Infectado por Malware Adware.MailRu.BatBitRst

Hola. Hace meses Malwarebytes me encontró este Malware, y desde entonces busco la manera de eliminarlo sin lograrlo. Hoy os he leído y me parece encomiable la labor que hacéis, muy meticulosa y de tener muchos conocimientos. Me gustaría pediros ayuda, a ver si pudiéramos eliminarlo, pues cada día me cambia configuraciones, etc. La ruta donde está el archivo infectado es C:\USERS\YO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences. Lo elimino y al cabo de un rato…vuelve a estar ahí !.

image.png1318×342 25.8 KB

He pasado todos los programas que comentáis en otros post, pero me quedo donde enviáis un script “a medida”, advirtiendo que solo es para esa persona y ordenador concreto.

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 14/7/19
Hora del análisis: 2:52
Archivo de registro: b08a8ebb-a5d1-11e9-a8a1-10bf4893aef3.json

-Información del software-
Versión: 3.8.3.2965
Versión de los componentes: 1.0.613
Versión del paquete de actualización: 1.0.11536
Licencia: Premium

-Información del sistema-
SO: Windows 10 (Build 18362.239)
CPU: x64
Sistema de archivos: NTFS
Usuario: System

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Programador de tareas
Resultado: Completado
Objetos analizados: 309228
Amenazas detectadas: 1
Amenazas en cuarentena: 0
Tiempo transcurrido: 2 min, 50 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 1
Adware.MailRu.BatBitRst, C:\USERS\YO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Error durante la eliminación, [336], [481467],1.0.11536

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

Muchas gracias por vuestra ayuda, un saludo.

Hola @Galeon

Malwarebytes no lo elimina, da error en la eliminación.

Vas a volver a realizar un análisis pero personalizado.

Realiza los siguientes pasos, aunque hayas hecho alguno, sin cambiar el orden:

1) Descarga, actualiza y ejecuta Malwarebytes’ Anti-Malware, revisa en detalle el manual, para que sepas usarlo y configurarlo.

• Realiza un Análisis de amenazas, actualizando si te lo pide.
• Pulsar en “Cuarentena seleccionado” para enviarlo a la cuarentena y Reinicias el sistema.
• En el apartado del manual Informes Informe de análisis encontrarás el reporte de MBAM, clic en Exportar Copiar al portapapeles.

2) Descarga AdwCleaner | InfoSpyware en el escritorio.

• Desactiva temporalmente el Antivirus Cómo deshabilitar temporalmente su Antivirus.
• Cierra también todos los programas que tengas abiertos.
• Ejecuta Adwcleaner.exe (Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador".)
• Pulsar en el botón Escanear, y espera a que se realice el proceso, inmediatamente pulsa sobre el botón Limpiar.
• Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas.
• Guardas el reporte que te aparecerá, para copiarlo y pegarlo en tu próxima respuesta.
• El informe también se puede encontrar en C:\AdwCleaner\AdwCleaner[C1].txt

3) Descarga CCleaner

• Instala Ccleaner
• Abres Ccleaner en la pestaña limpiador dejas como esta configurada predeterminadamente, haces clic en analizar esperas que termine clic en ejecutar limpiador
• Clic en la pestaña Registro clic en buscar problemas esperas que termine clic en Reparar Seleccionadas y haces una copia de seguridad
• Vuelves a darle clic en buscar problemas hasta que no encuentre ninguno.

Pega los reportes de Malwarebytes y AdwCleaner y comentas como va el problema.

Un saludo

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 14/7/19
Hora del análisis: 5:19
Archivo de registro: 207e6f35-a5e6-11e9-8d26-10bf4893aef3.json

-Información del software-
Versión: 3.8.3.2965
Versión de los componentes: 1.0.613
Versión del paquete de actualización: 1.0.11536
Licencia: Premium

-Información del sistema-
SO: Windows 10 (Build 18362.239)
CPU: x64
Sistema de archivos: NTFS
Usuario: System

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Programador de tareas
Resultado: Completado
Objetos analizados: 309210
Amenazas detectadas: 1
Amenazas en cuarentena: 1
Tiempo transcurrido: 2 min, 55 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 1
Adware.MailRu.BatBitRst, C:\USERS\YO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Sustituido, [336], [481467],1.0.11536

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build:    04-04-2019
# Database: 2019-06-28.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    07-12-2019
# Duration: 00:00:17
# OS:       Windows 8 Pro
# Scanned:  27557
# Detected: 4


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.DriverBooster      C:\ProgramData\IOBIT\Driver Booster
PUP.Optional.DriverBooster      C:\Users\Yo\AppData\Roaming\IOBIT\Driver Booster

***** [ Files ] *****

PUP.Optional.Legacy             C:\Users\Yo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\eBay.lnk
PUP.Optional.Legacy             C:\Users\Yo\AppData\Roaming\Microsoft\Windows\Start Menu\eBay.lnk

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.


