-49B1-9B61-3A82F3F98D62} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2713976509-1318226811-4177288055-1000
Task: {795BFC48-4E9E-46AF-87F9-70AC28849477} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-06-24] (Piriform Ltd)
Task: {7E3F0B22-9E85-4364-AAC0-15CF95970217} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-06-24] (Piriform Ltd)
Task: {E881D087-666D-4CD8-9E15-0DAC4075DF37} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-05-15] (Google Inc.)
Task: {F0C3AC62-6713-4D25-83BE-10933F43E46D} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {F3122ED4-DBEF-40E4-8B50-A9D3B48958B5} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\avast software\overseer\overseer.exe [2018-10-29] (AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Driver Easy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2015-12-15 11:17 - 2015-12-15 11:17 - 000618544 _____ () C:\Program Files\Panda Security\Panda Security Protection\SQLite3.dll
2013-09-04 23:14 - 2013-09-04 23:14 - 004300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2018-11-19 10:04 - 2018-12-11 15:56 - 002234688 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-06-24 05:27 - 2018-06-24 05:27 - 000095168 _____ () C:\Program Files\CCleaner\lang\lang-1034.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:04 - 2018-11-19 09:47 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2713976509-1318226811-4177288055-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Moyete\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.2.9.84 - 10.2.9.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{1F2C6811-E543-4ABC-B603-C6DBF13A91B8}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [UDP Query User{5E7FDB12-7E28-4F95-B1FB-40CADBAAA98D}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [{02761B83-91D3-4B40-B81C-076C2D5F3C98}] => (Allow) C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
FirewallRules: [{59AD589E-CED7-401B-B195-7D5D0D0ED87F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{E73F53FA-5D37-4B14-827F-C4BC9DD7D43F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{DCD60EDA-8DBE-42F6-8807-14F62B51EF6A}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{9589662F-BE9F-4FCD-96CD-C3E66332CD0F}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{EDC22D9A-772A-4C49-A315-FC502F9C0331}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{33C38945-E869-4267-B2C0-50A64D8CFC90}] => (Allow) C:\Program Files\pandasecuritytb\cleanupie.exe
FirewallRules: [{2620E19F-5912-4C82-BA25-44E1062A54DB}] => (Allow) C:\Program Files\pandasecuritytb\cleanupie.exe
FirewallRules: [{E9617F2C-CD7F-4012-B64C-46B0A6CA0246}] => (Allow) C:\Program Files\pandasecuritytb\ToolbarCleaner.exe
FirewallRules: [{F63CD74B-2C1E-400E-83C6-80C1310955C7}] => (Allow) C:\Program Files\pandasecuritytb\ToolbarCleaner.exe
FirewallRules: [{7D6983A7-C041-448C-A067-F81F57C38724}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{88F4693B-5825-4125-9F7C-8CF5DA5AB5BC}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{BB65DC7D-83D3-48DA-B419-E9389715EA1A}] => (Allow) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
FirewallRules: [{61A57E11-E2D2-4CB3-A0AA-F703FF931B9C}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

19-10-2018 14:45:16 Punto de control programado
05-11-2018 16:05:09 Punto de control programado
12-12-2018 19:04:50 Punto de control programado

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Adaptador de tunelización Teredo de Microsoft
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/21/2018 03:31:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (12/21/2018 01:25:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (12/21/2018 09:16:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (12/20/2018 10:46:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (12/14/2018 05:26:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (12/14/2018 09:35:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (12/13/2018 05:24:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (12/13/2018 10:34:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.


System errors:
=============
Error: (12/12/2018 10:26:24 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: El servicio Panda Product Service no respondió después de iniciar.

Error: (12/12/2018 06:09:27 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: El servicio Panda Product Service no respondió después de iniciar.

Error: (12/12/2018 10:25:43 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: El servidor {F9717507-6651-4EDB-BFF7-AE615179BCCF} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (12/12/2018 10:25:42 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: El servidor {3EB3C877-1F16-487C-9050-104DBCD66683} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (12/12/2018 10:21:50 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: El servicio Panda Product Service no respondió después de iniciar.

Error: (12/12/2018 09:48:22 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: El servicio Panda Product Service no respondió después de iniciar.

Error: (12/09/2018 03:12:42 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: El servicio Panda Product Service no respondió después de iniciar.

Error: (12/07/2018 09:35:21 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción del servicio avast! Antivirus.


==================== Memory info =========================== 

Processor: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz
Percentage of memory in use: 65%
Total physical RAM: 3061.18 MB
Available physical RAM: 1055.39 MB
Total Virtual: 7659.5 MB
Available Virtual: 5519.2 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:260.2 GB) NTFS

\\?\Volume{15c7213a-39a5-11e7-a734-806e6f6e6963}\ (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: BC705DC9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


Al dar clic derecho en el escritorio, muestra la opción sincronizacion de carpetas compartidas por sharepoint workspace.

Gracias una vez mas


#3

Hola @Cxw7gab:

Bienvenida nuevamente a InfoSpyware…!!!

Antes de analizar los reportes de FRST te dejo unos pasos de limpieza previas:

Realiza los siguientes pasos, sin cambiar el orden:

1.- Desactiva temporalmente tu antivirus y cualquier programa de seguridad.

2.- Descarga a tu escritorio las siguientes herramientas:

3.- Luego respetando el orden:

Malwarebytes

Instalalo y actualizalo. Realiza un Análisis Completo de acuerdo a su Manual.

AdwCleaner

Ejecutalo.(Clic derecho y selecciona Ejecutar como Administrador). Pulsa en el botón Escanear y espera a que se realice el proceso. Luego pulsa sobre el botón Limpiar. Espera a que se complete. Si te pidiera reiniciar el sistema Aceptas. Guardas el reporte que te aparecerá para copiarlo y pegarlo en tu próxima respuesta. El informe también se puede encontrar en “C:\AdwCleaner\AdwCleaner.txt”

ZHPCleaner

Siguiendo su manual, lo instalas y ejecutas. Cuando termine, eliminas todo lo que encuentre.

Nota Importante:

En tu próxima respuesta debes pegar los reportes de Malwarebytes, AdwCleaner y ZHPCleaner.

Guía : ¿Como Pegar reportes en el Foro?

Esperamos esos reporte.

Salu2


#4

Hola Sanmar :slightly_smiling_face:

Adjunto los reportes,

Malwarebytes

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 22/12/18
Hora del análisis: 18:06
Archivo de registro: aac3ee48-0646-11e9-bb21-002421b03393.json

-Información del software-
Versión: 3.6.1.2711
Versión de los componentes: 1.0.508
Versión del paquete de actualización: 1.0.8449
Licencia: Gratis

-Información del sistema-
SO: Windows 7 Service Pack 1
CPU: x86
Sistema de archivos: NTFS
Usuario: Moyete-PC\Moyete

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 170308
Amenazas detectadas: 0
Amenazas en cuarentena: 0
Tiempo transcurrido: 4 min, 18 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Activado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 0
(No hay elementos maliciosos detectados)

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

AdwCleaner


# Malwarebytes AdwCleaner 7.2.6.0
# -------------------------------
# Build:    12-18-2018
# Database: 2018-12-21.2 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    12-22-2018
# Duration: 00:00:14
# OS:       Windows 7 Ultimate
# Scanned:  32227
# Detected: 13


***** [ Services ] *****

PUP.Optional.Panda              panda_url_filtering

***** [ Folders ] *****

PUP.Optional.Legacy             C:\Program Files\pandasecuritytb
PUP.Optional.Legacy             C:\Users\Moyete\AppData\LocalLow\pandasecuritytb
PUP.Optional.Panda              C:\Program Files\Panda Security URL Filtering

***** [ Files ] *****

PUP.Optional.Panda              C:\Users\Moyete\AppData\Roaming\Mozilla\Firefox\Profiles\904qasv3.default\pandasecuritytb\setupCfg.xml
PUP.Optional.Panda              C:\Users\Moyete\AppData\Roaming\Mozilla\Firefox\Profiles\904qasv3.default\pandasecuritytb\setdefaultsearch_panda.dat
PUP.Optional.Panda              C:\Users\Moyete\AppData\Roaming\Mozilla\Firefox\Profiles\904qasv3.default\pandasecuritytb\guid.dat
PUP.Optional.Panda              C:\Users\Moyete\AppData\Roaming\Mozilla\Firefox\Profiles\904qasv3.default\pandasecuritytb\cfg.dat

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy             HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{2620E19F-5912-4C82-BA25-44E1062A54DB}
PUP.Optional.Legacy             HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{33C38945-E869-4267-B2C0-50A64D8CFC90}
PUP.Optional.Legacy             HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{F63CD74B-2C1E-400E-83C6-80C1310955C7}
PUP.Optional.Legacy             HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{E9617F2C-CD7F-4012-B64C-46B0A6CA0246}
PUP.Optional.Legacy             HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

ZHPCleaner

~ ZHPCleaner v2018.12.19.207 by Nicolas Coolman (2018/12/19)
~ Run by Moyete (Administrator)  (22/12/2018 19:22:51)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Certificate ZHPCleaner: Legal
~ Type : Scanner
~ Report : C:\Users\Moyete\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Moyete\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)


---\\  Alternate Data Stream (ADS). (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Servicios (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Navegadores de Internet (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Archivo hosts (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Tareas automáticas programadas. (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Explorador ( Archivos, Carpetas ) (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Registro ( Claves, Valores, Datos) (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\ Resultado de la reparación.
~ ninguna reparación hecha
~ falta este navegador! (Google Chrome)
~ falta este navegador! (Mozilla Firefox)
~ falta este navegador! (Internet Explorer)
~ falta este navegador! (Opera Software)


---\\ STATISTIQUES
~ Items escaneado : 0
~ Items encontrado : 0
~ artículos cancelados : 0
~ Items opciones : 12/12
~ Ahorro de espacio (bytes) : 0


~ End of search in 00h00mn00s
ZHPCleaner-[S]-22122018-19_22_51.txt

Aunque no encontró nada, hoy revisando el equipo encontré un archivo que dice 0 bytes, y que sirve para conectarse a escritorio remoto. No pude abrirlo o hacer más ya que dice que no tengo permisos de administrador.

Todo fue revisado y los programas ejecutados con el usuario administrador. Pero, supongo se refiere al administrador del servidor. Es como si la computadora estuviera conectada a un servidor empresarial. Esta es una computadora hogar.

Gracias


#5

Hola @CxW7Gab:

Revisa lo siguiente:

1.- Inicio >>> Panel de Control >>> Sistema y Seguridad >>> Sistema.

Del lado izquierdo pincha en "Configuración de Acceso Remoto"

En la ventana que se abre revisa que en la Pestaña “Acceso Remoto” se vea así:

remoto

2.- Y ahora si ejecuta nuevamente FRST y tráenos reportes frescos.

Salu2.


#6

Hola,

Ya revisé la pestaña del acceso remoto y se encuentra tal y como indicas en la imagen.

los reportes

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23.12.2018
Ran by Moyete (administrator) on MOYETE-PC (23-12-2018 13:47:29)
Running from C:\Users\Moyete\Desktop
Loaded Profiles: Moyete (Available Profiles: Moyete)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe [153296 2018-05-30] (Panda Security, S.L.)
HKLM\...\Run: [Panda Security URL Filtering] => "C:\Program Files\Panda Security URL Filtering\Panda_URL_Filtering.exe"
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle Corporation)
HKU\S-1-5-21-2713976509-1318226811-4177288055-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [13594584 2018-06-24] (Piriform Ltd)
HKU\S-1-5-21-2713976509-1318226811-4177288055-1000\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation)
HKLM\...\Drivers32: [MSVideo8] => C:\Windows\System32\VfWWDM32.dll [56832 2010-11-20] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.2.9.84 10.2.9.100
Tcpip\..\Interfaces\{5AD1119D-D7FA-43B3-8085-3D39E8DF931D}: [DhcpNameServer] 10.2.9.84 10.2.9.100

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2713976509-1318226811-4177288055-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
HKU\S-1-5-21-2713976509-1318226811-4177288055-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-006
SearchScopes: HKLM -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2713976509-1318226811-4177288055-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2713976509-1318226811-4177288055-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_191\bin\ssv.dll [2018-12-12] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-12-12] (Oracle Corporation)
Toolbar: HKLM - Panda Safe Web - {b60873b9-51aa-4566-b2fc-c16de2ec8bff} -  No File

FireFox:
========
FF DefaultProfile: 904qasv3.default
FF ProfilePath: C:\Users\Moyete\AppData\Roaming\Mozilla\Firefox\Profiles\904qasv3.default [2018-12-23]
FF Extension: (Malwarebytes Browser Extension) - C:\Users\Moyete\AppData\Roaming\Mozilla\Firefox\Profiles\904qasv3.default\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2018-12-13]
FF Plugin: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-12-12] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-12-12] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-04] (Adobe Systems Inc.)

