Imposible eliminar el Win32:KillAV-MZ [Trj]

Bueno nunca me infecto y desde esta tarde me salen avisos de AVG donde elimina ese virus pero resulta que al parecer esta infectando otros archivos van 240 amenazas , adjunto dejo algunas capturas de lo que infecta. Pase el Malwarebytes y no detecta nada, hice el analisis con el AVG y no detecta nada revise los procesos en ejecución y no veo nada extraño, la pc funciona normal (aunque aveces se pone lente mas no se congela) hice una limpieza de registro, papelera etc después de los escaneos reinicie y sigue saliendo la alerta del AVG, revise los navegadores y ningun tiene comportamientos extraños no hay extensiones instaladas mas alla de las que uso como po up block y adguard, no he instalado recien ningun programa lo unico que estoy descargando a diario son unos archivos excel y pdf muy livianos de mis clases de ingles.

Imgur

Imgur

Imgur

Imgur

Hola @augusto87

Esto es rarito. El mismo AVG lo detecta pero nop. :thinking:

Reconoces ese archivo que te detecta AVG que parece relacionado al Euro Truck Simulator 2

Realiza lo siguiente:

1.- Desactiva temporalmente tu antivirus y cualquier programa de seguridad.

2.- Descarga Farbar Recovery Scan Tool. en el escritorio, seleccionando la versión adecuada para la arquitectura (32 o 64bits) de su equipo. [size=1] >> Como saber si mi Windows es de 32 o 64 bits.?[/size]

  • Ejecuta FRST.exe.
  • En el mensaje de la ventana del Disclaimer, pulsamos Yes
  • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
  • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

Guía: Como Ejecutar FRST

3.- En tu próxima respuesta, pega los reportes generados.

Guía : ¿Como Pegar reportes en el Foro?

Esperamos esos reporte.

Salu2

Hola gracias por responder, si se cual es ese archivo pero todos no vienen de esa carpeta solo que no puedo pegar otras capturas porq serían muchas.

Me voy a tardar un poco en pegarte el reporte que me pides ya que desde anoche volví a analizar con Malwarebytes pero esta vez seleccionando análisis personalizado y ya van 10 horas de escaneos se tarda tanto así? Verifique que no estuviera congelado y ya van 4 detecciones 3 de ellas con el nombre de ese virus.

Cuando termine te pego el reporte del FRST

Hola @augusto87

Si es normal que Malwarebytes demore ya que depende del tamaño de tu disco y la cantidad de información que tengas en el.

Cuando termine elimina todo lo detectado, reinicias nos traes el reporte que te genere, y luego sigues con los pasos de FRST.

Salu2

Hello good morning

Las detecciones 2,3 y 4 fueron encontradas en la carpeta de un juego free tengo años jugando y nunca tuve problemas de virus es decir no tiene nada que ver con descargas piratas de parches, Auyantepuy y Roraima son los nicks.

Reporte Malwarebytes

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 1/9/19
Hora del análisis: 22:37
Archivo de registro: a335b700-cd2a-11e9-83f1-8c89a5e82693.json

-Información del software-
Versión: 3.6.1.2711
Versión de los componentes: 1.0.519
Versión del paquete de actualización: 1.0.12283
Licencia: Gratis

-Información del sistema-
SO: Windows 10 (Build 17763.678)
CPU: x64
Sistema de archivos: NTFS
Usuario: LOPEZITO\Augusto Andre

-Resumen del análisis-
Tipo de análisis: Análisis personalizado
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 585448
Amenazas detectadas: 5
Amenazas en cuarentena: 0
Tiempo transcurrido: 25 hr, 2 min, 10 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Activado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 5
Trojan.KillAV, C:\$RECYCLE.BIN\S-1-5-21-1124901766-671737835-1974679833-1001\$RH1JI0S.TMP, Sin acciones por parte del usuario, [4283], [273887],1.0.12283
Trojan.KillAV, C:\USERS\AUGUSTO ANDRE\DOCUMENTS\CHRONICLES OF ARCADIA\AUYANTEPUY\AUYANTEPUY.BAT, Sin acciones por parte del usuario, [4283], [273887],1.0.12283
Trojan.KillAV, C:\USERS\AUGUSTO ANDRE\DOCUMENTS\CHRONICLES OF ARCADIA\RORAIMA\RORAIMA.EXE, Sin acciones por parte del usuario, [4283], [273887],1.0.12283
Trojan.KillAV, C:\USERS\AUGUSTO ANDRE\DOCUMENTS\CHRONICLES OF ARCADIA\OF ARCADIA.BAT, Sin acciones por parte del usuario, [4283], [273887],1.0.12283
CrackTool.Agent, E:\PROGRAMAS\WC 365 PRO 5.2.8 BUILD 527 - YTD\WC 365 PRO 5.2.8 BUILD 527 - YTD\WCPA\ACTIVATOR.EXE, Sin acciones por parte del usuario, [6049], [599010],1.0.12283

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

Reporte AdwCleaner


# -------------------------------
# Malwarebytes AdwCleaner 7.4.0.0
# -------------------------------
# Build:    07-23-2019
# Database: 2019-08-27.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    09-01-2019
# Duration: 00:00:05
# OS:       Windows 10 Pro
# Cleaned:  2
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit
Deleted       HKLM\Software\Wow6432Node\\Microsoft\MediaPlayer\ShimInclusionList\browser.exe

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1500 octets] - [01/09/2019 22:27:57]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Reporte FRST

Reporte **FRST**


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2019
Ran by Augusto Andre (administrator) on LOPEZITO (MSI MS-7808) (03-09-2019 06:46:22)
Running from C:\Users\Augusto Andre\Desktop
Loaded Profiles: Augusto Andre (Available Profiles: defaultuser0 & Augusto Andre)
Platform: Windows 10 Pro Version 1809 17763.678 (X64) Language: Español (España, internacional)
Default browser: "C:\Users\Augusto Andre\AppData\Local\Vivaldi\Application\vivaldi.exe" -- "%1"
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [316336 2019-09-01] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-1124901766-671737835-1974679833-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKLM\...\Drivers32: [VIDC.FMVC] => C:\Windows\SysWOW64\fmcodec.dll [77824 2008-08-18] (Fox Magic Software) [File not signed]
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction ? <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04CEDDE3-CA6B-4FE4-AEC7-3E0F431548EB} - no filepath
Task: {17C601FE-0FF0-44B3-8040-1AC1A97F4022} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {2EF66C10-6F80-4544-A3BA-71E5433881E0} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
Task: {38E83A6C-5213-4ADA-BC8F-E6F1CF7C3B3F} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-4SU9POI-Augusto Andre => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {4FD51501-2E22-4FAA-888D-F0E2A6831809} - no filepath
Task: {7A85FC77-B882-4190-8A97-71A0F8F6B9D6} - no filepath
Task: {8D864507-BD9D-4BD8-B482-D44C6BE8AC23} - no filepath
Task: {B4EC0B50-AC2F-4D0C-86C9-ED21058FCBEB} - System32\Tasks\Apagado => C:\Windows\System32\shutdown.exe [26624 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
Task: {D777C0F1-643E-443D-8507-09C36259E96C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-11-21] (Google Inc -> Google Inc.)
Task: {D8B1F030-C68D-4F5E-AFA9-1BFE5A69E048} - no filepath
Task: {F0EE770A-132D-4AB1-973A-A72C9FB23BAF} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [3990448 2019-09-01] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
Task: {FF0FB2B6-158E-4710-BF5F-1E8411CB3E69} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2077616 2019-08-19] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 200.44.32.12 200.109.78.12
Tcpip\..\Interfaces\{74684534-3d2e-4600-a1ac-c06459e192f1}: [NameServer] 1.1.1.1,1.0.0.1
Tcpip\..\Interfaces\{74684534-3d2e-4600-a1ac-c06459e192f1}: [DhcpNameServer] 200.44.32.12 200.109.78.12

Internet Explorer:
==================
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2017-06-23] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2017-06-23] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)

FireFox:
========
FF DefaultProfile: plt082wc.default
FF ProfilePath: C:\Users\Augusto Andre\AppData\Roaming\Mozilla\Firefox\Profiles\plt082wc.default [2019-09-01]
FF HKU\S-1-5-21-1124901766-671737835-1974679833-1001\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi
FF Extension: (IDM Integration Module) - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi [2017-06-23] [UpdateUrl:hxxps://data.internetdownloadmanager.com/idmmzcc3/update.json]
FF HKU\S-1-5-21-1124901766-671737835-1974679833-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\Augusto Andre\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Augusto Andre\AppData\Roaming\IDM\idmmzcc5 [2019-05-23] [Legacy] [not signed]
FF HKU\S-1-5-21-1124901766-671737835-1974679833-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-01-26] [Legacy]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-06-22] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-14] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-14] (Google Inc -> Google LLC)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-06-22] (Adobe Systems Incorporated -> Adobe Systems)