AdwCleaner[S00].txt - [1555 octets] - [25/06/2019 05:56:16]
AdwCleaner[C00].txt - [1581 octets] - [25/06/2019 05:57:04]
AdwCleaner[S01].txt - [1675 octets] - [01/07/2019 06:10:19]
AdwCleaner[S02].txt - [1736 octets] - [02/07/2019 12:10:39]
AdwCleaner[S03].txt - [1797 octets] - [02/07/2019 18:08:17]
AdwCleaner[S04].txt - [1858 octets] - [11/07/2019 16:01:35]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S05].txt ##########

Después de limpiar estos cuatro malwares…estuvo media hora reiniciando el portátil y al final lo tuve que apagar forzado. Y en el informe pone que es Windows 8, cuando es Windows 10 Home. Venga un saludo y sigo haciendo lo que me pediste.

Ccleaner Terminado. Bien, en estos minutos entre prueba y prueba he vuelto a pasar el Malwarebytes. El archivo infectado ya se ha vuelto a reproducir!, está oooootra vez en su sitio. Qué mas podemos hacer?

image.png1346×340 24.5 KB

Hola

El reporte de AdwCleaner no es de hoy, vuelve a ejecutarlo y recuerda limpiar si detecta algo.

Pon el reporte y comenta como sigue el problema.

Un saludo

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 14/7/19
Hora del análisis: 5:47
Archivo de registro: 1b9e85f4-a5ea-11e9-b8f7-10bf4893aef3.json

-Información del software-
Versión: 3.8.3.2965
Versión de los componentes: 1.0.613
Versión del paquete de actualización: 1.0.11536
Licencia: Premium

-Información del sistema-
SO: Windows 10 (Build 18362.239)
CPU: x64
Sistema de archivos: NTFS
Usuario: G7VTSH5\Yo

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 318174
Amenazas detectadas: 1
Amenazas en cuarentena: 1
Tiempo transcurrido: 1 min, 56 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Activado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 1
Adware.MailRu.BatBitRst, C:\USERS\YO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Sustituido, [336], [481467],1.0.11536

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

El reporte no es de hoy pero es uno igual. Al tener que forzar el reinicio, se ha borrado. Esto mismo lo he hecho infinidad de veces y me da miedo tener que forzar reinicio, pues una vez ya salió “pantalla azul de la muerte”, y tuve que formatear y reinstalar todo… No obstante, si quieres lo repito.

Listo!. Todos los Malwares se habían reproducido.

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build:    04-04-2019
# Database: 2019-06-28.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    07-14-2019
# Duration: 00:00:10
# OS:       Windows 10 Home
# Scanned:  27557
# Detected: 4


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.DriverBooster      C:\ProgramData\IOBIT\Driver Booster
PUP.Optional.DriverBooster      C:\Users\Yo\AppData\Roaming\IOBIT\Driver Booster

***** [ Files ] *****

PUP.Optional.Legacy             C:\Users\Yo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\eBay.lnk
PUP.Optional.Legacy             C:\Users\Yo\AppData\Roaming\Microsoft\Windows\Start Menu\eBay.lnk

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.


AdwCleaner[S00].txt - [1555 octets] - [25/06/2019 05:56:16]
AdwCleaner[C00].txt - [1581 octets] - [25/06/2019 05:57:04]
AdwCleaner[S01].txt - [1675 octets] - [01/07/2019 06:10:19]
AdwCleaner[S02].txt - [1736 octets] - [02/07/2019 12:10:39]
AdwCleaner[S03].txt - [1797 octets] - [02/07/2019 18:08:17]
AdwCleaner[S04].txt - [1858 octets] - [11/07/2019 16:01:35]
AdwCleaner[S05].txt - [1919 octets] - [12/07/2019 18:44:06]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S06].txt ##########

Hola Daniela. Por lo que veo, parece que Adware.MailRu.BatBitRst hace que se reproduzcan otros archivos nocivos, aparte de él mismo. Ufffff, ya no se que hacer… El PC sigue como al principio, cada vez que reinicio por lo que sea, hay algo cambiado.

A ver que mas podemos hacer…gracias

Hola

Descarga Farbar Recovery Scan Tool. seleccionando la versión adecuada para la arquitectura(32 o 64bits) de tu equipo. [color=#FF8C00][size=1] ¿Cómo saber si mi Windows es de 32 o 64 bits.?[/size][/color]

• Ejecuta FRST.exe.
• En el mensaje de la ventana del Disclaimer, pulsamos Yes
• En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
• Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

Pon los dos reportes generados.

