Infección en mi notebook

Hola a todos en el Foro. Ya he pedido ayuda en varias oportunidades y esperaba poder resolver esto sola pero no se que hacer y acá estoy nuevamente. Sepan disculpar las molestias. Estoy tratando de usar una notebook que mis hijos dejaron de usar porque “andaba lenta”. Es una Windows 7 de 64 bits Intel core i3 de 4g en Ram. Estaba muy desprolija cuando la prendí, tenía trabado el teclado y muchísimas cosas se abrieron al encenderla. Saqué varios programas del inicio y le desinstalé el Avast Internet … y el Avast Premium que me resultan antipáticos. Pasé el Malwarebytes y detectó 156 problemas principalmente de los programas IOBIT\ADVANCED SYSTEMCARE. Desinstalé los dos programas, el Advanced se activaba a cada rato y tenía una ventana abierta en el Escritorio. Cuando hacía esto salió un informe automático de Malwarebytes que seguramente realizaba un análisis programado. Paso el reporte:

> Malwarebytes
> www.malwarebytes.com
> 
> -Detalles del registro-
> Fecha del análisis: 11/7/19
> Hora del análisis: 2:23
> Archivo de registro: fc6e76da-a39b-11e9-9c24-000000000000.json
> 
> -Información del software-
> Versión: 3.8.3.2965
> Versión de los componentes: 1.0.613
> Versión del paquete de actualización: 1.0.11496
> Licencia: Prueba
> 
> -Información del sistema-
> SO: Windows 7 Service Pack 1
> CPU: x64
> Sistema de archivos: NTFS
> Usuario: System
> 
> -Resumen del análisis-
> Tipo de análisis: Análisis de amenazas
> Análisis iniciado por:: Programador de tareas
> Resultado: Completado
> Objetos analizados: 256860
> Amenazas detectadas: 1
> Amenazas en cuarentena: 1
> Tiempo transcurrido: 20 min, 33 seg
> 
> -Opciones de análisis-
> Memoria: Activado
> Inicio: Activado
> Sistema de archivos: Activado
> Archivo: Activado
> Rootkits: Desactivado
> Heurística: Activado
> PUP: Detectar
> PUM: Detectar
> 
> -Detalles del análisis-
> Proceso: 0
> (No hay elementos maliciosos detectados)
> 
> Módulo: 0
> (No hay elementos maliciosos detectados)
> 
> Clave del registro: 0
> (No hay elementos maliciosos detectados)
> 
> Valor del registro: 0
> (No hay elementos maliciosos detectados)
> 
> Datos del registro: 0
> (No hay elementos maliciosos detectados)
> 
> Secuencia de datos: 0
> (No hay elementos maliciosos detectados)
> 
> Carpeta: 0
> (No hay elementos maliciosos detectados)
> 
> Archivo: 1
> MachineLearning/Anomalous.100%, C:\USERS\MARCELA\APPDATA\LOCAL\TEMP\BIT6594.TMP, En cuarentena, [0], [392687],1.0.11496
> 
> Sector físico: 0
> (No hay elementos maliciosos detectados)
> 
> WMI: 0
> (No hay elementos maliciosos detectados)
> 
> 
> (end)

Luego pasé el Eset online Scanner que ya lo había usado en otras oportunidades descargado de este Foro porque no abrí nada más porque la PC está sin antivirus. Paso el reporte:

> 12/07/2019 23:16:04
> Archivos analizados: 247157
> Archivos infectados: 57
> Amenazas desinfectadas: 57
> Tiempo total de análisis 02:55:52
> Estado del análisis: Finalizado
> 
> 
> C:\AdwCleaner\Quarantine\C\Program Files\Updater By SweetPacks\Firefox\chrome\content\main.js.bak.vir	JS/Toolbar.Perion.A aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
> C:\AdwCleaner\Quarantine\C\Program Files\Updater By SweetPacks\Firefox\chrome\content\main.js.vir	JS/Toolbar.Perion.A aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
> C:\AdwCleaner\Quarantine\C\Program Files\Updater By SweetPacks\Extension32.dll.vir	una variante de Win32/Toolbar.Perion.A aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
> C:\AdwCleaner\Quarantine\C\Program Files\Updater By SweetPacks\Extension64.dll.vir	una variante de Win64/Toolbar.Perion.A aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
> C:\AdwCleaner\Quarantine\C\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe.vir	una variante de Win32/Toolbar.BitCocktail.B aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
> C:\AdwCleaner\Quarantine\C\Program Files\Updater By SweetPacks\InstallerHelper.dll.vir	una variante de Win32/Toolbar.BitCocktail.A aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
> C:\AdwCleaner\Quarantine\C\Program Files (x86)\BrowserCompanion\blabbers-ch.crx.vir	Win32/BrowserCompanion.G aplicación potencialmente indeseable	eliminado
> C:\AdwCleaner\Quarantine\C\Program Files (x86)\BrowserCompanion\blabbers-ff-full.xpi.vir	Win32/BrowserCompanion.G aplicación potencialmente indeseable	eliminado
> C:\AdwCleaner\Quarantine\C\Program Files (x86)\BrowserCompanion\jsloader.dll.vir	Win32/BrowserCompanion.B aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
> C:\AdwCleaner\Quarantine\C\Program Files (x86)\BrowserCompanion\tdataprotocol.dll.vir	Win32/BrowserCompanion.C aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
> C:\AdwCleaner\Quarantine\C\Program Files (x86)\BrowserCompanion\toolbar.dll.vir	Win32/BrowserCompanion.D aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
> C:\AdwCleaner\Quarantine\C\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll.vir	Win32/BrowserCompanion.E aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
> C:\AdwCleaner\Quarantine\C\Program Files (x86)\BrowserCompanion\widgetserv.exe.vir	Win32/BrowserCompanion.F aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
> C:\AdwCleaner\Quarantine\C\Program Files (x86)\Softonic\Softonic\1.8.16.10\bh\Softonic.dll.vir	una variante de Win32/Toolbar.Escort.A aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
> C:\AdwCleaner\Quarantine\C\Program Files (x86)\Softonic\Softonic\1.8.16.10\escortShld.dll.vir	Win32/Toolbar.Funmoods aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
> C:\AdwCleaner\Quarantine\C\Program Files (x86)\Softonic\Softonic\1.8.16.10\softonic.crx.vir	JS/Toolbar.Montiera.D aplicación potencialmente indeseable,JS/Toolbar.Montiera.A aplicación potencialmente indeseable,una variante de Win32/Toolbar.Montiera.AO aplicación potencialmente indeseable,JS/Toolbar.Montiera.C aplicación potencialmente indeseable,una variante de Win32/Toolbar.Montiera.AQ aplicación potencialmente indeseable	eliminado
> C:\AdwCleaner\Quarantine\C\Program Files (x86)\Softonic\Softonic\1.8.16.10\SoftonicApp.dll.vir	una variante de Win32/Toolbar.Montiera.A aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
> C:\AdwCleaner\Quarantine\C\Program Files (x86)\Softonic\Softonic\1.8.16.10\SoftonicEng.dll.vir	una variante de Win32/Toolbar.Montiera.A aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
> C:\AdwCleaner\Quarantine\C\Program Files (x86)\Softonic\Softonic\1.8.16.10\Softonicsrv.exe.vir	una variante de Win32/Toolbar.Montiera.A aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
> C:\AdwCleaner\Quarantine\C\Program Files (x86)\Softonic\Softonic\1.8.16.10\SoftonicTlbr.dll.vir	una variante de Win32/Toolbar.Montiera.F aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
> C:\AdwCleaner\Quarantine\C\Program Files (x86)\Softonic\Softonic\1.8.16.10\uninstall.exe.vir	Win32/Toolbar.Montiera.AL aplicación potencialmente indeseable,Win32/Toolbar.Montiera.B aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
> C:\AdwCleaner\Quarantine\C\Program Files (x86)\SoftwareUpdater\AppsUpdater.exe.vir	una variante de MSIL/Vittalia.D aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
> C:\AdwCleaner\Quarantine\C\Program Files (x86)\SoftwareUpdater\KeyGen.dll.vir	Win32/Vittalia.K aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
> C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\ClearHist.exe.vir	una variante de Win32/SweetIM.L aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
> C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgcommon.dll.vir	una variante de Win32/SweetIM.L aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
> C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgconfig.dll.vir	una variante de Win32/SweetIM.L aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
> C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll.vir	una variante de Win32/SweetIM.L aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
> C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mghooking.dll.vir	una variante de Win32/SweetIM.L aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
> C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mglogger.dll.vir	una variante de Win32/SweetIM.L aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
> C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll.vir	una variante de Win32/Toolbar.Softomate.A aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
> C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll.vir	una variante de Win32/SweetIM.L aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
> C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll.vir	una variante de Win32/SweetIM.L aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
> C:\AdwCleaner\Quarantine\C\Users\Marcela\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\2.1.3_0\resources\fm.dll.vir	Win32/DealPly.CP aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
> C:\AdwCleaner\Quarantine\C\Users\Marcela\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_12\witmain.js.vir	Win32/BrowserCompanion.G aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
> C:\AdwCleaner\Quarantine\C\Users\Marcela\AppData\Local\Google\Chrome\User Data\Default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_13\bg.html.vir	JS/Toolbar.Montiera.D aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
> C:\AdwCleaner\Quarantine\C\Users\Marcela\AppData\Local\Google\Chrome\User Data\Default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_13\bg.js.vir	JS/Toolbar.Montiera.A aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
> C:\AdwCleaner\Quarantine\C\Users\Marcela\AppData\Local\Google\Chrome\User Data\Default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_13\CrmAdpt.dll.vir	una variante de Win32/Toolbar.Montiera.AO aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
> C:\AdwCleaner\Quarantine\C\Users\Marcela\AppData\Local\Google\Chrome\User Data\Default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_13\ct.js.vir	JS/Toolbar.Montiera.C aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
> C:\AdwCleaner\Quarantine\C\Users\Marcela\AppData\Local\Google\Chrome\User Data\Default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_13\CTB.dll.vir	una variante de Win32/Toolbar.Montiera.AQ aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
> C:\AdwCleaner\Quarantine\C\Users\Marcela\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo\1.1.8.4_0\js\jquery.autocomplete.js.vir	JS/Lightning.B aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
> C:\AdwCleaner\Quarantine\C\Users\Marcela\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx.vir	JS/Lightning.B aplicación potencialmente indeseable	eliminado
> C:\AdwCleaner\Quarantine\C\Users\Marcela\AppData\LocalLow\bbrs_002.tb\content\BCHelper.exe.vir	una variante de Win32/BrowserCompanion.A aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
> C:\AdwCleaner\Quarantine\C\Users\Marcela\AppData\LocalLow\bbrs_002.tb\content\witmain.js.vir	Win32/BrowserCompanion.G aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
> C:\AdwCleaner\Quarantine\C\Users\Marcela\AppData\Roaming\BrowserCompanion\tcbhn.exe.vir	Win32/BrowserCompanion aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
> C:\AdwCleaner\Quarantine\C\Users\Marcela\AppData\Roaming\SaveSense\UpdateProc\UpdateTask.exe.vir	una variante de Win32/DealPly.K aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
> C:\Users\Marcela\Desktop\rcsetup151.exe	Win32/Bundled.Toolbar.Google.D aplicación potencialmente peligrosa	no se ha podido desinfectar - archivo eliminado
> C:\Users\Marcela\Documents\Aplicaciones Microspft\ccsetup322.exe	Win32/Bundled.Toolbar.Google.E aplicación potencialmente peligrosa	no se ha podido desinfectar - archivo eliminado
> C:\Users\Marcela\Documents\Aplicaciones Microspft\iLividSetupV1.exe	Win32/Toolbar.SearchSuite aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
> C:\Users\Marcela\Documents\Aplicaciones Microspft\rcpsetup_softonic_new_sd_new_esusa.exe	MSIL/AdvancedSystemProtector.C aplicación potencialmente indeseable,Win32/MyPCBackup.A aplicación potencialmente indeseable,Win32/Systweak.B aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
> C:\Users\Marcela\Documents\Aplicaciones Microspft\SoftonicDownloader_para_curriculumfacil.exe	Win32/SoftonicDownloader.D aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
> C:\Users\Marcela\Documents\Aplicaciones Microspft\SoftonicDownloader_para_picasa.exe	Win32/SoftonicDownloader.D aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
> C:\Users\Marcela\Documents\Aplicaciones Microspft\SoftonicDownloader_para_winaso-registry-optimizer.exe	Win32/SoftonicDownloader.E aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
> C:\Users\Marcela\Documents\Aplicaciones Microspft\uTorrent.exe	Win32/AdkDLLWrapper.A aplicación potencialmente indeseable,una variante de Win32/Bunndle aplicación potencialmente peligrosa	eliminado
> C:\Users\Marcela\Documents\Cosas de mama\DownloadAcceleratorSetup.exe	una variante de Win32/InstallCore.BR aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
> C:\Users\Marcela\Downloads\FormatFactoryPortable290.zip	una variante de Win32/Bundled.Toolbar.Ask aplicación potencialmente peligrosa,una variante de Win32/Bundled.Toolbar.Ask.G aplicación potencialmente peligrosa	eliminado
> C:\Users\Marcela\Downloads\iobituninstaller.exe	una variante de Win32/IObit.E aplicación potencialmente indeseable,una variante de Win32/IObit.P aplicación potencialmente indeseable,una variante de Win32/IObit.J aplicación potencialmente indeseable,una variante de Win32/IObit.L aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
> C:\Users\Public\Documents\Wondershare\drfone-for-android_full1545.exe	múltiples amenazas,una variante de Android/Exploit.Lotoor.GW Troyano,una variante de Android/Exploit.Lotoor.GX Troyano	no se ha podido desinfectar - archivo eliminado

Luego consultando en el Foro por lo encontrado por Malwarebytes descargué Kaspersky Virus Removal Tool y no puedo bajar el reporte en un txt y no se si sirve que pase un reporte con una imagen. Acá termina la automedicación de mi note y funciona bastante mejor pero me gustaría si me hacen el favor de ver si hay algo más para ver si mantiene alguna infección. Muchísimas gracias.

Hola @Marita4142

Vas a volver a realizar un análisis con Malwarebytes pero en esta ocasión personalizado.

Realiza los siguientes pasos, aunque hayas hecho alguno, sin cambiar el orden:

1) Descarga, actualiza y ejecuta Malwarebytes’ Anti-Malware, revisa en detalle el manual, para que sepas usarlo y configurarlo.

  • Realiza un Análisis personalizado, actualizando si te lo pide.
  • Pulsar en “Cuarentena seleccionado” para enviarlo a la cuarentena y Reinicias el sistema.
  • En el apartado del manual Informes :arrow_forward: Informe de análisis encontrarás el reporte de MBAM, clic en Exportar :arrow_forward: Copiar al portapapeles.

2) Descarga AdwCleaner | InfoSpyware en el escritorio.

  • Desactiva temporalmente el Antivirus :arrow_forward: Cómo deshabilitar temporalmente su Antivirus.
  • Cierra también todos los programas que tengas abiertos.
  • Ejecuta Adwcleaner.exe (Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador".)
  • Pulsar en el botón Escanear, y espera a que se realice el proceso, inmediatamente pulsa sobre el botón Limpiar.
  • Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas.
  • Guardas el reporte que te aparecerá, para copiarlo y pegarlo en tu próxima respuesta.
  • El informe también se puede encontrar en C:\AdwCleaner\AdwCleaner[C1].txt

3) Descarga CCleaner

  • Instala Ccleaner
  • Abres Ccleaner en la pestaña limpiador dejas como esta configurada predeterminadamente, haces clic en analizar esperas que termine :arrow_forward: clic en ejecutar limpiador
  • Clic en la pestaña Registro :arrow_forward: clic en buscar problemas esperas que termine :arrow_forward: clic en Reparar Seleccionadas y haces una copia de seguridad
  • Vuelves a darle clic en buscar problemas hasta que no encuentre ninguno.

Pega los reportes de Malwarebytes y AdwCleaner y comentas como va el problema.

Un saludo

Muchísimas gracias por tu pronta respuesta, hago todo lo que me indicas y lo paso. Saludos

De acuerdo, por aquí estaré esperando los reportes y comentarios :+1:

Un saludo

Hola Daniela ya realicé los análisis, quiero aclarar que el de Malwarebytes se cerró solo de golpe, no se que pasó pero si te parece lo paso de nuevo.

Informe de Malwarebytes personalizado:

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 14/7/19
Hora del análisis: 15:14
Archivo de registro: 29e28560-a663-11e9-93b0-000000000000.json

-Información del software-
Versión: 3.8.3.2965
Versión de los componentes: 1.0.613
Versión del paquete de actualización: 1.0.11546
Licencia: Prueba

-Información del sistema-
SO: Windows 7 Service Pack 1
CPU: x64
Sistema de archivos: NTFS
Usuario: Marcela-PH\Marcela

-Resumen del análisis-
Tipo de análisis: Análisis personalizado
Análisis iniciado por:: Manual
Resultado: Cancelado
Objetos analizados: 176538
Amenazas detectadas: 0
Amenazas en cuarentena: 0
Tiempo transcurrido: 4 hr, 57 min, 20 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Activado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 0
(No hay elementos maliciosos detectados)

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

Y el de AdwCleaner

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build:    04-04-2019
# Database: 2019-04-03.1 (Local)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    07-14-2019
# Duration: 00:00:08
# OS:       Windows 7 Home Premium
# Cleaned:  55
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
Deleted       C:\Program Files (x86)\DeltaFix
Deleted       C:\Program Files (x86)\predm
Deleted       C:\Program Files\Enigma Software Group
Deleted       C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartPCFixer
Deleted       C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mipony
Deleted       C:\ProgramData\trusted publisher
Deleted       C:\Users\Marcela\AppData\LocalLow\IObit\Advanced SystemCare
Deleted       C:\Users\Marcela\AppData\Roaming\ASP
Deleted       C:\Users\Marcela\AppData\Roaming\mipony
Deleted       C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Deleted       HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Deleted       HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D4172E2-DA55-4299-807D-57345E2EE6CD}
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com
Deleted       HKCU\Software\UpToDown
Deleted       HKLM\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted       HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted       HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted       HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Advanced SystemCare
Deleted       HKLM\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\Advanced SystemCare
Deleted       HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\SpyHunter4.exe
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\savesenselive.exe
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{658B8976-4258-481D-B7F1-8F1617029C83}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPly
Deleted       HKLM\Software\Classes\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
Deleted       HKLM\Software\EnigmaSoftwareGroup
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5EC33E4FBA7A86F47A7E0FAA48FED2E9
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{EEE6C35B-6118-11DC-9C72-001320C79847}
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{EEE6C35C-6118-11DC-9C72-001320C79847}
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{FE69C007-C452-4D3E-86D2-1730DF8BC871}
Deleted       HKLM\Software\Wow6432Node\IOBIT\ASC
Deleted       HKLM\Software\Wow6432Node\IObit\RealTimeProtector
Deleted       HKLM\Software\Wow6432Node\\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\savesenselive.exe
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{EEE6C35B-6118-11DC-9C72-001320C79847}
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{EEE6C35C-6118-11DC-9C72-001320C79847}
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{FE69C007-C452-4D3E-86D2-1730DF8BC871}
Deleted       HKLM\Software\Wow6432Node\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Deleted       HKLM\Software\Wow6432Node\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Deleted       HKLM\System\CurrentControlSet\Services\EventLog\Application\SrvUpdater
Deleted       HKU\.DEFAULT\SOFTWARE\e48b8ab56aba42
Deleted       HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Deleted       HKU\.DEFAULT\Software\BrowserMngr
Deleted       HKU\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\Updater By Sweetpacks
Deleted       HKU\S-1-5-18\SOFTWARE\e48b8ab56aba42
Deleted       HKU\S-1-5-18\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Deleted       HKU\S-1-5-18\Software\BrowserMngr

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted       Softonic ES
Deleted       claro.com.ar

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.