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-06-23]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-06-23]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
S3 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2018-06-22] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
S3 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [405120 2019-09-01] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
S3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [6023528 2019-09-01] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R2 AvgWscReporter; C:\Program Files\AVG\Antivirus\wsc_proxy.exe [110048 2019-09-01] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7252656 2018-08-31] (BattlEye Innovations e.K. -> )
S3 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel(R) pGFX -> Intel Corporation)
S3 KSDE3.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe [617016 2018-02-28] (Kaspersky Lab -> AO Kaspersky Lab)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
S3 MEmuSVC; C:\Program Files (x86)\Microvirt\MEmu\MemuService.exe [85296 2019-06-01] (Shanghai Microvirt Software Technology Co., Ltd. -> )
S3 mracsvc; C:\WINDOWS\System32\mracsvc.exe [17442456 2019-06-24] (Mail.Ru LLC -> LLC Mail.Ru)
S3 NitroDriverReadSpool11; C:\Program Files\Nitro\Pro 11\NitroPDFDriverService11x64.exe [327368 2016-12-08] (Nitro Software, Inc. -> Nitro Software, Inc.)
S3 NitroUpdateService; C:\Program Files\Nitro\Pro 11\Nitro_UpdateService.exe [419016 2016-12-08] (Nitro Software, Inc. -> )
S3 nlsX86cc; C:\WINDOWS\SysWOW64\NLSSRV32.EXE [71880 2016-12-08] (Nitro Software, Inc. -> Nalpeiron Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5356848 2019-08-14] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
S3 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11446104 2019-04-24] (TeamViewer GmbH -> TeamViewer GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\NisSrv.exe [2433136 2019-06-22] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MsMpEng.exe [109896 2019-06-22] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [658600 2017-07-06] (Lespeed Technology Ltd. -> WiseCleaner.com)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2017-11-16] (AnchorFree Inc -> The OpenVPN Project)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R0 avgArDisk; C:\WINDOWS\System32\drivers\avgArDisk.sys [37368 2019-09-01] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [209816 2019-09-01] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdriver.sys [263784 2019-09-01] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsh.sys [206624 2019-09-01] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniv.sys [61736 2019-09-01] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgElam; C:\WINDOWS\System32\drivers\avgElam.sys [15280 2019-06-22] (Microsoft Windows Early Launch Anti-malware Publisher -> AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\WINDOWS\System32\drivers\avgKbd.sys [42552 2019-09-01] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [169672 2019-09-01] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [112576 2019-09-01] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [88200 2019-09-01] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [1031048 2019-09-01] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [478144 2019-09-01] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
S2 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [236288 2019-09-01] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [387440 2019-09-01] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2009-02-10] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
R3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [48080 2018-02-12] (AnchorFree Inc -> The OpenVPN Project)
S0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [261032 2019-09-01] (Malwarebytes Corporation -> Malwarebytes)
S3 mracdrv; C:\WINDOWS\System32\drivers\mracdrv.sys [16678400 2019-06-24] (Mail.Ru LLC -> LLC Mail.Ru)
R3 netr28x; C:\WINDOWS\System32\drivers\netr28x.sys [2537984 2018-09-15] (Microsoft Windows -> MediaTek Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [711968 2019-06-04] (Realtek Semiconductor Corp. -> Realtek )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [47496 2019-06-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [337632 2019-06-22] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [53984 2019-06-22] (Microsoft Windows -> Microsoft Corporation)
S3 WiseHDInfo; C:\Windows\WiseHDInfo64.dll [33864 2018-02-17] (Beijing Lang Xingda Network Technology Co., Ltd -> wisecleaner.com)
S3 WiseRegNotify; C:\WINDOWS\WiseRegNotify.sys [51272 2018-04-23] (Beijing Lang Xingda Network Technology Co., Ltd -> WiseCleaner.com)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-03 06:46 - 2019-09-03 06:48 - 000014775 _____ C:\Users\Augusto Andre\Desktop\FRST.txt
2019-09-03 06:46 - 2019-09-03 06:46 - 000000000 ____D C:\FRST
2019-09-03 06:44 - 2019-09-03 06:44 - 001615360 _____ (Farbar) C:\Users\Augusto Andre\Desktop\FRST64.exe
2019-09-03 06:27 - 2019-09-03 06:27 - 000002314 _____ C:\Users\Augusto Andre\Desktop\resultados malware.txt
2019-09-01 22:36 - 2019-09-01 22:36 - 000261032 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-09-01 22:24 - 2019-09-01 22:28 - 000000000 ____D C:\AdwCleaner
2019-09-01 21:38 - 2019-09-01 21:40 - 005065376 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-09-01 15:06 - 2019-09-01 15:06 - 000363952 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
2019-09-01 15:06 - 2019-09-01 15:06 - 000236288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStm.sys
2019-09-01 15:06 - 2019-09-01 15:06 - 000169672 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
2019-08-31 16:45 - 2019-09-01 13:01 - 000000000 ____D C:\Users\Augusto Andre\Desktop\100CANON
2019-08-28 16:34 - 2019-08-28 16:36 - 000000000 ____D C:\Users\Augusto Andre\Desktop\Clases de Frances
2019-08-28 15:41 - 2019-08-28 15:41 - 000004096 ____H C:\Users\Augusto Andre\AppData\Local\keyfile3.drm
2019-08-24 21:41 - 2019-08-24 21:41 - 000000862 _____ C:\Users\Augusto Andre\Desktop\Clases de Ingles con Pacho - Acceso directo.lnk
2019-08-15 19:57 - 2019-08-15 20:06 - 000622832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp140_clr0400.dll
2019-08-15 19:57 - 2019-08-15 20:06 - 000433448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp140_clr0400.dll
2019-08-15 19:57 - 2019-08-15 20:06 - 000087296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vcruntime140_clr0400.dll
2019-08-15 19:57 - 2019-08-15 20:06 - 000083768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vcruntime140_clr0400.dll
2019-08-15 19:57 - 2019-08-15 20:05 - 000029232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2019-08-15 19:57 - 2019-08-15 20:05 - 000017968 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr100_clr0400.dll
2019-08-15 19:56 - 2019-08-15 20:06 - 000772176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_clr0400.dll
2019-08-15 19:56 - 2019-08-15 20:06 - 000702400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase_clr0400.dll
2019-08-15 19:56 - 2019-08-15 20:05 - 000032816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2019-08-15 19:56 - 2019-08-15 20:05 - 000017968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr100_clr0400.dll
2019-08-14 21:17 - 2019-08-14 21:17 - 011724288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2019-08-14 21:17 - 2019-08-14 21:17 - 009941504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2019-08-14 21:17 - 2019-08-14 21:17 - 002323688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2019-08-14 21:17 - 2019-08-14 21:17 - 000632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2019-08-14 21:17 - 2019-08-14 21:17 - 000501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 026808320 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 023453696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 020816896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 019011584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 012939776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 012244992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 008900608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 007921664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 007871488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 006544552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 006308016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 006065152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 005587968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 004628992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 004344832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 003656704 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 003614720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tellib.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 002942976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 002765312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 002469440 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 002346496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 002298880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 002278792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 002177336 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 002096128 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2019-08-14 21:16 - 2019-08-14 21:16 - 002017792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2019-08-14 21:16 - 2019-08-14 21:16 - 001506304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 001485312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 001477432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 001465984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 001290752 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 001278808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Taskmgr.exe
2019-08-14 21:16 - 2019-08-14 21:16 - 001224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 001222160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 001221528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2019-08-14 21:16 - 2019-08-14 21:16 - 000993792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2019-08-14 21:16 - 2019-08-14 21:16 - 000840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 000806024 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioIso.exe
2019-08-14 21:16 - 2019-08-14 21:16 - 000791040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 000763392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprddm.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 000690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 000684032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 000658944 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 000525824 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2019-08-14 21:16 - 2019-08-14 21:16 - 000522104 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2019-08-14 21:16 - 2019-08-14 21:16 - 000495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 000487424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 000440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2PGraph.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 000428032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 000398848 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 000360960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2PGraph.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 000356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2019-08-14 21:16 - 2019-08-14 21:16 - 000345600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 000317240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssecflt.sys
2019-08-14 21:16 - 2019-08-14 21:16 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 000297984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Diagnostics.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 000284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 000264704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Lights.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 000242176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ssdpsrv.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2019-08-14 21:16 - 2019-08-14 21:16 - 000219136 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2P.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2019-08-14 21:16 - 2019-08-14 21:16 - 000205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2pnetsh.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 000183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\fsutil.exe
2019-08-14 21:16 - 2019-08-14 21:16 - 000180736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2019-08-14 21:16 - 2019-08-14 21:16 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\p2pnetsh.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2P.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 000173216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xmllite.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 000167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys
2019-08-14 21:16 - 2019-08-14 21:16 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 000148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fsutil.exe
2019-08-14 21:16 - 2019-08-14 21:16 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 000114128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 000092832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys
2019-08-14 21:16 - 2019-08-14 21:16 - 000089600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvsetup.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Groupinghc.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 000058882 _____ C:\WINDOWS\system32\srms.dat
2019-08-14 21:16 - 2019-08-14 21:16 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2019-08-14 21:16 - 2019-08-14 21:16 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shunimpl.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 022114960 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 009682744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-08-14 21:15 - 2019-08-14 21:15 - 007884288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 007645392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 006925312 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 006441472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 005764608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 005570968 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 005086208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 004737536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 004588544 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-08-14 21:15 - 2019-08-14 21:15 - 004351656 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2019-08-14 21:15 - 2019-08-14 21:15 - 004056576 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 003978240 _____ (Microsoft Corporation) C:\WINDOWS\system32\bootux.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 003818632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2019-08-14 21:15 - 2019-08-14 21:15 - 003635200 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-08-14 21:15 - 2019-08-14 21:15 - 003385856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 003363856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-08-14 21:15 - 2019-08-14 21:15 - 003333632 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 002926096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-08-14 21:15 - 2019-08-14 21:15 - 002842112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 002778760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 002700792 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 002438576 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 002421760 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-08-14 21:15 - 2019-08-14 21:15 - 002189312 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 002073232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 001966904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-08-14 21:15 - 2019-08-14 21:15 - 001733120 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShell.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 001715712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 001711104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 001701888 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 001701880 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-08-14 21:15 - 2019-08-14 21:15 - 001668752 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 001641400 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 001483872 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 001479184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 001472568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-08-14 21:15 - 2019-08-14 21:15 - 001466880 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 001391096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Taskmgr.exe