Chrome: 
=======
CHR Profile: C:\Users\Moyete\AppData\Local\Google\Chrome\User Data\Default [2018-12-22]
CHR Extension: (Presentaciones) - C:\Users\Moyete\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Dr.Web Anti-Virus Link Checker) - C:\Users\Moyete\AppData\Local\Google\Chrome\User Data\Default\Extensions\aleggpabliehgbeagmfhnodcijcmbonb [2018-12-14]
CHR Extension: (Documentos) - C:\Users\Moyete\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\Moyete\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-15]
CHR Extension: (AdGuard AdBlocker) - C:\Users\Moyete\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2018-12-14]
CHR Extension: (YouTube) - C:\Users\Moyete\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-15]
CHR Extension: (Panda Smart Shopping) - C:\Users\Moyete\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcbhdhpamoencpdogjnmnbjddipfkpad [2018-11-05]
CHR Extension: (Hojas de cálculo) - C:\Users\Moyete\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Moyete\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-21]
CHR Extension: (Malwarebytes Browser Extension) - C:\Users\Moyete\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2018-12-13]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Moyete\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Gmail) - C:\Users\Moyete\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-15]
CHR Extension: (Chrome Media Router) - C:\Users\Moyete\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-09]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [fcbhdhpamoencpdogjnmnbjddipfkpad] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 avast; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-03-26] (AVAST Software)
S4 avastm; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-03-26] (AVAST Software)
S3 GoogleChromeElevationService; C:\Program Files\Google\Chrome\Application\71.0.3578.98\elevation_service.exe [375776 2018-12-11] (Google Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5073376 2018-09-19] (Malwarebytes)
R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe [109024 2017-11-08] (Panda Security, S.L.)
S3 Panda VPN Service; C:\Program Files\Panda Security\Panda Security Protection\Hydra.Sdk.Windows.Service.exe [320848 2017-11-19] ()
R2 PandaAgent; C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [86104 2016-07-19] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe [48784 2018-05-30] (Panda Security, S.L.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [109456 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 ICAM5USB; C:\Windows\System32\Drivers\Icam5USB.sys [100992 2001-08-17] (Microsoft Corporation)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [230120 2018-12-23] (Malwarebytes)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [108880 2017-11-03] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [222424 2017-11-03] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [132296 2017-11-03] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [147112 2017-11-03] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [83040 2017-09-18] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [128816 2017-11-03] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [84664 2017-11-03] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [140664 2017-11-03] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [329032 2017-11-03] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [226256 2017-11-03] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [127664 2017-11-03] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [275984 2017-11-03] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [123416 2017-11-03] (Panda Security, S.L.)
R3 NxpCap; C:\Windows\System32\DRIVERS\NxpCap.sys [1363200 2017-05-15] (NXP Semiconductors Germany GmbH)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [162392 2017-11-08] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [131160 2018-01-22] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [177240 2018-01-30] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [133544 2017-11-06] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [144856 2017-11-07] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [119136 2017-11-06] (Panda Security, S.L.)
U3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [60592 2017-05-22] (Panda Security, S.L.)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [147344 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 panda_url_filteringd; \??\C:\Program Files\Panda Security URL Filtering\panda_url_filteringd.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-23 13:47 - 2018-12-23 13:47 - 000000000 ____D C:\Users\Moyete\Desktop\FRST-OlderVersion
2018-12-23 13:45 - 2018-12-23 13:45 - 000022016 _____ C:\Users\Moyete\Documents\Guardado con Autorrecuperación de Documento1.asd
2018-12-23 13:42 - 2018-12-23 13:42 - 000000000 ____D C:\Users\Moyete\Documents\jobs 2018
2018-12-23 13:16 - 2018-12-23 13:16 - 000230120 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-12-23 13:16 - 2017-05-22 04:29 - 000060592 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2018-12-22 21:14 - 2018-12-22 21:14 - 127229528 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-12-22 21:09 - 2018-12-22 21:37 - 000000000 ____D C:\Windows\system32\MRT
2018-12-22 21:09 - 2018-12-22 21:35 - 134209608 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-12-22 19:54 - 2018-12-22 19:59 - 000000000 ____D C:\50ec2f89873eba945e
2018-12-22 19:22 - 2018-12-22 19:22 - 000001748 _____ C:\Users\Moyete\Desktop\ZHPCleaner.txt
2018-12-22 19:22 - 2018-12-22 19:22 - 000000832 _____ C:\Users\Moyete\Desktop\ZHPCleaner.lnk
2018-12-22 19:22 - 2018-12-22 19:22 - 000000000 ____D C:\Users\Moyete\AppData\Roaming\ZHP
2018-12-22 19:22 - 2018-12-22 19:22 - 000000000 ____D C:\Users\Moyete\AppData\Local\ZHP
2018-12-22 18:58 - 2018-12-22 18:58 - 000002742 _____ C:\Users\Moyete\Desktop\AdwCleaner[S00].txt
2018-12-22 18:53 - 2018-11-10 19:09 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-12-22 18:53 - 2018-11-10 19:09 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-12-22 18:53 - 2018-11-10 19:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-12-22 18:53 - 2018-11-10 19:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-12-22 18:53 - 2018-11-10 19:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-12-22 18:53 - 2018-11-10 19:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-12-22 18:53 - 2018-11-10 19:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-12-22 18:53 - 2018-11-10 19:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-12-22 18:53 - 2018-11-10 19:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-12-22 18:53 - 2018-11-10 19:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-12-22 18:53 - 2018-11-10 19:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-12-22 18:53 - 2018-11-10 19:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-12-22 18:53 - 2018-11-10 19:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-12-22 18:53 - 2018-11-10 19:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-12-22 18:53 - 2018-11-10 19:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-12-22 18:53 - 2018-11-10 19:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-12-22 18:53 - 2018-11-10 19:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-12-22 18:53 - 2018-11-10 19:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-12-22 18:53 - 2018-11-10 19:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-12-22 18:53 - 2018-11-10 19:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-12-22 18:53 - 2018-11-10 19:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-12-22 18:53 - 2018-11-10 19:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-12-22 18:53 - 2018-11-10 19:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-12-22 18:53 - 2018-11-10 19:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-12-22 18:53 - 2018-11-10 18:40 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-12-22 18:53 - 2018-11-10 18:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-12-22 18:53 - 2018-11-10 18:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-12-22 18:53 - 2018-11-10 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-12-22 18:52 - 2018-12-05 20:35 - 002405376 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-12-22 18:52 - 2018-11-28 15:50 - 012574208 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2018-12-22 18:52 - 2018-11-28 15:50 - 011411968 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2018-12-22 18:52 - 2018-11-28 15:38 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2018-12-22 18:52 - 2018-11-28 15:38 - 000004608 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2018-12-22 18:52 - 2018-11-28 15:38 - 000004608 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2018-12-22 18:52 - 2018-11-11 10:50 - 000189672 _____ (Microsoft Corporation) C:\Windows\system32\halmacpi.dll
2018-12-22 18:52 - 2018-11-11 10:50 - 000189672 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-12-22 18:52 - 2018-11-11 10:49 - 004054760 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2018-12-22 18:52 - 2018-11-11 10:49 - 003960040 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-12-22 18:52 - 2018-11-11 10:49 - 000162536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2018-12-22 18:52 - 2018-11-11 10:49 - 000137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-12-22 18:52 - 2018-11-11 10:49 - 000136424 _____ (Microsoft Corporation) C:\Windows\system32\halacpi.dll
2018-12-22 18:52 - 2018-11-11 10:49 - 000067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-12-22 18:52 - 2018-11-11 10:47 - 001310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-12-22 18:52 - 2018-11-11 10:45 - 001063424 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-12-22 18:52 - 2018-11-11 10:45 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-12-22 18:52 - 2018-11-11 10:45 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-12-22 18:52 - 2018-11-11 10:45 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-12-22 18:52 - 2018-11-11 10:45 - 000261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-12-22 18:52 - 2018-11-11 10:45 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-12-22 18:52 - 2018-11-11 10:45 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-12-22 18:52 - 2018-11-11 10:45 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-12-22 18:52 - 2018-11-11 10:45 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-12-22 18:52 - 2018-11-11 10:45 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-12-22 18:52 - 2018-11-11 10:45 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-12-22 18:52 - 2018-11-11 10:45 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-12-22 18:52 - 2018-11-11 10:45 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-12-22 18:52 - 2018-11-11 10:45 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-12-22 18:52 - 2018-11-11 10:45 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-12-22 18:52 - 2018-11-11 10:45 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-12-22 18:52 - 2018-11-11 10:44 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-12-22 18:52 - 2018-11-11 10:44 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-12-22 18:52 - 2018-11-11 10:44 - 000307200 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2018-12-22 18:52 - 2018-11-11 10:44 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-12-22 18:52 - 2018-11-11 10:44 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-12-22 18:52 - 2018-11-11 10:44 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-12-22 18:52 - 2018-11-11 10:44 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-12-22 18:52 - 2018-11-11 10:44 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-12-22 18:52 - 2018-11-11 10:20 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-12-22 18:52 - 2018-11-11 10:20 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-12-22 18:52 - 2018-11-11 10:20 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-12-22 18:52 - 2018-11-11 10:20 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-12-22 18:52 - 2018-11-11 10:19 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-12-22 18:52 - 2018-11-11 10:17 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-12-22 18:52 - 2018-11-11 10:17 - 000107008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-12-22 18:52 - 2018-11-11 10:15 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-12-22 18:52 - 2018-11-11 10:14 - 000125952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-12-22 18:52 - 2018-11-11 10:14 - 000098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-12-22 18:52 - 2018-11-11 10:14 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-12-22 18:52 - 2018-11-11 10:14 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-12-22 18:52 - 2018-11-11 10:14 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-12-22 18:52 - 2018-11-11 10:14 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-12-22 18:52 - 2018-11-11 10:13 - 000055296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2018-12-22 18:52 - 2018-11-11 10:13 - 000053760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2018-12-22 18:52 - 2018-11-11 10:13 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\viac7.sys
2018-12-22 18:52 - 2018-11-11 10:13 - 000052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2018-12-22 18:52 - 2018-11-11 10:13 - 000052224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2018-12-22 18:52 - 2018-11-10 19:11 - 000171008 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-12-22 18:52 - 2018-11-10 19:10 - 001425920 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2018-12-22 18:52 - 2018-11-10 19:10 - 000872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-12-22 18:52 - 2018-11-10 19:10 - 000380928 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2018-12-22 18:52 - 2018-11-10 19:10 - 000294400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-12-22 18:52 - 2018-11-10 19:10 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2018-12-22 18:52 - 2018-11-10 18:47 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2018-12-22 18:52 - 2018-11-10 18:43 - 000271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-12-22 18:52 - 2018-11-08 10:43 - 001391104 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-12-22 18:52 - 2018-11-08 10:43 - 001241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2018-12-22 18:52 - 2018-11-08 10:43 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2018-12-22 18:52 - 2018-11-08 10:43 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2018-12-22 18:52 - 2018-11-05 22:20 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2018-12-22 18:52 - 2018-10-26 21:27 - 000173568 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll
2018-12-22 18:52 - 2018-10-26 21:27 - 000164352 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2018-12-22 18:52 - 2018-10-26 21:27 - 000121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2018-12-22 18:52 - 2018-10-26 21:04 - 000141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2018-12-22 18:52 - 2018-10-26 21:04 - 000126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2018-12-22 18:52 - 2018-10-26 21:04 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\wshcon.dll
2018-12-22 18:52 - 2018-10-26 21:04 - 000015360 _____ (Microsoft Corporation) C:\Windows\system32\dispex.dll
2018-12-22 18:52 - 2018-10-06 09:50 - 000309480 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-12-22 18:52 - 2018-10-06 09:44 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-12-22 18:52 - 2018-10-06 09:43 - 000071680 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-12-22 18:52 - 2018-10-06 09:43 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2018-12-22 18:52 - 2018-10-06 09:43 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2018-12-22 18:52 - 2018-10-06 09:16 - 000034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-12-22 18:52 - 2018-10-06 07:42 - 001988096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2018-12-22 18:52 - 2018-09-22 20:37 - 001549312 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2018-12-22 18:52 - 2018-09-22 20:37 - 001400320 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2018-12-22 18:52 - 2018-09-22 20:37 - 000666624 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2018-12-22 18:52 - 2018-09-22 20:37 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2018-12-22 18:52 - 2018-09-22 20:37 - 000197120 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2018-12-22 18:52 - 2018-09-22 20:37 - 000104448 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2018-12-22 18:52 - 2018-09-22 20:37 - 000059392 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2018-12-22 18:52 - 2018-09-22 20:37 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2018-12-22 18:52 - 2018-09-22 20:22 - 000427520 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2018-12-22 18:52 - 2018-09-22 20:22 - 000164352 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2018-12-22 18:52 - 2018-09-22 20:21 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2018-12-22 18:52 - 2018-09-22 20:21 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2018-12-22 18:52 - 2018-09-19 02:08 - 000343552 _____ (Microsoft Corporation) C:\Windows\system32\msrd3x40.dll
2018-12-22 18:52 - 2018-09-08 18:46 - 001214152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2018-12-22 18:52 - 2018-09-08 18:46 - 000730824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2018-12-22 18:52 - 2018-09-08 18:46 - 000219336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2018-12-22 18:52 - 2018-09-08 18:44 - 002755584 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2018-12-22 18:52 - 2018-09-08 18:42 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2018-12-22 18:52 - 2018-08-31 09:08 - 001311744 _____ (Microsoft Corporation) C:\Windows\system32\msjet40.dll
2018-12-22 18:52 - 2018-08-31 09:08 - 000340480 _____ (Microsoft Corporation) C:\Windows\system32\msexcl40.dll
2018-12-22 18:52 - 2018-08-29 19:47 - 001230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2018-12-22 18:52 - 2018-08-27 23:41 - 000190976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2018-12-22 18:52 - 2018-08-27 21:48 - 000419608 _____ C:\Windows\system32\locale.nls
2018-12-22 18:52 - 2018-08-15 20:14 - 000041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2018-12-22 18:52 - 2018-08-13 15:48 - 000940784 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2018-12-22 18:52 - 2018-08-13 09:41 - 000527872 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2018-12-22 18:52 - 2018-08-13 09:40 - 012880896 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2018-12-22 18:52 - 2018-08-13 09:40 - 001499648 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2018-12-22 18:52 - 2018-08-13 09:40 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
2018-12-22 18:52 - 2018-08-13 09:40 - 000004608 _____ (Microsoft Corporation) C:\Windows\system32\msimg32.dll
2018-12-22 18:52 - 2018-08-12 14:18 - 000240808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2018-12-22 18:52 - 2018-08-12 14:17 - 001311400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2018-12-22 18:52 - 2018-08-12 14:17 - 000187560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2018-12-22 18:52 - 2018-08-12 14:17 - 000122536 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-12-22 18:52 - 2018-08-12 14:14 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2018-12-22 18:52 - 2018-08-12 14:13 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-12-22 18:52 - 2018-08-10 09:41 - 000564736 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2018-12-22 18:52 - 2018-08-10 09:40 - 000463360 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2018-12-22 18:52 - 2018-08-10 09:40 - 000089088 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
2018-12-22 18:52 - 2018-08-10 09:20 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2018-12-22 18:52 - 2018-08-10 09:20 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
2018-12-22 18:52 - 2018-08-08 09:40 - 000158720 _____ (Microsoft Corporation) C:\Windows\system32\itircl.dll
2018-12-22 18:52 - 2018-08-08 09:40 - 000142848 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
2018-12-22 18:52 - 2018-08-03 09:39 - 000084992 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2018-12-22 18:52 - 2018-07-29 09:40 - 000751104 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2018-12-22 18:52 - 2018-07-18 09:14 - 000068608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2018-12-22 18:52 - 2018-07-06 09:54 - 000713408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2018-12-22 18:52 - 2018-06-29 09:40 - 000549376 _____ (Microsoft Corporation) C:\Windows\system32\cscsvc.dll
2018-12-22 18:52 - 2018-06-29 09:40 - 000109568 _____ (Microsoft Corporation) C:\Windows\system32\CscMig.dll
2018-12-22 18:52 - 2018-06-29 09:40 - 000023040 _____ (Microsoft Corporation) C:\Windows\system32\cscdll.dll
2018-12-22 18:52 - 2018-06-29 09:10 - 000389632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\csc.sys
2018-12-22 18:52 - 2018-06-29 09:09 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\cscapi.dll
2018-12-22 18:52 - 2018-06-27 09:50 - 000105152 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2018-12-22 18:52 - 2018-06-27 09:43 - 000363520 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2018-12-22 18:52 - 2018-06-27 09:42 - 002366464 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2018-12-22 18:52 - 2018-06-27 09:42 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2018-12-22 18:52 - 2018-06-27 09:42 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2018-12-22 18:52 - 2018-06-27 09:41 - 001806848 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2018-12-22 18:52 - 2018-06-27 09:41 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2018-12-22 18:52 - 2018-06-27 09:16 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2018-12-22 18:52 - 2018-06-08 09:55 - 000330240 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll
2018-12-22 18:52 - 2018-06-08 09:54 - 000269824 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2018-12-22 18:52 - 2018-06-08 09:54 - 000131584 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2018-12-22 18:52 - 2018-06-08 09:28 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe
2018-12-22 18:52 - 2018-05-30 07:04 - 000535616 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-12-22 18:52 - 2018-05-30 07:04 - 000410080 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2018-12-22 18:52 - 2018-05-30 07:04 - 000374872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2018-12-22 18:52 - 2018-05-14 21:13 - 003207168 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2018-12-22 18:52 - 2018-05-14 21:13 - 000782848 _____ (Microsoft Corporation) C:\Windows\system32\webservices.dll
2018-12-22 18:52 - 2018-05-14 21:13 - 000103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2018-12-22 18:52 - 2018-05-14 21:13 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2018-12-22 18:52 - 2018-05-14 21:01 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2018-12-22 18:52 - 2018-05-14 21:01 - 000023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2018-12-22 18:52 - 2018-05-11 19:56 - 000056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2018-12-22 18:52 - 2018-05-11 19:56 - 000025984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2018-12-22 18:52 - 2018-05-11 19:56 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