*************************

[+] Delete Tracing Keys [+] Reset Winsock


AdwCleaner[S00].txt - [7003 octets] - [14/07/2019 21:08:03]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Listo, espero saber si paso de nuevo el M. personalizado o si está bien así. Muchísimas gracias. Saludos.

,

Disculpa olvidé comentar que pasé finalmente el Ccleaner y la estuve probando y anda mucho más rápida que antes y ya no se abre nada solo. Igual demora en entrar en Word por ej. pero se puede vivir con eso. Saludos Daniela.

Hola

Vuelve a ejecutar Malwarebytes, si se cierra otra vez, haz un análisis de amenazas.

Pon el reporte y comenta como sigue el problema.

Un saludo

Hola Ahora lo hago y veremos que pasa. Muchas gracias por tu tiempo. Saludos

Hola Daniela: Perdón por la demora pero la tercera es la vencida, demoró muchísimo en pasar el Malwarebytes, eso será por lo lenta de la pc? Te paso el informe

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 15/7/19
Hora del análisis: 12:58
Archivo de registro: 63243c68-a719-11e9-bbc5-80ee732122fd.json

-Información del software-
Versión: 3.8.3.2965
Versión de los componentes: 1.0.613
Versión del paquete de actualización: 1.0.11562
Licencia: Prueba

-Información del sistema-
SO: Windows 7 Service Pack 1
CPU: x64
Sistema de archivos: NTFS
Usuario: Marcela-PH\Marcela

-Resumen del análisis-
Tipo de análisis: Análisis personalizado
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 332991
Amenazas detectadas: 2
Amenazas en cuarentena: 2
Tiempo transcurrido: 10 hr, 17 min, 2 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Activado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 2
PUP.Optional.Ilivid, C:\ADWCLEANER\QUARANTINE\C\PROGRAM FILES (X86)\ILIVID\UNINSTALL.EXE.VIR, En cuarentena, [2501], [56018],1.0.11562
PUP.Optional.RegCleanPro, C:\ADWCLEANER\QUARANTINE\C\WINDOWS\SYSTEM32\ROBOOT64.EXE.VIR, En cuarentena, [4476], [299225],1.0.11562

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

Te cuento que funciona mucho mejor, ya no hace cosas raras, el inicio anda mejor pero al apagar pide que espere que cierre los programas que están abiertos y está todo cerrado. Ahí demora bastante antes de apagar. Muchísimas gracias por tu tiempo y la ayuda. Saludos.

Hola

Descarga Farbar Recovery Scan Tool. seleccionando la versión adecuada para la arquitectura(32 o 64bits) de tu equipo. [color=#FF8C00][size=1]:arrow_forward: ¿Cómo saber si mi Windows es de 32 o 64 bits.?[/size][/color]

  • Ejecuta FRST.exe.
  • En el mensaje de la ventana del Disclaimer, pulsamos Yes
  • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
  • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

Pon los dos reportes generados.

Debes copiarlos y pegarlos con todo su contenido y usaras varios mensajes si recibes un mensaje de error indicando que es muy largo(mas de 50.000 caracteres aprox.).

Un saludo

Acá van los dos archivos: Frst.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-07-2019 01
Ran by Marcela (administrator) on MARCELA-PH (Philco PHN14C) (16-07-2019 00:50:54)
Running from C:\Users\Marcela\Desktop
Loaded Profiles: Marcela (Available Profiles: Marcela)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe
(Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe
(Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Encarta\Encarta 2007 Biblioteca Premium\EDICT.EXE
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Node.js Foundation -> Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(Piriform Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation -> Intel Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409424 2018-04-24] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-21-626170639-4164473826-2000900811-1000\...\Run: [E07EDXRC_28429263] => C:\Program Files (x86)\Microsoft Encarta\Encarta 2007 Biblioteca Premium\EDICT.EXE [351000 2006-06-12] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-626170639-4164473826-2000900811-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [46993264 2019-06-27] (Google LLC -> )
HKU\S-1-5-21-626170639-4164473826-2000900811-1000\...\Run: [Spotify] => C:\Users\Marcela\AppData\Roaming\Spotify\Spotify.exe [25162472 2018-10-30] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-626170639-4164473826-2000900811-1000\...\Run: [EPSON T24 Series] => C:\windows\system32\spool\DRIVERS\x64\3\E_IATIFAB.EXE [223232 2008-09-12] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-626170639-4164473826-2000900811-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18630056 2018-09-18] (Piriform Ltd -> Piriform Ltd)
HKU\S-1-5-21-626170639-4164473826-2000900811-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-626170639-4164473826-2000900811-1000\...\MountPoints2: D - D:\juegos.exe
HKU\S-1-5-21-626170639-4164473826-2000900811-1000\...\MountPoints2: {498bd0cc-2855-11e2-a614-80ee732122fd} - E:\AutoRun.exe
HKU\S-1-5-21-626170639-4164473826-2000900811-1000\...\MountPoints2: {59caf3bb-73af-11e2-be01-80ee732122fd} - E:\AutoRun.exe
HKU\S-1-5-21-626170639-4164473826-2000900811-1000\...\MountPoints2: {647dae26-02db-11e4-b3dd-80ee732122fd} - E:\AutoRun.exe
HKU\S-1-5-21-626170639-4164473826-2000900811-1000\...\MountPoints2: {710f8fdc-eb14-11e1-a3af-80ee732122fd} - E:\AutoRun.exe
HKU\S-1-5-21-626170639-4164473826-2000900811-1000\...\MountPoints2: {710f8fea-eb14-11e1-a3af-80ee732122fd} - E:\AutoRun.exe
HKU\S-1-5-21-626170639-4164473826-2000900811-1000\...\MountPoints2: {8bc2bc47-f828-11e1-87fc-80ee732122fd} - E:\setup.exe -a
HKU\S-1-5-21-626170639-4164473826-2000900811-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.142\Installer\chrmstp.exe [2019-07-15] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Startup: C:\Users\Marcela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2017-10-24]
ShortcutTarget: Dropbox.lnk -> C:\Users\Marcela\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox -> Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-626170639-4164473826-2000900811-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D4947F4-986E-45F4-B211-5BD2E7F55D95} - System32\Tasks\SafeZone scheduled Autoupdate 1458778829 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: {2B8925F5-167E-4894-B1E9-A0D7EA2C195D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-03-31] (Google Inc -> Google Inc.)
Task: {2FC9625F-13BB-4C83-ABEF-4820FBB9DCDB} - System32\Tasks\Avast TUNEUP Update => C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe
Task: {41974FCC-F622-4DE4-915D-4995C1B8EA14} - System32\Tasks\{DCE78D9E-F0B4-4156-BC10-DCDCA2DE69E0} => C:\windows\system32\pcalua.exe -a "C:\Program Files\AVAST Software\Avast\aswRunDll.exe" -c "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup
Task: {44830964-855C-497E-B000-C738609E5E75} - System32\Tasks\AdobeGCInvoker-1.0-Marcela-PH-Marcela => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {506778B0-5B98-48FD-9EB0-5F0E43373E11} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe
Task: {58DCBDBD-ACF5-490E-BDC1-CD8ED17E50B4} - System32\Tasks\{8B7F4733-CA55-4512-B008-1276097F01D2} => C:\windows\system32\pcalua.exe -a C:\Users\Marcela\Desktop\RegCleaner-4.3.exe -d C:\Users\Marcela\Desktop
Task: {591AFC09-6878-4B13-ADFE-D5625282D4D0} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Marcela\Desktop\esetonlinescanner_esn.exe [7982616 2019-07-12] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {5EB7BF78-E849-481F-8777-BF8F3963D06D} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-04-01] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {6BF5411C-C58A-40BE-805E-886EB9B43B73} - System32\Tasks\{98E4A900-5248-4FBD-9536-3BBBC91A656B} => C:\Users\Marcela\AppData\Local\Google\Chrome\Application\chrome.exe 
Task: {74B41DBE-E90F-4559-99F7-DBDC6B4A4969} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Marcela\Desktop\esetonlinescanner_esn.exe [7982616 2019-07-12] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {89AB41D4-DCFF-41A7-819F-8CA936053001} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {8F611A9C-277A-44F7-B544-CA708AEA2368} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {94DE22DB-0368-4A12-8149-7F7E75540A6E} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [316632 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {A49E5D78-ABEA-47E3-9BBB-68AFCA89A56A} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {B9DF0D16-4670-4C1C-BA7C-7568A1898138} - no filepath
Task: {BE0D0B58-6836-472A-9615-B02B871F970A} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-07-15] (Adobe Inc. -> Adobe)
Task: {D9BEB917-5E37-4D93-ADDF-D68E9719134D} - System32\Tasks\Games\UpdateCheck_S-1-5-21-626170639-4164473826-2000900811-1000 => {CA22F5B1-E06F-4A2B-94FC-21E87FE53781} C:\Windows\System32\gameux.dll [2746368 2012-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {E7135D39-6857-4A92-B764-88D2F79BFF3B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-03-31] (Google Inc -> Google Inc.)
Task: {F6247BD7-C42E-44E6-82C4-14A8634172AC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [13797712 2018-09-18] (Piriform Ltd -> Piriform Ltd)
Task: {F706A676-9783-4392-8FEF-2C65B986AF5B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-626170639-4164473826-2000900811-1000] => proxy.fadu.uba.ar:8080
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{F2C9C248-C758-4199-99BC-02C57E0838FE}: [DhcpNameServer] 192.168.100.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {2DEF1DD6-F4AB-45D9-8BC7-D94A8863EBA6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> Backup.Old.DefaultScope {598D35D6-F0D5-4806-B731-FD2C520BEF49}
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKU\S-1-5-21-626170639-4164473826-2000900811-1000 -> DefaultScope {BB4E729C-15E7-47C8-A350-18EA46E1D64E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-626170639-4164473826-2000900811-1000 -> Backup.Old.DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKU\S-1-5-21-626170639-4164473826-2000900811-1000 -> {BB4E729C-15E7-47C8-A350-18EA46E1D64E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-626170639-4164473826-2000900811-1000 -> ÛŸÆîZ§’2¹Þpv¨IÍá*X(Ž2s(ÛÎÀJºÔÓµ± vË°!×—(ä¼48иpatm6êo^Mp`Ëõ÷_i£w˜¾!„Áû†x¢8€ÙjÀÿþ ´Ñ;áa´[¦†8 º~RÙxœòÜ8'£-)x­ä­ URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2016-03-15] (Microsoft Corporation -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office16\URLREDIR.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office16\URLREDIR.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2016-03-16] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM - No Name - !{98889811-442D-49dd-99D7-DC866BE87DBC} -  No File
Toolbar: HKLM-x32 - No Name - !{98889811-442D-49dd-99D7-DC866BE87DBC} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} -  No File
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-05-20] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-04-12] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} -  No File
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-05-20] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-04-12] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-04-24] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-03-15] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-07-12] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-07-12] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-10-19] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-04-24] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin HKU\S-1-5-21-626170639-4164473826-2000900811-1000: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\Marcela\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-04-23] (Visan Industries -> RocketLife, LLP)

Chrome: 
=======
CHR Profile: C:\Users\Marcela\AppData\Local\Google\Chrome\User Data\Default [2019-07-16]
CHR Extension: (Presentaciones) - C:\Users\Marcela\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-21]
CHR Extension: (Documentos) - C:\Users\Marcela\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-21]
CHR Extension: (Google Drive) - C:\Users\Marcela\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-31]
CHR Extension: (YouTube) - C:\Users\Marcela\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-31]
CHR Extension: (Adobe Acrobat) - C:\Users\Marcela\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-07-10]
CHR Extension: (Hojas de cálculo) - C:\Users\Marcela\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-21]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Marcela\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-31]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Marcela\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-04-04]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Marcela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-11]
CHR Extension: (Gmail) - C:\Users\Marcela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-07-10]
CHR Extension: (Chrome Media Router) - C:\Users\Marcela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-07-14]
CHR Profile: C:\Users\Marcela\AppData\Local\Google\Chrome\User Data\System Profile [2019-07-14]
CHR HKU\S-1-5-21-626170639-4164473826-2000900811-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-626170639-4164473826-2000900811-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2018-04-24] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3117648 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2888272 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [780928 2018-05-28] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
S2 pr2ajcyb; C:\windows\system32\pr2ajcyb.exe [754320 2007-02-06] (Protection Technology, Ltd. -> NADEO)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [258048 2010-06-17] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 asmthub3; C:\windows\System32\DRIVERS\asmthub3.sys [122856 2010-12-08] (MCCI Internal Testing Software -> ASMedia Technology Inc) [File not signed]
S3 asmtxhci; C:\windows\System32\DRIVERS\asmtxhci.sys [369640 2010-12-08] (MCCI Internal Testing Software -> ASMedia Technology Inc) [File not signed]
S3 aswTap; C:\windows\System32\DRIVERS\aswTap.sys [53904 2017-08-17] (AVAST Software s.r.o. -> The OpenVPN Project)
S3 BTCFilterService; C:\windows\System32\DRIVERS\motfilt.sys [6144 2009-01-29] (Microsoft Windows Hardware Compatibility Publisher -> Motorola Inc)
R1 ESProtectionDriver; C:\windows\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
S3 fspad_wlh64; C:\windows\System32\DRIVERS\fspad_wlh64.sys [68608 2010-11-08] (Sentelic Corporation) [File not signed]
R2 MBAMChameleon; C:\windows\System32\Drivers\MbamChameleon.sys [199768 2019-07-10] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMFarflt; C:\windows\System32\DRIVERS\farflt.sys [224408 2019-07-15] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\windows\system32\DRIVERS\mbam.sys [73584 2019-07-15] (Malwarebytes Corporation -> Malwarebytes)
R0 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [275232 2019-07-15] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\windows\System32\DRIVERS\mwac.sys [106344 2019-07-15] (Malwarebytes Corporation -> Malwarebytes)
S3 motmodem; C:\windows\System32\DRIVERS\motmodem.sys [30208 2011-03-31] (Microsoft Windows Hardware Compatibility Publisher -> Motorola)
S3 MotoSwitchService; C:\windows\System32\DRIVERS\motswch.sys [8576 2007-11-02] (Microsoft Windows Hardware Compatibility Publisher -> Motorola)
S3 Motousbnet; C:\windows\System32\DRIVERS\Motousbnet.sys [26624 2010-04-01] (Microsoft Windows Hardware Compatibility Publisher -> Motorola)
S3 motport; C:\windows\System32\DRIVERS\motport.sys [30208 2011-03-31] (Microsoft Windows Hardware Compatibility Publisher -> Motorola)
S3 motusbdevice; C:\windows\System32\DRIVERS\motusbdevice.sys [11776 2011-11-08] (Microsoft Windows Hardware Compatibility Publisher -> Motorola Inc)
R0 pe3ajcyb; C:\windows\System32\drivers\pe3ajcyb.sys [72592 2007-02-06] (Protection Technology, Ltd. -> NADEO)
R0 pf2ajcyb; C:\windows\System32\drivers\pf2ajcyb.sys [106896 2007-02-06] (Protection Technology, Ltd. -> NADEO)
R2 SoilIO; C:\Windows\System32\Drivers\SoilIO.sys [17912 2009-12-11] (Shuttle Inc. -> )
R3 soilkbc; C:\Windows\System32\Drivers\soilkbc.sys [13816 2009-12-03] (Shuttle Inc. -> Systems Internals)
R3 SoilMC; C:\Windows\System32\Drivers\SoilMC.sys [13304 2009-12-03] (Shuttle Inc. -> Systems Internals)
R3 STHDA; C:\windows\System32\DRIVERS\stwrt64.sys [507392 2010-08-25] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
S3 tap0901; C:\windows\System32\DRIVERS\tap0901.sys [40616 2013-04-30] (AVAST Software -> The OpenVPN Project)
S3 cpuz143; \??\C:\windows\temp\cpuz143\cpuz143_x64.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Continúa Frst.txt