2019-08-14 21:15 - 2019-08-14 21:15 - 001344960 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-08-14 21:15 - 2019-08-14 21:15 - 001321784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 001280000 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 001267712 _____ (Microsoft Corporation) C:\WINDOWS\system32\APMon.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 001257472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 001182240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-08-14 21:15 - 2019-08-14 21:15 - 001180464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 001171968 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 001160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 001098272 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2019-08-14 21:15 - 2019-08-14 21:15 - 001057792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2019-08-14 21:15 - 2019-08-14 21:15 - 001054712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-08-14 21:15 - 2019-08-14 21:15 - 001038336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 000927232 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 000888832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 000864568 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2019-08-14 21:15 - 2019-08-14 21:15 - 000833024 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 000816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys
2019-08-14 21:15 - 2019-08-14 21:15 - 000791040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 000783184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 000771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 000730112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FlightSettings.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 000678680 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2019-08-14 21:15 - 2019-08-14 21:15 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 000586256 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 000553784 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 000535056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2019-08-14 21:15 - 2019-08-14 21:15 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShellCommonCommonProxyStub.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 000523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 000519168 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 000515440 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2019-08-14 21:15 - 2019-08-14 21:15 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2019-08-14 21:15 - 2019-08-14 21:15 - 000398928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 000383504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2019-08-14 21:15 - 2019-08-14 21:15 - 000378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Lights.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 000371200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Diagnostics.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 000363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingDiagSpp.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingDiagSpp.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.SystemManagement.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 000317952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ComposableShellProxyStub.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 000270848 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2019-08-14 21:15 - 2019-08-14 21:15 - 000262336 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 000253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShellCommonCommonProxyStub.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 000241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 000241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManager.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2019-08-14 21:15 - 2019-08-14 21:15 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.SystemManagement.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 000201528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2019-08-14 21:15 - 2019-08-14 21:15 - 000200504 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SIUF.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 000193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Win32CompatibilityAppraiserCSP.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\appsruprov.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe
2019-08-14 21:15 - 2019-08-14 21:15 - 000152576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ComposableShellProxyStub.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 000152576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSoftwareInstallationClient.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 000152080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 000125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 000121656 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 000116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2019-08-14 21:15 - 2019-08-14 21:15 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShellExtFramework.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 000071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Profile.PlatformDiagnosticsAndUsageDataSettings.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2019-08-14 21:15 - 2019-08-14 21:15 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 000053760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Profile.PlatformDiagnosticsAndUsageDataSettings.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 000027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdcpw.dll
2019-08-14 21:15 - 2019-08-14 21:15 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\shunimpl.dll
2019-08-14 21:14 - 2019-08-14 21:14 - 007687784 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-08-14 21:14 - 2019-08-14 21:14 - 003567104 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2019-08-14 21:14 - 2019-08-14 21:14 - 003335224 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-08-14 21:14 - 2019-08-14 21:14 - 002999808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-08-14 21:14 - 2019-08-14 21:14 - 002767160 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2019-08-14 21:14 - 2019-08-14 21:14 - 002593544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-08-14 21:14 - 2019-08-14 21:14 - 001892864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2019-08-14 21:14 - 2019-08-14 21:14 - 001715000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2019-08-14 21:14 - 2019-08-14 21:14 - 001674752 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-08-14 21:14 - 2019-08-14 21:14 - 001260560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2019-08-14 21:14 - 2019-08-14 21:14 - 001205248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-08-14 21:14 - 2019-08-14 21:14 - 001020416 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-08-14 21:14 - 2019-08-14 21:14 - 001004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2019-08-14 21:14 - 2019-08-14 21:14 - 000980992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-08-14 21:14 - 2019-08-14 21:14 - 000900096 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2019-08-14 21:14 - 2019-08-14 21:14 - 000895792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-08-14 21:14 - 2019-08-14 21:14 - 000869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2019-08-14 21:14 - 2019-08-14 21:14 - 000850976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-08-14 21:14 - 2019-08-14 21:14 - 000831288 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2019-08-14 21:14 - 2019-08-14 21:14 - 000799784 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2019-08-14 21:14 - 2019-08-14 21:14 - 000794040 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-08-14 21:14 - 2019-08-14 21:14 - 000764416 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-08-14 21:14 - 2019-08-14 21:14 - 000758688 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-08-14 21:14 - 2019-08-14 21:14 - 000743224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2019-08-14 21:14 - 2019-08-14 21:14 - 000732168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-08-14 21:14 - 2019-08-14 21:14 - 000680184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-08-14 21:14 - 2019-08-14 21:14 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2019-08-14 21:14 - 2019-08-14 21:14 - 000649528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2019-08-14 21:14 - 2019-08-14 21:14 - 000603280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-08-14 21:14 - 2019-08-14 21:14 - 000580024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2019-08-14 21:14 - 2019-08-14 21:14 - 000574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-08-14 21:14 - 2019-08-14 21:14 - 000508968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2019-08-14 21:14 - 2019-08-14 21:14 - 000482104 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2019-08-14 21:14 - 2019-08-14 21:14 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2019-08-14 21:14 - 2019-08-14 21:14 - 000449576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2019-08-14 21:14 - 2019-08-14 21:14 - 000444728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2019-08-14 21:14 - 2019-08-14 21:14 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-08-14 21:14 - 2019-08-14 21:14 - 000396088 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2019-08-14 21:14 - 2019-08-14 21:14 - 000387832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2019-08-14 21:14 - 2019-08-14 21:14 - 000375752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2019-08-14 21:14 - 2019-08-14 21:14 - 000349696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2019-08-14 21:14 - 2019-08-14 21:14 - 000346624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2019-08-14 21:14 - 2019-08-14 21:14 - 000305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2019-08-14 21:14 - 2019-08-14 21:14 - 000294512 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2019-08-14 21:14 - 2019-08-14 21:14 - 000281600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2019-08-14 21:14 - 2019-08-14 21:14 - 000278624 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2019-08-14 21:14 - 2019-08-14 21:14 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicCapsule.dll
2019-08-14 21:14 - 2019-08-14 21:14 - 000253256 _____ (Microsoft Corporation) C:\WINDOWS\system32\logoncli.dll
2019-08-14 21:14 - 2019-08-14 21:14 - 000230848 _____ (Microsoft Corporation) C:\WINDOWS\system32\xmllite.dll
2019-08-14 21:14 - 2019-08-14 21:14 - 000212792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2019-08-14 21:14 - 2019-08-14 21:14 - 000203064 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2019-08-14 21:14 - 2019-08-14 21:14 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2019-08-14 21:14 - 2019-08-14 21:14 - 000193040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2019-08-14 21:14 - 2019-08-14 21:14 - 000189712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\logoncli.dll
2019-08-14 21:14 - 2019-08-14 21:14 - 000180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2019-08-14 21:14 - 2019-08-14 21:14 - 000152408 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll
2019-08-14 21:14 - 2019-08-14 21:14 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2019-08-14 21:14 - 2019-08-14 21:14 - 000141736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-08-14 21:14 - 2019-08-14 21:14 - 000120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2019-08-14 21:14 - 2019-08-14 21:14 - 000118480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-08-14 21:14 - 2019-08-14 21:14 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2019-08-14 21:14 - 2019-08-14 21:14 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvsetup.dll
2019-08-14 21:14 - 2019-08-14 21:14 - 000104248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
2019-08-14 21:14 - 2019-08-14 21:14 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\DiskSnapshot.exe
2019-08-14 21:14 - 2019-08-14 21:14 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2019-08-14 21:14 - 2019-08-14 21:14 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2019-08-14 21:14 - 2019-08-14 21:14 - 000047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsUpdateElevatedInstaller.exe
2019-08-14 21:14 - 2019-08-14 21:14 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-08-14 21:14 - 2019-08-14 21:14 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-08-14 21:14 - 2019-08-14 21:14 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2019-08-14 21:14 - 2019-08-14 21:14 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2019-08-14 21:14 - 2019-08-14 21:14 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2019-08-14 21:14 - 2019-08-14 21:14 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2019-08-14 21:14 - 2019-08-14 21:14 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2019-08-14 21:14 - 2019-08-14 21:14 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2019-08-14 21:14 - 2019-08-14 21:14 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2019-08-14 21:14 - 2019-08-14 21:14 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2019-08-14 21:13 - 2019-08-14 21:13 - 002706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-08-14 21:13 - 2019-08-14 21:13 - 002031104 _____ C:\WINDOWS\system32\rdpnano.dll
2019-08-14 21:13 - 2019-08-14 21:13 - 002022096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-08-14 21:13 - 2019-08-14 21:13 - 001662264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2019-08-14 21:13 - 2019-08-14 21:13 - 001294488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2019-08-14 21:13 - 2019-08-14 21:13 - 001253688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-08-14 21:13 - 2019-08-14 21:13 - 001232384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2019-08-14 21:13 - 2019-08-14 21:13 - 001048376 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-08-14 21:13 - 2019-08-14 21:13 - 000853504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2019-08-14 21:13 - 2019-08-14 21:13 - 000788480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-08-14 21:13 - 2019-08-14 21:13 - 000652088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-08-14 21:13 - 2019-08-14 21:13 - 000310072 _____ (Microsoft Corporation) C:\WINDOWS\system32\computestorage.dll
2019-08-14 21:13 - 2019-08-14 21:13 - 000248120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2019-08-14 21:13 - 2019-08-14 21:13 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2019-08-14 21:13 - 2019-08-14 21:13 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scmbus.sys
2019-08-14 21:13 - 2019-08-14 21:13 - 000125016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll
2019-08-14 21:13 - 2019-08-14 21:13 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pmem.sys
2019-08-14 21:13 - 2019-08-14 21:13 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2019-08-14 21:13 - 2019-08-14 21:13 - 000087056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhvr.sys
2019-08-14 21:13 - 2019-08-14 21:13 - 000032784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhv.sys
2019-08-14 21:13 - 2019-08-14 21:13 - 000032568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\uefi.sys
2019-08-08 20:36 - 2019-08-24 16:19 - 000000000 ____D C:\Users\Augusto Andre\Desktop\CARNET FRONTERIZO
2019-08-07 22:22 - 2019-08-11 17:02 - 000001462 _____ C:\Users\Augusto Andre\Desktop\APAGAR.lnk