Debes copiarlos y pegarlos con todo su contenido y usaras varios mensajes si recibes un mensaje de error indicando que es muy largo(mas de 50.000 caracteres aprox.).

No realices ningún otro análisis por tu cuenta mientras no vuelva con una respuesta.

Un saludo

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-07-2019
Ran by Yo (administrator) on G7VTSH5 (ASUSTeK COMPUTER INC. K55VD) (14-07-2019 09:33:38)
Running from F:\.DESCARGAS DE NUEVO SOFTWARE
Loaded Profiles: Yo & UpdatusUser (Available Profiles: Yo & UpdatusUser)
Platform: Windows 10 Home Version 1903 18362.175 (X64) Language: Español (España, internacional)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\ImDisk\RamDyn.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTeK Computer Inc. -> AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(CHENGDU YIWO Tech Development Co., Ltd. -> ) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
(CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Invincea, Inc. -> Sandboxie Holdings, LLC) [File not signed] C:\Program Files\Sandboxie\SbieCtrl.exe
(Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avpui.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksdeui.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) [File not signed] C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Samsung Electronics Co., Ltd. -> Samsung Electronics Co. Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe
(Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe
(Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2000-01-01] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1063200 2000-01-01] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-11-21] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [124000 2018-06-20] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-2012946483-35698697-1665133936-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [3682968 2019-06-18] (Invincea, Inc. -> Sandboxie Holdings, LLC) [File not signed]
HKU\S-1-5-21-2012946483-35698697-1665133936-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22695280 2019-06-18] (Piriform Software Ltd -> Piriform Software Ltd)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.100\Installer\chrmstp.exe [2019-06-22] (Google LLC -> Google LLC)
Startup: C:\Users\Yo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar487.lnk [2019-07-14]
ShortcutTarget: Sidebar487.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) [File not signed]
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy-x32: Restriction ? <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0EFD3FCB-C309-47A0-BFC4-4DA10C51CF71} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {1A5CDC3E-95F7-45DE-9E87-85481655DDB5} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-06-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {2088EF44-F92E-4496-B7E0-D6D877D799B1} - System32\Tasks\USBChargerPlusUWP => C:\Program Files (x86)\ASUS\USB Charger Plus Service\StartupUSBChargerPlus.exe [150416 2018-07-04] (ASUSTeK Computer Inc. -> )
Task: {22DFDA5E-78F2-463D-ABBE-F2C1BA447D71} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [18232 2014-03-31] (ASUSTeK Computer Inc. -> AsusTek)
Task: {2689789E-9B3A-4099-AC60-D3237E63CC9D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16667424 2019-06-18] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {29DE66E1-B4DC-4A26-8060-560EEEF268A5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156456 2019-05-11] (Google Inc -> Google LLC)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3DE13885-B2DC-4824-A951-AE3F50ABA1D3} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [124304 2017-11-23] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {5598575E-A560-449B-9B3D-D44285B62696} - System32\Tasks\AMHelper => C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe [656960 2019-07-08] (Zemana D.O.O. Sarajevo -> Zemana Ltd.)
Task: {56CE0990-7FE8-4918-A977-E9732AB94DC3} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe
Task: {59541CCF-EE12-4AF0-AF59-5CB4F95A0BD5} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-06-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {59D6A5E5-393B-43A7-B04C-E9E1C4A5063B} - System32\Tasks\Opera scheduled Autoupdate 1557550227 => C:\Users\Yo\AppData\Local\Programs\Opera\launcher.exe [1519640 2019-06-26] (Opera Software AS -> Opera Software)
Task: {5A3FB241-0B11-4EA5-BC66-0D9F1B406040} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM => {C8367320-6F85-11E0-A1F0-0800200C9A66} C:\WINDOWS\System32\BthTelemetry.dll [32256 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
Task: {5B00491C-C385-486C-8257-E86E1DE7E6E4} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {9FB46494-B43C-46C7-9074-6BC293E5C19D} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [855352 2016-02-19] (Intel(R) Trusted Connect Service -> Intel(R) Corporation)
Task: {A45D42CC-F324-485F-8F84-A943F9A57C4F} - System32\Tasks\Driver Easy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe [3443568 2018-07-26] (Easeware Technology Limited -> Easeware)
Task: {AB5CE49C-0753-48D1-BC43-958442E4E36A} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [1146000 2019-03-14] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co. Ltd.)
Task: {B7FBBEEB-DFF4-4E99-95A4-822D4DD514D8} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [124304 2017-11-23] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {E2FCC35C-C1D8-4DF3-9ADA-404E2C55471C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156456 2019-05-11] (Google Inc -> Google LLC)
Task: {F346B55D-C973-4177-9ACF-4EC3FA5040CA} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-06-18] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {F37ECC29-FB5E-464E-A04C-F57662675F6C} - System32\Tasks\AMSkipUAC => C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe [656960 2019-07-08] (Zemana D.O.O. Sarajevo -> Zemana Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Driver Easy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 80.58.61.250 80.58.61.254
Tcpip\..\Interfaces\{7C90ABB4-724C-40F3-A0CE-9738EF60704E}: [NameServer] 1.1.1.1,1.0.0.1
Tcpip\..\Interfaces\{7C90ABB4-724C-40F3-A0CE-9738EF60704E}: [DhcpNameServer] 80.58.61.250 80.58.61.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2012946483-35698697-1665133936-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2012946483-35698697-1665133936-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-es/?ocid=iehp
BHO: Kaspersky Protection -> {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\IEExt\ie_plugin.dll [2019-07-01] (Kaspersky Lab -> AO Kaspersky Lab)
BHO-x32: Kaspersky Protection -> {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\IEExt\ie_plugin.dll [2019-07-01] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKLM - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\IEExt\ie_plugin.dll [2019-07-01] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\IEExt\ie_plugin.dll [2019-07-01] (Kaspersky Lab -> AO Kaspersky Lab)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi [2019-07-01]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-17] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-17] (Google Inc -> Google LLC)