2018-12-22 18:52 - 2018-05-10 18:40 - 000741888 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2018-12-22 18:52 - 2018-05-10 18:40 - 000084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2018-12-22 18:52 - 2018-05-02 09:30 - 000285184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2018-12-22 18:52 - 2018-05-02 09:30 - 000259584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2018-12-22 18:52 - 2018-05-02 09:30 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2018-12-22 18:52 - 2018-05-02 09:30 - 000046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2018-12-22 18:52 - 2018-05-02 09:30 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2018-12-22 18:52 - 2018-05-02 09:30 - 000020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2018-12-22 18:52 - 2018-05-02 09:29 - 000006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2018-12-22 18:52 - 2018-04-26 07:05 - 000918296 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2018-12-22 18:52 - 2018-04-26 07:05 - 000065880 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2018-12-22 18:52 - 2018-04-26 07:05 - 000021848 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2018-12-22 18:52 - 2018-04-26 07:05 - 000018776 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2018-12-22 18:52 - 2018-04-26 07:05 - 000017240 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2018-12-22 18:52 - 2018-04-26 07:05 - 000017240 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2018-12-22 18:52 - 2018-04-26 07:05 - 000015704 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2018-12-22 18:52 - 2018-04-26 07:05 - 000015192 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2018-12-22 18:52 - 2018-04-26 07:05 - 000013656 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2018-12-22 18:52 - 2018-04-26 07:05 - 000013656 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2018-12-22 18:52 - 2018-04-26 07:05 - 000013152 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2018-12-22 18:52 - 2018-04-26 07:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2018-12-22 18:52 - 2018-04-26 07:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2018-12-22 18:52 - 2018-04-26 07:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2018-12-22 18:52 - 2018-04-26 07:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2018-12-22 18:52 - 2018-04-26 07:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2018-12-22 18:52 - 2018-04-26 07:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2018-12-22 18:52 - 2018-04-26 07:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2018-12-22 18:52 - 2018-04-26 07:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2018-12-22 18:52 - 2018-04-26 07:05 - 000011096 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2018-12-22 18:52 - 2018-04-26 07:05 - 000011096 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2018-12-22 18:52 - 2018-04-26 07:05 - 000011096 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2018-12-22 18:52 - 2018-04-26 07:05 - 000011096 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2018-12-22 18:52 - 2018-04-25 09:54 - 000088576 _____ (Microsoft Corporation) C:\Windows\system32\wkssvc.dll
2018-12-22 18:52 - 2018-04-25 09:17 - 000088576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2018-12-22 18:52 - 2018-04-22 17:40 - 000582144 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2018-12-22 18:52 - 2018-04-18 09:51 - 000523776 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx
2018-12-22 18:52 - 2018-04-18 09:51 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\hhsetup.dll
2018-12-22 18:52 - 2018-04-18 09:35 - 000015360 _____ (Microsoft Corporation) C:\Windows\hh.exe
2018-12-22 18:52 - 2018-04-10 10:34 - 000167936 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2018-12-22 18:52 - 2018-04-10 10:33 - 001241600 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2018-12-22 18:52 - 2018-04-10 10:32 - 000487936 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2018-12-22 18:52 - 2018-04-10 10:00 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2018-12-22 18:52 - 2018-04-10 09:52 - 000317440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2018-12-22 18:52 - 2018-04-10 09:50 - 000314368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2018-12-22 18:52 - 2018-04-10 09:50 - 000117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2018-12-22 18:52 - 2018-04-07 10:42 - 000250560 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2018-12-22 18:52 - 2018-03-14 11:16 - 002953216 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2018-12-22 18:52 - 2018-03-14 11:16 - 000174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2018-12-22 18:52 - 2018-03-14 11:10 - 000073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2018-12-22 18:52 - 2018-03-14 10:57 - 002092032 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2018-12-22 18:52 - 2018-03-14 10:57 - 000573440 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2018-12-22 18:52 - 2018-03-14 10:57 - 000136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2018-12-22 18:52 - 2018-03-14 10:57 - 000093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2018-12-22 18:52 - 2018-03-14 10:57 - 000035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2018-12-22 18:52 - 2018-03-14 10:57 - 000035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2018-12-22 18:52 - 2018-03-14 10:57 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2018-12-22 18:52 - 2018-03-14 10:57 - 000011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2018-12-22 18:52 - 2018-03-06 12:13 - 000148160 _____ (Microsoft Corporation) C:\Windows\system32\basecsp.dll
2018-12-22 18:52 - 2018-03-06 12:11 - 000184320 _____ (Microsoft Corporation) C:\Windows\system32\scksp.dll
2018-12-22 18:52 - 2018-03-06 12:11 - 000052224 _____ (Microsoft Corporation) C:\Windows\system32\wsnmp32.dll
2018-12-22 18:52 - 2018-02-21 21:06 - 000134656 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2018-12-22 18:52 - 2018-02-10 12:49 - 000154304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2018-12-22 18:52 - 2018-02-10 12:49 - 000104640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NV_AGP.SYS
2018-12-22 18:52 - 2018-02-10 12:49 - 000057024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ULIAGPKX.SYS
2018-12-22 18:52 - 2018-02-10 12:49 - 000053440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys
2018-12-22 18:52 - 2018-02-10 12:49 - 000052928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys
2018-12-22 18:52 - 2018-02-10 12:49 - 000052928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\VIAAGP.SYS
2018-12-22 18:52 - 2018-02-10 12:49 - 000051904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\SISAGP.SYS
2018-12-22 18:52 - 2018-02-10 12:49 - 000046272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\isapnp.sys
2018-12-22 18:52 - 2018-02-10 12:49 - 000032448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vdrvroot.sys
2018-12-22 18:52 - 2018-02-10 12:49 - 000027840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssmbios.sys
2018-12-22 18:52 - 2018-02-10 12:49 - 000021696 _____ (Microsoft Corporation) C:\Windows\system32\streamci.dll
2018-12-22 18:52 - 2018-02-10 12:49 - 000013504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msisadrv.sys
2018-12-22 18:52 - 2018-02-10 12:49 - 000011840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\swenum.sys
2018-12-22 18:52 - 2018-02-10 12:48 - 000274624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys
2018-12-22 18:52 - 2018-02-10 12:48 - 000052928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AMDAGP.SYS
2018-12-22 18:52 - 2018-02-10 12:48 - 000052928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AGP440.sys
2018-12-22 18:52 - 2018-02-10 12:23 - 002292224 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2018-12-22 18:52 - 2018-02-10 12:23 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\racpldlg.dll
2018-12-22 18:52 - 2018-02-10 12:23 - 000102912 _____ (Microsoft Corporation) C:\Windows\system32\msrahc.dll
2018-12-22 18:52 - 2018-02-10 11:36 - 000537600 _____ (Microsoft Corporation) C:\Windows\system32\msra.exe
2018-12-22 18:52 - 2018-02-10 11:36 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\sdchange.exe
2018-12-22 18:52 - 2018-02-10 11:36 - 000011264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmiacpi.sys
2018-12-22 18:52 - 2018-02-10 11:36 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\MsraLegacy.tlb
2018-12-22 18:52 - 2018-02-10 11:36 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\errdev.sys
2018-12-22 18:52 - 2018-01-12 10:26 - 000308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2018-12-22 18:52 - 2018-01-12 10:16 - 003405824 _____ (Microsoft Corporation) C:\Windows\system32\xpsrchvw.exe
2018-12-22 18:52 - 2018-01-11 10:22 - 000805376 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2018-12-22 18:52 - 2017-12-31 20:00 - 001155584 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2018-12-22 18:52 - 2017-12-31 20:00 - 001004032 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistSvc.dll
2018-12-22 18:52 - 2017-12-31 20:00 - 000328192 _____ (Microsoft Corporation) C:\Windows\system32\p2psvc.dll
2018-12-22 18:52 - 2017-12-31 20:00 - 000269824 _____ (Microsoft Corporation) C:\Windows\system32\pnrpsvc.dll
2018-12-22 18:52 - 2017-12-31 20:00 - 000217600 _____ (Microsoft Corporation) C:\Windows\system32\P2P.dll
2018-12-22 18:52 - 2017-12-31 20:00 - 000139776 _____ (Microsoft Corporation) C:\Windows\system32\PeerDist.dll
2018-12-22 18:52 - 2017-12-31 20:00 - 000095744 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistWSDDiscoProv.dll
2018-12-22 18:52 - 2017-12-31 20:00 - 000053760 _____ (Microsoft Corporation) C:\Windows\system32\vmicres.dll
2018-12-22 18:52 - 2017-12-31 20:00 - 000033280 _____ (Microsoft Corporation) C:\Windows\system32\traffic.dll
2018-12-22 18:52 - 2017-12-31 20:00 - 000010752 _____ (Microsoft Corporation) C:\Windows\system32\wshnetbs.dll
2018-12-22 18:52 - 2017-12-31 19:54 - 000201960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys
2018-12-22 18:52 - 2017-12-31 19:54 - 000173288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys
2018-12-22 18:52 - 2017-12-31 19:50 - 000317952 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2018-12-22 18:52 - 2017-12-31 19:44 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistHttpTrans.dll
2018-12-22 18:52 - 2017-12-31 19:43 - 000104448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys
2018-12-22 18:52 - 2017-12-31 19:43 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys
2018-12-22 18:52 - 2017-12-31 19:43 - 000013824 _____ (Microsoft Corporation) C:\Windows\system32\wshqos.dll
2018-12-22 18:52 - 2017-12-31 19:38 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\vmicsvc.exe
2018-12-22 18:52 - 2017-12-31 19:38 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\IcCoinstall.dll
2018-12-22 18:52 - 2017-12-31 19:38 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\vmictimeprovider.dll
2018-12-22 18:52 - 2017-12-31 19:35 - 000514048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2018-12-22 18:52 - 2017-12-05 11:08 - 001176576 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2018-12-22 18:52 - 2017-12-05 11:08 - 000481792 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2018-12-22 18:52 - 2017-12-05 11:08 - 000215040 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2018-12-22 18:52 - 2017-12-05 11:08 - 000179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2018-12-22 18:52 - 2017-12-05 11:08 - 000145920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2018-12-22 18:52 - 2017-12-05 11:08 - 000106496 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2018-12-22 18:52 - 2017-12-05 11:08 - 000072704 _____ (Microsoft Corporation) C:\Windows\system32\TabSvc.dll
2018-12-22 18:52 - 2017-12-05 09:54 - 000334848 _____ (Microsoft Corporation) C:\Windows\system32\wisptis.exe
2018-12-22 18:52 - 2017-12-05 09:49 - 000032768 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2018-12-22 18:52 - 2017-11-02 09:11 - 000271360 _____ (Microsoft Corporation) C:\Windows\system32\iprtrmgr.dll
2018-12-22 18:52 - 2017-11-02 09:11 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\rtm.dll
2018-12-22 18:52 - 2017-11-02 09:11 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\mprdim.dll
2018-12-22 18:52 - 2017-11-02 08:56 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\iprtprio.dll
2018-12-22 18:52 - 2017-10-16 16:46 - 000953344 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
2018-12-22 18:52 - 2017-10-11 18:14 - 000247808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2018-12-22 18:49 - 2018-12-14 17:14 - 000348760 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-12-22 18:49 - 2018-12-14 00:58 - 020280832 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-12-22 18:49 - 2018-12-14 00:51 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-12-22 18:49 - 2018-12-14 00:51 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-12-22 18:49 - 2018-12-14 00:41 - 000498176 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-12-22 18:49 - 2018-12-14 00:41 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-12-22 18:49 - 2018-12-14 00:40 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-12-22 18:49 - 2018-12-14 00:40 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-12-22 18:49 - 2018-12-14 00:39 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-12-22 18:49 - 2018-12-14 00:38 - 002295808 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-12-22 18:49 - 2018-12-14 00:35 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-12-22 18:49 - 2018-12-14 00:35 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-12-22 18:49 - 2018-12-14 00:34 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-12-22 18:49 - 2018-12-14 00:33 - 000663040 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-12-22 18:49 - 2018-12-14 00:33 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-12-22 18:49 - 2018-12-14 00:33 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-12-22 18:49 - 2018-12-14 00:32 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-12-22 18:49 - 2018-12-14 00:29 - 000668160 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-12-22 18:49 - 2018-12-14 00:26 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-12-22 18:49 - 2018-12-14 00:23 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-12-22 18:49 - 2018-12-14 00:22 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-12-22 18:49 - 2018-12-14 00:22 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-12-22 18:49 - 2018-12-14 00:20 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-12-22 18:49 - 2018-12-14 00:19 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-12-22 18:49 - 2018-12-14 00:19 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-12-22 18:49 - 2018-12-14 00:18 - 004494848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-12-22 18:49 - 2018-12-14 00:18 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-12-22 18:49 - 2018-12-14 00:14 - 013681152 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-12-22 18:49 - 2018-12-14 00:13 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-12-22 18:49 - 2018-12-14 00:11 - 002059776 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-12-22 18:49 - 2018-12-14 00:11 - 000696320 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-12-22 18:49 - 2018-12-14 00:11 - 000692224 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-12-22 18:49 - 2018-12-14 00:10 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-12-22 18:49 - 2018-12-13 23:58 - 004386816 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-12-22 18:49 - 2018-12-13 23:54 - 001330176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-12-22 18:49 - 2018-12-13 23:52 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-12-22 18:48 - 2018-06-08 07:05 - 002703872 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-12-22 18:48 - 2018-06-08 07:05 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-12-22 18:48 - 2018-06-08 07:05 - 000619520 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-12-22 18:48 - 2018-06-08 07:05 - 000517120 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-12-22 18:48 - 2018-06-08 07:05 - 000358912 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-12-22 18:48 - 2018-06-08 07:05 - 000353792 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-12-22 18:48 - 2018-06-08 07:05 - 000246272 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-12-22 18:48 - 2018-06-08 07:05 - 000202752 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-12-22 18:43 - 2018-12-22 18:58 - 000000000 ____D C:\AdwCleaner
2018-12-22 18:42 - 2018-12-22 18:42 - 000001537 _____ C:\Users\Moyete\Desktop\malwarebytes.txt
2018-12-22 18:03 - 2018-12-10 16:04 - 000499424 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2018-12-22 17:58 - 2018-12-22 17:58 - 000002024 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-12-22 17:58 - 2018-12-22 17:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-12-22 17:58 - 2018-12-22 17:58 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-12-22 17:58 - 2018-12-04 08:09 - 000129248 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
2018-12-22 17:45 - 2018-12-22 17:47 - 081227760 _____ (Malwarebytes ) C:\Users\Moyete\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.508-1.0.8211.exe
2018-12-22 15:58 - 2018-12-22 15:58 - 007320272 _____ (Malwarebytes) C:\Users\Moyete\Downloads\adwcleaner_7.2.6.0.exe
2018-12-22 15:58 - 2018-12-22 15:58 - 003297664 _____ C:\Users\Moyete\Downloads\ZHPCleaner.exe
2018-12-22 15:27 - 2018-12-22 15:27 - 000000000 ____D C:\Users\Moyete\AppData\Roaming\PeerNetworking
2018-12-21 16:59 - 2018-12-21 16:59 - 000019970 _____ C:\Users\Moyete\Desktop\Addition.txt
2018-12-21 16:58 - 2018-12-23 13:47 - 000014041 _____ C:\Users\Moyete\Desktop\FRST.txt
2018-12-21 16:57 - 2018-12-23 13:47 - 000000000 ____D C:\FRST
2018-12-21 16:55 - 2018-12-23 13:47 - 001778176 _____ (Farbar) C:\Users\Moyete\Desktop\FRST.exe
2018-12-21 10:04 - 2018-12-21 10:04 - 000018432 _____ C:\Users\Moyete\Downloads\VIDEO_TS (4).IFO
2018-12-21 10:04 - 2018-12-21 10:04 - 000018432 _____ C:\Users\Moyete\Downloads\VIDEO_TS (3).IFO
2018-12-21 10:04 - 2018-12-21 10:04 - 000018432 _____ C:\Users\Moyete\Downloads\VIDEO_TS (2).IFO
2018-12-21 10:03 - 2018-12-21 10:03 - 000018432 _____ C:\Users\Moyete\Downloads\VIDEO_TS.IFO
2018-12-21 10:03 - 2018-12-21 10:03 - 000018432 _____ C:\Users\Moyete\Downloads\VIDEO_TS (1).IFO
2018-12-21 09:56 - 2018-12-21 09:56 - 000008192 _____ C:\Users\Moyete\Downloads\VIDEO_TS.VOB
2018-12-21 09:54 - 2018-12-21 09:54 - 000159744 _____ C:\Users\Moyete\Downloads\VTS_01_0.VOB
2018-12-21 09:54 - 2018-12-21 09:54 - 000045056 _____ C:\Users\Moyete\Downloads\VTS_01_0.IFO
2018-12-13 10:39 - 2018-12-13 10:39 - 000000000 ____D C:\KVRT_Data
2018-12-12 21:28 - 2018-12-13 01:42 - 000262144 _____ C:\Windows\system32\config\ELAM
2018-12-12 21:22 - 2018-12-12 22:27 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2018-12-12 20:51 - 2018-12-12 20:51 - 002378800 _____ (Kaspersky Lab) C:\Users\Moyete\Downloads\kfa18.0.0.405abes_13158.exe
2018-12-12 18:25 - 2018-12-12 18:25 - 000000000 ____D C:\Program Files\Common Files\Oracle
2018-12-12 18:18 - 2018-12-12 18:18 - 000000000 ____D C:\Program Files\Common Files\Java
2018-12-11 15:48 - 2018-12-11 15:49 - 000413977 _____ C:\Users\Moyete\Downloads\statement_807716624.pdf
2018-12-03 09:19 - 2018-12-03 09:19 - 000313992 _____ C:\Users\Moyete\Downloads\565820400418 (10).pdf
2018-11-23 10:30 - 2018-11-23 10:30 - 000038063 _____ C:\Users\Moyete\Downloads\SAT_20181123113051.pdf
2018-11-23 10:24 - 2018-11-23 10:24 - 000042572 _____ C:\Users\Moyete\Downloads\Acuse.384739458.AcusePdf.pdfraul vazquez oct 2018.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-23 13:47 - 2017-05-15 13:53 - 000000000 ____D C:\Users\Moyete\AppData\LocalLow\Mozilla
2018-12-23 13:35 - 2009-07-13 22:34 - 000021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-12-23 13:35 - 2009-07-13 22:34 - 000021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-12-23 13:21 - 2010-11-20 18:30 - 000747396 _____ C:\Windows\system32\perfh00A.dat
2018-12-23 13:21 - 2010-11-20 18:30 - 000158868 _____ C:\Windows\system32\perfc00A.dat
2018-12-23 13:21 - 2010-11-20 15:01 - 001676890 _____ C:\Windows\system32\PerfStringBackup.INI
2018-12-23 13:21 - 2009-07-13 20:37 - 000000000 ____D C:\Windows\inf
2018-12-23 13:16 - 2009-07-13 22:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-12-22 20:54 - 2017-05-15 13:40 - 000112232 _____ C:\Users\Moyete\AppData\Local\GDIPFONTCACHEV1.DAT
2018-12-22 20:52 - 2009-07-13 22:33 - 000451448 _____ C:\Windows\system32\FNTCACHE.DAT
2018-12-22 20:50 - 2009-07-13 20:37 - 000000000 ____D C:\Windows\system32\Setup
2018-12-22 20:50 - 2009-07-13 20:37 - 000000000 ____D C:\Windows\PolicyDefinitions
2018-12-22 20:49 - 2017-05-25 09:20 - 000000000 ____D C:\Windows\system32\appraiser
2018-12-22 20:07 - 2009-07-13 20:37 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-12-22 20:02 - 2009-07-13 20:04 - 000000478 _____ C:\Windows\win.ini
2018-12-22 16:28 - 2009-07-13 20:37 - 000000000 ____D C:\Windows\system32\NDF
2018-12-21 17:58 - 2017-05-15 13:35 - 000000000 ____D C:\Users\Moyete\AppData\Local\Microsoft Help
2018-12-21 15:47 - 2017-05-19 15:32 - 000000000 ____D C:\Users\Moyete\Documents\Fax
2018-12-21 15:47 - 2009-07-13 20:37 - 000000000 ____D C:\Windows\ModemLogs
2018-12-14 17:25 - 2017-05-15 13:52 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2018-12-14 17:25 - 2017-05-15 13:52 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-12-13 10:32 - 2017-05-15 14:02 - 000000000 ____D C:\Program Files\AVAST Software
2018-12-13 10:32 - 2017-05-15 14:01 - 000000000 ____D C:\ProgramData\AVAST Software
2018-12-13 01:41 - 2017-05-15 14:06 - 000000000 ____D C:\Program Files\Common Files\AV
2018-12-12 22:25 - 2017-12-13 21:23 - 000000000 ____D C:\Users\Moyete\AppData\Local\AVAST Software
2018-12-12 19:27 - 2009-07-13 20:37 - 000000000 __RHD C:\Users\Public\Libraries
2018-12-12 18:26 - 2017-05-15 13:49 - 000002168 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-12-12 18:25 - 2017-05-15 13:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-12-12 18:25 - 2017-05-15 13:55 - 000000000 ____D C:\Program Files\Java
2018-12-12 18:16 - 2017-05-15 13:55 - 000096632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2018-12-12 10:03 - 2017-05-15 14:01 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-12-09 15:10 - 2018-11-04 15:48 - 000000000 ____D C:\Users\Moyete\AppData\Local\ESET
2018-11-29 09:38 - 2017-05-15 13:44 - 000000408 _____ C:\Windows\Tasks\Driver Easy Scheduled Scan.job
2018-11-24 10:39 - 2018-03-26 10:37 - 000002373 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2018-11-24 10:39 - 2018-03-26 10:37 - 000002330 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
2018-11-23 10:32 - 2017-05-19 11:10 - 000000000 ____D C:\Users\Moyete\AppData\Roaming\PrimoPDF