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-03 06:45 - 2017-07-28 17:26 - 000000000 ____D C:\Users\Augusto Andre\AppData\Roaming\DMCache
2019-09-03 06:33 - 2018-09-15 03:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-09-03 06:32 - 2019-02-16 15:53 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-09-03 06:31 - 2019-02-16 15:04 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-09-03 00:07 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-09-02 23:41 - 2017-09-16 13:39 - 000000000 ____D C:\Users\Augusto Andre\Documents\Chronicles of Arcadia
2019-09-02 23:36 - 2017-10-26 20:52 - 000000000 ____D C:\Users\Augusto Andre\Documents\Adobe Scripts
2019-09-02 23:23 - 2017-07-28 17:47 - 000000000 ____D C:\Users\Augusto Andre\Documents\Adobe
2019-09-02 18:13 - 2019-05-03 23:17 - 000000000 ____D C:\Users\Augusto Andre\Documents\Wondershare Filmora 9
2019-09-02 17:54 - 2017-07-28 18:27 - 000000000 ___HD C:\Users\Augusto Andre\Documents\Runes of Magic
2019-09-02 17:50 - 2018-03-25 12:22 - 000000000 ____D C:\Users\Augusto Andre\Documents\Proyectos de Visual FoxPro
2019-09-02 17:38 - 2019-03-30 17:20 - 000000000 ____D C:\Users\Augusto Andre\Documents\OFX Presets
2019-09-02 17:33 - 2019-01-21 16:52 - 000000000 ____D C:\Users\Augusto Andre\Documents\My ISO Files
2019-09-02 17:28 - 2019-06-13 13:27 - 000000000 ____D C:\Users\Augusto Andre\Documents\Multiboot Cache
2019-09-02 17:23 - 2018-11-04 00:16 - 000000000 ____D C:\Users\Augusto Andre\Documents\Grabaciones de sonido
2019-09-02 17:03 - 2019-07-01 14:23 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2019-09-02 17:03 - 2019-06-22 21:02 - 000003044 _____ C:\WINDOWS\System32\Tasks\Antivirus Emergency Update
2019-09-02 17:03 - 2019-02-16 16:07 - 000002858 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1124901766-671737835-1974679833-1001
2019-09-02 17:03 - 2019-02-16 15:53 - 000003548 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-09-02 17:03 - 2019-02-16 15:53 - 000002788 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-4SU9POI-Augusto Andre
2019-09-02 17:03 - 2019-02-16 15:53 - 000002764 _____ C:\WINDOWS\System32\Tasks\[email protected]
2019-09-02 17:03 - 2019-02-16 15:53 - 000002268 _____ C:\WINDOWS\System32\Tasks\Apagado
2019-09-02 10:40 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-09-01 22:49 - 2018-01-31 19:13 - 000000000 ____D C:\Users\Augusto Andre\Desktop\Notas
2019-09-01 22:29 - 2018-09-15 02:09 - 000262144 _____ C:\WINDOWS\system32\config\BBI
2019-09-01 22:20 - 2017-07-28 17:26 - 000000000 ____D C:\Users\Augusto Andre\AppData\Roaming\IDM
2019-09-01 21:36 - 2019-02-16 15:13 - 000000000 ____D C:\Users\Augusto Andre
2019-09-01 21:36 - 2017-07-28 19:46 - 000000000 ____D C:\Users\Augusto Andre\AppData\Roaming\Wise Care 365
2019-09-01 21:34 - 2019-07-19 14:13 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-09-01 21:28 - 2018-07-07 09:23 - 000000000 ____D C:\Users\Augusto Andre\AppData\Roaming\MPC-HC
2019-09-01 21:28 - 2018-03-10 23:15 - 000000000 ____D C:\Users\Augusto Andre\AppData\Roaming\BitTorrent
2019-09-01 21:28 - 2017-11-18 13:34 - 000000000 ____D C:\Users\Augusto Andre\AppData\Roaming\TeamViewer
2019-09-01 21:27 - 2019-06-29 18:48 - 000000000 ____D C:\Users\Augusto Andre\AppData\Local\CrashDumps
2019-09-01 21:27 - 2018-09-15 03:31 - 000000000 ____D C:\WINDOWS\INF
2019-09-01 15:07 - 2019-06-22 21:02 - 000478144 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
2019-09-01 15:06 - 2019-06-22 21:02 - 001031048 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
2019-09-01 15:06 - 2019-06-22 21:02 - 000387440 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
2019-09-01 15:06 - 2019-06-22 21:02 - 000209816 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys
2019-09-01 15:06 - 2019-06-22 21:02 - 000112576 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys
2019-09-01 15:06 - 2019-06-22 21:02 - 000088200 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
2019-09-01 15:06 - 2019-06-22 21:02 - 000042552 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgKbd.sys
2019-09-01 15:06 - 2019-06-22 21:02 - 000037368 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArDisk.sys
2019-09-01 15:06 - 2018-09-15 03:33 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-09-01 15:05 - 2019-06-22 21:02 - 000263784 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdriver.sys
2019-09-01 15:05 - 2019-06-22 21:02 - 000206624 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsh.sys
2019-09-01 15:05 - 2019-06-22 21:02 - 000061736 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniv.sys
2019-08-31 19:28 - 2018-09-15 03:33 - 000000000 ___HD C:\Program Files\WindowsApps
2019-08-31 19:12 - 2019-05-03 23:17 - 000000000 ____D C:\ProgramData\Wondershare Filmora
2019-08-31 00:47 - 2019-02-17 14:18 - 000001244 _____ C:\Users\Augusto Andre\Desktop\multimedia.txt
2019-08-28 12:44 - 2018-05-22 22:18 - 000000000 ____D C:\Users\Augusto Andre\AppData\LocalLow\Mozilla
2019-08-25 22:23 - 2019-04-19 01:00 - 000000000 ____D C:\Users\Augusto Andre\AppData\Roaming\CC
2019-08-25 22:21 - 2019-04-19 00:51 - 000000000 ____D C:\Creative Destruction
2019-08-24 16:17 - 2019-06-16 15:08 - 000000000 ____D C:\Users\Augusto Andre\Downloads\Series
2019-08-24 16:17 - 2017-07-28 17:26 - 000000000 ____D C:\Users\Augusto Andre\Downloads\Compressed
2019-08-24 16:16 - 2017-07-28 17:26 - 000000000 ____D C:\Users\Augusto Andre\Downloads\Video
2019-08-23 23:50 - 2017-07-28 10:29 - 000000000 ____D C:\Users\Augusto Andre\AppData\Local\ElevatedDiagnostics
2019-08-19 14:24 - 2018-09-15 03:23 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-08-17 17:49 - 2019-02-16 15:29 - 001773362 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-08-17 17:49 - 2018-09-15 12:37 - 000788392 _____ C:\WINDOWS\system32\perfh00A.dat
2019-08-17 17:49 - 2018-09-15 12:37 - 000155682 _____ C:\WINDOWS\system32\perfc00A.dat
2019-08-17 17:47 - 2017-12-07 08:58 - 000000000 ___RD C:\Users\Augusto Andre\3D Objects
2019-08-17 17:47 - 2017-07-28 03:37 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-08-17 17:38 - 2018-09-15 12:40 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2019-08-17 17:38 - 2018-09-15 03:33 - 000000000 ___SD C:\WINDOWS\system32\UNP
2019-08-17 17:38 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2019-08-17 17:38 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-08-17 17:38 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\Provisioning
2019-08-17 17:38 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2019-08-17 17:38 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-08-14 21:25 - 2017-07-28 11:12 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-08-14 21:22 - 2017-07-28 11:12 - 134272480 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-08-11 17:02 - 2019-08-01 21:48 - 000001100 _____ C:\Users\Augusto Andre\Desktop\TeamViewer 13.lnk
2019-08-11 17:02 - 2018-09-02 17:11 - 000001037 _____ C:\Users\Augusto Andre\Desktop\Firefox.lnk
2019-08-11 17:02 - 2018-02-15 22:26 - 000002117 _____ C:\Users\Augusto Andre\Desktop\Volumen.lnk
2019-08-09 19:10 - 2019-02-16 15:13 - 000002459 _____ C:\Users\Augusto Andre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-08-09 19:10 - 2017-07-28 03:39 - 000000000 ___RD C:\Users\Augusto Andre\OneDrive
2019-08-09 17:01 - 2018-10-06 15:20 - 000001956 _____ C:\Users\Augusto Andre\Desktop\UsbFix Anti-Malware.lnk
2019-08-09 17:01 - 2018-02-14 23:38 - 000002408 _____ C:\Users\Augusto Andre\Desktop\Vivaldi.lnk
2019-08-09 17:01 - 2017-10-07 19:15 - 000001853 _____ C:\Users\Augusto Andre\Desktop\Adobe Audition CS6 - Acceso directo.lnk
2019-08-09 17:01 - 2017-09-09 20:40 - 000001412 _____ C:\Users\Augusto Andre\Desktop\Adobe After Effects CS6.lnk
2019-08-09 17:01 - 2017-09-02 20:29 - 000001152 _____ C:\Users\Augusto Andre\Desktop\Adobe Photoshop CS6 (64 Bit).lnk
2019-08-09 17:01 - 2017-08-02 18:44 - 000000671 _____ C:\Users\Augusto Andre\Desktop\PhotoFiltre Studio X.lnk
2019-08-08 17:47 - 2018-02-23 21:53 - 000001040 _____ C:\Users\Augusto Andre\Desktop\Nuevo documento de texto.txt
2019-08-07 21:44 - 2017-08-13 19:06 - 000000000 ___RD C:\Users\Augusto Andre\Desktop\Papa
2019-08-07 21:23 - 2017-10-17 21:59 - 000000000 ___RD C:\Users\Augusto Andre\Desktop\Zulay