==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-07-16 00:45 - 2019-07-16 00:52 - 000030385 _____ C:\Users\Marcela\Desktop\FRST.txt
2019-07-16 00:41 - 2019-07-16 00:45 - 000000000 ____D C:\FRST
2019-07-16 00:37 - 2019-07-16 00:40 - 002095104 _____ (Farbar) C:\Users\Marcela\Desktop\FRST64.exe
2019-07-15 23:29 - 2019-07-15 23:29 - 000073584 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2019-07-15 23:28 - 2019-07-15 23:28 - 000224408 _____ (Malwarebytes) C:\windows\system32\Drivers\farflt.sys
2019-07-15 23:28 - 2019-07-15 23:28 - 000106344 _____ (Malwarebytes) C:\windows\system32\Drivers\mwac.sys
2019-07-15 23:25 - 2019-07-15 23:33 - 000001773 _____ C:\Users\Marcela\Desktop\Malwareb.txt
2019-07-15 12:56 - 2019-07-15 12:56 - 000001539 _____ C:\Users\Marcela\Desktop\cerrado 2.txt
2019-07-15 12:54 - 2019-07-15 12:54 - 000001539 _____ C:\Users\Marcela\Desktop\cerrado.txt
2019-07-15 02:17 - 2019-04-01 11:55 - 000334336 _____ (Microsoft Corporation) C:\windows\system32\sipnotify.exe
2019-07-14 21:47 - 2019-07-15 12:45 - 000275232 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamswissarmy.sys
2019-07-14 21:43 - 2019-07-14 21:43 - 000002244 _____ C:\Users\Marcela\Desktop\cc_20190714_214256.reg
2019-07-14 21:12 - 2019-07-14 21:12 - 000007003 _____ C:\Users\Marcela\Desktop\AdwCleaner[S00].txt
2019-07-14 20:21 - 2019-07-14 20:27 - 007025360 _____ (Malwarebytes) C:\Users\Marcela\Desktop\adwcleaner_7.3.exe
2019-07-14 20:12 - 2019-07-14 20:12 - 000001547 _____ C:\Users\Marcela\Desktop\Mbam.txt
2019-07-14 03:28 - 2019-07-14 03:28 - 000001624 _____ C:\Users\Marcela\Desktop\Resultado Mbam 2.txt
2019-07-13 01:42 - 2019-07-13 04:05 - 000000000 ____D C:\KVRT_Data
2019-07-13 00:29 - 2019-07-13 01:33 - 164008744 _____ (AO Kaspersky Lab) C:\Users\Marcela\Desktop\KVRT.exe
2019-07-12 23:17 - 2019-07-12 23:17 - 000003724 _____ C:\windows\System32\Tasks\EOSv3 Scheduler onLogOn
2019-07-12 23:17 - 2019-07-12 23:17 - 000003284 _____ C:\windows\System32\Tasks\EOSv3 Scheduler onTime
2019-07-12 23:16 - 2019-07-12 23:16 - 000025868 _____ C:\Users\Marcela\Desktop\ESET Online Scanner.txt
2019-07-12 19:52 - 2019-07-12 19:52 - 000000585 _____ C:\Users\Marcela\Desktop\ESET Online Scanner.lnk
2019-07-12 19:32 - 2019-07-12 19:36 - 007982616 _____ (ESET spol. s r.o.) C:\Users\Marcela\Desktop\esetonlinescanner_esn.exe
2019-07-11 03:51 - 2019-02-10 13:41 - 012574208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2019-07-11 03:51 - 2019-02-10 13:41 - 011411968 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2019-07-11 03:51 - 2019-02-10 13:41 - 003207168 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2019-07-11 03:51 - 2019-02-10 13:41 - 001329664 _____ (Microsoft Corporation) C:\windows\SysWOW64\quartz.dll
2019-07-11 03:51 - 2019-02-10 13:41 - 001177088 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2019-07-11 03:51 - 2019-02-10 13:41 - 001005056 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptui.dll
2019-07-11 03:51 - 2019-02-10 13:41 - 000988160 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmv2clt.dll
2019-07-11 03:51 - 2019-02-10 13:41 - 000744960 _____ (Microsoft Corporation) C:\windows\SysWOW64\blackbox.dll
2019-07-11 03:51 - 2019-02-10 13:41 - 000617984 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmdrmsdk.dll
2019-07-11 03:51 - 2019-02-10 13:41 - 000519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2019-07-11 03:51 - 2019-02-10 13:41 - 000504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msscp.dll
2019-07-11 03:51 - 2019-02-10 13:41 - 000489984 _____ (Microsoft Corporation) C:\windows\SysWOW64\evr.dll
2019-07-11 03:51 - 2019-02-10 13:41 - 000442368 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2019-07-11 03:51 - 2019-02-10 13:41 - 000406016 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmmgrtn.dll
2019-07-11 03:51 - 2019-02-10 13:41 - 000373248 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2019-07-11 03:51 - 2019-02-10 13:41 - 000354816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfplat.dll
2019-07-11 03:51 - 2019-02-10 13:41 - 000265216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msnetobj.dll
2019-07-11 03:51 - 2019-02-10 13:41 - 000195072 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2019-07-11 03:51 - 2019-02-10 13:41 - 000179712 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2019-07-11 03:51 - 2019-02-10 13:41 - 000146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2019-07-11 03:51 - 2019-02-10 13:41 - 000106496 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2019-07-11 03:51 - 2019-02-10 13:41 - 000103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2019-07-11 03:51 - 2019-02-10 13:41 - 000080896 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsp.dll
2019-07-11 03:51 - 2019-02-10 13:41 - 000046592 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssign32.dll
2019-07-11 03:51 - 2019-02-10 13:41 - 000002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2019-07-11 03:51 - 2019-02-10 13:29 - 000008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\spwmp.dll
2019-07-11 03:51 - 2019-02-10 13:29 - 000004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdxm.ocx
2019-07-11 03:51 - 2019-02-10 13:29 - 000004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxmasf.dll
2019-07-11 03:51 - 2019-02-10 13:28 - 000050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2019-07-11 03:51 - 2019-02-10 13:28 - 000023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2019-07-11 03:51 - 2019-02-10 13:10 - 000094440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2019-07-11 03:51 - 2019-02-10 13:09 - 014635520 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2019-07-11 03:51 - 2019-02-10 13:09 - 012574720 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2019-07-11 03:51 - 2019-02-10 13:09 - 001574400 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2019-07-11 03:51 - 2019-02-10 13:09 - 000782848 _____ (Microsoft Corporation) C:\windows\system32\wmdrmsdk.dll
2019-07-11 03:51 - 2019-02-10 13:09 - 000499712 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2019-07-11 03:51 - 2019-02-10 13:09 - 000371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2019-07-11 03:51 - 2019-02-10 13:09 - 000229376 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2019-07-11 03:51 - 2019-02-10 13:09 - 000187904 _____ (Microsoft Corporation) C:\windows\system32\pcasvc.dll
2019-07-11 03:51 - 2019-02-10 13:09 - 000037376 _____ (Microsoft Corporation) C:\windows\system32\pcadm.dll
2019-07-11 03:51 - 2019-02-10 13:09 - 000009728 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2019-07-11 03:51 - 2019-02-10 13:09 - 000008704 _____ (Microsoft Corporation) C:\windows\system32\pcaevts.dll
2019-07-11 03:51 - 2019-02-10 13:09 - 000005120 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2019-07-11 03:51 - 2019-02-10 13:09 - 000005120 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2019-07-11 03:51 - 2019-02-10 13:08 - 004120576 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2019-07-11 03:51 - 2019-02-10 13:08 - 001484800 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2019-07-11 03:51 - 2019-02-10 13:08 - 001202176 _____ (Microsoft Corporation) C:\windows\system32\drmv2clt.dll
2019-07-11 03:51 - 2019-02-10 13:08 - 001068544 _____ (Microsoft Corporation) C:\windows\system32\cryptui.dll
2019-07-11 03:51 - 2019-02-10 13:08 - 000641024 _____ (Microsoft Corporation) C:\windows\system32\msscp.dll
2019-07-11 03:51 - 2019-02-10 13:08 - 000632320 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
2019-07-11 03:51 - 2019-02-10 13:08 - 000497664 _____ (Microsoft Corporation) C:\windows\system32\drmmgrtn.dll
2019-07-11 03:51 - 2019-02-10 13:08 - 000433152 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
2019-07-11 03:51 - 2019-02-10 13:08 - 000325632 _____ (Microsoft Corporation) C:\windows\system32\msnetobj.dll
2019-07-11 03:51 - 2019-02-10 13:08 - 000284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2019-07-11 03:51 - 2019-02-10 13:08 - 000206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2019-07-11 03:51 - 2019-02-10 13:08 - 000190976 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2019-07-11 03:51 - 2019-02-10 13:08 - 000141824 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2019-07-11 03:51 - 2019-02-10 13:08 - 000081920 _____ (Microsoft Corporation) C:\windows\system32\cryptsp.dll
2019-07-11 03:51 - 2019-02-10 13:08 - 000060416 _____ (Microsoft Corporation) C:\windows\system32\mssign32.dll
2019-07-11 03:51 - 2019-02-10 13:08 - 000011264 _____ (Microsoft Corporation) C:\windows\system32\msmmsp.dll
2019-07-11 03:51 - 2019-02-10 13:08 - 000002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2019-07-11 03:51 - 2019-02-10 13:07 - 000842240 _____ (Microsoft Corporation) C:\windows\system32\blackbox.dll
2019-07-11 03:51 - 2019-02-10 13:07 - 000680448 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2019-07-11 03:51 - 2019-02-10 13:07 - 000438784 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2019-07-11 03:51 - 2019-02-10 13:07 - 000295936 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2019-07-11 03:51 - 2019-02-10 13:02 - 000663552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys
2019-07-11 03:51 - 2019-02-10 12:50 - 000055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2019-07-11 03:51 - 2019-02-10 12:49 - 000125952 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2019-07-11 03:51 - 2019-02-10 12:49 - 000024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2019-07-11 03:51 - 2019-02-10 12:38 - 000011264 _____ (Microsoft Corporation) C:\windows\system32\pcawrk.exe
2019-07-11 03:51 - 2019-02-10 12:38 - 000009728 _____ (Microsoft Corporation) C:\windows\system32\pcalua.exe
2019-07-11 03:35 - 2019-03-06 00:10 - 000463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2019-07-11 03:35 - 2019-03-06 00:10 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2019-07-11 03:35 - 2019-03-06 00:10 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-07-11 03:35 - 2019-03-06 00:10 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2019-07-11 03:35 - 2019-03-06 00:10 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2019-07-11 03:35 - 2019-03-06 00:10 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2019-07-11 03:35 - 2019-03-06 00:10 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2019-07-11 03:35 - 2019-03-06 00:10 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2019-07-11 03:35 - 2019-03-06 00:10 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2019-07-11 03:35 - 2019-03-06 00:10 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2019-07-11 03:35 - 2019-03-06 00:10 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2019-07-11 03:35 - 2019-03-06 00:10 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2019-07-11 03:35 - 2019-03-06 00:10 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2019-07-11 03:35 - 2019-03-06 00:10 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2019-07-11 03:35 - 2019-03-06 00:10 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2019-07-11 03:35 - 2019-03-06 00:10 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2019-07-11 03:35 - 2019-03-06 00:10 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2019-07-11 03:35 - 2019-03-06 00:10 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2019-07-11 03:35 - 2019-03-06 00:10 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2019-07-11 03:35 - 2019-03-06 00:00 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2019-07-11 03:35 - 2019-03-06 00:00 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2019-07-11 03:35 - 2019-03-06 00:00 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2019-07-11 03:35 - 2019-03-06 00:00 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2019-07-11 03:35 - 2019-03-06 00:00 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-07-11 03:35 - 2019-03-06 00:00 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2019-07-11 03:35 - 2019-03-06 00:00 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2019-07-11 03:35 - 2019-03-06 00:00 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2019-07-11 03:35 - 2019-03-06 00:00 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2019-07-11 03:35 - 2019-03-06 00:00 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2019-07-11 03:35 - 2019-03-06 00:00 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2019-07-11 03:35 - 2019-03-06 00:00 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2019-07-11 03:35 - 2019-03-06 00:00 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2019-07-11 03:35 - 2019-03-05 23:37 - 000002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2019-07-11 03:35 - 2019-03-05 23:36 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2019-07-11 03:35 - 2019-03-05 23:36 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2019-07-11 03:35 - 2018-10-27 00:41 - 000018944 _____ (Microsoft Corporation) C:\windows\system32\dispex.dll
2019-07-11 03:35 - 2018-09-22 23:37 - 000059392 _____ (Microsoft Corporation) C:\windows\SysWOW64\msscntrs.dll
2019-07-11 03:35 - 2018-09-22 23:22 - 000427520 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchIndexer.exe
2019-07-11 03:35 - 2018-09-22 23:22 - 000164352 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchProtocolHost.exe
2019-07-11 03:35 - 2018-09-22 23:21 - 000086528 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchFilterHost.exe
2019-07-11 03:34 - 2019-03-06 00:18 - 000154856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2019-07-11 03:34 - 2019-03-06 00:18 - 000095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2019-07-11 03:34 - 2019-03-06 00:13 - 005552872 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2019-07-11 03:34 - 2019-03-06 00:13 - 000262376 _____ (Microsoft Corporation) C:\windows\system32\hal.dll
2019-07-11 03:34 - 2019-03-06 00:12 - 001664360 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2019-07-11 03:34 - 2019-03-06 00:10 - 001472512 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2019-07-11 03:34 - 2019-03-06 00:10 - 001211392 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2019-07-11 03:34 - 2019-03-06 00:10 - 001162752 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2019-07-11 03:34 - 2019-03-06 00:10 - 000880640 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2019-07-11 03:34 - 2019-03-06 00:10 - 000733184 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2019-07-11 03:34 - 2019-03-06 00:10 - 000503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2019-07-11 03:34 - 2019-03-06 00:10 - 000419840 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2019-07-11 03:34 - 2019-03-06 00:10 - 000361984 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2019-07-11 03:34 - 2019-03-06 00:10 - 000345600 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2019-07-11 03:34 - 2019-03-06 00:10 - 000316928 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2019-07-11 03:34 - 2019-03-06 00:10 - 000312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2019-07-11 03:34 - 2019-03-06 00:10 - 000243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2019-07-11 03:34 - 2019-03-06 00:10 - 000236032 _____ (Microsoft Corporation) C:\windows\system32\srvsvc.dll
2019-07-11 03:34 - 2019-03-06 00:10 - 000215552 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2019-07-11 03:34 - 2019-03-06 00:10 - 000210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2019-07-11 03:34 - 2019-03-06 00:10 - 000190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2019-07-11 03:34 - 2019-03-06 00:10 - 000135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2019-07-11 03:34 - 2019-03-06 00:10 - 000123904 _____ (Microsoft Corporation) C:\windows\system32\bcrypt.dll
2019-07-11 03:34 - 2019-03-06 00:10 - 000094208 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2019-07-11 03:34 - 2019-03-06 00:10 - 000063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2019-07-11 03:34 - 2019-03-06 00:10 - 000050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2019-07-11 03:34 - 2019-03-06 00:10 - 000044032 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2019-07-11 03:34 - 2019-03-06 00:10 - 000043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2019-07-11 03:34 - 2019-03-06 00:10 - 000028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2019-07-11 03:34 - 2019-03-06 00:10 - 000028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2019-07-11 03:34 - 2019-03-06 00:10 - 000016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2019-07-11 03:34 - 2019-03-06 00:10 - 000013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2019-07-11 03:34 - 2019-03-06 00:10 - 000013312 _____ (Microsoft Corporation) C:\windows\system32\sscore.dll
2019-07-11 03:34 - 2019-03-06 00:10 - 000007168 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2019-07-11 03:34 - 2019-03-06 00:10 - 000006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2019-07-11 03:34 - 2019-03-06 00:10 - 000005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2019-07-11 03:34 - 2019-03-06 00:10 - 000004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2019-07-11 03:34 - 2019-03-06 00:10 - 000004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2019-07-11 03:34 - 2019-03-06 00:10 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2019-07-11 03:34 - 2019-03-06 00:10 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2019-07-11 03:34 - 2019-03-06 00:10 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2019-07-11 03:34 - 2019-03-06 00:10 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2019-07-11 03:34 - 2019-03-06 00:10 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2019-07-11 03:34 - 2019-03-06 00:10 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2019-07-11 03:34 - 2019-03-06 00:04 - 004055784 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2019-07-11 03:34 - 2019-03-06 00:04 - 003960552 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2019-07-11 03:34 - 2019-03-06 00:02 - 001314104 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2019-07-11 03:34 - 2019-03-06 00:01 - 001114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2019-07-11 03:34 - 2019-03-06 00:01 - 000666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2019-07-11 03:34 - 2019-03-06 00:01 - 000556032 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2019-07-11 03:34 - 2019-03-06 00:01 - 000275968 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2019-07-11 03:34 - 2019-03-06 00:01 - 000261120 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2019-07-11 03:34 - 2019-03-06 00:01 - 000254464 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2019-07-11 03:34 - 2019-03-06 00:01 - 000223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2019-07-11 03:34 - 2019-03-06 00:01 - 000172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2019-07-11 03:34 - 2019-03-06 00:01 - 000141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2019-07-11 03:34 - 2019-03-06 00:01 - 000096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2019-07-11 03:34 - 2019-03-06 00:01 - 000082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcrypt.dll
2019-07-11 03:34 - 2019-03-06 00:01 - 000070144 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2019-07-11 03:34 - 2019-03-06 00:01 - 000022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2019-07-11 03:34 - 2019-03-06 00:01 - 000005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2019-07-11 03:34 - 2019-03-06 00:00 - 000644096 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2019-07-11 03:34 - 2019-03-06 00:00 - 000342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2019-07-11 03:34 - 2019-03-06 00:00 - 000007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2019-07-11 03:34 - 2019-03-06 00:00 - 000005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2019-07-11 03:34 - 2019-03-06 00:00 - 000004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2019-07-11 03:34 - 2019-03-06 00:00 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2019-07-11 03:34 - 2019-03-06 00:00 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2019-07-11 03:34 - 2019-03-06 00:00 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2019-07-11 03:34 - 2019-03-06 00:00 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2019-07-11 03:34 - 2019-03-06 00:00 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2019-07-11 03:34 - 2019-03-06 00:00 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2019-07-11 03:34 - 2019-03-06 00:00 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2019-07-11 03:34 - 2019-03-06 00:00 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2019-07-11 03:34 - 2019-03-06 00:00 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2019-07-11 03:34 - 2019-03-05 23:45 - 000062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2019-07-11 03:34 - 2019-03-05 23:42 - 003228160 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2019-07-11 03:34 - 2019-03-05 23:42 - 000338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2019-07-11 03:34 - 2019-03-05 23:41 - 000129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\videoprt.sys
2019-07-11 03:34 - 2019-03-05 23:41 - 000009728 _____ (Microsoft Corporation) C:\windows\SysWOW64\sscore.dll
2019-07-11 03:34 - 2019-03-05 23:38 - 000464384 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv.sys
2019-07-11 03:34 - 2019-03-05 23:38 - 000406016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2019-07-11 03:34 - 2019-03-05 23:38 - 000291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2019-07-11 03:34 - 2019-03-05 23:38 - 000169984 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2019-07-11 03:34 - 2019-03-05 23:38 - 000161280 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2019-07-11 03:34 - 2019-03-05 23:38 - 000129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2019-07-11 03:34 - 2019-03-05 23:37 - 000112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2019-07-11 03:34 - 2019-03-05 23:37 - 000064512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\amdk8.sys
2019-07-11 03:34 - 2019-03-05 23:37 - 000062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\intelppm.sys
2019-07-11 03:34 - 2019-03-05 23:37 - 000060928 _____ (Microsoft Corporation) C:\windows\system32\Drivers\processr.sys
2019-07-11 03:34 - 2019-03-05 23:37 - 000060928 _____ (Microsoft Corporation) C:\windows\system32\Drivers\amdppm.sys
2019-07-11 03:34 - 2019-03-05 23:37 - 000044544 _____ (Microsoft Corporation) C:\windows\system32\Drivers\npfs.sys
2019-07-11 03:34 - 2019-03-05 23:37 - 000030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2019-07-11 03:34 - 2019-03-05 23:37 - 000014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2019-07-11 03:34 - 2019-03-05 23:36 - 000036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2019-07-11 03:34 - 2019-03-05 23:36 - 000006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2019-07-11 03:34 - 2019-03-05 23:36 - 000004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2019-07-11 03:34 - 2019-03-04 23:44 - 000076800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidclass.sys
2019-07-11 03:34 - 2019-03-04 23:44 - 000033280 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidparse.sys
2019-07-11 03:34 - 2019-03-04 23:44 - 000030208 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidusb.sys
2019-07-11 03:34 - 2019-02-26 19:41 - 000397104 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2019-07-11 03:34 - 2019-02-26 18:47 - 000348984 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2019-07-11 03:34 - 2019-02-26 04:57 - 025737216 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2019-07-11 03:34 - 2019-02-26 04:46 - 002724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2019-07-11 03:34 - 2019-02-26 04:45 - 000004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2019-07-11 03:34 - 2019-02-26 04:33 - 002902528 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2019-07-11 03:34 - 2019-02-26 04:32 - 000066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2019-07-11 03:34 - 2019-02-26 04:31 - 000576512 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2019-07-11 03:34 - 2019-02-26 04:31 - 000417280 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2019-07-11 03:34 - 2019-02-26 04:31 - 000088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2019-07-11 03:34 - 2019-02-26 04:31 - 000048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2019-07-11 03:34 - 2019-02-26 04:25 - 020281856 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2019-07-11 03:34 - 2019-02-26 04:25 - 000054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2019-07-11 03:34 - 2019-02-26 04:24 - 000034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2019-07-11 03:34 - 2019-02-26 04:22 - 005777920 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2019-07-11 03:34 - 2019-02-26 04:21 - 000615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2019-07-11 03:34 - 2019-02-26 04:20 - 000814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2019-07-11 03:34 - 2019-02-26 04:20 - 000790528 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2019-07-11 03:34 - 2019-02-26 04:20 - 000144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2019-07-11 03:34 - 2019-02-26 04:20 - 000116224 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2019-07-11 03:34 - 2019-02-26 04:19 - 002724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2019-07-11 03:34 - 2019-02-26 04:12 - 000969216 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2019-07-11 03:34 - 2019-02-26 04:09 - 000489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2019-07-11 03:34 - 2019-02-26 04:07 - 000498176 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2019-07-11 03:34 - 2019-02-26 04:07 - 000062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2019-07-11 03:34 - 2019-02-26 04:06 - 000341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2019-07-11 03:34 - 2019-02-26 04:05 - 000064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2019-07-11 03:34 - 2019-02-26 04:04 - 002295808 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2019-07-11 03:34 - 2019-02-26 04:03 - 000077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2019-07-11 03:34 - 2019-02-26 04:02 - 000107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2019-07-11 03:34 - 2019-02-26 04:02 - 000087552 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2019-07-11 03:34 - 2019-02-26 04:01 - 000047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2019-07-11 03:34 - 2019-02-26 04:00 - 000030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2019-07-11 03:34 - 2019-02-26 03:59 - 000199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2019-07-11 03:34 - 2019-02-26 03:58 - 000476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2019-07-11 03:34 - 2019-02-26 03:58 - 000092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2019-07-11 03:34 - 2019-02-26 03:57 - 000663040 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2019-07-11 03:34 - 2019-02-26 03:57 - 000620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2019-07-11 03:34 - 2019-02-26 03:57 - 000115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2019-07-11 03:34 - 2019-02-26 03:56 - 000315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2019-07-11 03:34 - 2019-02-26 03:54 - 000152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2019-07-11 03:34 - 2019-02-26 03:49 - 000416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2019-07-11 03:34 - 2019-02-26 03:46 - 000262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2019-07-11 03:34 - 2019-02-26 03:44 - 000073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2019-07-11 03:34 - 2019-02-26 03:44 - 000060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2019-07-11 03:34 - 2019-02-26 03:43 - 015284224 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2019-07-11 03:34 - 2019-02-26 03:43 - 000809472 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2019-07-11 03:34 - 2019-02-26 03:43 - 000728064 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2019-07-11 03:34 - 2019-02-26 03:43 - 000091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2019-07-11 03:34 - 2019-02-26 03:41 - 002135552 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2019-07-11 03:34 - 2019-02-26 03:41 - 001359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2019-07-11 03:34 - 2019-02-26 03:41 - 000168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2019-07-11 03:34 - 2019-02-26 03:41 - 000076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2019-07-11 03:34 - 2019-02-26 03:39 - 000279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2019-07-11 03:34 - 2019-02-26 03:38 - 000130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2019-07-11 03:34 - 2019-02-26 03:35 - 004494848 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2019-07-11 03:34 - 2019-02-26 03:33 - 000230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2019-07-11 03:34 - 2019-02-26 03:31 - 002059776 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2019-07-11 03:34 - 2019-02-26 03:31 - 000696320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2019-07-11 03:34 - 2019-02-26 03:30 - 001155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2019-07-11 03:34 - 2019-02-26 03:29 - 013681664 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2019-07-11 03:34 - 2019-02-26 03:29 - 004858880 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2019-07-11 03:34 - 2019-02-26 03:18 - 001557504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2019-07-11 03:34 - 2019-02-26 03:12 - 004386304 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2019-07-11 03:34 - 2019-02-26 03:09 - 001332224 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2019-07-11 03:34 - 2019-02-26 03:07 - 000710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2019-07-11 03:34 - 2019-02-26 03:06 - 000800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2019-07-11 03:34 - 2019-02-22 00:07 - 000008192 _____ (Microsoft Corporation) C:\windows\system32\msimg32.dll