==================== Files in the root of some directories =======

2018-12-22 15:27 - 2018-12-22 15:28 - 000024232 _____ () C:\Users\Moyete\AppData\Roaming\UserTile.png

Some files in TEMP:
====================
2018-12-12 18:13 - 2018-12-12 18:13 - 001892728 _____ (Oracle Corporation) C:\Users\Moyete\AppData\Local\Temp\jre-8u191-windows-au.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-12-14 18:13

==================== End of FRST.txt ============================

#7

Y Addition


Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23.12.2018
Ran by Moyete (23-12-2018 13:48:13)
Running from C:\Users\Moyete\Desktop
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2017-05-15 19:31:42)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-2713976509-1318226811-4177288055-500 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-2713976509-1318226811-4177288055-1002 - Limited - Enabled)
Invitado (S-1-5-21-2713976509-1318226811-4177288055-501 - Limited - Disabled)
Moyete (S-1-5-21-2713976509-1318226811-4177288055-1000 - Administrator - Enabled) => C:\Users\Moyete

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Dome (Disabled - Up to date) {CF440CD9-5435-10B1-04E0-7768B6F10320}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Panda Dome (Disabled - Up to date) {7425ED3D-720F-1F3F-3E50-4C1ACD76499D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Español (HKLM\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.010.20064 - Adobe Systems Incorporated)
Avast Secure Browser (HKLM\...\Avast Secure Browser) (Version: 70.0.917.102 - AVAST Software)
Avast Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.136.333 - AVAST Software) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.44 - Piriform)
CFDi Facturas (HKU\S-1-5-21-2713976509-1318226811-4177288055-1000\...\d30ebcb45a9312ef) (Version: 1.0.4.4 - Todo CFDi)
Driver Easy 5.5.0 (HKLM\...\DriverEasy_is1) (Version: 5.5.0 - Easeware)
Google Chrome (HKLM\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel(R) TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
Java 8 Update 191 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
Malwarebytes versión 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft .NET Framework 4.7 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 64.0 (x86 es-MX) (HKLM\...\Mozilla Firefox 64.0 (x86 es-MX)) (Version: 64.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 64.0.0.6914 - Mozilla)
Panda Devices Agent (HKLM\...\{3F9548B2-0B34-4453-A92E-35056B053F19}) (Version: 1.08.00 - Panda Security) Hidden
Panda Devices Agent (HKLM\...\Panda Devices Agent) (Version: 1.03.08 - Panda Security) Hidden
Panda Dome (HKLM\...\{F34B4AEC-F6E5-4693-9B6E-6A47C61A724A}) (Version: 9.13.00 - Panda Security) Hidden
Panda Dome (HKLM\...\Panda Universal Agent Endpoint) (Version: 18.06.00.0000 - Panda Security)
Panda Safe Web (HKLM\...\pandasecuritytb) (Version: 4.3.1.30 - Panda Security and Visicom Media Inc.)
Paquete de idioma de Microsoft Visual Studio 2010 Tools para Office Runtime (x86) - ESN (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - ESN) (Version: 10.0.50903 - Microsoft Corporation)
PrimoPDF -- brought to you by Nitro PDF Software (HKLM\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files\Panda Security\Panda Security Protection\PSUAShell.dll [2018-05-30] (Panda Security, S.L.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-09-23] (Intel Corporation)
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files\Panda Security\Panda Security Protection\PSUAShell.dll [2018-05-30] (Panda Security, S.L.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files\Panda Security\Panda Security Protection\PSUAShell.dll [2018-05-30] (Panda Security, S.L.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A6BA1F8-11A0-4348-B4D4-7E398390B97C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems Incorporated)
Task: {1CD747EC-49D6-45C2-A9B5-6035BAC327DD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-05-15] (Google Inc.)
Task: {30CD0020-5674-48EE-8D70-6F3716E8B9ED} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-03-26] (AVAST Software)
Task: {3D405EB9-09B8-4346-99F6-179A0EEB76AD} - System32\Tasks\Driver Easy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe [2017-03-23] (Easeware)
Task: {636C883C-1F19-4A9F-847A-BFE16C3990EE} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-03-26] (AVAST Software)
Task: {7831F38C-56C9-49B1-9B61-3A82F3F98D62} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2713976509-1318226811-4177288055-1000
Task: {795BFC48-4E9E-46AF-87F9-70AC28849477} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-06-24] (Piriform Ltd)
Task: {7E3F0B22-9E85-4364-AAC0-15CF95970217} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-06-24] (Piriform Ltd)
Task: {E881D087-666D-4CD8-9E15-0DAC4075DF37} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-05-15] (Google Inc.)
Task: {F0C3AC62-6713-4D25-83BE-10933F43E46D} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {F3122ED4-DBEF-40E4-8B50-A9D3B48958B5} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\avast software\overseer\overseer.exe [2018-10-29] (AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Driver Easy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2015-12-15 11:17 - 2015-12-15 11:17 - 000618544 _____ () C:\Program Files\Panda Security\Panda Security Protection\SQLite3.dll
2018-12-22 17:58 - 2018-11-15 11:01 - 002234688 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-11-20 02:11 - 2018-11-20 02:11 - 004310088 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2018-06-24 05:27 - 2018-06-24 05:27 - 000095168 _____ () C:\Program Files\CCleaner\lang\lang-1034.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:04 - 2018-11-19 09:47 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2713976509-1318226811-4177288055-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Moyete\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.2.9.84 - 10.2.9.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: avast => 2
MSCONFIG\Services: avastm => 3
MSCONFIG\startupreg: AvastBrowserAutoLaunch_51DE317F4156A4F62EAF8D68C5C6B832 => "C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe" --check-run=src=logon --auto-launch-at-startup --profile-directory="Default" --restore-last-session

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [Microsoft-Windows-HomeGroup-ProvSvc-UDP3540-Out] => (Block) %systemroot%\system32\svchost.exe (Microsoft Corporation)
FirewallRules: [Microsoft-Windows-HomeGroup-ProvSvc-TCP3587-Out] => (Block) %systemroot%\system32\svchost.exe (Microsoft Corporation)
FirewallRules: [TCP Query User{1F2C6811-E543-4ABC-B603-C6DBF13A91B8}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe No File
FirewallRules: [UDP Query User{5E7FDB12-7E28-4F95-B1FB-40CADBAAA98D}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe No File
FirewallRules: [{02761B83-91D3-4B40-B81C-076C2D5F3C98}] => (Allow) C:\Program Files\Easeware\DriverEasy\DriverEasy.exe (Easeware)
FirewallRules: [{59AD589E-CED7-401B-B195-7D5D0D0ED87F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{E73F53FA-5D37-4B14-827F-C4BC9DD7D43F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{DCD60EDA-8DBE-42F6-8807-14F62B51EF6A}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
FirewallRules: [{9589662F-BE9F-4FCD-96CD-C3E66332CD0F}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)
FirewallRules: [{EDC22D9A-772A-4C49-A315-FC502F9C0331}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)
FirewallRules: [{7D6983A7-C041-448C-A067-F81F57C38724}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe No File
FirewallRules: [{88F4693B-5825-4125-9F7C-8CF5DA5AB5BC}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe No File
FirewallRules: [{BB65DC7D-83D3-48DA-B419-E9389715EA1A}] => (Allow) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe (AVAST Software)
FirewallRules: [{61A57E11-E2D2-4CB3-A0AA-F703FF931B9C}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

==================== Restore Points =========================

12-12-2018 19:04:50 Punto de control programado
22-12-2018 18:01:45 Windows Update
22-12-2018 19:45:46 Windows Update
22-12-2018 21:08:43 Windows Update
22-12-2018 21:34:54 Windows Update
23-12-2018 13:21:29 Windows Update

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Adaptador de tunelización Teredo de Microsoft
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/23/2018 01:17:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (12/22/2018 08:53:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (12/22/2018 08:49:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (12/22/2018 07:17:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (12/22/2018 07:01:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (12/22/2018 01:55:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (12/21/2018 03:31:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (12/21/2018 01:25:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.


System errors:
=============
Error: (12/22/2018 09:21:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Cola de impresión terminó inesperadamente. Esto se ha repetido 2 veces. Se realizará la siguiente acción correctora en 60000 milisegundos: Reiniciar el servicio.

Error: (12/22/2018 09:09:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Cola de impresión terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 60000 milisegundos: Reiniciar el servicio.

Error: (12/22/2018 08:56:32 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Error de instalación: error de Windows al instalar la siguiente actualización, error 0x80242016: 2017 (12) Paquete acumulativo de actualizaciones de calidad mensual de seguridad para Windows 7 para sistemas basados en x86 (KB4054518).

Error: (12/22/2018 07:42:36 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción del servicio LanmanServer.

Error: (12/22/2018 07:14:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Instalador de módulos de Windows terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 120000 milisegundos: Reiniciar el servicio.

Error: (12/22/2018 07:14:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Panda Devices Agent terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 300000 milisegundos: Reiniciar el servicio.

Error: (12/22/2018 07:14:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Adobe Acrobat Update Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (12/22/2018 06:58:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Adobe Acrobat Update Service se terminó de manera inesperada. Esto ha sucedido 1 veces.


==================== Memory info =========================== 

Processor: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz
Percentage of memory in use: 36%
Total physical RAM: 3061.18 MB
Available physical RAM: 1933.78 MB
Total Virtual: 7659.55 MB
Available Virtual: 6370.55 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:424.59 GB) NTFS
Drive i: () (Removable) (Total:14.63 GB) (Free:2.28 GB) FAT32

\\?\Volume{15c7213a-39a5-11e7-a734-806e6f6e6963}\ (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: BC705DC9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (Size: 14.6 GB) (Disk ID: 2476153F)
Partition 1: (Not Active) - (Size=14.6 GB) - (Type=0B)

==================== End of Addition.txt ============================

Gracias


#8

Hola @CxW7Gab:

En tus reportes se ven dos software como Panda y Avast. Cual es tu antivirus?

Realiza lo siguiente:

Abre un nuevo archivo Notepad y copia y pega este contenido:


Start
CloseProcesses:
CreateRestorePoint:
Tcpip\Parameters: [DhcpNameServer] 10.2.9.84 10.2.9.100
Tcpip\..\Interfaces\{5AD1119D-D7FA-43B3-8085-3D39E8DF931D}: [DhcpNameServer] 10.2.9.84 10.2.9.100
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2713976509-1318226811-4177288055-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
HKU\S-1-5-21-2713976509-1318226811-4177288055-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-006
SearchScopes: HKLM -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2713976509-1318226811-4177288055-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2713976509-1318226811-4177288055-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
Toolbar: HKLM - Panda Safe Web - {b60873b9-51aa-4566-b2fc-c16de2ec8bff} -  No File
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [fcbhdhpamoencpdogjnmnbjddipfkpad] - hxxps://clients2.google.com/service/update2/crx
S3 panda_url_filteringd; \??\C:\Program Files\Panda Security URL Filtering\panda_url_filteringd.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2018-12-22 15:27 - 2018-12-22 15:28 - 000024232 _____ () C:\Users\Moyete\AppData\Roaming\UserTile.png
2018-12-12 18:13 - 2018-12-12 18:13 - 001892728 _____ (Oracle Corporation) C:\Users\Moyete\AppData\Local\Temp\jre-8u191-windows-au.exe
FirewallRules: [TCP Query User{1F2C6811-E543-4ABC-B603-C6DBF13A91B8}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe No File
FirewallRules: [UDP Query User{5E7FDB12-7E28-4F95-B1FB-40CADBAAA98D}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe No File
CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
  • Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.

Nota: Es necesario que el ejecutable Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajara.

  • Ejecutas Frst.exe.
  • Presionas el botón Fix y aguardas a que termine.
  • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
  • Lo pegas en tu próxima respuesta.

Nos comentas como sigue el equipo.

Salu2.


#9

Hola: El antivirus es Panda.


#10

Este es el reporte de Fistlog

Fix result of Farbar Recovery Scan Tool (x86) Version: 24.12.2018
Ran by Moyete (24-12-2018 16:47:48) Run:1
Running from C:\Users\Moyete\Desktop
Loaded Profiles: Moyete (Available Profiles: Moyete)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
Tcpip\Parameters: [DhcpNameServer] 10.2.9.84 10.2.9.100
Tcpip\..\Interfaces\{5AD1119D-D7FA-43B3-8085-3D39E8DF931D}: [DhcpNameServer] 10.2.9.84 10.2.9.100
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2713976509-1318226811-4177288055-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
HKU\S-1-5-21-2713976509-1318226811-4177288055-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-006
SearchScopes: HKLM -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2713976509-1318226811-4177288055-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2713976509-1318226811-4177288055-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
Toolbar: HKLM - Panda Safe Web - {b60873b9-51aa-4566-b2fc-c16de2ec8bff} -  No File
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [fcbhdhpamoencpdogjnmnbjddipfkpad] - hxxps://clients2.google.com/service/update2/crx
S3 panda_url_filteringd; \??\C:\Program Files\Panda Security URL Filtering\panda_url_filteringd.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2018-12-22 15:27 - 2018-12-22 15:28 - 000024232 _____ () C:\Users\Moyete\AppData\Roaming\UserTile.png
2018-12-12 18:13 - 2018-12-12 18:13 - 001892728 _____ (Oracle Corporation) C:\Users\Moyete\AppData\Local\Temp\jre-8u191-windows-au.exe
FirewallRules: [TCP Query User{1F2C6811-E543-4ABC-B603-C6DBF13A91B8}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe No File
FirewallRules: [UDP Query User{5E7FDB12-7E28-4F95-B1FB-40CADBAAA98D}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe No File
CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
*****************

Processes closed successfully.
Restore point was successfully created.
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer" => removed successfully.
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5AD1119D-D7FA-43B3-8085-3D39E8DF931D}\\DhcpNameServer" => removed successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\S-1-5-21-2713976509-1318226811-4177288055-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-2713976509-1318226811-4177288055-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => removed successfully.
HKLM\Software\Classes\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => not found
"HKU\S-1-5-21-2713976509-1318226811-4177288055-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully.
HKU\S-1-5-21-2713976509-1318226811-4177288055-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => removed successfully.
HKLM\Software\Classes\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => not found
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{b60873b9-51aa-4566-b2fc-c16de2ec8bff}" => removed successfully.
HKLM\Software\Classes\CLSID\{b60873b9-51aa-4566-b2fc-c16de2ec8bff} => removed successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj => removed successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\fcbhdhpamoencpdogjnmnbjddipfkpad => removed successfully.
HKLM\System\CurrentControlSet\Services\panda_url_filteringd => removed successfully.
panda_url_filteringd => service removed successfully.
HKLM\System\CurrentControlSet\Services\VGPU => removed successfully.
VGPU => service removed successfully.
C:\Users\Moyete\AppData\Roaming\UserTile.png => moved successfully
C:\Users\Moyete\AppData\Local\Temp\jre-8u191-windows-au.exe => moved successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{1F2C6811-E543-4ABC-B603-C6DBF13A91B8}C:\windows\kmsemulator.exe" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{5E7FDB12-7E28-4F95-B1FB-40CADBAAA98D}C:\windows\kmsemulator.exe" => removed successfully.