==================== Files in the root of some directories ================

2018-01-01 19:21 - 2018-01-01 19:32 - 000000132 _____ () C:\Users\Augusto Andre\AppData\Roaming\Prefs. de formato PNG de Adobe CS6
2019-08-28 15:41 - 2019-08-28 15:41 - 000004096 ____H () C:\Users\Augusto Andre\AppData\Local\keyfile3.drm
2017-12-31 22:06 - 2017-12-31 22:06 - 000000001 _____ () C:\Users\Augusto Andre\AppData\Local\llftool.4.40.agreement
2018-12-27 15:22 - 2018-12-27 15:22 - 000001625 _____ () C:\Users\Augusto Andre\AppData\Local\recently-used.xbel

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================

Reporte adicional FRST

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2019
Ran by Augusto Andre (03-09-2019 06:49:30)
Running from C:\Users\Augusto Andre\Desktop
Windows 10 Pro Version 1809 17763.678 (X64) (2019-02-16 19:56:19)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-1124901766-671737835-1974679833-500 - Administrator - Disabled)
Augusto Andre (S-1-5-21-1124901766-671737835-1974679833-1001 - Administrator - Enabled) => C:\Users\Augusto Andre
DefaultAccount (S-1-5-21-1124901766-671737835-1974679833-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-1124901766-671737835-1974679833-1000 - Limited - Disabled) => C:\Users\defaultuser0
Invitado (S-1-5-21-1124901766-671737835-1974679833-501 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-1124901766-671737835-1974679833-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Disabled - Up to date) {4FC75CA5-1654-5411-7CFB-1893D506BCF4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Disabled - Up to date) {F4A6BD41-306E-5B9F-464B-23E1AE81F649}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-0015-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2CC8520D-6A74-4CCA-9539-8E774E2B50D1}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-0016-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2CC8520D-6A74-4CCA-9539-8E774E2B50D1}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-0018-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2CC8520D-6A74-4CCA-9539-8E774E2B50D1}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-0019-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2CC8520D-6A74-4CCA-9539-8E774E2B50D1}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-001A-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2CC8520D-6A74-4CCA-9539-8E774E2B50D1}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-001B-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2CC8520D-6A74-4CCA-9539-8E774E2B50D1}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-00A1-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2CC8520D-6A74-4CCA-9539-8E774E2B50D1}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-00BA-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2CC8520D-6A74-4CCA-9539-8E774E2B50D1}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{DFA3D010-7486-49A4-B926-DE6D5CCCD7BA}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{2017B6D6-D85A-4492-83D8-86ADAD606350}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{E4638990-BE6C-4DFF-A855-8E1B0DEA8E4C}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{F9A821EA-7DB9-4610-B0CC-9A6C259A388B}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E8178AD9-8146-4752-A006-A972CB9EDB8E}) (Version:  - Microsoft)
adobe (HKLM\...\{CB1807B2-D1EF-473F-BA95-8641F057B855}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
Adobe After Effects CS6 (HKLM-x32\...\{4817D846-700B-474E-A31B-80892B3E92E3}) (Version: 11 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Audition CS6 (HKLM-x32\...\{30FD541D-3C9D-41C4-B240-A994EE4E0231}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.6.0.384 - Adobe Systems Incorporated)
Adobe Flash Player 29 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 29.0.0.171 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.8 - Adobe Systems Incorporated)
Adobe Muse CC 2017 (HKLM-x32\...\MUSE_2017_0_0) (Version: 2017.0.0.149 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Arcadia Runes of Magic (HKLM-x32\...\{0BD4493E-5DC6-4899-A8EE-CAB7E7CFEE68}) (Version: 9.5.4.1304 - Stary3D Interactive) Hidden
Arcadia Runes of Magic (HKLM-x32\...\Arcadia Runes of Magic 9.5.4.1304) (Version: 9.5.4.1304 - Stary3D Interactive)
Atom (HKU\S-1-5-21-1124901766-671737835-1974679833-1001\...\atom) (Version: 1.34.0 - GitHub Inc.)
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 19.7.3103 - AVG Technologies)
Backup and Sync from Google (HKLM\...\{768C0072-2FD2-4934-9824-B2A1E81AEA5D}) (Version: 3.45.5545.5747 - Google, Inc.)
BitTorrent (HKU\S-1-5-21-1124901766-671737835-1974679833-1001\...\BitTorrent) (Version: 7.10.5.45272 - BitTorrent Inc.)
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Boris Continuum Complete 9 OFX for Sony (64-Bit) (HKLM\...\{3DF67BF0-17E8-4537-951C-758102AB87F7}) (Version: 9.0.2005 - Boris FX, Inc.)
Brackets (HKLM-x32\...\{9CB3A036-0B7E-49B7-A60B-291E245CA6B2}) (Version: 1.13.17696 - brackets.io)
CPUID CPU-Z 1.89 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.89 - CPUID, Inc.)
Creative Destruction version 3.0.102 (HKLM-x32\...\{24904964-4247-4EBE-BC79-21D7FF68C6A0}_is1) (Version: 3.0.102 - My Company, Inc.)
CrystalDiskInfo 7.0.5 Shizuku Edition (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.0.5 - Crystal Dew World)
Discord (HKU\S-1-5-21-1124901766-671737835-1974679833-1001\...\Discord) (Version: 0.0.305 - Discord Inc.)
Gameforge Live 2.0.13 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.13 - Gameforge)
GenArts Sapphire Plug-ins 6.10 for OFX (HKLM\...\GenArts Sapphire Plug-ins for OFX_is1) (Version:  - )
GIMP 2.8.22 (HKLM\...\GIMP-2_is1) (Version: 2.8.22 - The GIMP Team)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Kaspersky Secure Connection (HKLM-x32\...\{F10AA188-7166-430E-8810-FEAB2AD73DE3}) (Version: 19.0.0.1088 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{F10AA188-7166-430E-8810-FEAB2AD73DE3}) (Version: 19.0.0.1088 - Kaspersky Lab)
Malwarebytes versión 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Metin2 (HKLM-x32\...\Metin2_ES_is1) (Version:  - Gameforge 4D GmbH)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6416.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1124901766-671737835-1974679833-1001\...\OneDriveSetup.exe) (Version: 19.123.0624.0005 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual FoxPro 9.0 Professional - English (HKLM-x32\...\Visual FoxPro 9.0 Professional - English) (Version:  - Microsoft)
Mozilla Firefox 68.0.1 (x64 es-ES) (HKLM\...\Mozilla Firefox 68.0.1 (x64 es-ES)) (Version: 68.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.0.1 - Mozilla)
MPC-HC 1.7.13 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.13 - MPC-HC Team)
Nitro Pro (HKLM\...\{9651FF7E-0DB1-4388-ADE7-017E4B9C9D47}) (Version: 11.0.3.134 - Nitro)
Paquete de controladores de Windows - Leaf Imaging Ltd. Image  (12/03/2014 1.2.0.0) (HKLM\...\B758007C752D28F7C3542875CEEBDADCAE5941AE) (Version: 12/03/2014 1.2.0.0 - Leaf Imaging Ltd.)
Paquete de controladores de Windows - Phase One / Mamiya V-Grip USB Driver (12/03/2014 1.2.0.0) (HKLM\...\3F504CC0B024052107934E093CC26DA720256A7A) (Version: 12/03/2014 1.2.0.0 - Phase One / Mamiya)
Paquete de controladores de Windows - Phase One A/S (WinUSB) USBDevice  (09/18/2017 1.14.0.0) (HKLM\...\5D536C8BAC29754ACD7E2AFB52D1C2B1EA169BE6) (Version: 09/18/2017 1.14.0.0 - Phase One A/S)
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
PhotoFiltre Studio X (HKU\S-1-5-21-1124901766-671737835-1974679833-1001\...\PhotoFiltre Studio X) (Version:  - )
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8216 - Realtek Semiconductor Corp.)
Runes Of Magic (HKLM-x32\...\{A2F166A0-F031-4E27-A057-C69733219434}_is1) (Version:  - Gameforge 4D GmbH)
Songr (HKU\S-1-5-21-1124901766-671737835-1974679833-1001\...\Songr) (Version: 2.1 - Xamasoft)
Sonic Foundry Preset Manager 1.0 (HKLM-x32\...\{7266C898-F9CB-4122-9452-2AA1DACE245E}) (Version: 1.0.73 - Sonic Foundry)
Speccy (HKLM\...\Speccy) (Version: 1.31 - Piriform)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.2 - Krzysztof Kowalczyk)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 8.0.1038 - SUPERAntiSpyware.com)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.2.36215 - TeamViewer)
UltraISO Premium V9.33 (HKLM-x32\...\UltraISO_is1) (Version:  - )
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C99F4AFA-B32C-4063-865C-D7B5CC0A78FB}) (Version: 2.54.0.0 - Microsoft Corporation)
UsbFix Anti-Malware Premium (HKLM-x32\...\Usbfix) (Version: 10.0.0.3 - SOSVirus (SOSVirus.Net))
Vegas Pro 12.0 (64-bit) (HKLM\...\{A278E021-9C9F-11E2-A232-F04DA23A5C58}) (Version: 12.0.563 - Sony)
Vivaldi (HKU\S-1-5-21-1124901766-671737835-1974679833-1001\...\Vivaldi) (Version: 2.3.1440.61 - Vivaldi Technologies AS.)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Wise Care 365 5.27 (HKLM-x32\...\Wise Care 365_is1) (Version: 5.27 - WiseCleaner.com, Inc.)
Wondershare Filmora9(Build 9.1.2) (HKLM\...\Wondershare Filmora9_is1) (Version:  - Wondershare Software)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)