2019-07-11 03:34 - 2019-02-21 23:56 - 000004608 _____ (Microsoft Corporation) C:\windows\SysWOW64\msimg32.dll
2019-07-11 03:34 - 2019-02-16 03:02 - 002072576 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll
2019-07-11 03:34 - 2019-02-16 03:02 - 000516608 _____ (Microsoft Corporation) C:\windows\system32\rpcss.dll
2019-07-11 03:34 - 2019-02-16 03:01 - 000008704 _____ (Microsoft Corporation) C:\windows\system32\comcat.dll
2019-07-11 03:34 - 2019-02-16 02:50 - 001425920 _____ (Microsoft Corporation) C:\windows\SysWOW64\ole32.dll
2019-07-11 03:34 - 2019-02-10 13:10 - 001680104 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2019-07-11 03:34 - 2019-02-10 12:36 - 000328192 _____ (Microsoft Corporation) C:\windows\system32\Drivers\udfs.sys
2019-07-11 03:34 - 2019-02-10 12:35 - 000092672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cdfs.sys
2019-07-11 03:34 - 2019-02-08 13:08 - 002009088 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2019-07-11 03:34 - 2019-02-08 13:08 - 001889280 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2019-07-11 03:34 - 2019-02-08 12:59 - 001391104 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2019-07-11 03:34 - 2019-02-08 12:59 - 001241088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2019-07-11 03:34 - 2019-02-07 13:01 - 000095232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bridge.sys
2019-07-11 03:34 - 2019-02-03 12:36 - 000026112 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msfs.sys
2019-07-11 03:34 - 2019-01-01 13:08 - 000114408 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2019-07-11 03:34 - 2019-01-01 13:05 - 003247104 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2019-07-11 03:34 - 2019-01-01 13:05 - 000504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2019-07-11 03:34 - 2019-01-01 13:04 - 001942016 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2019-07-11 03:34 - 2019-01-01 13:04 - 000070144 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
2019-07-11 03:34 - 2019-01-01 12:58 - 002368000 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2019-07-11 03:34 - 2019-01-01 12:58 - 000337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2019-07-11 03:34 - 2019-01-01 12:57 - 001806848 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2019-07-11 03:34 - 2019-01-01 12:39 - 000128512 _____ (Microsoft Corporation) C:\windows\system32\msiexec.exe
2019-07-11 03:34 - 2019-01-01 12:39 - 000073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msiexec.exe
2019-07-11 03:34 - 2018-12-07 23:47 - 000088576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wanarp.sys
2019-07-11 03:34 - 2018-12-07 23:47 - 000058368 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndproxy.sys
2019-07-11 03:34 - 2018-12-07 23:47 - 000024064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndistapi.sys
2019-07-11 03:34 - 2018-11-11 14:01 - 000366824 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msrpc.sys
2019-07-11 03:34 - 2018-11-11 13:58 - 000405504 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2019-07-11 03:34 - 2018-11-11 13:45 - 000313344 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2019-07-11 03:34 - 2018-10-27 00:42 - 000230400 _____ (Microsoft Corporation) C:\windows\system32\scrobj.dll
2019-07-11 03:34 - 2018-10-27 00:42 - 000202752 _____ (Microsoft Corporation) C:\windows\system32\scrrun.dll
2019-07-11 03:34 - 2018-10-27 00:42 - 000150016 _____ (Microsoft Corporation) C:\windows\system32\wshom.ocx
2019-07-11 03:34 - 2018-10-27 00:42 - 000028160 _____ (Microsoft Corporation) C:\windows\system32\wshcon.dll
2019-07-11 03:34 - 2018-10-27 00:27 - 000173568 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrobj.dll
2019-07-11 03:34 - 2018-10-27 00:27 - 000164352 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrrun.dll
2019-07-11 03:34 - 2018-10-27 00:27 - 000121856 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshom.ocx
2019-07-11 03:34 - 2018-10-27 00:11 - 000168960 _____ (Microsoft Corporation) C:\windows\system32\wscript.exe
2019-07-11 03:34 - 2018-10-27 00:11 - 000156160 _____ (Microsoft Corporation) C:\windows\system32\cscript.exe
2019-07-11 03:34 - 2018-10-27 00:04 - 000141824 _____ (Microsoft Corporation) C:\windows\SysWOW64\wscript.exe
2019-07-11 03:34 - 2018-10-27 00:04 - 000126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\cscript.exe
2019-07-11 03:34 - 2018-10-27 00:04 - 000025088 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshcon.dll
2019-07-11 03:34 - 2018-10-06 13:03 - 000383720 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2019-07-11 03:34 - 2018-10-06 12:59 - 000041472 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2019-07-11 03:34 - 2018-10-06 12:58 - 000014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2019-07-11 03:34 - 2018-10-06 12:50 - 000309480 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2019-07-11 03:34 - 2018-10-06 12:44 - 000025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2019-07-11 03:34 - 2018-10-06 12:43 - 000010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2019-07-11 03:34 - 2018-10-06 10:42 - 001988096 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2019-07-11 03:34 - 2018-10-06 10:05 - 002565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2019-07-11 03:34 - 2018-09-22 23:55 - 002319872 _____ (Microsoft Corporation) C:\windows\system32\tquery.dll
2019-07-11 03:34 - 2018-09-22 23:54 - 002222080 _____ (Microsoft Corporation) C:\windows\system32\mssrch.dll
2019-07-11 03:34 - 2018-09-22 23:54 - 000778240 _____ (Microsoft Corporation) C:\windows\system32\mssvp.dll
2019-07-11 03:34 - 2018-09-22 23:54 - 000491520 _____ (Microsoft Corporation) C:\windows\system32\mssph.dll
2019-07-11 03:34 - 2018-09-22 23:54 - 000288256 _____ (Microsoft Corporation) C:\windows\system32\mssphtb.dll
2019-07-11 03:34 - 2018-09-22 23:54 - 000115200 _____ (Microsoft Corporation) C:\windows\system32\mssitlb.dll
2019-07-11 03:34 - 2018-09-22 23:54 - 000099840 _____ (Microsoft Corporation) C:\windows\system32\mssprxy.dll
2019-07-11 03:34 - 2018-09-22 23:54 - 000075264 _____ (Microsoft Corporation) C:\windows\system32\msscntrs.dll
2019-07-11 03:34 - 2018-09-22 23:54 - 000014336 _____ (Microsoft Corporation) C:\windows\system32\msshooks.dll
2019-07-11 03:34 - 2018-09-22 23:37 - 001549312 _____ (Microsoft Corporation) C:\windows\SysWOW64\tquery.dll
2019-07-11 03:34 - 2018-09-22 23:37 - 001400320 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssrch.dll
2019-07-11 03:34 - 2018-09-22 23:37 - 000666624 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssvp.dll
2019-07-11 03:34 - 2018-09-22 23:37 - 000337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssph.dll
2019-07-11 03:34 - 2018-09-22 23:37 - 000197120 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssphtb.dll
2019-07-11 03:34 - 2018-09-22 23:37 - 000104448 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssitlb.dll
2019-07-11 03:34 - 2018-09-22 23:37 - 000034816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssprxy.dll
2019-07-11 03:34 - 2018-09-22 23:34 - 000591872 _____ (Microsoft Corporation) C:\windows\system32\SearchIndexer.exe
2019-07-11 03:34 - 2018-09-22 23:34 - 000249856 _____ (Microsoft Corporation) C:\windows\system32\SearchProtocolHost.exe
2019-07-11 03:34 - 2018-09-22 23:33 - 000113664 _____ (Microsoft Corporation) C:\windows\system32\SearchFilterHost.exe
2019-07-11 03:34 - 2018-09-22 23:21 - 000009728 _____ (Microsoft Corporation) C:\windows\SysWOW64\msshooks.dll
2019-07-11 03:33 - 2019-03-06 00:14 - 000708328 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2019-07-11 03:33 - 2019-03-06 00:14 - 000631680 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2019-07-11 03:33 - 2019-03-06 00:10 - 000690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2019-07-11 03:33 - 2019-03-06 00:10 - 000146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2019-07-11 03:33 - 2019-03-06 00:10 - 000060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2019-07-11 03:33 - 2019-03-06 00:10 - 000059904 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2019-07-11 03:33 - 2019-03-06 00:10 - 000034816 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2019-07-11 03:33 - 2019-03-06 00:10 - 000022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2019-07-11 03:33 - 2019-03-06 00:01 - 000146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2019-07-11 03:33 - 2019-03-06 00:01 - 000060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2019-07-11 03:33 - 2019-03-06 00:01 - 000043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2019-07-11 03:33 - 2019-03-06 00:00 - 000690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2019-07-11 03:33 - 2019-03-06 00:00 - 000050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2019-07-11 03:33 - 2019-03-06 00:00 - 000017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2019-07-11 03:33 - 2019-03-05 23:45 - 000148480 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2019-07-11 03:33 - 2019-03-05 23:45 - 000017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2019-07-11 03:33 - 2019-03-05 23:44 - 000064512 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2019-07-11 03:33 - 2019-03-05 23:41 - 000296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2019-07-11 03:33 - 2019-03-05 23:40 - 000050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2019-07-11 03:33 - 2019-03-05 23:37 - 000025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2019-07-11 03:33 - 2019-03-05 23:37 - 000007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2019-07-11 03:33 - 2019-02-26 04:06 - 000047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2019-07-11 03:33 - 2019-02-22 00:07 - 000058880 _____ (Microsoft Corporation) C:\windows\system32\mf3216.dll
2019-07-11 03:33 - 2019-02-21 23:55 - 000044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf3216.dll
2019-07-11 03:33 - 2019-02-21 23:35 - 000352768 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrd3x40.dll
2019-07-11 03:33 - 2019-02-21 23:35 - 000313344 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrd2x40.dll
2019-07-11 03:33 - 2019-02-16 03:02 - 000972288 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2019-07-11 03:33 - 2019-02-16 03:02 - 000878080 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2019-07-11 03:33 - 2019-02-16 03:02 - 000443904 _____ (Microsoft Corporation) C:\windows\system32\winspool.drv
2019-07-11 03:33 - 2019-02-16 03:02 - 000026112 _____ (Microsoft Corporation) C:\windows\system32\oleres.dll
2019-07-11 03:33 - 2019-02-16 02:50 - 000583680 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2019-07-11 03:33 - 2019-02-16 02:50 - 000321536 _____ (Microsoft Corporation) C:\windows\SysWOW64\winspool.drv
2019-07-11 03:33 - 2019-02-16 02:50 - 000026112 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleres.dll
2019-07-11 03:33 - 2019-02-16 02:33 - 000007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\comcat.dll
2019-07-11 03:33 - 2019-02-16 01:10 - 000419608 _____ C:\windows\SysWOW64\locale.nls
2019-07-11 03:33 - 2019-02-16 01:10 - 000419608 _____ C:\windows\system32\locale.nls
2019-07-11 03:33 - 2019-02-15 13:09 - 000485888 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2019-07-11 03:33 - 2019-02-15 13:09 - 000355328 _____ (Microsoft Corporation) C:\windows\system32\Faultrep.dll
2019-07-11 03:33 - 2019-02-15 13:09 - 000034304 _____ (Microsoft Corporation) C:\windows\system32\werdiagcontroller.dll
2019-07-11 03:33 - 2019-02-15 12:58 - 000382976 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2019-07-11 03:33 - 2019-02-15 12:58 - 000320512 _____ (Microsoft Corporation) C:\windows\SysWOW64\Faultrep.dll
2019-07-11 03:33 - 2019-02-15 12:40 - 000415744 _____ (Microsoft Corporation) C:\windows\system32\WerFault.exe
2019-07-11 03:33 - 2019-02-15 12:40 - 000050688 _____ (Microsoft Corporation) C:\windows\system32\wermgr.exe
2019-07-11 03:33 - 2019-02-15 12:40 - 000026112 _____ (Microsoft Corporation) C:\windows\system32\WerFaultSecure.exe
2019-07-11 03:33 - 2019-02-15 12:38 - 000360960 _____ (Microsoft Corporation) C:\windows\SysWOW64\WerFault.exe
2019-07-11 03:33 - 2019-02-15 12:38 - 000053760 _____ (Microsoft Corporation) C:\windows\SysWOW64\wermgr.exe
2019-07-11 03:33 - 2019-02-15 12:38 - 000028672 _____ (Microsoft Corporation) C:\windows\SysWOW64\WerFaultSecure.exe
2019-07-11 03:33 - 2019-02-15 12:38 - 000028672 _____ (Microsoft Corporation) C:\windows\SysWOW64\werdiagcontroller.dll
2019-07-11 03:33 - 2019-02-10 12:36 - 000205312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fastfat.sys
2019-07-11 03:33 - 2019-02-10 12:36 - 000195584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\exfat.sys
2019-07-11 03:33 - 2019-02-08 13:08 - 000002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll
2019-07-11 03:33 - 2019-02-08 13:08 - 000002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2019-07-11 03:33 - 2019-02-08 13:07 - 001133568 _____ (Microsoft Corporation) C:\windows\system32\cdosys.dll
2019-07-11 03:33 - 2019-02-08 12:59 - 000805376 _____ (Microsoft Corporation) C:\windows\SysWOW64\cdosys.dll
2019-07-11 03:33 - 2019-02-08 12:59 - 000002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6r.dll
2019-07-11 03:33 - 2019-02-08 12:59 - 000002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2019-07-11 03:33 - 2019-02-07 13:06 - 000027648 _____ (Microsoft Corporation) C:\windows\system32\brdgcfg.dll
2019-07-11 03:33 - 2019-02-07 13:06 - 000002048 _____ (Microsoft Corporation) C:\windows\system32\bridgeres.dll
2019-07-11 03:33 - 2019-02-07 12:46 - 000020992 _____ (Microsoft Corporation) C:\windows\system32\bridgeunattend.exe
2019-07-11 03:33 - 2019-01-11 23:36 - 001311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\msjet40.dll
2019-07-11 03:33 - 2019-01-04 13:13 - 000143592 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2019-07-11 03:33 - 2019-01-04 13:07 - 000727040 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2019-07-11 03:33 - 2019-01-04 11:05 - 002862592 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2019-07-11 03:33 - 2019-01-04 11:05 - 001635328 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2019-07-11 03:33 - 2019-01-04 11:05 - 000799744 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2019-07-11 03:33 - 2019-01-04 11:05 - 000623104 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2019-07-11 03:33 - 2019-01-04 11:05 - 000495616 _____ (Microsoft Corporation) C:\windows\system32\centel.dll
2019-07-11 03:33 - 2019-01-04 11:05 - 000451584 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2019-07-11 03:33 - 2019-01-04 11:05 - 000313856 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2019-07-11 03:33 - 2019-01-04 11:05 - 000253952 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2019-07-11 03:33 - 2019-01-03 13:10 - 000002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2019-07-11 03:33 - 2019-01-03 12:55 - 000002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2019-07-11 03:33 - 2019-01-01 13:05 - 000025088 _____ (Microsoft Corporation) C:\windows\system32\msimsg.dll
2019-07-11 03:33 - 2019-01-01 12:58 - 000025088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msimsg.dll
2019-07-11 03:33 - 2018-12-08 00:08 - 000095744 _____ (Microsoft Corporation) C:\windows\system32\rascfg.dll
2019-07-11 03:33 - 2018-12-08 00:08 - 000076288 _____ (Microsoft Corporation) C:\windows\system32\rasdiag.dll
2019-07-11 03:33 - 2018-12-08 00:08 - 000060928 _____ (Microsoft Corporation) C:\windows\system32\ndptsp.tsp
2019-07-11 03:33 - 2018-12-08 00:08 - 000047104 _____ (Microsoft Corporation) C:\windows\system32\kmddsp.tsp
2019-07-11 03:33 - 2018-12-08 00:08 - 000041472 _____ (Microsoft Corporation) C:\windows\system32\rasmxs.dll
2019-07-11 03:33 - 2018-12-08 00:08 - 000029696 _____ (Microsoft Corporation) C:\windows\system32\rasser.dll
2019-07-11 03:33 - 2018-12-07 23:56 - 000081408 _____ (Microsoft Corporation) C:\windows\SysWOW64\rascfg.dll
2019-07-11 03:33 - 2018-12-07 23:56 - 000061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\rasdiag.dll
2019-07-11 03:33 - 2018-12-07 23:56 - 000050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\ndptsp.tsp
2019-07-11 03:33 - 2018-12-07 23:41 - 000038912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kmddsp.tsp
2019-07-11 03:33 - 2018-12-07 23:41 - 000033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\rasmxs.dll
2019-07-11 03:33 - 2018-12-07 23:41 - 000022528 _____ (Microsoft Corporation) C:\windows\SysWOW64\rasser.dll
2019-07-11 03:33 - 2018-12-04 13:07 - 000194048 _____ (Microsoft Corporation) C:\windows\system32\itircl.dll
2019-07-11 03:33 - 2018-12-04 13:07 - 000170496 _____ (Microsoft Corporation) C:\windows\system32\itss.dll
2019-07-11 03:33 - 2018-12-04 12:55 - 000158720 _____ (Microsoft Corporation) C:\windows\SysWOW64\itircl.dll
2019-07-11 03:33 - 2018-12-04 12:55 - 000142848 _____ (Microsoft Corporation) C:\windows\SysWOW64\itss.dll
2019-07-11 03:33 - 2018-12-02 13:06 - 000687616 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2019-07-11 03:33 - 2018-10-27 00:04 - 000015360 _____ (Microsoft Corporation) C:\windows\SysWOW64\dispex.dll
2019-07-11 03:33 - 2018-10-12 10:05 - 000998480 _____ (Microsoft Corporation) C:\windows\system32\ucrtbase.dll
2019-07-11 03:33 - 2018-10-12 10:05 - 000918408 _____ (Microsoft Corporation) C:\windows\SysWOW64\ucrtbase.dll
2019-07-11 03:33 - 2018-10-12 10:05 - 000066000 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2019-07-11 03:33 - 2018-10-12 10:05 - 000063936 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-private-l1-1-0.dll
2019-07-11 03:33 - 2018-10-12 10:05 - 000021968 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2019-07-11 03:33 - 2018-10-12 10:05 - 000020944 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-math-l1-1-0.dll
2019-07-11 03:33 - 2018-10-12 10:05 - 000019408 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2019-07-11 03:33 - 2018-10-12 10:05 - 000018880 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2019-07-11 03:33 - 2018-10-12 10:05 - 000017872 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2019-07-11 03:33 - 2018-10-12 10:05 - 000017856 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-string-l1-1-0.dll
2019-07-11 03:33 - 2018-10-12 10:05 - 000017360 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2019-07-11 03:33 - 2018-10-12 10:05 - 000017352 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2019-07-11 03:33 - 2018-10-12 10:05 - 000016336 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2019-07-11 03:33 - 2018-10-12 10:05 - 000015824 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2019-07-11 03:33 - 2018-10-12 10:05 - 000015808 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2019-07-11 03:33 - 2018-10-12 10:05 - 000015296 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2019-07-11 03:33 - 2018-10-12 10:05 - 000014312 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-time-l1-1-0.dll
2019-07-11 03:33 - 2018-10-12 10:05 - 000014272 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-2-0.dll
2019-07-11 03:33 - 2018-10-12 10:05 - 000013768 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2019-07-11 03:33 - 2018-10-12 10:05 - 000013760 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2019-07-11 03:33 - 2018-10-12 10:05 - 000013760 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2019-07-11 03:33 - 2018-10-12 10:05 - 000013264 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2019-07-11 03:33 - 2018-10-12 10:05 - 000012752 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-process-l1-1-0.dll
2019-07-11 03:33 - 2018-10-12 10:05 - 000012736 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2019-07-11 03:33 - 2018-10-12 10:05 - 000012264 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2019-07-11 03:33 - 2018-10-12 10:05 - 000012240 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2019-07-11 03:33 - 2018-10-12 10:05 - 000012240 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2019-07-11 03:33 - 2018-10-12 10:05 - 000012240 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
2019-07-11 03:33 - 2018-10-12 10:05 - 000012232 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2019-07-11 03:33 - 2018-10-12 10:05 - 000012224 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2019-07-11 03:33 - 2018-10-12 10:05 - 000012224 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2019-07-11 03:33 - 2018-10-12 10:05 - 000012024 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2019-07-11 03:33 - 2018-10-12 10:05 - 000011752 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-2-0.dll
2019-07-11 03:33 - 2018-10-12 10:05 - 000011728 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2019-07-11 03:33 - 2018-10-12 10:05 - 000011728 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2019-07-11 03:33 - 2018-10-12 10:05 - 000011712 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2019-07-11 03:33 - 2018-10-12 10:05 - 000011712 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2019-07-11 03:33 - 2018-10-12 10:05 - 000011712 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2019-07-11 03:33 - 2018-10-12 10:05 - 000011712 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2019-07-11 03:33 - 2018-10-12 10:05 - 000011712 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2019-07-11 03:33 - 2018-10-12 10:05 - 000011712 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2019-07-11 03:33 - 2018-10-12 10:05 - 000011512 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l2-1-0.dll
2019-07-11 03:33 - 2018-10-12 10:05 - 000011216 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2019-07-11 03:33 - 2018-10-12 10:05 - 000011216 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2019-07-11 03:33 - 2018-10-12 10:05 - 000011216 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2019-07-11 03:33 - 2018-10-12 10:05 - 000011200 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2019-07-11 03:33 - 2018-10-06 12:59 - 000151552 _____ (Microsoft Corporation) C:\windows\system32\t2embed.dll
2019-07-11 03:33 - 2018-10-06 12:58 - 000100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2019-07-11 03:33 - 2018-10-06 12:58 - 000046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2019-07-11 03:33 - 2018-10-06 12:44 - 000111616 _____ (Microsoft Corporation) C:\windows\SysWOW64\t2embed.dll
2019-07-11 03:33 - 2018-10-06 12:43 - 000071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2019-07-11 03:33 - 2018-10-06 12:16 - 000034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2019-07-11 03:23 - 2019-07-11 03:23 - 000000000 ____D C:\Users\Marcela\AppData\Local\ESET
2019-07-10 20:32 - 2019-07-10 20:32 - 000000168 _____ C:\Users\Marcela\Desktop\esto.txt
2019-07-10 20:12 - 2019-07-10 20:12 - 000000924 _____ C:\Users\Marcela\Downloads\cc_20190710_201157.reg
2019-07-10 20:11 - 2019-07-10 20:11 - 000031296 _____ C:\Users\Marcela\Downloads\cc_20190710_201120.reg
2019-07-10 18:22 - 2019-07-10 18:22 - 000000298 _____ C:\Users\Marcela\Downloads\cc_20190710_182218.reg
2019-07-10 18:20 - 2019-07-10 18:20 - 000003114 _____ C:\Users\Marcela\Downloads\cc_20190710_182044.reg
2019-07-10 18:19 - 2019-07-10 18:19 - 000142068 _____ C:\Users\Marcela\Downloads\cc_20190710_181933.reg
2019-07-10 17:46 - 2019-07-10 17:46 - 000001079 _____ C:\AdwCleaner[S2].txt
2019-07-10 17:45 - 2019-07-10 17:45 - 000001017 _____ C:\Users\Marcela\Desktop\AdwCleaner[R3].txt
2019-07-10 17:44 - 2019-07-10 17:44 - 000001017 _____ C:\AdwCleaner[R3].txt
2019-07-10 17:42 - 2019-07-10 17:42 - 000000957 _____ C:\AdwCleaner[R2].txt
2019-07-10 17:40 - 2019-07-10 17:40 - 000027023 _____ C:\Users\Marcela\Desktop\Resultado Mbam.txt
2019-07-10 17:37 - 2019-02-16 02:32 - 000142336 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe
2019-07-10 17:37 - 2019-02-16 02:30 - 000123904 _____ (Microsoft Corporation) C:\windows\SysWOW64\poqexec.exe
2019-07-10 17:11 - 2019-07-10 17:11 - 000000000 ____D C:\Users\Marcela\AppData\Local\mbam
2019-07-10 17:09 - 2019-07-10 17:09 - 000199768 _____ (Malwarebytes) C:\windows\system32\Drivers\MbamChameleon.sys
2019-07-10 17:09 - 2019-07-10 17:09 - 000000000 ____D C:\Users\Marcela\AppData\Local\mbamtray
2019-07-10 17:08 - 2019-07-10 17:08 - 000001833 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-07-10 17:08 - 2019-07-10 17:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-07-10 17:08 - 2019-07-10 17:08 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-07-10 17:08 - 2019-07-10 17:08 - 000000000 ____D C:\Program Files\Malwarebytes
2019-07-10 17:08 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\windows\system32\Drivers\mbae64.sys
2019-07-10 16:43 - 2019-07-10 17:04 - 064488416 _____ (Malwarebytes ) C:\Users\Marcela\Downloads\mb3-setup-consumer-3.8.3.2965-1.0.613-1.0.11466 (1).exe
2019-07-10 16:28 - 2019-07-10 16:28 - 000001000 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2019-07-10 16:28 - 2019-07-10 16:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2019-07-10 16:28 - 2019-07-10 16:28 - 000000000 ____D C:\Program Files\VS Revo Group
2019-07-10 16:16 - 2019-07-10 16:19 - 007411912 _____ (VS Revo Group ) C:\Users\Marcela\Downloads\revosetup.exe
2019-07-10 14:10 - 2019-07-15 23:28 - 000000374 _____ C:\windows\system32\Drivers\etc\hosts.ics