========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows


Adaptador de Ethernet Conexi¢n de  rea local:

   Sufijo DNS espec¡fico para la conexi¢n. . : 
   V¡nculo: direcci¢n IPv6 local. . . : fe80::e151:7fe5:8a02:905%11
   Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.0.2
   M scara de subred . . . . . . . . . . . . : 255.255.255.0
   Puerta de enlace predeterminada . . . . . : 192.168.0.1

========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {96792100-ACF9-4C00-81F9-5A46B94954FD}.
0 out of 1 jobs canceled.

========= End of CMD: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Aceptar


========= End of CMD: =========


========= netsh int ipv4 reset =========

Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= netsh int ipv6 reset =========

Interfaz se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully.
"HKU\S-1-5-21-2713976509-1318226811-4177288055-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully.
"HKU\S-1-5-21-2713976509-1318226811-4177288055-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully.


========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 33095315 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 30799560 B
Edge => 0 B
Chrome => 78336236 B
Firefox => 41192511 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 29572571 B
LocalService => 66228 B
NetworkService => 10016 B
Moyete => 67906886 B

RecycleBin => 0 B
EmptyTemp: => 276 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 16:48:24 ====

#11

En el Addition me sale asi, no se si lo corri mal el archivo.

Farbar Recovery Scan Tool (x86) Version: 24.12.2018
Ran by Moyete (24-12-2018 17:09:40)
Running from C:\Users\Moyete\Desktop
Boot Mode: Normal

================== Search Files: "addition" =============


====== End of Search ======

Gracias.

Revisando Servicios en la pestaña dse Asignador de extremos RPC, no puedo modificar la pestaña de Administrador, envio imagen.Ptlla!


#12

Hola:

Esta perfecto así como esta, no debes manipular algunos servicios ya que puedes provocar errores serios.

Asignador de Extremos.

A efectos de comunicaciones cliente – servidor, os recordamos que un solo equipo ya forma con el mismo una red que permite que los diferentes procesos se puedan comunicar entre si.

Estado: Automático en todas las versiones de Windows 7. Además este servicio es imposible de deshabilitar o de cambiar su tipo de inicio

Por el resto: 1.- Desinstala Avast con su herramienta especifica:

2.- Reinicias, ejecutas nuevamente FRST y traes un nuevo reporte.

Salu2.


#13

Hola: Te envio el primer reporte Fixlog

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24.12.2018
Ran by Moyete (administrator) on MOYETE-PC (25-12-2018 16:50:58)
Running from C:\Users\Moyete\Desktop
Loaded Profiles: Moyete (Available Profiles: Moyete)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe [153296 2018-05-30] (Panda Security, S.L.)
HKLM\...\Run: [Panda Security URL Filtering] => "C:\Program Files\Panda Security URL Filtering\Panda_URL_Filtering.exe"
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle Corporation)
HKU\S-1-5-21-2713976509-1318226811-4177288055-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [13594584 2018-06-24] (Piriform Ltd)
HKU\S-1-5-21-2713976509-1318226811-4177288055-1000\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation)
HKLM\...\Drivers32: [MSVideo8] => C:\Windows\System32\VfWWDM32.dll [56832 2010-11-20] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.2.9.84 10.2.9.100
Tcpip\..\Interfaces\{5AD1119D-D7FA-43B3-8085-3D39E8DF931D}: [DhcpNameServer] 10.2.9.84 10.2.9.100

Internet Explorer:
==================
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_191\bin\ssv.dll [2018-12-12] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-12-12] (Oracle Corporation)

FireFox:



#14

Este es el archivo Addition

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24.12.2018
Ran by Moyete (25-12-2018 16:52:07)
Running from C:\Users\Moyete\Desktop
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2017-05-15 19:31:42)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-2713976509-1318226811-4177288055-500 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-2713976509-1318226811-4177288055-1002 - Limited - Enabled)
Invitado (S-1-5-21-2713976509-1318226811-4177288055-501 - Limited - Disabled)
Moyete (S-1-5-21-2713976509-1318226811-4177288055-1000 - Administrator - Enabled) => C:\Users\Moyete

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Dome (Disabled - Up to date) {CF440CD9-5435-10B1-04E0-7768B6F10320}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Panda Dome (Disabled - Up to date) {7425ED3D-720F-1F3F-3E50-4C1ACD76499D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Español (HKLM\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.010.20064 - Adobe Systems Incorporated)
Avast Secure Browser (HKLM\...\Avast Secure Browser) (Version: 70.0.917.102 - AVAST Software)
Avast Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.136.333 - AVAST Software) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.44 - Piriform)
CFDi Facturas (HKU\S-1-5-21-2713976509-1318226811-4177288055-1000\...\d30ebcb45a9312ef) (Version: 1.0.4.4 - Todo CFDi)
Driver Easy 5.5.0 (HKLM\...\DriverEasy_is1) (Version: 5.5.0 - Easeware)
Google Chrome (HKLM\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel(R) TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
Java 8 Update 191 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
Malwarebytes versión 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft .NET Framework 4.7.2 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 64.0 (x86 es-MX) (HKLM\...\Mozilla Firefox 64.0 (x86 es-MX)) (Version: 64.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 64.0.0.6914 - Mozilla)
Panda Devices Agent (HKLM\...\{3F9548B2-0B34-4453-A92E-35056B053F19}) (Version: 1.08.00 - Panda Security) Hidden
Panda Devices Agent (HKLM\...\Panda Devices Agent) (Version: 1.03.08 - Panda Security) Hidden
Panda Dome (HKLM\...\{F34B4AEC-F6E5-4693-9B6E-6A47C61A724A}) (Version: 9.13.00 - Panda Security) Hidden
Panda Dome (HKLM\...\Panda Universal Agent Endpoint) (Version: 18.06.00.0000 - Panda Security)
Panda Safe Web (HKLM\...\pandasecuritytb) (Version: 4.3.1.30 - Panda Security and Visicom Media Inc.)
Paquete de idioma de Microsoft Visual Studio 2010 Tools para Office Runtime (x86) - ESN (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - ESN) (Version: 10.0.50903 - Microsoft Corporation)
PrimoPDF -- brought to you by Nitro PDF Software (HKLM\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files\Panda Security\Panda Security Protection\PSUAShell.dll [2018-05-30] (Panda Security, S.L.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-09-23] (Intel Corporation)
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files\Panda Security\Panda Security Protection\PSUAShell.dll [2018-05-30] (Panda Security, S.L.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files\Panda Security\Panda Security Protection\PSUAShell.dll [2018-05-30] (Panda Security, S.L.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A6BA1F8-11A0-4348-B4D4-7E398390B97C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems Incorporated)
Task: {1CD747EC-49D6-45C2-A9B5-6035BAC327DD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-05-15] (Google Inc.)
Task: {30CD0020-5674-48EE-8D70-6F3716E8B9ED} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-03-26] (AVAST Software)
Task: {3D405EB9-09B8-4346-99F6-179A0EEB76AD} - System32\Tasks\Driver Easy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe [2017-03-23] (Easeware)
Task: {636C883C-1F19-4A9F-847A-BFE16C3990EE} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-03-26] (AVAST Software)
Task: {7831F38C-56C9-49B1-9B61-3A82F3F98D62} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2713976509-1318226811-4177288055-1000
Task: {795BFC48-4E9E-46AF-87F9-70AC28849477} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-06-24] (Piriform Ltd)
Task: {7E3F0B22-9E85-4364-AAC0-15CF95970217} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-06-24] (Piriform Ltd)
Task: {E881D087-666D-4CD8-9E15-0DAC4075DF37} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-05-15] (Google Inc.)
Task: {F0C3AC62-6713-4D25-83BE-10933F43E46D} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {F3122ED4-DBEF-40E4-8B50-A9D3B48958B5} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\avast software\overseer\overseer.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Driver Easy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2015-12-15 11:17 - 2015-12-15 11:17 - 000618544 _____ () C:\Program Files\Panda Security\Panda Security Protection\SQLite3.dll
2018-12-22 17:58 - 2018-11-15 11:01 - 002234688 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-11-20 02:11 - 2018-11-20 02:11 - 004310088 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2018-06-24 05:27 - 2018-06-24 05:27 - 000095168 _____ () C:\Program Files\CCleaner\lang\lang-1034.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:04 - 2018-12-24 16:48 - 000000035 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2713976509-1318226811-4177288055-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Moyete\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.2.9.84 - 10.2.9.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: avast => 2
MSCONFIG\Services: avastm => 3
MSCONFIG\startupreg: AvastBrowserAutoLaunch_51DE317F4156A4F62EAF8D68C5C6B832 => "C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe" --check-run=src=logon --auto-launch-at-startup --profile-directory="Default" --restore-last-session

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [Microsoft-Windows-HomeGroup-ProvSvc-UDP3540-Out] => (Block) %systemroot%\system32\svchost.exe (Microsoft Corporation)
FirewallRules: [Microsoft-Windows-HomeGroup-ProvSvc-TCP3587-Out] => (Block) %systemroot%\system32\svchost.exe (Microsoft Corporation)
FirewallRules: [{02761B83-91D3-4B40-B81C-076C2D5F3C98}] => (Allow) C:\Program Files\Easeware\DriverEasy\DriverEasy.exe (Easeware)
FirewallRules: [{59AD589E-CED7-401B-B195-7D5D0D0ED87F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{E73F53FA-5D37-4B14-827F-C4BC9DD7D43F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{DCD60EDA-8DBE-42F6-8807-14F62B51EF6A}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
FirewallRules: [{9589662F-BE9F-4FCD-96CD-C3E66332CD0F}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)
FirewallRules: [{EDC22D9A-772A-4C49-A315-FC502F9C0331}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)
FirewallRules: [{7D6983A7-C041-448C-A067-F81F57C38724}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe No File
FirewallRules: [{88F4693B-5825-4125-9F7C-8CF5DA5AB5BC}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe No File
FirewallRules: [{BB65DC7D-83D3-48DA-B419-E9389715EA1A}] => (Allow) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe (AVAST Software)
FirewallRules: [{61A57E11-E2D2-4CB3-A0AA-F703FF931B9C}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

==================== Restore Points =========================

22-12-2018 18:01:45 Windows Update
22-12-2018 19:45:46 Windows Update
22-12-2018 21:08:43 Windows Update
22-12-2018 21:34:54 Windows Update
23-12-2018 13:21:29 Windows Update
23-12-2018 16:52:06 Windows Update
24-12-2018 16:47:51 Restore Point Created by FRST

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Adaptador de tunelización Teredo de Microsoft
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/25/2018 04:45:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (12/25/2018 04:37:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (12/25/2018 04:24:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (12/24/2018 09:34:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (12/24/2018 04:51:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (12/24/2018 04:47:51 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al consultar la interfaz IVssWriterCallback. HR = 0x80070005, Acceso denegado.
.
A menudo ocurre por una configuración de seguridad incorrecta en el proceso de escritura o de solicitud.


Operación:
   Recopilando datos del escritor

Contexto:
   Id. de clase del escritor: {e8132975-6f93-4464-a53e-1050253ae220}
   Nombre del escritor: System Writer
   Id. de instancia del escritor: {c193d905-9cd0-4127-b7bc-2f0ea652cae8}

Error: (12/24/2018 04:31:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (12/23/2018 08:25:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.


System errors:
=============
Error: (12/25/2018 04:41:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Servicio de lista de redes depende del servicio Reconocimiento de ubicación de red, el cual no pudo iniciarse debido al siguiente error: 
No se puede iniciar el servicio o grupo de dependencia.

Error: (12/25/2018 04:36:09 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Servicio de lista de redes depende del servicio Reconocimiento de ubicación de red, el cual no pudo iniciarse debido al siguiente error: 
No se puede iniciar el servicio o grupo de dependencia.

Error: (12/25/2018 04:36:09 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Servicio de lista de redes depende del servicio Reconocimiento de ubicación de red, el cual no pudo iniciarse debido al siguiente error: 
No se puede iniciar el servicio o grupo de dependencia.

Error: (12/25/2018 04:36:09 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Servicio de lista de redes depende del servicio Reconocimiento de ubicación de red, el cual no pudo iniciarse debido al siguiente error: 
No se puede iniciar el servicio o grupo de dependencia.

Error: (12/25/2018 04:36:09 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Servicio de lista de redes depende del servicio Reconocimiento de ubicación de red, el cual no pudo iniciarse debido al siguiente error: 
No se puede iniciar el servicio o grupo de dependencia.

Error: (12/25/2018 04:36:09 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Servicio de lista de redes depende del servicio Reconocimiento de ubicación de red, el cual no pudo iniciarse debido al siguiente error: 
No se puede iniciar el servicio o grupo de dependencia.

Error: (12/25/2018 04:36:09 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Servicio de lista de redes depende del servicio Reconocimiento de ubicación de red, el cual no pudo iniciarse debido al siguiente error: 
No se puede iniciar el servicio o grupo de dependencia.

Error: (12/25/2018 04:36:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Servicio de lista de redes depende del servicio Reconocimiento de ubicación de red, el cual no pudo iniciarse debido al siguiente error: 
No se puede iniciar el servicio o grupo de dependencia.


==================== Memory info =========================== 

Processor: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz
Percentage of memory in use: 32%
Total physical RAM: 3061.18 MB
Available physical RAM: 2074.82 MB
Total Virtual: 7659.55 MB
Available Virtual: 6614 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:425 GB) NTFS

\\?\Volume{15c7213a-39a5-11e7-a734-806e6f6e6963}\ (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: BC705DC9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Gracias.


#15

Hola @CxW7Gab:

Revisa que el informe de FRST quedo parcial, le falta un pedazo.:thinking:

Salu2.


#16

Hola te reenvio el informe de FRST.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24.12.2018
Ran by Moyete (administrator) on MOYETE-PC (25-12-2018 16:50:58)
Running from C:\Users\Moyete\Desktop
Loaded Profiles: Moyete (Available Profiles: Moyete)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe [153296 2018-05-30] (Panda Security, S.L.)
HKLM\...\Run: [Panda Security URL Filtering] => "C:\Program Files\Panda Security URL Filtering\Panda_URL_Filtering.exe"
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle Corporation)
HKU\S-1-5-21-2713976509-1318226811-4177288055-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [13594584 2018-06-24] (Piriform Ltd)
HKU\S-1-5-21-2713976509-1318226811-4177288055-1000\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation)
HKLM\...\Drivers32: [MSVideo8] => C:\Windows\System32\VfWWDM32.dll [56832 2010-11-20] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.2.9.84 10.2.9.100
Tcpip\..\Interfaces\{5AD1119D-D7FA-43B3-8085-3D39E8DF931D}: [DhcpNameServer] 10.2.9.84 10.2.9.100

Internet Explorer:
==================
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_191\bin\ssv.dll [2018-12-12] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-12-12] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: 904qasv3.default
FF ProfilePath: C:\Users\Moyete\AppData\Roaming\Mozilla\Firefox\Profiles\904qasv3.default [2018-12-25]
FF Extension: (Malwarebytes Browser Extension) - C:\Users\Moyete\AppData\Roaming\Mozilla\Firefox\Profiles\904qasv3.default\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2018-12-13]
FF Plugin: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-12-12] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-12-12] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-04] (Adobe Systems Inc.)