Packages:
=========
Correo y Calendario -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11901.20184.0_x64__8wekyb3d8bbwe [2019-08-01] (Microsoft Corporation) [MS Ad]
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_2.4.521.0_x64__rz1tebttyb220 [2019-03-12] (Dolby Laboratories)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa [2019-07-31] (Apple Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-20] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-20] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1124901766-671737835-1974679833-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-E0C0DDF61618} -> [Creative Cloud Files] => C:\Users\Augusto Andre\Creative Cloud Files [2018-09-01 22:23]
CustomCLSID: HKU\S-1-5-21-1124901766-671737835-1974679833-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel(R) pGFX -> Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1124901766-671737835-1974679833-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)
ShellIconOverlayIdentifiers: [			IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2017-06-23] (Tonec Inc. -> Tonec Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-06-27] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-06-27] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-06-27] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-01-04] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-01-04] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-01-04] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-01-04] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2019-09-01] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-06-27] (Google LLC -> Google)
ContextMenuHandlers1: [NP8ShellExtension] -> {9C4B85B8-956C-49BF-9BA5-101384E562B2} => C:\Program Files\Nitro\Pro 11\NPShellExtension.dll [2016-12-08] (Nitro Software, Inc. -> Nitro PDF)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2007-07-17] (EZB Systems, Inc.) [File not signed]
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-06-27] (Google LLC -> Google)
ContextMenuHandlers4: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2007-07-17] (EZB Systems, Inc.) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-01-04] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2019-09-01] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2007-07-17] (EZB Systems, Inc.) [File not signed]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Augusto Andre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Vivaldi\WhatsChrome.lnk -> C:\Users\Augusto Andre\AppData\Local\Vivaldi\Application\vivaldi.exe (Vivaldi Technologies AS)

==================== Loaded Modules (Whitelisted) ==============

2019-01-21 16:52 - 2007-07-17 11:07 - 000130560 _____ (EZB Systems, Inc.) [File not signed] C:\Program Files (x86)\UltraISO\isoshl64.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences [386]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 07:47 - 2019-05-04 15:42 - 000001950 _____ C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 hl2rcv.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 na2m-pr.licenses.adobe.com
127.0.0.1 na4r.services.adobe.com
127.0.0.1 ims-na1-prprod.adobelogin.com
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 platform.wondershare.com
127.0.0.1	auth.macphun.com
127.0.0.1	luminar3win.update.skylum.com
127.0.0.1	luminar3.s3-accelerate.amazonaws.com
127.0.0.1	stats-api.skylum.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1124901766-671737835-1974679833-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Augusto Andre\Pictures\Windows-7-blue-wallpaper-cynthia-selahblue-cynti19-32956486-1920-1080.jpg
DNS Servers: 1.1.1.1 - 1.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{586C7140-44F0-42EB-921F-B4172416D710}] => (Allow) LPort=1688
FirewallRules: [{0474DFBF-74E5-4DFD-85A0-30573F888821}] => (Allow) LPort=1688
FirewallRules: [{489A6AE2-E7F9-4034-97B5-50BC5B6863FC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{89C0EA58-D722-41EA-A9B2-6CE49A9687E6}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{3710A85C-0D4C-4BA2-9DD3-5AB5CEB635F8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{2959A0A6-E9B1-4916-A3ED-067D5849E7EB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{2C472C77-B18B-46EF-8CA1-358D3A78445B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{978D2ACE-A143-47CF-A0F8-7B57F56021D9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9E6127DF-7DDC-4F91-A075-DDDDFA1B67C2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C4F6DAB1-A9AF-40FA-8A83-551CC4B433F0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7D1DEFE5-0939-4C6C-B4BB-9D538E7CCC5D}] => (Allow) E:\GameforgeLive\gfl_client.exe (Gameforge 4D GmbH -> )
FirewallRules: [{84CDF420-0638-45CD-BD1A-398CDC081DFC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{6B074C87-E1BB-4EB8-8609-C9876A1D24A8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{73060BEB-45AE-4017-984F-E2B6C3A56395}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warface\WarfaceMycomSteamLoader.exe (my.com .BV -> MY.COM B.V.)
FirewallRules: [{E7EAC534-963A-49F6-8190-F77DCEB6C617}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warface\WarfaceMycomSteamLoader.exe (my.com .BV -> MY.COM B.V.)
FirewallRules: [TCP Query User{D1CFB3C7-D4C2-4AE5-9D9D-20275438ECC3}C:\users\augusto andre\appdata\local\vivaldi\application\vivaldi.exe] => (Allow) C:\users\augusto andre\appdata\local\vivaldi\application\vivaldi.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
FirewallRules: [UDP Query User{B6F9E746-0F1A-418B-9469-DB7B755ADB85}C:\users\augusto andre\appdata\local\vivaldi\application\vivaldi.exe] => (Allow) C:\users\augusto andre\appdata\local\vivaldi\application\vivaldi.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
FirewallRules: [{4D6E7D65-1F70-45C0-995B-4174DDB32433}] => (Allow) C:\Users\Augusto Andre\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{D288906E-8834-4990-9E5F-57F1F803AA4A}] => (Allow) C:\Users\Augusto Andre\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [TCP Query User{431DD1B5-BFD9-4A40-82DF-BC21386730A3}C:\users\augusto andre\appdata\local\vivaldi\application\vivaldi.exe] => (Allow) C:\users\augusto andre\appdata\local\vivaldi\application\vivaldi.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
FirewallRules: [UDP Query User{A135CAF4-A58B-44A6-9100-D77C56BAD124}C:\users\augusto andre\appdata\local\vivaldi\application\vivaldi.exe] => (Allow) C:\users\augusto andre\appdata\local\vivaldi\application\vivaldi.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
FirewallRules: [TCP Query User{907F97B4-A49B-45B0-88C1-7B6AFDCF26BA}C:\program files (x86)\brackets\node.exe] => (Allow) C:\program files (x86)\brackets\node.exe (Adobe Systems Incorporated -> Node.js)
FirewallRules: [UDP Query User{C2E21C10-B68A-4530-A261-D64B01D91608}C:\program files (x86)\brackets\node.exe] => (Allow) C:\program files (x86)\brackets\node.exe (Adobe Systems Incorporated -> Node.js)
FirewallRules: [TCP Query User{B4C0D7D3-459F-4325-9EFC-1A7E3FAE8FC8}C:\creative destruction\client.exe] => (Allow) C:\creative destruction\client.exe (NetEase(Hangzhou) Network Co. Ltd. -> 网易)
FirewallRules: [UDP Query User{3FCDFF5D-C58D-4550-9177-E2829FB20876}C:\creative destruction\client.exe] => (Allow) C:\creative destruction\client.exe (NetEase(Hangzhou) Network Co. Ltd. -> 网易)
FirewallRules: [TCP Query User{B735E2ED-7C12-415A-AF8A-6458D5F74E17}C:\creative destruction\ccmini\ccmini.exe] => (Allow) C:\creative destruction\ccmini\ccmini.exe (NetEase(Hangzhou) Network Co. Ltd. -> 网易公司)
FirewallRules: [UDP Query User{AAC309F4-EB9D-4475-B0E2-0C9F2C05CBFE}C:\creative destruction\ccmini\ccmini.exe] => (Allow) C:\creative destruction\ccmini\ccmini.exe (NetEase(Hangzhou) Network Co. Ltd. -> 网易公司)
FirewallRules: [{FF1E7732-21CB-4A08-B918-007403773F25}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{EAE19094-FFFE-44AA-A897-7B8FD88DFA6F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{7598AEFC-62E1-494F-8952-68E51CAB9C1D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{D5A1C852-A380-4BAF-BF15-7CFC0EDADFA0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [TCP Query User{FD29B6DA-BEDF-4E61-B41B-E7361C12D7CF}C:\program files (x86)\steam\steamapps\common\warface\mycomgames\mycomgames.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\warface\mycomgames\mycomgames.exe (Mail.Ru, LLC -> )
FirewallRules: [UDP Query User{D76FEE4D-2792-4607-BE60-EA4A2A731317}C:\program files (x86)\steam\steamapps\common\warface\mycomgames\mycomgames.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\warface\mycomgames\mycomgames.exe (Mail.Ru, LLC -> )
FirewallRules: [TCP Query User{80BD42EB-B1CB-467F-91C7-C3521F20899E}C:\program files (x86)\steam\steamapps\common\warface\mycomgames\gamecenter.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\warface\mycomgames\gamecenter.exe (Mail.Ru, LLC -> )
FirewallRules: [UDP Query User{16F7682B-A872-41E4-9D13-EA261430DFF3}C:\program files (x86)\steam\steamapps\common\warface\mycomgames\gamecenter.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\warface\mycomgames\gamecenter.exe (Mail.Ru, LLC -> )
FirewallRules: [TCP Query User{35099CB2-FB42-47FD-B1D8-29284FCD6151}C:\program files (x86)\steam\steamapps\common\warface\warface\bin32release\game.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\warface\warface\bin32release\game.exe (Mail.Ru, LLC -> Crytek GmbH)
FirewallRules: [UDP Query User{BC034AD8-7832-4AEC-B8CC-D566322E854C}C:\program files (x86)\steam\steamapps\common\warface\warface\bin32release\game.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\warface\warface\bin32release\game.exe (Mail.Ru, LLC -> Crytek GmbH)
FirewallRules: [{6A09A473-06D5-4624-A1E9-AB12B33C122A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{CB05C86D-EB1D-4A38-9041-E576E5CFE4CA}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F8134A69-50E5-44DB-A5C3-D478ED817D12}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{84A3066D-6C8E-4A56-927E-5011CBD884BB}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E42DF1EC-5842-4EB8-903C-4961F5948405}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{FF1236BA-D037-4E1D-9FA5-9A6F03FD4301}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C196E3D9-4848-44D5-98F3-8DCAB7F5C2A9}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6A8D086F-B073-42EA-BA2B-F3686748EA49}] => (Allow) LPort=80