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

Fin de Frst.exe

   2019-07-16 00:26 - 2009-07-14 00:20 - 000000000 ____D C:\windows\system32\NDF
    2019-07-15 23:38 - 2009-07-14 01:45 - 000024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2019-07-15 23:38 - 2009-07-14 01:45 - 000024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2019-07-15 23:31 - 2016-04-04 00:22 - 000000000 ___RD C:\Users\Marcela\Google Drive
    2019-07-15 23:31 - 2015-11-17 22:26 - 000000000 ____D C:\Users\Marcela\AppData\Local\Spotify
    2019-07-15 23:31 - 2015-11-17 22:09 - 000000000 ____D C:\Users\Marcela\AppData\Roaming\Spotify
    2019-07-15 23:30 - 2014-08-24 04:00 - 000000000 ____D C:\Users\Marcela\AppData\Roaming\DropboxMaster
    2019-07-15 23:30 - 2014-08-24 03:57 - 000000000 ____D C:\Users\Marcela\AppData\Roaming\Dropbox
    2019-07-15 23:28 - 2009-07-14 02:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
    2019-07-15 23:17 - 2016-03-31 21:25 - 000002228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2019-07-15 23:17 - 2016-03-31 21:25 - 000002187 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2019-07-15 12:50 - 2018-04-10 23:59 - 000004128 _____ C:\windows\System32\Tasks\CCleaner Update
    2019-07-15 03:27 - 2013-08-31 19:59 - 000000000 ____D C:\windows\system32\MRT
    2019-07-15 03:04 - 2012-06-17 16:13 - 136618864 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
    2019-07-15 01:54 - 2014-01-11 16:07 - 000004320 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
    2019-07-15 01:54 - 2012-09-15 17:36 - 000842296 _____ (Adobe) C:\windows\SysWOW64\FlashPlayerApp.exe
    2019-07-15 01:54 - 2012-06-16 23:35 - 000175160 _____ (Adobe) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
    2019-07-15 01:53 - 2012-09-15 17:35 - 000000000 ____D C:\windows\system32\Macromed
    2019-07-15 01:53 - 2012-06-16 23:31 - 000000000 ____D C:\windows\SysWOW64\Macromed
    2019-07-14 21:45 - 2009-07-14 00:20 - 000000000 ____D C:\windows\inf
    2019-07-14 21:12 - 2018-07-25 16:53 - 000000000 ____D C:\Users\Marcela\AppData\LocalLow\IObit
    2019-07-14 21:08 - 2014-01-11 17:42 - 000000000 ____D C:\AdwCleaner
    2019-07-14 20:15 - 2018-03-01 11:32 - 000000000 ____D C:\Users\Marcela\Desktop\cocina saludable
    2019-07-13 00:55 - 2009-07-14 00:20 - 000000000 ____D C:\windows\rescache
    2019-07-12 21:39 - 2015-08-09 21:07 - 000000000 ____D C:\Users\Public\Documents\Wondershare
    2019-07-12 21:16 - 2013-02-21 21:11 - 000000000 ____D C:\Users\Marcela\Documents\Cosas de mama
    2019-07-12 21:10 - 2013-06-29 15:53 - 000000000 ____D C:\Users\Marcela\Documents\Aplicaciones Microspft
    2019-07-12 20:37 - 2017-09-21 07:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
    2019-07-12 20:37 - 2016-04-04 00:20 - 000001966 _____ C:\Users\Public\Desktop\Google Slides.lnk
    2019-07-12 20:37 - 2016-04-04 00:20 - 000001964 _____ C:\Users\Public\Desktop\Google Sheets.lnk
    2019-07-12 20:37 - 2016-04-04 00:20 - 000001954 _____ C:\Users\Public\Desktop\Google Docs.lnk
    2019-07-12 19:17 - 2013-11-20 01:55 - 000003534 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2019-07-12 19:17 - 2013-11-20 01:55 - 000003406 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2019-07-12 18:23 - 2011-04-12 06:10 - 000696224 _____ C:\windows\system32\perfh00A.dat
    2019-07-12 18:23 - 2011-04-12 06:10 - 000144414 _____ C:\windows\system32\perfc00A.dat
    2019-07-12 18:23 - 2009-07-14 02:13 - 001652454 _____ C:\windows\system32\PerfStringBackup.INI
    2019-07-12 18:16 - 2009-07-14 01:45 - 000470088 _____ C:\windows\system32\FNTCACHE.DAT
    2019-07-12 18:12 - 2009-07-14 00:20 - 000000000 ____D C:\windows\SysWOW64\Dism
    2019-07-12 18:11 - 2014-12-12 10:50 - 000000000 ____D C:\windows\system32\appraiser
    2019-07-12 18:11 - 2014-05-07 03:40 - 000000000 ___SD C:\windows\system32\CompatTel
    2019-07-12 18:11 - 2009-07-14 00:20 - 000000000 ____D C:\windows\system32\Dism
    2019-07-11 03:20 - 2012-09-10 20:10 - 000000000 ____D C:\Program Files\CCleaner
    2019-07-11 03:05 - 2012-06-15 21:54 - 001627224 _____ C:\windows\SysWOW64\PerfStringBackup.INI
    2019-07-10 19:59 - 2016-03-31 15:50 - 000000000 ____D C:\Users\Marcela\AppData\Roaming\AVAST Software
    2019-07-10 19:56 - 2012-08-30 20:20 - 000000000 ____D C:\ProgramData\AVAST Software
    2019-07-10 19:41 - 2015-12-03 19:50 - 000000000 ____D C:\windows\System32\Tasks\AVAST Software
    2019-07-10 18:15 - 2018-07-25 16:52 - 000000000 ____D C:\ProgramData\IObit
    2019-07-10 17:52 - 2018-07-25 16:54 - 000000000 ____D C:\ProgramData\ProductData
    2019-07-10 17:39 - 2014-01-04 00:41 - 000000000 ____D C:\Users\Marcela\Desktop\Programas
    2019-07-09 17:05 - 2010-11-21 00:27 - 000741432 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe

    ==================== Files in the root of some directories ================

    2019-02-13 18:54 - 2019-02-13 18:54 - 007895040 _____ () C:\Program Files (x86)\GUT8095.tmp
    2014-01-10 20:33 - 2014-01-10 20:33 - 000000060 _____ () C:\Users\Marcela\AppData\Roaming\WB.CFG
    2012-05-03 08:12 - 2012-05-03 08:12 - 000000532 _____ () C:\Users\Marcela\AppData\Local\datos.txt
    2012-07-03 02:16 - 2013-06-16 23:59 - 000003584 _____ () C:\Users\Marcela\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2018-11-03 11:20 - 2018-11-03 11:20 - 000000000 _____ () C:\Users\Marcela\AppData\Local\oobelibMkey.log
    2014-01-05 16:19 - 2014-01-05 16:19 - 000000017 _____ () C:\Users\Marcela\AppData\Local\resmon.resmoncfg
    2012-05-14 07:38 - 2012-05-14 07:38 - 000043976 _____ () C:\Users\Marcela\AppData\Local\save_en.bmp
    2012-05-14 07:38 - 2012-05-14 07:38 - 000043976 _____ () C:\Users\Marcela\AppData\Local\save_es.bmp
    2012-09-10 20:03 - 2012-09-10 20:03 - 000384835 _____ () C:\Users\Marcela\AppData\Local\speeddial.crx

    ==================== SigCheck ===============================

    (There is no automatic fix for files that do not pass verification.)