Chrome: 
=======
CHR Profile: C:\Users\Moyete\AppData\Local\Google\Chrome\User Data\Default [2018-12-25]
CHR Extension: (Presentaciones) - C:\Users\Moyete\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Dr.Web Anti-Virus Link Checker) - C:\Users\Moyete\AppData\Local\Google\Chrome\User Data\Default\Extensions\aleggpabliehgbeagmfhnodcijcmbonb [2018-12-14]
CHR Extension: (Documentos) - C:\Users\Moyete\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\Moyete\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-15]
CHR Extension: (AdGuard AdBlocker) - C:\Users\Moyete\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2018-12-14]
CHR Extension: (YouTube) - C:\Users\Moyete\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-15]
CHR Extension: (No Name) - C:\Users\Moyete\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcbhdhpamoencpdogjnmnbjddipfkpad [2018-11-05]
CHR Extension: (Hojas de cálculo) - C:\Users\Moyete\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Moyete\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-21]
CHR Extension: (Malwarebytes Browser Extension) - C:\Users\Moyete\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2018-12-13]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Moyete\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Gmail) - C:\Users\Moyete\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-15]
CHR Extension: (Chrome Media Router) - C:\Users\Moyete\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-09]
CHR Profile: C:\Users\Moyete\AppData\Local\Google\Chrome\User Data\System Profile [2018-12-24]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 avast; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-03-26] (AVAST Software)
S4 avastm; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-03-26] (AVAST Software)
S3 GoogleChromeElevationService; C:\Program Files\Google\Chrome\Application\71.0.3578.98\elevation_service.exe [375776 2018-12-11] (Google Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5073376 2018-09-19] (Malwarebytes)
R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe [109024 2017-11-08] (Panda Security, S.L.)
S3 Panda VPN Service; C:\Program Files\Panda Security\Panda Security Protection\Hydra.Sdk.Windows.Service.exe [320848 2017-11-19] ()
R2 PandaAgent; C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [86104 2016-07-19] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe [48784 2018-05-30] (Panda Security, S.L.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [109456 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 ICAM5USB; C:\Windows\System32\Drivers\Icam5USB.sys [100992 2001-08-17] (Microsoft Corporation)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [230120 2018-12-25] (Malwarebytes)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [108880 2017-11-03] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [222424 2017-11-03] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [132296 2017-11-03] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [147112 2017-11-03] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [83040 2017-09-18] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [128816 2017-11-03] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [84664 2017-11-03] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [140664 2017-11-03] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [329032 2017-11-03] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [226256 2017-11-03] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [127664 2017-11-03] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [275984 2017-11-03] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [123416 2017-11-03] (Panda Security, S.L.)
R3 NxpCap; C:\Windows\System32\DRIVERS\NxpCap.sys [1363200 2017-05-15] (NXP Semiconductors Germany GmbH)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [162392 2017-11-08] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [131160 2018-01-22] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [177240 2018-01-30] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [133544 2017-11-06] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [144856 2017-11-07] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [119136 2017-11-06] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [60592 2017-05-22] (Panda Security, S.L.)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [147344 2017-05-18] (Samsung Electronics Co., Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-25 16:44 - 2018-12-25 16:44 - 000230120 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-12-25 16:35 - 2018-12-25 16:43 - 000159410 _____ C:\Windows\ntbtlog.txt
2018-12-25 16:35 - 2017-05-22 04:29 - 000060592 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2018-12-25 16:32 - 2018-12-25 16:33 - 010105016 _____ (AVAST Software) C:\Users\Moyete\Downloads\avastclear.exe
2018-12-24 17:09 - 2018-12-24 17:11 - 000000239 _____ C:\Users\Moyete\Desktop\Search.txt
2018-12-24 16:47 - 2018-12-24 16:48 - 000009257 _____ C:\Users\Moyete\Desktop\Fixlog.txt
2018-12-23 16:52 - 2018-12-23 18:08 - 000000000 ____D C:\b4335e464b9a53356f5b774dca
2018-12-23 13:47 - 2018-12-24 16:44 - 000000000 ____D C:\Users\Moyete\Desktop\FRST-OlderVersion
2018-12-23 13:42 - 2018-12-23 13:42 - 000000000 ____D C:\Users\Moyete\Documents\jobs 2018
2018-12-22 21:14 - 2018-12-22 21:14 - 127229528 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-12-22 21:09 - 2018-12-22 21:37 - 000000000 ____D C:\Windows\system32\MRT
2018-12-22 21:09 - 2018-12-22 21:35 - 134209608 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-12-22 19:54 - 2018-12-22 19:59 - 000000000 ____D C:\50ec2f89873eba945e
2018-12-22 19:22 - 2018-12-22 19:22 - 000001748 _____ C:\Users\Moyete\Desktop\ZHPCleaner.txt
2018-12-22 19:22 - 2018-12-22 19:22 - 000000832 _____ C:\Users\Moyete\Desktop\ZHPCleaner.lnk
2018-12-22 19:22 - 2018-12-22 19:22 - 000000000 ____D C:\Users\Moyete\AppData\Roaming\ZHP
2018-12-22 19:22 - 2018-12-22 19:22 - 000000000 ____D C:\Users\Moyete\AppData\Local\ZHP
2018-12-22 18:58 - 2018-12-22 18:58 - 000002742 _____ C:\Users\Moyete\Desktop\AdwCleaner[S00].txt
2018-12-22 18:53 - 2018-11-10 19:09 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-12-22 18:53 - 2018-11-10 19:09 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-12-22 18:53 - 2018-11-10 19:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-12-22 18:53 - 2018-11-10 19:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-12-22 18:53 - 2018-11-10 19:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-12-22 18:53 - 2018-11-10 19:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-12-22 18:53 - 2018-11-10 19:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-12-22 18:53 - 2018-11-10 19:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-12-22 18:53 - 2018-11-10 19:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-12-22 18:53 - 2018-11-10 19:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-12-22 18:53 - 2018-11-10 19:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-12-22 18:53 - 2018-11-10 19:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-12-22 18:53 - 2018-11-10 19:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-12-22 18:53 - 2018-11-10 19:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-12-22 18:53 - 2018-11-10 19:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-12-22 18:53 - 2018-11-10 19:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-12-22 18:53 - 2018-11-10 19:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-12-22 18:53 - 2018-11-10 19:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-12-22 18:53 - 2018-11-10 19:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-12-22 18:53 - 2018-11-10 19:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-12-22 18:53 - 2018-11-10 19:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-12-22 18:53 - 2018-11-10 19:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-12-22 18:53 - 2018-11-10 19:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-12-22 18:53 - 2018-11-10 19:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-12-22 18:53 - 2018-11-10 18:40 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-12-22 18:53 - 2018-11-10 18:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-12-22 18:53 - 2018-11-10 18:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-12-22 18:53 - 2018-11-10 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-12-22 18:52 - 2018-12-05 20:35 - 002405376 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-12-22 18:52 - 2018-11-28 15:50 - 012574208 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2018-12-22 18:52 - 2018-11-28 15:50 - 011411968 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2018-12-22 18:52 - 2018-11-28 15:38 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2018-12-22 18:52 - 2018-11-28 15:38 - 000004608 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2018-12-22 18:52 - 2018-11-28 15:38 - 000004608 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2018-12-22 18:52 - 2018-11-11 10:50 - 000189672 _____ (Microsoft Corporation) C:\Windows\system32\halmacpi.dll
2018-12-22 18:52 - 2018-11-11 10:50 - 000189672 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-12-22 18:52 - 2018-11-11 10:49 - 004054760 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2018-12-22 18:52 - 2018-11-11 10:49 - 003960040 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-12-22 18:52 - 2018-11-11 10:49 - 000162536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2018-12-22 18:52 - 2018-11-11 10:49 - 000137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-12-22 18:52 - 2018-11-11 10:49 - 000136424 _____ (Microsoft Corporation) C:\Windows\system32\halacpi.dll
2018-12-22 18:52 - 2018-11-11 10:49 - 000067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-12-22 18:52 - 2018-11-11 10:47 - 001310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-12-22 18:52 - 2018-11-11 10:45 - 001063424 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-12-22 18:52 - 2018-11-11 10:45 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-12-22 18:52 - 2018-11-11 10:45 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-12-22 18:52 - 2018-11-11 10:45 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-12-22 18:52 - 2018-11-11 10:45 - 000261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-12-22 18:52 - 2018-11-11 10:45 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-12-22 18:52 - 2018-11-11 10:45 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-12-22 18:52 - 2018-11-11 10:45 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-12-22 18:52 - 2018-11-11 10:45 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-12-22 18:52 - 2018-11-11 10:45 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-12-22 18:52 - 2018-11-11 10:45 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-12-22 18:52 - 2018-11-11 10:45 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-12-22 18:52 - 2018-11-11 10:45 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-12-22 18:52 - 2018-11-11 10:45 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-12-22 18:52 - 2018-11-11 10:45 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-12-22 18:52 - 2018-11-11 10:45 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-12-22 18:52 - 2018-11-11 10:44 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-12-22 18:52 - 2018-11-11 10:44 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-12-22 18:52 - 2018-11-11 10:44 - 000307200 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2018-12-22 18:52 - 2018-11-11 10:44 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-12-22 18:52 - 2018-11-11 10:44 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-12-22 18:52 - 2018-11-11 10:44 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-12-22 18:52 - 2018-11-11 10:44 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-12-22 18:52 - 2018-11-11 10:44 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-12-22 18:52 - 2018-11-11 10:20 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-12-22 18:52 - 2018-11-11 10:20 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-12-22 18:52 - 2018-11-11 10:20 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-12-22 18:52 - 2018-11-11 10:20 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-12-22 18:52 - 2018-11-11 10:19 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-12-22 18:52 - 2018-11-11 10:17 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-12-22 18:52 - 2018-11-11 10:17 - 000107008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-12-22 18:52 - 2018-11-11 10:15 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-12-22 18:52 - 2018-11-11 10:14 - 000125952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-12-22 18:52 - 2018-11-11 10:14 - 000098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-12-22 18:52 - 2018-11-11 10:14 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-12-22 18:52 - 2018-11-11 10:14 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-12-22 18:52 - 2018-11-11 10:14 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-12-22 18:52 - 2018-11-11 10:14 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-12-22 18:52 - 2018-11-11 10:13 - 000055296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2018-12-22 18:52 - 2018-11-11 10:13 - 000053760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2018-12-22 18:52 - 2018-11-11 10:13 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\viac7.sys
2018-12-22 18:52 - 2018-11-11 10:13 - 000052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2018-12-22 18:52 - 2018-11-11 10:13 - 000052224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2018-12-22 18:52 - 2018-11-10 19:11 - 000171008 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-12-22 18:52 - 2018-11-10 19:10 - 001425920 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2018-12-22 18:52 - 2018-11-10 19:10 - 000872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-12-22 18:52 - 2018-11-10 19:10 - 000380928 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2018-12-22 18:52 - 2018-11-10 19:10 - 000294400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-12-22 18:52 - 2018-11-10 19:10 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2018-12-22 18:52 - 2018-11-10 18:47 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2018-12-22 18:52 - 2018-11-10 18:43 - 000271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-12-22 18:52 - 2018-11-08 10:43 - 001391104 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-12-22 18:52 - 2018-11-08 10:43 - 001241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2018-12-22 18:52 - 2018-11-08 10:43 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2018-12-22 18:52 - 2018-11-08 10:43 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2018-12-22 18:52 - 2018-11-05 22:20 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2018-12-22 18:52 - 2018-10-26 21:27 - 000173568 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll
2018-12-22 18:52 - 2018-10-26 21:27 - 000164352 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2018-12-22 18:52 - 2018-10-26 21:27 - 000121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2018-12-22 18:52 - 2018-10-26 21:04 - 000141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2018-12-22 18:52 - 2018-10-26 21:04 - 000126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2018-12-22 18:52 - 2018-10-26 21:04 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\wshcon.dll
2018-12-22 18:52 - 2018-10-26 21:04 - 000015360 _____ (Microsoft Corporation) C:\Windows\system32\dispex.dll
2018-12-22 18:52 - 2018-10-06 09:50 - 000309480 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-12-22 18:52 - 2018-10-06 09:44 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-12-22 18:52 - 2018-10-06 09:43 - 000071680 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-12-22 18:52 - 2018-10-06 09:43 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2018-12-22 18:52 - 2018-10-06 09:43 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2018-12-22 18:52 - 2018-10-06 09:16 - 000034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-12-22 18:52 - 2018-10-06 07:42 - 001988096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2018-12-22 18:52 - 2018-09-22 20:37 - 001549312 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2018-12-22 18:52 - 2018-09-22 20:37 - 001400320 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2018-12-22 18:52 - 2018-09-22 20:37 - 000666624 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2018-12-22 18:52 - 2018-09-22 20:37 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2018-12-22 18:52 - 2018-09-22 20:37 - 000197120 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2018-12-22 18:52 - 2018-09-22 20:37 - 000104448 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2018-12-22 18:52 - 2018-09-22 20:37 - 000059392 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2018-12-22 18:52 - 2018-09-22 20:37 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2018-12-22 18:52 - 2018-09-22 20:22 - 000427520 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2018-12-22 18:52 - 2018-09-22 20:22 - 000164352 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2018-12-22 18:52 - 2018-09-22 20:21 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2018-12-22 18:52 - 2018-09-22 20:21 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2018-12-22 18:52 - 2018-09-19 02:08 - 000343552 _____ (Microsoft Corporation) C:\Windows\system32\msrd3x40.dll
2018-12-22 18:52 - 2018-09-08 18:46 - 001214152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2018-12-22 18:52 - 2018-09-08 18:46 - 000730824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2018-12-22 18:52 - 2018-09-08 18:46 - 000219336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2018-12-22 18:52 - 2018-09-08 18:44 - 002755584 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2018-12-22 18:52 - 2018-09-08 18:42 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2018-12-22 18:52 - 2018-08-31 09:08 - 001311744 _____ (Microsoft Corporation) C:\Windows\system32\msjet40.dll
2018-12-22 18:52 - 2018-08-31 09:08 - 000340480 _____ (Microsoft Corporation) C:\Windows\system32\msexcl40.dll
2018-12-22 18:52 - 2018-08-29 19:47 - 001230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2018-12-22 18:52 - 2018-08-27 23:41 - 000190976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2018-12-22 18:52 - 2018-08-27 21:48 - 000419608 _____ C:\Windows\system32\locale.nls
2018-12-22 18:52 - 2018-08-15 20:14 - 000041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2018-12-22 18:52 - 2018-08-13 15:48 - 000940784 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2018-12-22 18:52 - 2018-08-13 09:41 - 000527872 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2018-12-22 18:52 - 2018-08-13 09:40 - 012880896 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2018-12-22 18:52 - 2018-08-13 09:40 - 001499648 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2018-12-22 18:52 - 2018-08-13 09:40 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
2018-12-22 18:52 - 2018-08-13 09:40 - 000004608 _____ (Microsoft Corporation) C:\Windows\system32\msimg32.dll
2018-12-22 18:52 - 2018-08-12 14:18 - 000240808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2018-12-22 18:52 - 2018-08-12 14:17 - 001311400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2018-12-22 18:52 - 2018-08-12 14:17 - 000187560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2018-12-22 18:52 - 2018-08-12 14:17 - 000122536 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-12-22 18:52 - 2018-08-12 14:14 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2018-12-22 18:52 - 2018-08-12 14:13 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-12-22 18:52 - 2018-08-10 09:41 - 000564736 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2018-12-22 18:52 - 2018-08-10 09:40 - 000463360 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2018-12-22 18:52 - 2018-08-10 09:40 - 000089088 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
2018-12-22 18:52 - 2018-08-10 09:20 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2018-12-22 18:52 - 2018-08-10 09:20 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
2018-12-22 18:52 - 2018-08-08 09:40 - 000158720 _____ (Microsoft Corporation) C:\Windows\system32\itircl.dll
2018-12-22 18:52 - 2018-08-08 09:40 - 000142848 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
2018-12-22 18:52 - 2018-08-03 09:39 - 000084992 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2018-12-22 18:52 - 2018-07-29 09:40 - 000751104 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2018-12-22 18:52 - 2018-07-18 09:14 - 000068608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2018-12-22 18:52 - 2018-07-06 09:54 - 000713408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2018-12-22 18:52 - 2018-06-29 09:40 - 000549376 _____ (Microsoft Corporation) C:\Windows\system32\cscsvc.dll
2018-12-22 18:52 - 2018-06-29 09:40 - 000109568 _____ (Microsoft Corporation) C:\Windows\system32\CscMig.dll
2018-12-22 18:52 - 2018-06-29 09:40 - 000023040 _____ (Microsoft Corporation) C:\Windows\system32\cscdll.dll
2018-12-22 18:52 - 2018-06-29 09:10 - 000389632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\csc.sys
2018-12-22 18:52 - 2018-06-29 09:09 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\cscapi.dll
2018-12-22 18:52 - 2018-06-27 09:50 - 000105152 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2018-12-22 18:52 - 2018-06-27 09:43 - 000363520 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2018-12-22 18:52 - 2018-06-27 09:42 - 002366464 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2018-12-22 18:52 - 2018-06-27 09:42 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2018-12-22 18:52 - 2018-06-27 09:42 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2018-12-22 18:52 - 2018-06-27 09:41 - 001806848 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2018-12-22 18:52 - 2018-06-27 09:41 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2018-12-22 18:52 - 2018-06-27 09:16 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2018-12-22 18:52 - 2018-06-08 09:55 - 000330240 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll
2018-12-22 18:52 - 2018-06-08 09:54 - 000269824 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2018-12-22 18:52 - 2018-06-08 09:54 - 000131584 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2018-12-22 18:52 - 2018-06-08 09:28 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe
2018-12-22 18:52 - 2018-05-30 07:04 - 000535616 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-12-22 18:52 - 2018-05-30 07:04 - 000410080 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2018-12-22 18:52 - 2018-05-30 07:04 - 000374872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2018-12-22 18:52 - 2018-05-14 21:13 - 003207168 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2018-12-22 18:52 - 2018-05-14 21:13 - 000782848 _____ (Microsoft Corporation) C:\Windows\system32\webservices.dll