==================== Restore Points =========================

18-08-2019 18:10:03 Windows Update
28-08-2019 14:44:27 Punto de control programado

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/03/2019 06:34:39 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0xC004F074
Argumentos de línea de comandos:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (09/03/2019 06:34:38 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0xC004F074
Argumentos de línea de comandos:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (09/02/2019 10:41:50 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0xC004F074
Argumentos de línea de comandos:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (09/01/2019 10:32:55 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0xC004F074
Argumentos de línea de comandos:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (09/01/2019 10:32:52 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0xC004F074
Argumentos de línea de comandos:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (09/01/2019 09:42:14 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0xC004F074
Argumentos de línea de comandos:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (09/01/2019 09:40:25 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0x8007139F
Argumentos de línea de comandos:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (09/01/2019 05:40:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa SearchUI.exe (versión 10.0.17763.652) dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible sobre el problema, comprueba el historial de problemas en el panel de control de seguridad y mantenimiento.

Id. de proceso: d54

Hora de Inicio: 01d5610cd98fe00e

Hora de finalización: 4294967295

Ruta de la aplicación: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe

Id. de informe: 7fbc945e-853b-4eb6-aafa-881e67983018

Nombre completo del paquete con errores: Microsoft.Windows.Cortana_1.11.6.17763_neutral_neutral_cw5n1h2txyewy

Id. de la aplicación relativa al paquete con errores: CortanaUI

Tipo de bloqueo: Quiesce


System errors:
=============
Error: (09/03/2019 06:44:47 AM) (Source: DCOM) (EventID: 10016) (User: LOPEZITO)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 y APPID 
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 al usuario LOPEZITO\Augusto Andre con SID (S-1-5-21-1124901766-671737835-1974679833-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (09/03/2019 06:43:12 AM) (Source: DCOM) (EventID: 10016) (User: LOPEZITO)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 y APPID 
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 al usuario LOPEZITO\Augusto Andre con SID (S-1-5-21-1124901766-671737835-1974679833-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (09/03/2019 06:32:51 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio RasMan depende del servicio Dnscache, el cual no pudo iniciarse debido al siguiente error: 
No se puede iniciar el servicio, porque está deshabilitado o porque no tiene dispositivos habilitados asociados a él.

Error: (09/03/2019 06:32:19 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio NcaSvc depende del servicio Dnscache, el cual no pudo iniciarse debido al siguiente error: 
No se puede iniciar el servicio, porque está deshabilitado o porque no tiene dispositivos habilitados asociados a él.

Error: (09/03/2019 06:30:21 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: Error de DCOM "1115" al intentar iniciar el servicio SecurityHealthService con argumentos "No disponible" para ejecutar el servidor:
{2D15188C-D298-4E10-83B2-64666CCBEBBD}

Error: (09/03/2019 12:07:43 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Error de instalación: error de Windows al instalar la siguiente actualización, error 0x800706d9: 9WZDNCRFHVJL-MICROSOFT.OFFICE.ONENOTE.

Error: (09/02/2019 08:48:49 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos establecido de forma predeterminada en el equipo no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{0358B920-0AC7-461F-98F4-58E32CD89148}
 y APPID 
{3EB3C877-1F16-487C-9050-104DBCD66683}
 al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (09/02/2019 08:48:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos establecido de forma predeterminada en el equipo no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{0358B920-0AC7-461F-98F4-58E32CD89148}
 y APPID 
{3EB3C877-1F16-487C-9050-104DBCD66683}
 al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.


Windows Defender:
===================================
Date: 2019-02-17 20:08:27.449
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {F4F9B57D-6967-434A-A810-D68968365D8D}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

CodeIntegrity:
===================================

Date: 2019-09-01 14:47:08.359
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVG\Antivirus\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-09-01 14:47:08.294
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVG\Antivirus\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-09-01 14:47:08.249
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVG\Antivirus\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-09-01 14:47:08.159
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVG\Antivirus\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-08-25 13:31:13.411
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVG\Antivirus\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-08-25 13:31:13.364
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVG\Antivirus\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-08-25 13:31:13.315
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVG\Antivirus\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-08-25 13:31:13.263
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVG\Antivirus\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info =========================== 

BIOS: American Megatrends Inc. V1.7 09/30/2013
Motherboard: MSI B75MA-E33 (MS-7808)
Processor: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz
Percentage of memory in use: 66%
Total physical RAM: 3957.92 MB
Available physical RAM: 1311.41 MB
Total Virtual: 5347.92 MB
Available Virtual: 2522.27 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:296.76 GB) (Free:184.55 GB) NTFS
Drive d: (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Respaldo) (Fixed) (Total:297.99 GB) (Free:207.8 GB) NTFS

\\?\Volume{0003b24d-0000-0000-0000-100000000000}\ (Reservado para el sistema) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS
\\?\Volume{0003b24d-0000-0000-0000-b04f4a000000}\ () (Fixed) (Total:0.84 GB) (Free:0.43 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 0003B24D)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=296.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=864 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 000852C1)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Hola @augusto87

Antes de analizar los reportes de FRST:

El problema es que esos dos archivos que mencionas (nicks) tienen extensiones .bat y .exe y son detectados por Malwarebytes y también por tu antivirus, y esa infección es considerada como un Troyano Mata AV.

Entiendo lo que tu crees, pero debemos asegurarnos:

Sube los tres archivos a Virus Total siguiendo la ruta:

C:\USERS\AUGUSTO ANDRE\DOCUMENTS\CHRONICLES OF ARCADIA\AUYANTEPUY\AUYANTEPUY.BAT

C:\USERS\AUGUSTO ANDRE\DOCUMENTS\CHRONICLES OF ARCADIA\RORAIMA\RORAIMA.EXE

C:\USERS\AUGUSTO ANDRE\DOCUMENTS\CHRONICLES OF ARCADIA\OF ARCADIA.BAT

Y nos pegas los enlaces a los resultados.

Salu2

Hola buen día, a lo que me refería es que los nombres y la ruta de los archivo son conocidos mas no la extensión , sobre todo la .exe que al darme cuenta de esta me imaginé que el virus había infectado esas carpetas y por eso aparecieron los archivos con extensión .exe y .bat, disculpa que no me expliqué cuando te dije que conocía los archivos. Gracias a dios el Malwarebytes ya los eliminó y no aparecen en esa ruta, igualmente pasó con la carpeta que sale en la captura que te pegue en el primer mensaje “Documents.exe” , adicional el AVG dejó de notificarme sobre las detecciones. En conclusion el bendito virus estaba infectando todas las carpetas localizadas en “Mis documentos” estoy viendo los reportes de AVG y todas las detecciones de archivos con extension .exe .bat estaban alli, al parecer ya todo está en orden, de igual forma alli esta el reporte de FRST

Me avisas si tengo que realizar algun otro paso adicional.

Hola @augusto87

Disculpa la demora, tuve dos días complicados.

Sigue estos pasos:

1.- Muy Importante >>> Realizar una copia de Seguridad de su Registro.

  • Descarga DelFix en el escritorio de Windows.
  • Clic Derecho, “Ejecutar como Administrador”.
  • En la ventana principal, marca solamente la casilla “Create Registry Backup”.
  • Clic en Run.

Al terminar se abrirá un reporte llamado DelFix.txt, guárdelo por si fuera necesario y cierre la herramienta…

2.- Desactiva Temporalmente tu antivirus.