    LastRegBack: 2012-12-26 21:26
    ==================== End of FRST.txt ============================

Este es el de Addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-07-2019 01
Ran by Marcela (16-07-2019 00:54:00)
Running from C:\Users\Marcela\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-06-16 11:44:37)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-626170639-4164473826-2000900811-500 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-626170639-4164473826-2000900811-1587 - Limited - Enabled)
Invitado (S-1-5-21-626170639-4164473826-2000900811-501 - Limited - Disabled)
Marcela (S-1-5-21-626170639-4164473826-2000900811-1000 - Administrator - Enabled) => C:\Users\Marcela

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.008.20081 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.5.0.331 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.223 - Adobe)
Ahead Nero 6 Demo (32-bit) (HKLM-x32\...\Nero - Burning Rom!UninstallKey) (Version:  - )
Autodesk DWF Viewer (HKLM-x32\...\Autodesk DWF Viewer) (Version: 6.5 - Autodesk, Inc.)
Backup and Sync from Google (HKLM\...\{768C0072-2FD2-4934-9824-B2A1E81AEA5D}) (Version: 3.45.5545.5747 - Google, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Driver 1.3 (HKLM\...\{BA56CD60-1D9F-4BE6-AC2F-B7C4A5437C35}) (Version: 1.3 - OEM)
Dropbox (HKU\S-1-5-21-626170639-4164473826-2000900811-1000\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
Eines de correcció del Microsoft Office 2016: català (HKLM\...\{90160000-001F-0403-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
EPSON T24 Series Printer Uninstall (HKLM\...\EPSON T24 Series) (Version:  - SEIKO EPSON Corporation)
Ferramentas de verificación de Microsoft Office 2016 - Galego (HKLM\...\{90160000-001F-0456-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (HKLM-x32\...\{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 75.0.3770.142 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.5 - Google Inc.) Hidden
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
iCare Data Recovery Technician (HKLM-x32\...\{D6D90FAA-9BEC-405D-A7E5-92841D8BBD3A}_is1) (Version: 6.0 - iCare Recovery)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6289.0 - IDT)
InfoStat (HKLM-x32\...\{BB1C2EC8-3A63-4AF5-84D9-AD9DF23DC863}) (Version: 12 - Grupo InfoStat) Hidden
InfoStat (HKLM-x32\...\InfoStat) (Version: 12 - Grupo InfoStat)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2361 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
JMicron Ethernet Adapter NDIS Driver (HKLM-x32\...\{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}) (Version: 6.0.24.7 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.53.5 - JMicron Technology Corp.)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes versión 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
Microsoft .NET Framework 4.7.2 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-626170639-4164473826-2000900811-1000\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MotoHelper MergeModules (HKLM-x32\...\{6F3D2F66-F050-45E3-BEB1-6523FE6D6690}) (Version: 1.0.0 - Motorola) Hidden
MotoHelper MergeModules (HKLM-x32\...\{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}) (Version: 1.2.0 - Motorola) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Origin8 (HKLM-x32\...\{D7452A01-9BF9-4FFD-8B2E-650F713AE099}) (Version: 8.00.000 - OriginLab) Hidden
OriginPro 8 (HKLM-x32\...\{A912021A-FEDD-4DA3-8DB4-245EBDA84778}) (Version: 8.00.000 - OriginLab Corporation)
OSD 1.10 (HKLM-x32\...\{5A9C96FE-1376-45E1-8556-C81255F0B5A7}) (Version: 1.10 - OEM)
Paquete de idioma de Microsoft Visual Studio 2010 Tools para Office Runtime (x64) - ESN (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ESN) (Version: 10.0.50903 - Microsoft Corporation)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.0174 - REALTEK Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Regisoft Contabilidad y Gestión 2.3 (HKLM-x32\...\{10DB2FC8-8A41-45C1-AC43-5E1B5DE8F6D1}) (Version: 2.3.28 - Regisoft)
Revisores de Texto do Microsoft Office 2016 – Português (Brasil) (HKLM\...\{90160000-001F-0416-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Revo Uninstaller 2.1.0 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.1.0 - VS Revo Group, Ltd.)
SketchUp 2017 (HKLM\...\{E59BD84C-169B-4F3F-AC5D-85127CF67051}) (Version: 17.2.2555 - Trimble, Inc.)
Spotify (HKU\S-1-5-21-626170639-4164473826-2000900811-1000\...\Spotify) (Version: 1.0.92.390.g2ce5ec7d - Spotify AB)
SysTools DBX Converter (HKLM-x32\...\SysTools DBX Converter v3.2 DEMO Version_is1) (Version:  - )
TrackMania Original Oro (HKLM-x32\...\TrackMania Original Oro) (Version:  - FX Interactive)
Webcam 1.5 (HKLM-x32\...\{39B78651-6FD2-4752-BE68-C3BDB6F2D9EE}) (Version: 1.5 - OEM)
WinASO Registry Optimizer 4.7.7 (HKLM-x32\...\WinASO Registry Optimizer_is1) (Version:  - X.M.Y International LLC)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
WinRAR 5.70 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)
Wondershare Filmora(Build 8.5.5) (HKLM\...\Wondershare Filmora_is1) (Version:  - Wondershare Software)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)
Zoo Tycoon 2 - Marine Mania (HKLM-x32\...\{B406605B-45FE-4D8F-8250-1E77479583AE}) (Version: 1.00.0000 - Microsoft Game Studios) Hidden
Zoo Tycoon 2 - Marine Mania (HKLM-x32\...\InstallShield_{B406605B-45FE-4D8F-8250-1E77479583AE}) (Version: 1.00.0000 - Microsoft Game Studios)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-626170639-4164473826-2000900811-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Marcela\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_3\amd64\SkyDriveShell64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-626170639-4164473826-2000900811-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Marcela\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_3\amd64\SkyDriveShell64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-626170639-4164473826-2000900811-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Marcela\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_3\amd64\SkyDriveShell64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-626170639-4164473826-2000900811-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)
CustomCLSID: HKU\S-1-5-21-626170639-4164473826-2000900811-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Marcela\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_3\amd64\SkyDriveShell64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-626170639-4164473826-2000900811-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Marcela\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_3\amd64\FileSyncApi64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-626170639-4164473826-2000900811-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marcela\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-626170639-4164473826-2000900811-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marcela\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-626170639-4164473826-2000900811-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marcela\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-626170639-4164473826-2000900811-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marcela\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-06-27] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-06-27] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-06-27] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] (Adobe Systems Incorporated -> )
ContextMenuHandlers1-x32: [Autodesk.DWF.ContextMenu] -> {6C18531F-CA85-45F7-8278-FF33CF0A5964} => C:\Program Files (x86)\Common Files\Autodesk shared\dwf common\DWFShellExtension.dll [2005-11-15] (Autodesk, Inc. -> Autodesk, Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-06-27] (Google LLC -> Google)
ContextMenuHandlers1: [TVCShellExt] -> {4E33A7F5-8083-4C08-9D45-C5CED88F5C04} =>  -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-06-27] (Google LLC -> Google)
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2011-04-10] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-626170639-4164473826-2000900811-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marcela\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox -> Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-626170639-4164473826-2000900811-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marcela\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox -> Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-626170639-4164473826-2000900811-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marcela\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox -> Dropbox, Inc.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) ==============

2015-08-09 21:29 - 2016-07-21 10:54 - 000137728 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2015-08-09 21:29 - 2017-09-12 10:34 - 001506304 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2011-09-05 14:40 - 2010-09-13 18:28 - 000058880 _____ () [File not signed] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2019-07-15 23:29 - 2019-07-15 23:29 - 000113664 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\_ctypes.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000173568 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\_elementtree.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 001800192 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\_hashlib.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000032256 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\_multiprocessing.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000046080 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\_psutil_windows.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000047616 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\_socket.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 002230784 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\_ssl.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000026112 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\_yappi.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000080896 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\bz2.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 006277632 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\cello.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000014848 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\common.time34.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000007680 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\hashobjs_ext.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000301568 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\PIL._imaging.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000169472 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\pyexpat.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 001084416 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\pysqlite2._sqlite.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000548864 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\pythoncom27.dll
2019-07-15 23:29 - 2019-07-15 23:29 - 000137728 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\pywintypes27.dll
2019-07-15 23:29 - 2019-07-15 23:29 - 000010752 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\select.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000020992 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\thumbnails_ext.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000689664 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\unicodedata.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000118784 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\usb_ext.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000128512 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\win32api.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000438784 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\win32com.shell.shell.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000011776 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\win32crypt.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000023040 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\win32event.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000149504 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\win32file.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000223232 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\win32gui.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000048128 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\win32inet.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000029696 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\win32pdh.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000027648 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\win32pipe.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000044032 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\win32process.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000020480 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\win32profile.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000136192 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\win32security.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000026624 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\win32ts.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000034304 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\windows.conditional.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000038400 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\windows.connectivity.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000073216 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\windows.device_monitor.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000110592 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\windows.volumes.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000020480 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\windows.winwrap.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 001325056 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\wx._controls_.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 001489408 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\wx._core_.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 001007104 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\wx._gdi_.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000103424 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\wx._html2.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000916992 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\wx._misc_.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 001039872 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\wx._windows_.pyd
2019-07-11 03:34 - 2019-07-11 03:34 - 000169984 _____ () [File not signed] C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\fc20ffcedaa7ff2f475520f5e26ea5b5\IsdiInterop.ni.dll
2011-09-05 14:42 - 2010-10-05 08:43 - 001892352 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\xerces-c_2_7.dll
2019-07-11 03:34 - 2019-07-11 03:34 - 000014336 _____ (Intel Corp.) [File not signed] C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\4ded45704f10c739b65154d1a8db33d6\IAStorCommon.ni.dll
2011-09-05 14:42 - 2010-10-05 08:38 - 000069632 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\StatusStrings.dll
2011-09-05 14:40 - 2010-09-13 18:29 - 000006656 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\es-ES\IAStorDataMgr.resources.dll
2011-09-05 14:40 - 2010-09-13 18:29 - 000032768 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\es-ES\IAStorIcon.resources.dll
2011-09-05 14:40 - 2010-09-13 18:29 - 000004608 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\es-ES\IntelVisualDesign.resources.dll
2011-09-05 14:40 - 2010-09-13 18:28 - 000165376 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorUIHelper.dll
2011-09-05 14:40 - 2010-09-13 18:28 - 001108480 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IntelVisualDesign.dll
2011-09-05 14:40 - 2010-09-13 18:25 - 000275456 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\ISDI.dll
2019-07-11 03:33 - 2019-07-11 03:33 - 000219136 _____ (Intel Corporation) [File not signed] C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorDataMgr\ab0fd4ffae76faf75b1e9ffc18863beb\IAStorDataMgr.ni.dll
2019-07-11 03:33 - 2019-07-11 03:33 - 000019968 _____ (Intel Corporation) [File not signed] C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorDataMgrSvc\16d1a4365aff3c94f418ee6a5418b3d0\IAStorDataMgrSvc.ni.exe
2019-07-11 03:34 - 2019-07-11 03:34 - 000474624 _____ (Intel Corporation) [File not signed] C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\1015e7abe9eea3484ce585e968404791\IAStorUtil.ni.dll
2001-06-20 13:14 - 2001-06-20 13:14 - 000188416 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\itircl54.dll
2001-06-20 13:26 - 2001-06-20 13:26 - 000221184 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
2006-06-12 23:02 - 2006-06-12 23:02 - 000033792 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Microsoft Encarta\Encarta 2007 Biblioteca Premium\custsat.dll
2012-06-17 16:03 - 2012-06-17 16:03 - 001101824 _____ (Microsoft Corporation) [File not signed] C:\windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80.DLL
2012-07-17 15:16 - 2012-07-17 15:16 - 000225280 _____ (Microsoft Corporation) [File not signed] C:\windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcm90.dll
2019-07-15 23:29 - 2019-07-15 23:29 - 003042304 _____ (Python Software Foundation) [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\python27.dll
2015-08-09 21:29 - 2017-09-12 10:36 - 000708608 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll
2019-07-15 23:29 - 2019-07-15 23:29 - 000202240 _____ (wxWidgets development team) [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\wxbase30u_net_vc90_x64.dll
2019-07-15 23:29 - 2019-07-15 23:29 - 002831872 _____ (wxWidgets development team) [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\wxbase30u_vc90_x64.dll
2019-07-15 23:29 - 2019-07-15 23:29 - 001654784 _____ (wxWidgets development team) [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\wxmsw30u_adv_vc90_x64.dll
2019-07-15 23:29 - 2019-07-15 23:29 - 006542336 _____ (wxWidgets development team) [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\wxmsw30u_core_vc90_x64.dll
2019-07-15 23:29 - 2019-07-15 23:29 - 000773632 _____ (wxWidgets development team) [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\wxmsw30u_html_vc90_x64.dll
2019-07-15 23:29 - 2019-07-15 23:29 - 000137216 _____ (wxWidgets development team) [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\wxmsw30u_webview_vc90_x64.dll

Continúa Addition:

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\ProgramData\TEMP:0CFE8F97 [254]
AlternateDataStreams: C:\ProgramData\TEMP:98181191 [143]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 23:34 - 2019-07-10 16:00 - 000000846 _____ C:\windows\system32\drivers\etc\hosts


2019-07-10 14:10 - 2019-07-15 23:28 - 000000374 _____ C:\windows\system32\drivers\etc\hosts.ics


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;%PROGRAMFILES%\Internet Explorer
HKU\S-1-5-21-626170639-4164473826-2000900811-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Marcela\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.100.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OSD.lnk => C:\windows\pss\OSD.lnk.CommonStartup
MSCONFIG\startupreg: E07EDXRC_5145193 => "C:\Program Files (x86)\Microsoft Encarta\Encarta 2007 Biblioteca Premium\EDICT.EXE" -m
MSCONFIG\startupreg: Google Update => "C:\Users\Marcela\AppData\Local\Google\Update\GoogleUpdate.exe" /c

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{7E399279-357A-415E-83C0-65D3D8E004A3}C:\program files (x86)\trackmania original oro\tmoriginal.exe] => (Allow) C:\program files (x86)\trackmania original oro\tmoriginal.exe () [File not signed]
FirewallRules: [UDP Query User{E4020FA8-4EE3-4B83-99FB-4BCADD64E272}C:\program files (x86)\trackmania original oro\tmoriginal.exe] => (Allow) C:\program files (x86)\trackmania original oro\tmoriginal.exe () [File not signed]
FirewallRules: [{098E0E4B-3D6E-4866-8822-7E8A62D88589}] => (Block) C:\program files (x86)\trackmania original oro\tmoriginal.exe () [File not signed]
FirewallRules: [{E7C28966-D831-42BB-A36C-C58795098FA0}] => (Block) C:\program files (x86)\trackmania original oro\tmoriginal.exe () [File not signed]
FirewallRules: [{A61757C4-624D-4CF9-8729-08378AD3E020}] => (Allow) C:\Users\Marcela\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{97990A31-A5FD-48AD-94BF-DB57751452E8}C:\users\marcela\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\marcela\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{FE5A3454-6A06-4E97-9905-125355997E34}C:\users\marcela\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\marcela\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{324EA12A-9BE1-4685-A334-520FF6CFF35E}C:\users\marcela\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\marcela\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{7BEA2AAA-AFAE-4187-9D09-37D21B1FAC61}C:\users\marcela\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\marcela\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A0AE43FE-4B98-4C4A-8591-4FD85A14A752}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{155D783F-DE2B-484B-B8C0-ACCE30897AFD}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7CD686FF-C341-48A7-B9E6-D8D199AACFCF}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E9826B49-81FC-4DED-9942-DFF1B6284DF5}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D1FCF50C-B5F3-4077-A95F-C61AEDF66F07}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A04369BB-5F71-48F8-BE98-5F4E0998079A}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C9A8D27F-E788-432E-97E1-A3C071F92D51}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{474D034F-927E-4141-B05A-2369D4BBF72E}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{E4533A27-94F3-40D9-AE58-D35774555127}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe No File
FirewallRules: [UDP Query User{0E2348C6-E632-41B4-AC69-5523653E486C}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe No File
FirewallRules: [{F9736EA0-C737-4640-87C7-F2DBC7D10A43}] => (Allow) C:\Program Files (x86)\Microsoft Games\Zoo Tycoon 2\zt.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{43030B81-B705-4641-9B66-D5554E9C3764}] => (Allow) C:\Program Files (x86)\Microsoft Games\Zoo Tycoon 2\zt.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{497ACCF1-FDEF-4714-8A5D-50D6B0D903E9}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{25B44AF1-0ACA-42FD-B4F3-539EED6272B5}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{B75496C1-FB18-4E88-8AE3-0A67561D620E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

13-06-2018 16:38:22 Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810
13-06-2018 16:44:57 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918
13-06-2018 16:51:22 Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810
13-06-2018 16:58:07 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215
03-07-2018 11:44:01 Punto de control programado
10-07-2018 20:29:51 Punto de control programado
25-07-2018 19:27:19 Instalado Zoo Tycoon 2 - Marine Mania
25-07-2018 19:45:54 Instalado Zoo Tycoon 2 - Extinct Animals
26-07-2018 07:06:21 Eliminado Zoo Tycoon 2 - Extinct Animals
26-07-2018 07:24:44 Instalado Zoo Tycoon 2 - African Adventure
26-07-2018 07:41:54 Instalado Zoo Tycoon 2 - Extinct Animals
26-07-2018 08:01:03 Instalado Zoo Tycoon 2 - Marine Mania
31-08-2018 20:07:10 Punto de control programado
08-10-2018 11:59:23 Windows Update
30-10-2018 14:32:19 Windows Update
03-11-2018 13:38:06 Windows Update
03-11-2018 16:35:58 Windows Update
04-11-2018 08:45:12 Windows Update
06-11-2018 18:12:11 Windows Update
09-12-2018 20:13:57 Windows Update
09-12-2018 21:33:32 Windows Update
02-04-2019 08:43:07 Windows Update
10-07-2019 13:33:38 Windows Update
10-07-2019 15:02:11 Windows Update
10-07-2019 17:57:03 Revo Uninstaller's restore point - IObit Uninstaller
10-07-2019 18:12:13 Revo Uninstaller's restore point - Advanced SystemCare 11
10-07-2019 19:04:18 Revo Uninstaller's restore point - Bing Bar
10-07-2019 19:39:29 Revo Uninstaller's restore point - Avast Free Antivirus
10-07-2019 19:55:25 Revo Uninstaller's restore point - Avast Cleanup Premium
10-07-2019 22:39:14 Windows Update
11-07-2019 03:00:45 Windows Update
11-07-2019 04:22:06 Windows Update
12-07-2019 18:22:49 Windows Update
13-07-2019 03:00:50 Windows Update
14-07-2019 03:00:32 Windows Update
14-07-2019 04:01:10 Windows Update
15-07-2019 03:00:36 Windows Update

==================== Faulty Device Manager Devices =============

Name: Controladora de bus serie universal(USB)
Description: Controladora de bus serie universal(USB)
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/16/2019 12:48:23 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa FRST64.exe, versión 15.7.2019.1, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, compruebe el historial de problemas en el panel de control Centro de actividades.

Identificador de proceso: 1fd4

Hora de inicio: 01d53b88af2913c8

Hora de finalización: 10

Ruta de acceso de la aplicación: C:\Users\Marcela\Desktop\FRST64.exe

Identificador de informe: 608a35e9-a77c-11e9-9f48-80ee732122fd

Error: (07/16/2019 12:35:56 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (07/15/2019 11:28:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (07/15/2019 08:59:32 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhost (1792) Al intentar abrir el archivo "C:\Users\Marcela\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" para acceso de sólo lectura se produjo el error de sistema 32 (0x00000020): "El proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso. ". La operación para abrir el archivo se cerrará con el error -1032 (0xfffffbf8).

Error: (07/15/2019 04:53:47 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhost (1792) Al intentar abrir el archivo "C:\Users\Marcela\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" para acceso de sólo lectura se produjo el error de sistema 32 (0x00000020): "El proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso. ". La operación para abrir el archivo se cerrará con el error -1032 (0xfffffbf8).

Error: (07/15/2019 12:52:35 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (07/15/2019 12:42:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (07/15/2019 03:47:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: AGSService.exe, versión: 6.3.1.77, marca de tiempo: 0x5d1d9e85
Nombre del módulo con errores: AGSService.exe, versión: 6.3.1.77, marca de tiempo: 0x5d1d9e85
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x000ad5fc
Id. del proceso con errores: 0x670
Hora de inicio de la aplicación con errores: 0x01d53aa6ce51ac1a
Ruta de acceso de la aplicación con errores: C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
Ruta de acceso del módulo con errores: C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
Id. del informe: 6b9fa1c5-a6cc-11e9-8965-80ee732122fd


System errors:
=============
Error: (07/16/2019 12:28:19 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: El agente proxy de DNS no puede asignar 0 bytes de memoria. Esto puede indicar que el sistema tiene poca memoria virtual o que el administrador de memoria ha encontrado un error interno.

Error: (07/15/2019 10:51:28 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: El agente proxy de DNS no puede asignar 0 bytes de memoria. Esto puede indicar que el sistema tiene poca memoria virtual o que el administrador de memoria ha encontrado un error interno.

Error: (07/15/2019 09:51:28 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: El agente proxy de DNS no puede asignar 0 bytes de memoria. Esto puede indicar que el sistema tiene poca memoria virtual o que el administrador de memoria ha encontrado un error interno.

Error: (07/15/2019 08:51:28 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: El agente proxy de DNS no puede asignar 0 bytes de memoria. Esto puede indicar que el sistema tiene poca memoria virtual o que el administrador de memoria ha encontrado un error interno.

Error: (07/15/2019 07:51:28 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: El agente proxy de DNS no puede asignar 0 bytes de memoria. Esto puede indicar que el sistema tiene poca memoria virtual o que el administrador de memoria ha encontrado un error interno.

Error: (07/15/2019 12:51:27 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: El agente proxy de DNS no puede asignar 0 bytes de memoria. Esto puede indicar que el sistema tiene poca memoria virtual o que el administrador de memoria ha encontrado un error interno.