2018-12-22 18:52 - 2018-05-14 21:13 - 000103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2018-12-22 18:52 - 2018-05-14 21:13 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2018-12-22 18:52 - 2018-05-14 21:01 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2018-12-22 18:52 - 2018-05-14 21:01 - 000023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2018-12-22 18:52 - 2018-05-11 19:56 - 000056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2018-12-22 18:52 - 2018-05-11 19:56 - 000025984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2018-12-22 18:52 - 2018-05-11 19:56 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
2018-12-22 18:52 - 2018-05-10 18:40 - 000741888 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2018-12-22 18:52 - 2018-05-10 18:40 - 000084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2018-12-22 18:52 - 2018-05-02 09:30 - 000285184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2018-12-22 18:52 - 2018-05-02 09:30 - 000259584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2018-12-22 18:52 - 2018-05-02 09:30 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2018-12-22 18:52 - 2018-05-02 09:30 - 000046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2018-12-22 18:52 - 2018-05-02 09:30 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2018-12-22 18:52 - 2018-05-02 09:30 - 000020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2018-12-22 18:52 - 2018-05-02 09:29 - 000006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2018-12-22 18:52 - 2018-04-26 07:05 - 000918296 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2018-12-22 18:52 - 2018-04-26 07:05 - 000065880 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2018-12-22 18:52 - 2018-04-26 07:05 - 000021848 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2018-12-22 18:52 - 2018-04-26 07:05 - 000018776 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2018-12-22 18:52 - 2018-04-26 07:05 - 000017240 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2018-12-22 18:52 - 2018-04-26 07:05 - 000017240 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2018-12-22 18:52 - 2018-04-26 07:05 - 000015704 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2018-12-22 18:52 - 2018-04-26 07:05 - 000015192 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2018-12-22 18:52 - 2018-04-26 07:05 - 000013656 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2018-12-22 18:52 - 2018-04-26 07:05 - 000013656 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2018-12-22 18:52 - 2018-04-26 07:05 - 000013152 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2018-12-22 18:52 - 2018-04-26 07:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2018-12-22 18:52 - 2018-04-26 07:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2018-12-22 18:52 - 2018-04-26 07:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2018-12-22 18:52 - 2018-04-26 07:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2018-12-22 18:52 - 2018-04-26 07:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2018-12-22 18:52 - 2018-04-26 07:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2018-12-22 18:52 - 2018-04-26 07:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2018-12-22 18:52 - 2018-04-26 07:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2018-12-22 18:52 - 2018-04-26 07:05 - 000011096 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2018-12-22 18:52 - 2018-04-26 07:05 - 000011096 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2018-12-22 18:52 - 2018-04-26 07:05 - 000011096 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2018-12-22 18:52 - 2018-04-26 07:05 - 000011096 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2018-12-22 18:52 - 2018-04-25 09:54 - 000088576 _____ (Microsoft Corporation) C:\Windows\system32\wkssvc.dll
2018-12-22 18:52 - 2018-04-25 09:17 - 000088576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2018-12-22 18:52 - 2018-04-22 17:40 - 000582144 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2018-12-22 18:52 - 2018-04-18 09:51 - 000523776 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx
2018-12-22 18:52 - 2018-04-18 09:51 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\hhsetup.dll
2018-12-22 18:52 - 2018-04-18 09:35 - 000015360 _____ (Microsoft Corporation) C:\Windows\hh.exe
2018-12-22 18:52 - 2018-04-10 10:34 - 000167936 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2018-12-22 18:52 - 2018-04-10 10:33 - 001241600 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2018-12-22 18:52 - 2018-04-10 10:32 - 000487936 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2018-12-22 18:52 - 2018-04-10 10:00 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2018-12-22 18:52 - 2018-04-10 09:52 - 000317440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2018-12-22 18:52 - 2018-04-10 09:50 - 000314368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2018-12-22 18:52 - 2018-04-10 09:50 - 000117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2018-12-22 18:52 - 2018-04-07 10:42 - 000250560 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2018-12-22 18:52 - 2018-03-14 11:16 - 002953216 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2018-12-22 18:52 - 2018-03-14 11:16 - 000174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2018-12-22 18:52 - 2018-03-14 11:10 - 000073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2018-12-22 18:52 - 2018-03-14 10:57 - 002092032 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2018-12-22 18:52 - 2018-03-14 10:57 - 000573440 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2018-12-22 18:52 - 2018-03-14 10:57 - 000136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2018-12-22 18:52 - 2018-03-14 10:57 - 000093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2018-12-22 18:52 - 2018-03-14 10:57 - 000035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2018-12-22 18:52 - 2018-03-14 10:57 - 000035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2018-12-22 18:52 - 2018-03-14 10:57 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2018-12-22 18:52 - 2018-03-14 10:57 - 000011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2018-12-22 18:52 - 2018-03-06 12:13 - 000148160 _____ (Microsoft Corporation) C:\Windows\system32\basecsp.dll
2018-12-22 18:52 - 2018-03-06 12:11 - 000184320 _____ (Microsoft Corporation) C:\Windows\system32\scksp.dll
2018-12-22 18:52 - 2018-03-06 12:11 - 000052224 _____ (Microsoft Corporation) C:\Windows\system32\wsnmp32.dll
2018-12-22 18:52 - 2018-02-21 21:06 - 000134656 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2018-12-22 18:52 - 2018-02-10 12:49 - 000154304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2018-12-22 18:52 - 2018-02-10 12:49 - 000104640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NV_AGP.SYS
2018-12-22 18:52 - 2018-02-10 12:49 - 000057024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ULIAGPKX.SYS
2018-12-22 18:52 - 2018-02-10 12:49 - 000053440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys
2018-12-22 18:52 - 2018-02-10 12:49 - 000052928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys
2018-12-22 18:52 - 2018-02-10 12:49 - 000052928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\VIAAGP.SYS
2018-12-22 18:52 - 2018-02-10 12:49 - 000051904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\SISAGP.SYS
2018-12-22 18:52 - 2018-02-10 12:49 - 000046272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\isapnp.sys
2018-12-22 18:52 - 2018-02-10 12:49 - 000032448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vdrvroot.sys
2018-12-22 18:52 - 2018-02-10 12:49 - 000027840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssmbios.sys
2018-12-22 18:52 - 2018-02-10 12:49 - 000021696 _____ (Microsoft Corporation) C:\Windows\system32\streamci.dll
2018-12-22 18:52 - 2018-02-10 12:49 - 000013504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msisadrv.sys
2018-12-22 18:52 - 2018-02-10 12:49 - 000011840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\swenum.sys
2018-12-22 18:52 - 2018-02-10 12:48 - 000274624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys
2018-12-22 18:52 - 2018-02-10 12:48 - 000052928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AMDAGP.SYS
2018-12-22 18:52 - 2018-02-10 12:48 - 000052928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AGP440.sys
2018-12-22 18:52 - 2018-02-10 12:23 - 002292224 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2018-12-22 18:52 - 2018-02-10 12:23 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\racpldlg.dll
2018-12-22 18:52 - 2018-02-10 12:23 - 000102912 _____ (Microsoft Corporation) C:\Windows\system32\msrahc.dll
2018-12-22 18:52 - 2018-02-10 11:36 - 000537600 _____ (Microsoft Corporation) C:\Windows\system32\msra.exe
2018-12-22 18:52 - 2018-02-10 11:36 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\sdchange.exe
2018-12-22 18:52 - 2018-02-10 11:36 - 000011264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmiacpi.sys
2018-12-22 18:52 - 2018-02-10 11:36 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\MsraLegacy.tlb
2018-12-22 18:52 - 2018-02-10 11:36 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\errdev.sys
2018-12-22 18:52 - 2018-01-12 10:26 - 000308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2018-12-22 18:52 - 2018-01-12 10:16 - 003405824 _____ (Microsoft Corporation) C:\Windows\system32\xpsrchvw.exe
2018-12-22 18:52 - 2018-01-11 10:22 - 000805376 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2018-12-22 18:52 - 2017-12-31 20:00 - 001155584 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2018-12-22 18:52 - 2017-12-31 20:00 - 001004032 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistSvc.dll
2018-12-22 18:52 - 2017-12-31 20:00 - 000328192 _____ (Microsoft Corporation) C:\Windows\system32\p2psvc.dll
2018-12-22 18:52 - 2017-12-31 20:00 - 000269824 _____ (Microsoft Corporation) C:\Windows\system32\pnrpsvc.dll
2018-12-22 18:52 - 2017-12-31 20:00 - 000217600 _____ (Microsoft Corporation) C:\Windows\system32\P2P.dll
2018-12-22 18:52 - 2017-12-31 20:00 - 000139776 _____ (Microsoft Corporation) C:\Windows\system32\PeerDist.dll
2018-12-22 18:52 - 2017-12-31 20:00 - 000095744 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistWSDDiscoProv.dll
2018-12-22 18:52 - 2017-12-31 20:00 - 000053760 _____ (Microsoft Corporation) C:\Windows\system32\vmicres.dll
2018-12-22 18:52 - 2017-12-31 20:00 - 000033280 _____ (Microsoft Corporation) C:\Windows\system32\traffic.dll
2018-12-22 18:52 - 2017-12-31 20:00 - 000010752 _____ (Microsoft Corporation) C:\Windows\system32\wshnetbs.dll
2018-12-22 18:52 - 2017-12-31 19:54 - 000201960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys
2018-12-22 18:52 - 2017-12-31 19:54 - 000173288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys
2018-12-22 18:52 - 2017-12-31 19:50 - 000317952 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2018-12-22 18:52 - 2017-12-31 19:44 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistHttpTrans.dll
2018-12-22 18:52 - 2017-12-31 19:43 - 000104448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys
2018-12-22 18:52 - 2017-12-31 19:43 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys
2018-12-22 18:52 - 2017-12-31 19:43 - 000013824 _____ (Microsoft Corporation) C:\Windows\system32\wshqos.dll
2018-12-22 18:52 - 2017-12-31 19:38 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\vmicsvc.exe
2018-12-22 18:52 - 2017-12-31 19:38 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\IcCoinstall.dll
2018-12-22 18:52 - 2017-12-31 19:38 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\vmictimeprovider.dll
2018-12-22 18:52 - 2017-12-31 19:35 - 000514048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2018-12-22 18:52 - 2017-12-05 11:08 - 001176576 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2018-12-22 18:52 - 2017-12-05 11:08 - 000481792 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2018-12-22 18:52 - 2017-12-05 11:08 - 000215040 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2018-12-22 18:52 - 2017-12-05 11:08 - 000179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2018-12-22 18:52 - 2017-12-05 11:08 - 000145920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2018-12-22 18:52 - 2017-12-05 11:08 - 000106496 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2018-12-22 18:52 - 2017-12-05 11:08 - 000072704 _____ (Microsoft Corporation) C:\Windows\system32\TabSvc.dll
2018-12-22 18:52 - 2017-12-05 09:54 - 000334848 _____ (Microsoft Corporation) C:\Windows\system32\wisptis.exe
2018-12-22 18:52 - 2017-12-05 09:49 - 000032768 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2018-12-22 18:52 - 2017-11-02 09:11 - 000271360 _____ (Microsoft Corporation) C:\Windows\system32\iprtrmgr.dll
2018-12-22 18:52 - 2017-11-02 09:11 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\rtm.dll
2018-12-22 18:52 - 2017-11-02 09:11 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\mprdim.dll
2018-12-22 18:52 - 2017-11-02 08:56 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\iprtprio.dll
2018-12-22 18:52 - 2017-10-16 16:46 - 000953344 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
2018-12-22 18:52 - 2017-10-11 18:14 - 000247808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2018-12-22 18:49 - 2018-12-14 17:14 - 000348760 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-12-22 18:49 - 2018-12-14 00:58 - 020280832 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-12-22 18:49 - 2018-12-14 00:51 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-12-22 18:49 - 2018-12-14 00:51 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-12-22 18:49 - 2018-12-14 00:41 - 000498176 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-12-22 18:49 - 2018-12-14 00:41 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-12-22 18:49 - 2018-12-14 00:40 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-12-22 18:49 - 2018-12-14 00:40 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-12-22 18:49 - 2018-12-14 00:39 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-12-22 18:49 - 2018-12-14 00:38 - 002295808 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-12-22 18:49 - 2018-12-14 00:35 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-12-22 18:49 - 2018-12-14 00:35 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-12-22 18:49 - 2018-12-14 00:34 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-12-22 18:49 - 2018-12-14 00:33 - 000663040 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-12-22 18:49 - 2018-12-14 00:33 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-12-22 18:49 - 2018-12-14 00:33 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-12-22 18:49 - 2018-12-14 00:32 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-12-22 18:49 - 2018-12-14 00:29 - 000668160 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-12-22 18:49 - 2018-12-14 00:26 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-12-22 18:49 - 2018-12-14 00:23 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-12-22 18:49 - 2018-12-14 00:22 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-12-22 18:49 - 2018-12-14 00:22 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-12-22 18:49 - 2018-12-14 00:20 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-12-22 18:49 - 2018-12-14 00:19 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-12-22 18:49 - 2018-12-14 00:19 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-12-22 18:49 - 2018-12-14 00:18 - 004494848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-12-22 18:49 - 2018-12-14 00:18 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-12-22 18:49 - 2018-12-14 00:14 - 013681152 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-12-22 18:49 - 2018-12-14 00:13 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-12-22 18:49 - 2018-12-14 00:11 - 002059776 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-12-22 18:49 - 2018-12-14 00:11 - 000696320 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-12-22 18:49 - 2018-12-14 00:11 - 000692224 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-12-22 18:49 - 2018-12-14 00:10 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-12-22 18:49 - 2018-12-13 23:58 - 004386816 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-12-22 18:49 - 2018-12-13 23:54 - 001330176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-12-22 18:49 - 2018-12-13 23:52 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-12-22 18:48 - 2018-06-08 07:05 - 002703872 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-12-22 18:48 - 2018-06-08 07:05 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-12-22 18:48 - 2018-06-08 07:05 - 000619520 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-12-22 18:48 - 2018-06-08 07:05 - 000517120 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-12-22 18:48 - 2018-06-08 07:05 - 000358912 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-12-22 18:48 - 2018-06-08 07:05 - 000353792 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-12-22 18:48 - 2018-06-08 07:05 - 000246272 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-12-22 18:48 - 2018-06-08 07:05 - 000202752 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-12-22 18:43 - 2018-12-22 18:58 - 000000000 ____D C:\AdwCleaner
2018-12-22 18:42 - 2018-12-22 18:42 - 000001537 _____ C:\Users\Moyete\Desktop\malwarebytes.txt
2018-12-22 18:03 - 2018-12-10 16:04 - 000499424 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2018-12-22 17:58 - 2018-12-22 17:58 - 000002024 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-12-22 17:58 - 2018-12-22 17:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-12-22 17:58 - 2018-12-22 17:58 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-12-22 17:58 - 2018-12-04 08:09 - 000129248 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
2018-12-22 17:45 - 2018-12-22 17:47 - 081227760 _____ (Malwarebytes ) C:\Users\Moyete\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.508-1.0.8211.exe
2018-12-22 15:58 - 2018-12-22 15:58 - 007320272 _____ (Malwarebytes) C:\Users\Moyete\Downloads\adwcleaner_7.2.6.0.exe
2018-12-22 15:58 - 2018-12-22 15:58 - 003297664 _____ C:\Users\Moyete\Downloads\ZHPCleaner.exe
2018-12-22 15:27 - 2018-12-22 15:27 - 000000000 ____D C:\Users\Moyete\AppData\Roaming\PeerNetworking
2018-12-21 16:59 - 2018-12-23 13:48 - 000021219 _____ C:\Users\Moyete\Desktop\Addition.txt
2018-12-21 16:58 - 2018-12-25 16:51 - 000012369 _____ C:\Users\Moyete\Desktop\FRST.txt
2018-12-21 16:57 - 2018-12-25 16:50 - 000000000 ____D C:\FRST
2018-12-21 16:55 - 2018-12-24 16:44 - 001779712 _____ (Farbar) C:\Users\Moyete\Desktop\FRST.exe
2018-12-21 10:04 - 2018-12-21 10:04 - 000018432 _____ C:\Users\Moyete\Downloads\VIDEO_TS (4).IFO
2018-12-21 10:04 - 2018-12-21 10:04 - 000018432 _____ C:\Users\Moyete\Downloads\VIDEO_TS (3).IFO
2018-12-21 10:04 - 2018-12-21 10:04 - 000018432 _____ C:\Users\Moyete\Downloads\VIDEO_TS (2).IFO
2018-12-21 10:03 - 2018-12-21 10:03 - 000018432 _____ C:\Users\Moyete\Downloads\VIDEO_TS.IFO
2018-12-21 10:03 - 2018-12-21 10:03 - 000018432 _____ C:\Users\Moyete\Downloads\VIDEO_TS (1).IFO
2018-12-21 09:56 - 2018-12-21 09:56 - 000008192 _____ C:\Users\Moyete\Downloads\VIDEO_TS.VOB
2018-12-21 09:54 - 2018-12-21 09:54 - 000159744 _____ C:\Users\Moyete\Downloads\VTS_01_0.VOB
2018-12-21 09:54 - 2018-12-21 09:54 - 000045056 _____ C:\Users\Moyete\Downloads\VTS_01_0.IFO
2018-12-13 10:39 - 2018-12-13 10:39 - 000000000 ____D C:\KVRT_Data
2018-12-12 21:28 - 2018-12-13 01:42 - 000262144 _____ C:\Windows\system32\config\ELAM
2018-12-12 21:22 - 2018-12-12 22:27 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2018-12-12 20:51 - 2018-12-12 20:51 - 002378800 _____ (Kaspersky Lab) C:\Users\Moyete\Downloads\kfa18.0.0.405abes_13158.exe
2018-12-12 18:25 - 2018-12-12 18:25 - 000000000 ____D C:\Program Files\Common Files\Oracle
2018-12-12 18:18 - 2018-12-12 18:18 - 000000000 ____D C:\Program Files\Common Files\Java
2018-12-11 15:48 - 2018-12-11 15:49 - 000413977 _____ C:\Users\Moyete\Downloads\statement_807716624.pdf
2018-12-03 09:19 - 2018-12-03 09:19 - 000313992 _____ C:\Users\Moyete\Downloads\565820400418 (10).pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-25 16:50 - 2017-05-15 13:53 - 000000000 ____D C:\Users\Moyete\AppData\LocalLow\Mozilla
2018-12-25 16:44 - 2017-10-24 09:57 - 000000000 ____D C:\Program Files\Common Files\avast software
2018-12-25 16:44 - 2017-05-15 14:02 - 000000000 ____D C:\Program Files\AVAST Software
2018-12-25 16:44 - 2017-05-15 14:01 - 000000000 ____D C:\ProgramData\AVAST Software
2018-12-25 16:44 - 2009-07-13 22:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-12-25 16:34 - 2009-07-13 22:34 - 000021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-12-25 16:34 - 2009-07-13 22:34 - 000021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-12-25 16:23 - 2009-07-13 22:53 - 000032636 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-12-23 16:53 - 2010-11-20 18:30 - 000747396 _____ C:\Windows\system32\perfh00A.dat
2018-12-23 16:53 - 2010-11-20 18:30 - 000158868 _____ C:\Windows\system32\perfc00A.dat
2018-12-23 16:53 - 2010-11-20 15:01 - 001650540 _____ C:\Windows\system32\PerfStringBackup.INI
2018-12-23 16:53 - 2009-07-13 20:37 - 000000000 ____D C:\Windows\inf
2018-12-22 20:54 - 2017-05-15 13:40 - 000112232 _____ C:\Users\Moyete\AppData\Local\GDIPFONTCACHEV1.DAT
2018-12-22 20:52 - 2009-07-13 22:33 - 000451448 _____ C:\Windows\system32\FNTCACHE.DAT
2018-12-22 20:50 - 2009-07-13 20:37 - 000000000 ____D C:\Windows\system32\Setup
2018-12-22 20:50 - 2009-07-13 20:37 - 000000000 ____D C:\Windows\PolicyDefinitions
2018-12-22 20:49 - 2017-05-25 09:20 - 000000000 ____D C:\Windows\system32\appraiser
2018-12-22 20:07 - 2009-07-13 20:37 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-12-22 20:02 - 2009-07-13 20:04 - 000000478 _____ C:\Windows\win.ini
2018-12-22 16:28 - 2009-07-13 20:37 - 000000000 ____D C:\Windows\system32\NDF
2018-12-21 17:58 - 2017-05-15 13:35 - 000000000 ____D C:\Users\Moyete\AppData\Local\Microsoft Help
2018-12-21 15:47 - 2017-05-19 15:32 - 000000000 ____D C:\Users\Moyete\Documents\Fax
2018-12-21 15:47 - 2009-07-13 20:37 - 000000000 ____D C:\Windows\ModemLogs
2018-12-14 17:25 - 2017-05-15 13:52 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2018-12-14 17:25 - 2017-05-15 13:52 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-12-13 01:41 - 2017-05-15 14:06 - 000000000 ____D C:\Program Files\Common Files\AV
2018-12-12 22:25 - 2017-12-13 21:23 - 000000000 ____D C:\Users\Moyete\AppData\Local\AVAST Software
2018-12-12 19:27 - 2009-07-13 20:37 - 000000000 __RHD C:\Users\Public\Libraries
2018-12-12 18:26 - 2017-05-15 13:49 - 000002168 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-12-12 18:25 - 2017-05-15 13:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-12-12 18:25 - 2017-05-15 13:55 - 000000000 ____D C:\Program Files\Java
2018-12-12 18:16 - 2017-05-15 13:55 - 000096632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2018-12-12 10:03 - 2017-05-15 14:01 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-12-09 15:10 - 2018-11-04 15:48 - 000000000 ____D C:\Users\Moyete\AppData\Local\ESET
2018-11-29 09:38 - 2017-05-15 13:44 - 000000408 _____ C:\Windows\Tasks\Driver Easy Scheduled Scan.job