3.- Abre un nuevo archivo Notepad/Bloc de Notas y copia y pega este contenido:


Start
CloseProcesses:
CreateRestorePoint:
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction ? <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {04CEDDE3-CA6B-4FE4-AEC7-3E0F431548EB} - no filepath
Task: {17C601FE-0FF0-44B3-8040-1AC1A97F4022} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {4FD51501-2E22-4FAA-888D-F0E2A6831809} - no filepath
Task: {7A85FC77-B882-4190-8A97-71A0F8F6B9D6} - no filepath
Task: {8D864507-BD9D-4BD8-B482-D44C6BE8AC23} - no filepath
Task: {D8B1F030-C68D-4F5E-AFA9-1BFE5A69E048} - no filepath
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-06-23]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-06-23]
S3 mracdrv; C:\WINDOWS\System32\drivers\mracdrv.sys [16678400 2019-06-24] (Mail.Ru LLC -> LLC Mail.Ru)
2019-09-02 17:03 - 2019-07-01 14:23 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
AlternateDataStreams: C:\Windows:nlsPreferences [386]
FirewallRules: [TCP Query User{35099CB2-FB42-47FD-B1D8-29284FCD6151}C:\program files (x86)\steam\steamapps\common\warface\warface\bin32release\game.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\warface\warface\bin32release\game.exe (Mail.Ru, LLC -> Crytek GmbH)
C:\program files (x86)\steam\steamapps\common\warface\warface\bin32release\game.exe
FirewallRules: [UDP Query User{BC034AD8-7832-4AEC-B8CC-D566322E854C}C:\program files (x86)\steam\steamapps\common\warface\warface\bin32release\game.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\warface\warface\bin32release\game.exe (Mail.Ru, LLC -> Crytek GmbH)

CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
  • Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.

Nota: Es necesario que el ejecutable Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajara.

  • Ejecutas Frst.exe.
  • Presionas el botón Fix y aguardas a que termine.
  • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
  • Lo pegas en tu próxima respuesta.

Nos comentas luego de reiniciar como sigue el equipo.

Salu2.

Hola no te preocupes , aqui te dejo el reporte nuevo:

La pc esta perfecta se siente de maravilla y el AVG dejó de notificar los virus.

Fix result of Farbar Recovery Scan Tool (x64) Version: 04-09-2019
Ran by Augusto Andre (05-09-2019 18:38:02) Run:1
Running from C:\Users\Augusto Andre\Desktop
Loaded Profiles: Augusto Andre (Available Profiles: defaultuser0 & Augusto Andre)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction ? <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {04CEDDE3-CA6B-4FE4-AEC7-3E0F431548EB} - no filepath
Task: {17C601FE-0FF0-44B3-8040-1AC1A97F4022} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {4FD51501-2E22-4FAA-888D-F0E2A6831809} - no filepath
Task: {7A85FC77-B882-4190-8A97-71A0F8F6B9D6} - no filepath
Task: {8D864507-BD9D-4BD8-B482-D44C6BE8AC23} - no filepath
Task: {D8B1F030-C68D-4F5E-AFA9-1BFE5A69E048} - no filepath
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-06-23]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-06-23]
S3 mracdrv; C:\WINDOWS\System32\drivers\mracdrv.sys [16678400 2019-06-24] (Mail.Ru LLC -> LLC Mail.Ru)
2019-09-02 17:03 - 2019-07-01 14:23 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
AlternateDataStreams: C:\Windows:nlsPreferences [386]
FirewallRules: [TCP Query User{35099CB2-FB42-47FD-B1D8-29284FCD6151}C:\program files (x86)\steam\steamapps\common\warface\warface\bin32release\game.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\warface\warface\bin32release\game.exe (Mail.Ru, LLC -> Crytek GmbH)
C:\program files (x86)\steam\steamapps\common\warface\warface\bin32release\game.exe
FirewallRules: [UDP Query User{BC034AD8-7832-4AEC-B8CC-D566322E854C}C:\program files (x86)\steam\steamapps\common\warface\warface\bin32release\game.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\warface\warface\bin32release\game.exe (Mail.Ru, LLC -> Crytek GmbH)

CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{04CEDDE3-CA6B-4FE4-AEC7-3E0F431548EB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04CEDDE3-CA6B-4FE4-AEC7-3E0F431548EB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{17C601FE-0FF0-44B3-8040-1AC1A97F4022}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{17C601FE-0FF0-44B3-8040-1AC1A97F4022}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4FD51501-2E22-4FAA-888D-F0E2A6831809}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4FD51501-2E22-4FAA-888D-F0E2A6831809}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7A85FC77-B882-4190-8A97-71A0F8F6B9D6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A85FC77-B882-4190-8A97-71A0F8F6B9D6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8D864507-BD9D-4BD8-B482-D44C6BE8AC23}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D864507-BD9D-4BD8-B482-D44C6BE8AC23}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D8B1F030-C68D-4F5E-AFA9-1BFE5A69E048}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8B1F030-C68D-4F5E-AFA9-1BFE5A69E048}" => removed successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\ngpampappnmepgilojfohadhhmbhlaek => removed successfully
C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx => moved successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ngpampappnmepgilojfohadhhmbhlaek => removed successfully
"C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx" => not found
HKLM\System\CurrentControlSet\Services\mracdrv => removed successfully
mracdrv => service removed successfully
C:\WINDOWS\System32\Tasks\AVAST Software => moved successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
C:\Windows => ":nlsPreferences" ADS removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{35099CB2-FB42-47FD-B1D8-29284FCD6151}C:\program files (x86)\steam\steamapps\common\warface\warface\bin32release\game.exe" => removed successfully
C:\program files (x86)\steam\steamapps\common\warface\warface\bin32release\game.exe => moved successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{BC034AD8-7832-4AEC-B8CC-D566322E854C}C:\program files (x86)\steam\steamapps\common\warface\warface\bin32release\game.exe" => removed successfully

========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

No se puede vaciar la cach‚ de resoluci¢n de DNS: Error de una funci¢n durante la ejecuci¢n.


========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows

No se puede realizar ninguna operaci¢n en Wi-Fi mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Conexi¢n de  rea local* 2 mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Conexi¢n de  rea local* 13 mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Ethernet 2 mientras los medios
est‚n desconectados.

Adaptador de LAN inal mbrica Wi-Fi:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de LAN inal mbrica Conexi¢n de  rea local* 2:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de LAN inal mbrica Conexi¢n de  rea local* 13:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de Ethernet Ethernet:

   Sufijo DNS espec¡fico para la conexi¢n. . : 
   V¡nculo: direcci¢n IPv6 local. . . : fe80::81a2:9fb1:5efa:faa1%6
   Direcci¢n IPv4. . . . . . . . . . . . . . : 190.74.15.229
   M scara de subred . . . . . . . . . . . . : 255.255.224.0
   Puerta de enlace predeterminada . . . . . : 190.74.0.1

Adaptador de Ethernet Ethernet 2:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

0 out of 0 jobs canceled.

========= End of CMD: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= netsh advfirewall reset =========

Aceptar


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Aceptar


========= End of CMD: =========


========= netsh int ipv4 reset =========

Reenv¡o de compartimiento se restableci¢ correctamente.
Compartimiento se restableci¢ correctamente.
Protocolo de control se restableci¢ correctamente.
Solicitud de secuencia eco se restableci¢ correctamente.
Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de difusi¢n por proximidad (a se restableci¢ correctamente.
Direcciones de multidifusi¢n se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Posible se restableci¢ correctamente.
Directiva de prefijo se restableci¢ correctamente.
Vecino de proxy se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Prefijo de sitio se restableci¢ correctamente.
Subinterfaz se restableci¢ correctamente.
Patr¢n de reactivaci¢n se restableci¢ correctamente.
Resolver vecino se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.

 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= netsh int ipv6 reset =========

Reenv¡o de compartimiento se restableci¢ correctamente.
Compartimiento se restableci¢ correctamente.
Protocolo de control se restableci¢ correctamente.
Solicitud de secuencia eco se restableci¢ correctamente.
Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de difusi¢n por proximidad (a se restableci¢ correctamente.
Direcciones de multidifusi¢n se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Posible se restableci¢ correctamente.
Directiva de prefijo se restableci¢ correctamente.
Vecino de proxy se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Prefijo de sitio se restableci¢ correctamente.
Subinterfaz se restableci¢ correctamente.
Patr¢n de reactivaci¢n se restableci¢ correctamente.
Resolver vecino se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.

 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-1124901766-671737835-1974679833-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-1124901766-671737835-1974679833-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 11558912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 39317628 B
Java, Flash, Steam htmlcache => 186120232 B
Windows/system/drivers => 223549618 B
Edge => 78692 B
Chrome => 0 B
Firefox => 8208749 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 3642 B
LocalService => 0 B
NetworkService => 0 B
NetworkService => 0 B
defaultuser0 => 7168 B
Augusto Andre => 13664946 B

RecycleBin => 361681 B
EmptyTemp: => 460.5 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 18:39:41 ====

Hola @augusto87

Perfecto…:clap::clap:

Para ir terminando eliminar las herramientas utilizadas:

Ejecutas >> Delfix, desde tu escritorio.

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7 /8 /10,presiona clic derecho y selecciona >> “Ejecutar como Administrador”)
  • Marca las casilla Remove disinfection tools y Purgue Sistem Restore
  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

Nos comentas si todo esta en orden para dar por Solucionado el tema.

Salu2.

1 me gusta

Listo ya lo hice, todo está en orden muchísimas gracias por la ayuda te mereces el cielo , un abrazo grande desde Venezuela !!!

1 me gusta

Hola @augusto87

Gracias a ti por Confiar!!! :+1::+1:

Para otros problemas, ya sabes donde encontrarnos…:upside_down_face:

Tema Solucionado

1 me gusta