Error: (07/15/2019 12:51:26 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: El agente proxy de DNS no puede asignar 0 bytes de memoria. Esto puede indicar que el sistema tiene poca memoria virtual o que el administrador de memoria ha encontrado un error interno.

Error: (07/15/2019 12:41:39 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: El cierre anterior del sistema a las 5:40:58 del ‎15/‎07/‎2019 resultó inesperado.


Windows Defender:
===================================
Date: 2015-10-12 02:53:08.384
Description: 
El examen de Windows Defender se detuvo antes de completarse.
Id. de examen:{BE1730D2-1C6E-44D2-B001-70F228FB789D}
Tipo de examen:AntiSpyware
Parámetros de examen:Examen rápido
Usuario:NT AUTHORITY\Servicio de red

Date: 2015-10-04 09:19:05.280
Description: 
El examen de Windows Defender se detuvo antes de completarse.
Id. de examen:{FB72A926-2F0A-46D3-9270-E62CE5711801}
Tipo de examen:AntiSpyware
Parámetros de examen:Examen rápido
Usuario:NT AUTHORITY\Servicio de red

Date: 2015-08-31 02:39:03.502
Description: 
Windows Defender detectó spyware u otro software potencialmente no deseado.
Para obtener más información, consulte lo siguiente:
http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/Diplugem&threatid=213571
Nombre:BrowserModifier:Win32/Diplugem
Id.:213571
Gravedad:Alta
Categoría:Modificador de explorador
Ruta de acceso encontrada:file:C:\Program Files (x86)\GoSave\r7Q26XRNaKQP2e.dat;file:C:\Program Files (x86)\GoSave\r7Q26XRNaKQP2e.tlb;file:C:\Program Files (x86)\GoSave\ZEbfynLkhx72MJ.dat;file:C:\Program Files (x86)\GoSave\ZEbfynLkhx72MJ.tlb;file:C:\Program Files (x86)\YoutubeAdBlocke\hzZz6SoH4rZ59L.dat;file:C:\Program Files (x86)\YoutubeAdBlocke\hzZz6SoH4rZ59L.exe;file:C:\Program Files (x86)\YoutubeAdBlocke\hzZz6SoH4rZ59L.tlb;folder:C:\Program Files (x86)\GoSave\;folder:C:\Program Files (x86)\YoutubeAdBlocke\;interface:HKLM\SOFTWARE\CLASSES\INTERFACE\{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0};interface:HKLM\SOFTWARE\CLASSES\INTERFACE\{9B41579A-1996-42F9-8F84-7B7786818CEF};interface:HKLM\SOFTWARE\CLASSES\INTERFACE\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC};interface:HKLM\SOFTWARE\CLASSES\Wow6432Node\INTERFACE\{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0};interface:HKLM\SOFTWARE\CLASSES\Wow6432Node\INTERFACE\{9B41579A-1996-42F9-8F84-7B7786818CEF};interface:HKLM\SOFTWARE\CLASSES\Wow6432Node\INTERFACE\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC};interface:H
Tipo de detección:Concreto
Origen de detección:Sistema
Estado:Desconocido
Usuario:NT AUTHORITY\Servicio de red
Nombre de proceso:c:\program files\windows defender\MpCmdRun.exe

Date: 2015-08-31 02:38:00.317
Description: 
Windows Defender detectó spyware u otro software potencialmente no deseado.
Para obtener más información, consulte lo siguiente:
http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/Diplugem&threatid=213571
Nombre:BrowserModifier:Win32/Diplugem
Id.:213571
Gravedad:Alta
Categoría:Modificador de explorador
Ruta de acceso encontrada:file:C:\Program Files (x86)\GoSave\r7Q26XRNaKQP2e.dat;file:C:\Program Files (x86)\GoSave\r7Q26XRNaKQP2e.tlb;file:C:\Program Files (x86)\GoSave\ZEbfynLkhx72MJ.dat;file:C:\Program Files (x86)\GoSave\ZEbfynLkhx72MJ.tlb;file:C:\Program Files (x86)\YoutubeAdBlocke\hzZz6SoH4rZ59L.dat;file:C:\Program Files (x86)\YoutubeAdBlocke\hzZz6SoH4rZ59L.exe;file:C:\Program Files (x86)\YoutubeAdBlocke\hzZz6SoH4rZ59L.tlb;folder:C:\Program Files (x86)\GoSave\;folder:C:\Program Files (x86)\YoutubeAdBlocke\;interface:HKLM\SOFTWARE\CLASSES\INTERFACE\{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0};interface:HKLM\SOFTWARE\CLASSES\INTERFACE\{9B41579A-1996-42F9-8F84-7B7786818CEF};interface:HKLM\SOFTWARE\CLASSES\INTERFACE\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC};interface:HKLM\SOFTWARE\Wow6432Node\CLASSES\INTERFACE\{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0};interface:HKLM\SOFTWARE\Wow6432Node\CLASSES\INTERFACE\{9B41579A-1996-42F9-8F84-7B7786818CEF};interface:HKLM\SOFTWARE\Wow6432Node\CLASSES\INTERFACE\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC};regkey:HKLM
Tipo de detección:Concreto
Origen de detección:Sistema
Estado:Desconocido
Usuario:NT AUTHORITY\Servicio de red
Nombre de proceso:c:\program files\windows defender\MpCmdRun.exe

Date: 2015-06-22 03:37:06.008
Description: 
El examen de Windows Defender se detuvo antes de completarse.
Id. de examen:{E5174859-5887-4B2E-B075-4D97FD58080D}
Tipo de examen:AntiSpyware
Parámetros de examen:Examen rápido
Usuario:NT AUTHORITY\Servicio de red

Date: 2014-01-04 00:37:41.254
Description: 
Windows Defender encontró un error al intentar cargar firmas e intentará restablecer un conjunto de firmas conocidas.
Firmas intentadas:Actual
Código de error:0x80070002
Descripción de error:El sistema no puede encontrar el archivo especificado. 
Versión de firma:0.0.0.0
Versión de motor:0.0.0.0

Date: 2014-01-04 00:27:47.754
Description: 
Windows Defender encontró un error al intentar cargar firmas e intentará restablecer un conjunto de firmas conocidas.
Firmas intentadas:Actual
Código de error:0x80070002
Descripción de error:El sistema no puede encontrar el archivo especificado. 
Versión de firma:0.0.0.0
Versión de motor:0.0.0.0

Date: 2014-01-03 22:26:21.599
Description: 
Windows Defender encontró un error al intentar cargar firmas e intentará restablecer un conjunto de firmas conocidas.
Firmas intentadas:Actual
Código de error:0x80070002
Descripción de error:El sistema no puede encontrar el archivo especificado. 
Versión de firma:0.0.0.0
Versión de motor:0.0.0.0

CodeIntegrity:
===================================

Date: 2015-10-12 22:37:19.319
Description: 
Windows no puede comprobar la integridad del archivo \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe porque se revocó el certificado de firma. Compruebe con el editor si hay disponible una nueva versión firmada del módulo de kernel.

Date: 2015-10-12 22:37:19.309
Description: 
Windows no puede comprobar la integridad del archivo \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe porque se revocó el certificado de firma. Compruebe con el editor si hay disponible una nueva versión firmada del módulo de kernel.

Date: 2015-10-12 22:37:19.294
Description: 
Windows no puede comprobar la integridad del archivo \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe porque se revocó el certificado de firma. Compruebe con el editor si hay disponible una nueva versión firmada del módulo de kernel.

Date: 2015-10-12 22:37:19.228
Description: 
Windows no puede comprobar la integridad del archivo \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe porque se revocó el certificado de firma. Compruebe con el editor si hay disponible una nueva versión firmada del módulo de kernel.

Date: 2015-10-12 22:37:18.767
Description: 
Windows no puede comprobar la integridad del archivo \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe porque se revocó el certificado de firma. Compruebe con el editor si hay disponible una nueva versión firmada del módulo de kernel.

Date: 2015-10-12 22:37:18.754
Description: 
Windows no puede comprobar la integridad del archivo \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe porque se revocó el certificado de firma. Compruebe con el editor si hay disponible una nueva versión firmada del módulo de kernel.

Date: 2015-10-12 22:37:18.741
Description: 
Windows no puede comprobar la integridad del archivo \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe porque se revocó el certificado de firma. Compruebe con el editor si hay disponible una nueva versión firmada del módulo de kernel.

Date: 2015-10-12 22:37:18.677
Description: 
Windows no puede comprobar la integridad del archivo \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe porque se revocó el certificado de firma. Compruebe con el editor si hay disponible una nueva versión firmada del módulo de kernel.

==================== Memory info =========================== 

BIOS: American Megatrends Inc. 1.04.NEW Test 09/05/2011
Motherboard: INTEL Corporation HURONRIVER
Processor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz
Percentage of memory in use: 89%
Total physical RAM: 4005.7 MB
Available physical RAM: 424.01 MB
Total Virtual: 8009.54 MB
Available Virtual: 3177.31 MB

==================== Drives ================================

Drive c: (Philco) (Fixed) (Total:459.8 GB) (Free:241.42 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{0cc562c3-b798-11e1-b85d-806e6f6e6963}\ (System) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
\\?\Volume{0cc562c4-b798-11e1-b85d-806e6f6e6963}\ (Recovery) (Fixed) (Total:5.86 GB) (Free:0.3 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 24D065D1)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=5.9 GB) - (Type=27)
Partition 3: (Not Active) - (Size=459.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Hola Daniela espero hayan pasado bien. Espero no me aconsejes que la tire por el balcón. Agradezco mucho tu atención. Saludos

Hola

:arrow_forward: MUY Importante :arrow_backward: Realiza una copia de seguridad del registro :

  • Para hacerlo descarga :arrow_forward: DelFix.exe( en tu escritorio).

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona -Ejecutar como Administrador-).

  • Atención, ahora marca/selecciona únicamente la casilla "Create registry backup", las demás NO.

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

A continuación inicia tu equipo desde el Modo Seguro de Windows sin función de red

:warning: Con los demás programas cerrados ve a :arrow_forward: Inicio :arrow_forward: Ejecutar :arrow_forward: y escribe Notepad.exe.

  • Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad.
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
HKU\S-1-5-21-626170639-4164473826-2000900811-1000\...\MountPoints2: D - D:\juegos.exe
HKU\S-1-5-21-626170639-4164473826-2000900811-1000\...\MountPoints2: {498bd0cc-2855-11e2-a614-80ee732122fd} - E:\AutoRun.exe
HKU\S-1-5-21-626170639-4164473826-2000900811-1000\...\MountPoints2: {59caf3bb-73af-11e2-be01-80ee732122fd} - E:\AutoRun.exe
HKU\S-1-5-21-626170639-4164473826-2000900811-1000\...\MountPoints2: {647dae26-02db-11e4-b3dd-80ee732122fd} - E:\AutoRun.exe
HKU\S-1-5-21-626170639-4164473826-2000900811-1000\...\MountPoints2: {710f8fdc-eb14-11e1-a3af-80ee732122fd} - E:\AutoRun.exe
HKU\S-1-5-21-626170639-4164473826-2000900811-1000\...\MountPoints2: {710f8fea-eb14-11e1-a3af-80ee732122fd} - E:\AutoRun.exe
HKU\S-1-5-21-626170639-4164473826-2000900811-1000\...\MountPoints2: {8bc2bc47-f828-11e1-87fc-80ee732122fd} - E:\setup.exe -a
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-626170639-4164473826-2000900811-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {B9DF0D16-4670-4C1C-BA7C-7568A1898138} - no filepath
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {2DEF1DD6-F4AB-45D9-8BC7-D94A8863EBA6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-626170639-4164473826-2000900811-1000 -> DefaultScope {BB4E729C-15E7-47C8-A350-18EA46E1D64E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-626170639-4164473826-2000900811-1000 -> {BB4E729C-15E7-47C8-A350-18EA46E1D64E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-626170639-4164473826-2000900811-1000 -> ÛŸÆîZ§’2¹Þpv¨IÍá*X(Ž2s(ÛÎÀJºÔÓµ± vË°!×—(ä¼48иpatm6êo^Mp`Ëõ÷_i£w˜¾!„Áû†x¢8€ÙjÀÿþ ´Ñ;áa´[¦†8 º~RÙxœòÜ8'£-)x¬ä¬ URL = 
Toolbar: HKLM - No Name - !{98889811-442D-49dd-99D7-DC866BE87DBC} -  No File
Toolbar: HKLM-x32 - No Name - !{98889811-442D-49dd-99D7-DC866BE87DBC} -  No File
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} -  No File
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Chrome Media Router) - C:\Users\Marcela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-07-14]
S3 cpuz143; \??\C:\windows\temp\cpuz143\cpuz143_x64.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [TVCShellExt] -> {4E33A7F5-8083-4C08-9D45-C5CED88F5C04} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
2019-07-15 23:29 - 2019-07-15 23:29 - 000113664 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\_ctypes.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000173568 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\_elementtree.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 001800192 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\_hashlib.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000032256 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\_multiprocessing.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000046080 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\_psutil_windows.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000047616 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\_socket.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 002230784 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\_ssl.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000026112 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\_yappi.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000080896 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\bz2.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 006277632 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\cello.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000014848 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\common.time34.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000007680 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\hashobjs_ext.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000301568 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\PIL._imaging.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000169472 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\pyexpat.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 001084416 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\pysqlite2._sqlite.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000548864 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\pythoncom27.dll
2019-07-15 23:29 - 2019-07-15 23:29 - 000137728 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\pywintypes27.dll
2019-07-15 23:29 - 2019-07-15 23:29 - 000010752 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\select.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000020992 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\thumbnails_ext.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000689664 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\unicodedata.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000118784 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\usb_ext.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000128512 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\win32api.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000438784 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\win32com.shell.shell.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000011776 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\win32crypt.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000023040 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\win32event.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000149504 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\win32file.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000223232 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\win32gui.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000048128 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\win32inet.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000029696 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\win32pdh.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000027648 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\win32pipe.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000044032 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\win32process.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000020480 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\win32profile.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000136192 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\win32security.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000026624 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\win32ts.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000034304 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\windows.conditional.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000038400 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\windows.connectivity.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000073216 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\windows.device_monitor.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000110592 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\windows.volumes.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000020480 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\windows.winwrap.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 001325056 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\wx._controls_.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 001489408 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\wx._core_.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 001007104 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\wx._gdi_.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000103424 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\wx._html2.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000916992 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\wx._misc_.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 001039872 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\wx._windows_.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000202240 _____ (wxWidgets development team) [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\wxbase30u_net_vc90_x64.dll
2019-07-15 23:29 - 2019-07-15 23:29 - 002831872 _____ (wxWidgets development team) [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\wxbase30u_vc90_x64.dll
2019-07-15 23:29 - 2019-07-15 23:29 - 001654784 _____ (wxWidgets development team) [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\wxmsw30u_adv_vc90_x64.dll
2019-07-15 23:29 - 2019-07-15 23:29 - 006542336 _____ (wxWidgets development team) [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\wxmsw30u_core_vc90_x64.dll
2019-07-15 23:29 - 2019-07-15 23:29 - 000773632 _____ (wxWidgets development team) [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\wxmsw30u_html_vc90_x64.dll
2019-07-15 23:29 - 2019-07-15 23:29 - 000137216 _____ (wxWidgets development team) [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\wxmsw30u_webview_vc90_x64.dll
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\ProgramData\TEMP:0CFE8F97 [254]
AlternateDataStreams: C:\ProgramData\TEMP:98181191 [143]
FirewallRules: [TCP Query User{7E399279-357A-415E-83C0-65D3D8E004A3}C:\program files (x86)\trackmania original oro\tmoriginal.exe] => (Allow) C:\program files (x86)\trackmania original oro\tmoriginal.exe () [File not signed]
FirewallRules: [UDP Query User{E4020FA8-4EE3-4B83-99FB-4BCADD64E272}C:\program files (x86)\trackmania original oro\tmoriginal.exe] => (Allow) C:\program files (x86)\trackmania original oro\tmoriginal.exe () [File not signed]
FirewallRules: [{098E0E4B-3D6E-4866-8822-7E8A62D88589}] => (Block) C:\program files (x86)\trackmania original oro\tmoriginal.exe () [File not signed]
FirewallRules: [{E7C28966-D831-42BB-A36C-C58795098FA0}] => (Block) C:\program files (x86)\trackmania original oro\tmoriginal.exe () [File not signed]
FirewallRules: [TCP Query User{E4533A27-94F3-40D9-AE58-D35774555127}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe No File
FirewallRules: [UDP Query User{0E2348C6-E632-41B4-AC69-5523653E486C}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe No File
FirewallRules: [{F9736EA0-C737-4640-87C7-F2DBC7D10A43}] => (Allow) C:\Program Files (x86)\Microsoft Games\Zoo Tycoon 2\zt.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{43030B81-B705-4641-9B66-D5554E9C3764}] => (Allow) C:\Program Files (x86)\Microsoft Games\Zoo Tycoon 2\zt.exe (Microsoft Corporation) [File not signed]

HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Guárdalo bajo el nombre de FIXLIST.TXT en el escritorio :arrow_backward: Esto es muy importante.

:o: Nota :o: Es importante que la herramienta FRST.exe (Farbar Recovery Scanner Tool) y FIXLIST.TXT se encuentren en la misma ubicación (escritorio) o si no, no trabajara.


  • Ejecuta FRST.exe.(Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas -Ejecutar como Administrador-).
  • Presionar el botón FIX y aguardar a que termine.
  • La Herramienta guardara el reporte de reparación en el escritorio (FIXLOG.TXT).

Pega el contenido de este fichero en tu próxima respuesta.

Reiniciar el equipo y comprobar su funcionamiento en relación al problema planteado y comentarlo.