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-12-14 18:13

==================== End of FRST.txt ============================

Gracias y disculpa por envio incompleto.


#17

Hola @CxW7Gab;

El equipo esta limpio solo quedaron muchos rastros de Avast…:scream:

Sigue estos pasos:

1.- Muy Importante >>> Realizar una copia de Seguridad de su Registro.

  • Descarga DelFix en el escritorio de Windows.
  • Clic Derecho, “Ejecutar como Administrador”.
  • En la ventana principal, marca solamente la casilla “Create Registry Backup”.
  • Clic en Run.

Al terminar se abrirá un reporte llamado DelFix.txt, guárdelo por si fuera necesario y cierre la herramienta…

2.- Inicie su ordenador en >>> Modo Seguro

Luego vaya a::

Inicio >>> Ejecutar >>> Escribe notepad.exe o abra un nuevo archivo Notepad y copie y pegue lo siguiente:

Start
CloseProcesses:
(AVAST Software) C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe
C:\Program Files\AVAST Software
HKU\S-1-5-21-2713976509-1318226811-4177288055-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [13594584 2018-06-24] (Piriform Ltd)
CHR Extension: (No Name) - C:\Users\Moyete\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcbhdhpamoencpdogjnmnbjddipfkpad [2018-11-05]
S4 avast; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-03-26] (AVAST Software)
S4 avastm; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-03-26] (AVAST Software)
2018-12-25 16:44 - 2017-10-24 09:57 - 000000000 ____D C:\Program Files\Common Files\avast software
2018-12-25 16:44 - 2017-05-15 14:02 - 000000000 ____D C:\Program Files\AVAST Software
2018-12-25 16:44 - 2017-05-15 14:01 - 000000000 ____D C:\ProgramData\AVAST Software
2018-12-12 22:25 - 2017-12-13 21:23 - 000000000 ____D C:\Users\Moyete\AppData\Local\AVAST Software
2018-12-09 15:10 - 2018-11-04 15:48 - 000000000 ____D C:\Users\Moyete\AppData\Local\ESET
2018-12-13 10:39 - 2018-12-13 10:39 - 000000000 ____D C:\KVRT_Data
Avast Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.136.333 - AVAST Software) Hidden
Task: {30CD0020-5674-48EE-8D70-6F3716E8B9ED} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-03-26] (AVAST Software)
Task: {636C883C-1F19-4A9F-847A-BFE16C3990EE} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-03-26] (AVAST Software)
Task: {F0C3AC62-6713-4D25-83BE-10933F43E46D} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {F3122ED4-DBEF-40E4-8B50-A9D3B48958B5} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\avast software\overseer\overseer.exe
MSCONFIG\Services: avast => 2
MSCONFIG\Services: avastm => 3
MSCONFIG\startupreg: AvastBrowserAutoLaunch_51DE317F4156A4F62EAF8D68C5C6B832 => "C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe" --check-run=src=logon --auto-launch-at-startup --profile-directory="Default" --restore-last-session
FirewallRules: [{7D6983A7-C041-448C-A067-F81F57C38724}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe No File
FirewallRules: [{88F4693B-5825-4125-9F7C-8CF5DA5AB5BC}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe No File
FirewallRules: [{BB65DC7D-83D3-48DA-B419-E9389715EA1A}] => (Allow) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe (AVAST Software)
2018-12-23 16:52 - 2018-12-23 18:08 - 000000000 ____D C:\b4335e464b9a53356f5b774dca
2018-12-22 19:54 - 2018-12-22 19:59 - 000000000 ____D C:\50ec2f89873eba945e
RemoveProxy:
EmptyTemp:
Hosts:
END
  • Lo guarda bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.

Nota: Es necesario que el ejecutable Frst.exe/Frst64.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajará.

  • Ejecute Frst.exe o Frst64.exe. según el caso.
  • Presione el botón Fix y aguarde a que termine.
  • La Herramienta guardará el reporte en su escritorio (Fixlog.txt).
  • Reinicia y lo pega en su próxima respuesta.

Nos comentas…

Salu2


#18

Hola: Te envio el último reporte

Fix result of Farbar Recovery Scan Tool (x86) Version: 24.12.2018
Ran by Moyete (27-12-2018 17:29:28) Run:2
Running from C:\Users\Moyete\Desktop
Loaded Profiles: Moyete (Available Profiles: Moyete)
Boot Mode: Safe Mode (minimal)

==============================================

fixlist content:
*****************
Start
CloseProcesses:
(AVAST Software) C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe
C:\Program Files\AVAST Software
HKU\S-1-5-21-2713976509-1318226811-4177288055-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [13594584 2018-06-24] (Piriform Ltd)
CHR Extension: (No Name) - C:\Users\Moyete\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcbhdhpamoencpdogjnmnbjddipfkpad [2018-11-05]
S4 avast; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-03-26] (AVAST Software)
S4 avastm; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-03-26] (AVAST Software)
2018-12-25 16:44 - 2017-10-24 09:57 - 000000000 ____D C:\Program Files\Common Files\avast software
2018-12-25 16:44 - 2017-05-15 14:02 - 000000000 ____D C:\Program Files\AVAST Software
2018-12-25 16:44 - 2017-05-15 14:01 - 000000000 ____D C:\ProgramData\AVAST Software
2018-12-12 22:25 - 2017-12-13 21:23 - 000000000 ____D C:\Users\Moyete\AppData\Local\AVAST Software
2018-12-09 15:10 - 2018-11-04 15:48 - 000000000 ____D C:\Users\Moyete\AppData\Local\ESET
2018-12-13 10:39 - 2018-12-13 10:39 - 000000000 ____D C:\KVRT_Data
Avast Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.136.333 - AVAST Software) Hidden
Task: {30CD0020-5674-48EE-8D70-6F3716E8B9ED} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-03-26] (AVAST Software)
Task: {636C883C-1F19-4A9F-847A-BFE16C3990EE} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-03-26] (AVAST Software)
Task: {F0C3AC62-6713-4D25-83BE-10933F43E46D} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {F3122ED4-DBEF-40E4-8B50-A9D3B48958B5} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\avast software\overseer\overseer.exe
MSCONFIG\Services: avast => 2
MSCONFIG\Services: avastm => 3
MSCONFIG\startupreg: AvastBrowserAutoLaunch_51DE317F4156A4F62EAF8D68C5C6B832 => "C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe" --check-run=src=logon --auto-launch-at-startup --profile-directory="Default" --restore-last-session
FirewallRules: [{7D6983A7-C041-448C-A067-F81F57C38724}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe No File
FirewallRules: [{88F4693B-5825-4125-9F7C-8CF5DA5AB5BC}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe No File
FirewallRules: [{BB65DC7D-83D3-48DA-B419-E9389715EA1A}] => (Allow) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe (AVAST Software)
2018-12-23 16:52 - 2018-12-23 18:08 - 000000000 ____D C:\b4335e464b9a53356f5b774dca
2018-12-22 19:54 - 2018-12-22 19:59 - 000000000 ____D C:\50ec2f89873eba945e
RemoveProxy:
EmptyTemp:
Hosts:
END
*****************

Processes closed successfully.
C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe => No running process found
C:\Program Files\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe => No running process found
C:\Program Files\AVAST Software => moved successfully
"HKU\S-1-5-21-2713976509-1318226811-4177288055-1000\Software\Microsoft\Windows\CurrentVersion\Run\\CCleaner Monitoring" => removed successfully.
CHR Extension: (No Name) - C:\Users\Moyete\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcbhdhpamoencpdogjnmnbjddipfkpad [2018-11-05] => Error: No automatic fix found for this entry.
HKLM\System\CurrentControlSet\Services\avast => removed successfully.
avast => service removed successfully.
HKLM\System\CurrentControlSet\Services\avastm => removed successfully.
avastm => service removed successfully.
C:\Program Files\Common Files\avast software => moved successfully
"C:\Program Files\AVAST Software" => not found
C:\ProgramData\AVAST Software => moved successfully
C:\Users\Moyete\AppData\Local\AVAST Software => moved successfully
C:\Users\Moyete\AppData\Local\ESET => moved successfully
C:\KVRT_Data => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}\\SystemComponent" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{30CD0020-5674-48EE-8D70-6F3716E8B9ED}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{30CD0020-5674-48EE-8D70-6F3716E8B9ED}" => removed successfully.
C:\Windows\System32\Tasks\AvastUpdateTaskMachineCore => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AvastUpdateTaskMachineCore" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{636C883C-1F19-4A9F-847A-BFE16C3990EE}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{636C883C-1F19-4A9F-847A-BFE16C3990EE}" => removed successfully.
C:\Windows\System32\Tasks\AvastUpdateTaskMachineUA => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AvastUpdateTaskMachineUA" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{F0C3AC62-6713-4D25-83BE-10933F43E46D}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F0C3AC62-6713-4D25-83BE-10933F43E46D}" => removed successfully.
C:\Windows\System32\Tasks\AVAST Software\Avast settings backup => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Avast settings backup" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{F3122ED4-DBEF-40E4-8B50-A9D3B48958B5}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3122ED4-DBEF-40E4-8B50-A9D3B48958B5}" => removed successfully.
C:\Windows\System32\Tasks\Avast Software\Overseer => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software\Overseer" => removed successfully.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\avast => removed successfully.
HKLM\System\CurrentControlSet\Services\avast => not found
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\avastm => removed successfully.
HKLM\System\CurrentControlSet\Services\avastm => not found
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AvastBrowserAutoLaunch_51DE317F4156A4F62EAF8D68C5C6B832 => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7D6983A7-C041-448C-A067-F81F57C38724}" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{88F4693B-5825-4125-9F7C-8CF5DA5AB5BC}" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BB65DC7D-83D3-48DA-B419-E9389715EA1A}" => removed successfully.
C:\b4335e464b9a53356f5b774dca => moved successfully
C:\50ec2f89873eba945e => moved successfully

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully.
"HKU\S-1-5-21-2713976509-1318226811-4177288055-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully.
"HKU\S-1-5-21-2713976509-1318226811-4177288055-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully.


========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12481810 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 7757 B
Edge => 0 B
Chrome => 10131292 B
Firefox => 50722162 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
LocalService => 0 B
NetworkService => 0 B
Moyete => 394317 B

RecycleBin => 0 B
EmptyTemp: => 70.3 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 17:29:49 ====

Gracias, Saludos


#19

Hola @CxW7Gab

Para eliminar las herramientas utilizadas:

Descargas >> Delfix, a tu escritorio.

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7 /8 /10,presiona clic derecho y selecciona >> “Ejecutar como Administrador”)
  • Marca las casilla Remove disinfection tools y Purgue Sistem Restore
  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

Nos comentas si todo esta en orden para dar por Solucionado el tema.

Salu2.