Un saludo

Hola Daniela: Paso el reporte FIXLOG.TXT

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-07-2019 01
Ran by Marcela (16-07-2019 15:11:11) Run:1
Running from C:\Users\Marcela\Desktop
Loaded Profiles: Marcela (Available Profiles: Marcela)
Boot Mode: Safe Mode (minimal)
==============================================

fixlist content:
*****************
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
HKU\S-1-5-21-626170639-4164473826-2000900811-1000\...\MountPoints2: D - D:\juegos.exe
HKU\S-1-5-21-626170639-4164473826-2000900811-1000\...\MountPoints2: {498bd0cc-2855-11e2-a614-80ee732122fd} - E:\AutoRun.exe
HKU\S-1-5-21-626170639-4164473826-2000900811-1000\...\MountPoints2: {59caf3bb-73af-11e2-be01-80ee732122fd} - E:\AutoRun.exe
HKU\S-1-5-21-626170639-4164473826-2000900811-1000\...\MountPoints2: {647dae26-02db-11e4-b3dd-80ee732122fd} - E:\AutoRun.exe
HKU\S-1-5-21-626170639-4164473826-2000900811-1000\...\MountPoints2: {710f8fdc-eb14-11e1-a3af-80ee732122fd} - E:\AutoRun.exe
HKU\S-1-5-21-626170639-4164473826-2000900811-1000\...\MountPoints2: {710f8fea-eb14-11e1-a3af-80ee732122fd} - E:\AutoRun.exe
HKU\S-1-5-21-626170639-4164473826-2000900811-1000\...\MountPoints2: {8bc2bc47-f828-11e1-87fc-80ee732122fd} - E:\setup.exe -a
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-626170639-4164473826-2000900811-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {B9DF0D16-4670-4C1C-BA7C-7568A1898138} - no filepath
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {2DEF1DD6-F4AB-45D9-8BC7-D94A8863EBA6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-626170639-4164473826-2000900811-1000 -> DefaultScope {BB4E729C-15E7-47C8-A350-18EA46E1D64E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-626170639-4164473826-2000900811-1000 -> {BB4E729C-15E7-47C8-A350-18EA46E1D64E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-626170639-4164473826-2000900811-1000 -> ۟��Z��2��pv�I��*X(�2s(���J��ӵ�� v˰!ח(�48иpatm6�o^Mp`���_i�w��!�����x�8��j��� ��;�a�[��8 �~�R�x���8'�-)x�� URL = 
Toolbar: HKLM - No Name - !{98889811-442D-49dd-99D7-DC866BE87DBC} -  No File
Toolbar: HKLM-x32 - No Name - !{98889811-442D-49dd-99D7-DC866BE87DBC} -  No File
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} -  No File
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Chrome Media Router) - C:\Users\Marcela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-07-14]
S3 cpuz143; \??\C:\windows\temp\cpuz143\cpuz143_x64.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [TVCShellExt] -> {4E33A7F5-8083-4C08-9D45-C5CED88F5C04} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
2019-07-15 23:29 - 2019-07-15 23:29 - 000113664 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\_ctypes.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000173568 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\_elementtree.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 001800192 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\_hashlib.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000032256 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\_multiprocessing.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000046080 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\_psutil_windows.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000047616 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\_socket.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 002230784 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\_ssl.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000026112 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\_yappi.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000080896 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\bz2.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 006277632 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\cello.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000014848 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\common.time34.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000007680 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\hashobjs_ext.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000301568 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\PIL._imaging.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000169472 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\pyexpat.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 001084416 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\pysqlite2._sqlite.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000548864 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\pythoncom27.dll
2019-07-15 23:29 - 2019-07-15 23:29 - 000137728 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\pywintypes27.dll
2019-07-15 23:29 - 2019-07-15 23:29 - 000010752 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\select.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000020992 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\thumbnails_ext.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000689664 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\unicodedata.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000118784 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\usb_ext.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000128512 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\win32api.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000438784 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\win32com.shell.shell.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000011776 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\win32crypt.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000023040 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\win32event.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000149504 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\win32file.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000223232 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\win32gui.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000048128 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\win32inet.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000029696 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\win32pdh.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000027648 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\win32pipe.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000044032 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\win32process.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000020480 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\win32profile.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000136192 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\win32security.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000026624 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\win32ts.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000034304 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\windows.conditional.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000038400 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\windows.connectivity.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000073216 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\windows.device_monitor.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000110592 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\windows.volumes.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000020480 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\windows.winwrap.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 001325056 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\wx._controls_.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 001489408 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\wx._core_.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 001007104 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\wx._gdi_.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000103424 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\wx._html2.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000916992 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\wx._misc_.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 001039872 _____ () [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\wx._windows_.pyd
2019-07-15 23:29 - 2019-07-15 23:29 - 000202240 _____ (wxWidgets development team) [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\wxbase30u_net_vc90_x64.dll
2019-07-15 23:29 - 2019-07-15 23:29 - 002831872 _____ (wxWidgets development team) [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\wxbase30u_vc90_x64.dll
2019-07-15 23:29 - 2019-07-15 23:29 - 001654784 _____ (wxWidgets development team) [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\wxmsw30u_adv_vc90_x64.dll
2019-07-15 23:29 - 2019-07-15 23:29 - 006542336 _____ (wxWidgets development team) [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\wxmsw30u_core_vc90_x64.dll
2019-07-15 23:29 - 2019-07-15 23:29 - 000773632 _____ (wxWidgets development team) [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\wxmsw30u_html_vc90_x64.dll
2019-07-15 23:29 - 2019-07-15 23:29 - 000137216 _____ (wxWidgets development team) [File not signed] C:\Users\Marcela\AppData\Local\Temp\_MEI16002\wxmsw30u_webview_vc90_x64.dll
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\ProgramData\TEMP:0CFE8F97 [254]
AlternateDataStreams: C:\ProgramData\TEMP:98181191 [143]
FirewallRules: [TCP Query User{7E399279-357A-415E-83C0-65D3D8E004A3}C:\program files (x86)\trackmania original oro\tmoriginal.exe] => (Allow) C:\program files (x86)\trackmania original oro\tmoriginal.exe () [File not signed]
FirewallRules: [UDP Query User{E4020FA8-4EE3-4B83-99FB-4BCADD64E272}C:\program files (x86)\trackmania original oro\tmoriginal.exe] => (Allow) C:\program files (x86)\trackmania original oro\tmoriginal.exe () [File not signed]
FirewallRules: [{098E0E4B-3D6E-4866-8822-7E8A62D88589}] => (Block) C:\program files (x86)\trackmania original oro\tmoriginal.exe () [File not signed]
FirewallRules: [{E7C28966-D831-42BB-A36C-C58795098FA0}] => (Block) C:\program files (x86)\trackmania original oro\tmoriginal.exe () [File not signed]
FirewallRules: [TCP Query User{E4533A27-94F3-40D9-AE58-D35774555127}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe No File
FirewallRules: [UDP Query User{0E2348C6-E632-41B4-AC69-5523653E486C}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe No File
FirewallRules: [{F9736EA0-C737-4640-87C7-F2DBC7D10A43}] => (Allow) C:\Program Files (x86)\Microsoft Games\Zoo Tycoon 2\zt.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{43030B81-B705-4641-9B66-D5554E9C3764}] => (Allow) C:\Program Files (x86)\Microsoft Games\Zoo Tycoon 2\zt.exe (Microsoft Corporation) [File not signed]

HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END
*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
HKU\S-1-5-21-626170639-4164473826-2000900811-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D => removed successfully
HKU\S-1-5-21-626170639-4164473826-2000900811-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{498bd0cc-2855-11e2-a614-80ee732122fd} => removed successfully
HKLM\Software\Classes\CLSID\{498bd0cc-2855-11e2-a614-80ee732122fd} => not found
HKU\S-1-5-21-626170639-4164473826-2000900811-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{59caf3bb-73af-11e2-be01-80ee732122fd} => removed successfully
HKLM\Software\Classes\CLSID\{59caf3bb-73af-11e2-be01-80ee732122fd} => not found
HKU\S-1-5-21-626170639-4164473826-2000900811-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{647dae26-02db-11e4-b3dd-80ee732122fd} => removed successfully
HKLM\Software\Classes\CLSID\{647dae26-02db-11e4-b3dd-80ee732122fd} => not found
HKU\S-1-5-21-626170639-4164473826-2000900811-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{710f8fdc-eb14-11e1-a3af-80ee732122fd} => removed successfully
HKLM\Software\Classes\CLSID\{710f8fdc-eb14-11e1-a3af-80ee732122fd} => not found
HKU\S-1-5-21-626170639-4164473826-2000900811-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{710f8fea-eb14-11e1-a3af-80ee732122fd} => removed successfully
HKLM\Software\Classes\CLSID\{710f8fea-eb14-11e1-a3af-80ee732122fd} => not found
HKU\S-1-5-21-626170639-4164473826-2000900811-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bc2bc47-f828-11e1-87fc-80ee732122fd} => removed successfully
HKLM\Software\Classes\CLSID\{8bc2bc47-f828-11e1-87fc-80ee732122fd} => not found
HKLM\SOFTWARE\Policies\Google => removed successfully
HKU\S-1-5-21-626170639-4164473826-2000900811-1000\SOFTWARE\Policies\Google => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B9DF0D16-4670-4C1C-BA7C-7568A1898138}" => removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2DEF1DD6-F4AB-45D9-8BC7-D94A8863EBA6} => removed successfully
HKLM\Software\Classes\CLSID\{2DEF1DD6-F4AB-45D9-8BC7-D94A8863EBA6} => not found
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => removed successfully
HKLM\Software\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKU\S-1-5-21-626170639-4164473826-2000900811-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-626170639-4164473826-2000900811-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB4E729C-15E7-47C8-A350-18EA46E1D64E} => removed successfully
HKLM\Software\Classes\CLSID\{BB4E729C-15E7-47C8-A350-18EA46E1D64E} => not found
HKU\S-1-5-21-626170639-4164473826-2000900811-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\۟��Z��2��pv�I��*X(�2s(���J��ӵ�� v˰!ח(�48иpatm6�o^Mp`���_i�w��!�����x�8��j��� ��;�a�[��8 �~�R�x���8'�-)x�� => invalid subkey removed.
HKLM\Software\Classes\CLSID\۟��Z��2��pv�I��*X(�2s(���J��ӵ�� v˰!ח(�48иpatm6�o^Mp`���_i�w��!�����x�8��j��� ��;�a�[��8 �~�R�x���8'�-)x�� => not found
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\!{98889811-442D-49dd-99D7-DC866BE87DBC}" => removed successfully
HKLM\Software\Classes\CLSID\!{98889811-442D-49dd-99D7-DC866BE87DBC} => not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\!{98889811-442D-49dd-99D7-DC866BE87DBC}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\!{98889811-442D-49dd-99D7-DC866BE87DBC} => not found
HKLM\Software\Classes\PROTOCOLS\Handler\mso-minsb-roaming.16 => removed successfully
HKLM\Software\Classes\CLSID\{83C25742-A9F7-49FB-9138-434302C88D07} => not found
HKLM\Software\Classes\PROTOCOLS\Handler\osf-roaming.16 => removed successfully
HKLM\Software\Classes\CLSID\{42089D2D-912D-4018-9087-2B87803E93FB} => not found
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
CHR Extension: (Chrome Media Router) - C:\Users\Marcela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-07-14] => Error: No automatic fix found for this entry.
HKLM\System\CurrentControlSet\Services\cpuz143 => removed successfully
cpuz143 => service removed successfully
HKLM\System\CurrentControlSet\Services\esgiguard => removed successfully
esgiguard => service removed successfully
HKLM\System\CurrentControlSet\Services\motccgp => removed successfully
motccgp => service removed successfully
HKLM\System\CurrentControlSet\Services\motccgpfl => removed successfully
motccgpfl => service removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\TVCShellExt => removed successfully
HKLM\Software\Classes\CLSID\{4E33A7F5-8083-4C08-9D45-C5CED88F5C04} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => not found
"C:\Users\Marcela\AppData\Local\Temp\_MEI16002\_ctypes.pyd" => not found
"C:\Users\Marcela\AppData\Local\Temp\_MEI16002\_elementtree.pyd" => not found
"C:\Users\Marcela\AppData\Local\Temp\_MEI16002\_hashlib.pyd" => not found
"C:\Users\Marcela\AppData\Local\Temp\_MEI16002\_multiprocessing.pyd" => not found
"C:\Users\Marcela\AppData\Local\Temp\_MEI16002\_psutil_windows.pyd" => not found
"C:\Users\Marcela\AppData\Local\Temp\_MEI16002\_socket.pyd" => not found
"C:\Users\Marcela\AppData\Local\Temp\_MEI16002\_ssl.pyd" => not found
"C:\Users\Marcela\AppData\Local\Temp\_MEI16002\_yappi.pyd" => not found
"C:\Users\Marcela\AppData\Local\Temp\_MEI16002\bz2.pyd" => not found
"C:\Users\Marcela\AppData\Local\Temp\_MEI16002\cello.pyd" => not found
"C:\Users\Marcela\AppData\Local\Temp\_MEI16002\common.time34.pyd" => not found
"C:\Users\Marcela\AppData\Local\Temp\_MEI16002\hashobjs_ext.pyd" => not found
"C:\Users\Marcela\AppData\Local\Temp\_MEI16002\PIL._imaging.pyd" => not found
"C:\Users\Marcela\AppData\Local\Temp\_MEI16002\pyexpat.pyd" => not found
"C:\Users\Marcela\AppData\Local\Temp\_MEI16002\pysqlite2._sqlite.pyd" => not found
"C:\Users\Marcela\AppData\Local\Temp\_MEI16002\pythoncom27.dll" => not found
"C:\Users\Marcela\AppData\Local\Temp\_MEI16002\pywintypes27.dll" => not found
"C:\Users\Marcela\AppData\Local\Temp\_MEI16002\select.pyd" => not found
"C:\Users\Marcela\AppData\Local\Temp\_MEI16002\thumbnails_ext.pyd" => not found
"C:\Users\Marcela\AppData\Local\Temp\_MEI16002\unicodedata.pyd" => not found
"C:\Users\Marcela\AppData\Local\Temp\_MEI16002\usb_ext.pyd" => not found
"C:\Users\Marcela\AppData\Local\Temp\_MEI16002\win32api.pyd" => not found
"C:\Users\Marcela\AppData\Local\Temp\_MEI16002\win32com.shell.shell.pyd" => not found
"C:\Users\Marcela\AppData\Local\Temp\_MEI16002\win32crypt.pyd" => not found
"C:\Users\Marcela\AppData\Local\Temp\_MEI16002\win32event.pyd" => not found
"C:\Users\Marcela\AppData\Local\Temp\_MEI16002\win32file.pyd" => not found
"C:\Users\Marcela\AppData\Local\Temp\_MEI16002\win32gui.pyd" => not found
"C:\Users\Marcela\AppData\Local\Temp\_MEI16002\win32inet.pyd" => not found
"C:\Users\Marcela\AppData\Local\Temp\_MEI16002\win32pdh.pyd" => not found
"C:\Users\Marcela\AppData\Local\Temp\_MEI16002\win32pipe.pyd" => not found
"C:\Users\Marcela\AppData\Local\Temp\_MEI16002\win32process.pyd" => not found
"C:\Users\Marcela\AppData\Local\Temp\_MEI16002\win32profile.pyd" => not found
"C:\Users\Marcela\AppData\Local\Temp\_MEI16002\win32security.pyd" => not found
"C:\Users\Marcela\AppData\Local\Temp\_MEI16002\win32ts.pyd" => not found
"C:\Users\Marcela\AppData\Local\Temp\_MEI16002\windows.conditional.pyd" => not found
"C:\Users\Marcela\AppData\Local\Temp\_MEI16002\windows.connectivity.pyd" => not found
"C:\Users\Marcela\AppData\Local\Temp\_MEI16002\windows.device_monitor.pyd" => not found
"C:\Users\Marcela\AppData\Local\Temp\_MEI16002\windows.volumes.pyd" => not found
"C:\Users\Marcela\AppData\Local\Temp\_MEI16002\windows.winwrap.pyd" => not found
"C:\Users\Marcela\AppData\Local\Temp\_MEI16002\wx._controls_.pyd" => not found
"C:\Users\Marcela\AppData\Local\Temp\_MEI16002\wx._core_.pyd" => not found
"C:\Users\Marcela\AppData\Local\Temp\_MEI16002\wx._gdi_.pyd" => not found
"C:\Users\Marcela\AppData\Local\Temp\_MEI16002\wx._html2.pyd" => not found
"C:\Users\Marcela\AppData\Local\Temp\_MEI16002\wx._misc_.pyd" => not found
"C:\Users\Marcela\AppData\Local\Temp\_MEI16002\wx._windows_.pyd" => not found
"C:\Users\Marcela\AppData\Local\Temp\_MEI16002\wxbase30u_net_vc90_x64.dll" => not found
"C:\Users\Marcela\AppData\Local\Temp\_MEI16002\wxbase30u_vc90_x64.dll" => not found
"C:\Users\Marcela\AppData\Local\Temp\_MEI16002\wxmsw30u_adv_vc90_x64.dll" => not found
"C:\Users\Marcela\AppData\Local\Temp\_MEI16002\wxmsw30u_core_vc90_x64.dll" => not found
"C:\Users\Marcela\AppData\Local\Temp\_MEI16002\wxmsw30u_html_vc90_x64.dll" => not found
"C:\Users\Marcela\AppData\Local\Temp\_MEI16002\wxmsw30u_webview_vc90_x64.dll" => not found
C:\ProgramData\Reprise => ":wupeogjxlctlfudivq`qsp`28hfm" ADS removed successfully
C:\ProgramData\TEMP => ":0CFE8F97" ADS removed successfully
C:\ProgramData\TEMP => ":98181191" ADS removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{7E399279-357A-415E-83C0-65D3D8E004A3}C:\program files (x86)\trackmania original oro\tmoriginal.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{E4020FA8-4EE3-4B83-99FB-4BCADD64E272}C:\program files (x86)\trackmania original oro\tmoriginal.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{098E0E4B-3D6E-4866-8822-7E8A62D88589}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E7C28966-D831-42BB-A36C-C58795098FA0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E4533A27-94F3-40D9-AE58-D35774555127}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{0E2348C6-E632-41B4-AC69-5523653E486C}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F9736EA0-C737-4640-87C7-F2DBC7D10A43}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{43030B81-B705-4641-9B66-D5554E9C3764}" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-626170639-4164473826-2000900811-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer" => removed successfully
"HKU\S-1-5-21-626170639-4164473826-2000900811-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-626170639-4164473826-2000900811-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows


========= End of CMD: =========


========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

No se puede vaciar la cach‚ de resoluci¢n de DNS: Error de una funci¢n durante la ejecuci¢n.


========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to connect to BITS - 0x8007042c

========= End of CMD: =========


========= netsh advfirewall reset =========


Error al intentar ponerse en contacto con el servicio Firewall de Windows. Aseg£rese de que el servicio se est  ejecutando e intente la solicitud de nuevo.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========


Error al intentar ponerse en contacto con el servicio Firewall de Windows. Aseg£rese de que el servicio se est  ejecutando e intente la solicitud de nuevo.


========= End of CMD: =========


========= netsh int ipv4 reset =========

No hay valores configurados por el usuario para restablecer.


========= End of CMD: =========


========= netsh int ipv6 reset =========

No hay valores configurados por el usuario para restablecer.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 16856135 B
Java, Flash, Steam htmlcache => 595 B
Windows/system/drivers => 19151152 B
Edge => 0 B
Chrome => 39100438 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 87718 B
Public => 0 B
ProgramData => 0 B
systemprofile => 250079499 B
systemprofile32 => 93937 B
LocalService => 16384 B
NetworkService => 0 B
Marcela => 80658453 B

RecycleBin => 22393 B
EmptyTemp: => 387.3 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 15:12:04 ====

Agradezco muchísimo tu ayuda, ahora la reviso un poco y te cuento como va. Que pases un hermoso día.

Hola: la note parece otra, anda mucho mejor. Todavía demora mucho en el inicio pero no saqué programas que se ve arrancan desde ahí pero no hice modificaciones hasta que me des el ok. Al apagar demora mucho y sigue saliendo el cartel que debo esperar que cierren todos los programas y no hay nada abierto. Tampoco instalé un antivirus, espero poner Kaspersky. Tenes alguna otra sugerencia de otro programa antivirus? Espero ver que te pareció el resultado del último análisis y nuevamente muchísimas gracias. Saludos

Hola

Kaspersky es un buen antivirus, no se que versión tenías si la gratuita o la de pago, si es la de pago … que no esté pirateada porque no te servirá de mucho.

Vamos que programas se inician en el arranque:

Abre CCleaner > Herramientas > Inicio. En la pestaña Windows, presiona Guardar a un archivo de texto. Guárdalo con el nombre de “inicio

Luego ve a Herramientas, Inicio, Tareas Programadas, Guardar a un archivo de texto, guárdalo con el nombre de “tareas

Pon los dos informes en tu próxima respuesta.

Un saludo