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.es/advanced_search
CHR Profile: C:\Users\Yo\AppData\Local\Google\Chrome\User Data\Default [2019-07-14]
CHR Extension: (Presentaciones) - C:\Users\Yo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-05-11]
CHR Extension: (Simple Allow Copy) - C:\Users\Yo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aefehdhdciieocakfobpaaolhipkcpgc [2019-07-14]
CHR Extension: (Web Boost - Wait Less, Browse Faster!) - C:\Users\Yo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahbkhnpmoamidjgbneafjipbmdfpefad [2019-05-11]
CHR Extension: (Universal Bypass) - C:\Users\Yo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aihomhdbhpnpmcnnbckjjcebjoikpihj [2019-07-14]
CHR Extension: (Documentos) - C:\Users\Yo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-05-11]
CHR Extension: (Google Drive) - C:\Users\Yo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-05-11]
CHR Extension: (xXNurioXx) - C:\Users\Yo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkpeohkfimdfogdnpcnokjkbpankkmil [2019-05-28]
CHR Extension: (YouTube) - C:\Users\Yo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-05-11]
CHR Extension: (I'm not robot captcha clicker) - C:\Users\Yo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceipnlhmjohemhfpbjdgeigkababhmjc [2019-05-28]
CHR Extension: (Tampermonkey) - C:\Users\Yo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2019-05-19]
CHR Extension: (TSR Ad Skipper) - C:\Users\Yo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fekenfibegpnbagmldepdeajhbgodbae [2019-05-28]
CHR Extension: (Hojas de cálculo) - C:\Users\Yo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-05-11]
CHR Extension: (AdBlock) - C:\Users\Yo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-07-14]
CHR Extension: (adf.ly KILLER) - C:\Users\Yo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipinfggejlkpkomnccoocbdndjalicp [2019-05-28]
CHR Extension: (Chrometana - Redirect Bing Somewhere Better) - C:\Users\Yo\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaicbfmipfpfpjmlbpejaoaflfdnabnc [2019-05-11]
CHR Extension: (Classic Blue) - C:\Users\Yo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmgkofhcnndinbbdbaplplnmdalnc [2019-07-01]
CHR Extension: (Prompts by Story Wars) - C:\Users\Yo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndafjiogibbbdghmbijdgncijcloklod [2019-06-14]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Yo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-05-11]
CHR Extension: (AdFly Skipper) - C:\Users\Yo\AppData\Local\Google\Chrome\User Data\Default\Extensions\obnfifcganohemahpomajbhocfkdgmjb [2019-05-28]
CHR Extension: (Speedtest by Ookla) - C:\Users\Yo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjjikdiikihdfpoppgaidccahalehjh [2019-05-11]
CHR Extension: (Gmail) - C:\Users\Yo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-11]
CHR Extension: (Chrome Media Router) - C:\Users\Yo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-23]
CHR Extension: (RightToCopy) - C:\Users\Yo\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmcimdddlobkphnofejmeidjblideca [2019-05-28]
CHR HKLM\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd
CHR HKLM-x32\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe [619640 2018-02-28] (Kaspersky Lab -> AO Kaspersky Lab)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2019-06-14] (Microsoft Windows -> Microsoft Corporation)
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [40016 2019-04-22] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [316760 2019-06-15] (Intel(R) pGFX -> Intel Corporation)
S2 ImDiskImg; C:\Program Files\ImDisk\MountImg.exe [55296 2019-04-07] () [File not signed]
S2 ImDiskRD; C:\Program Files\ImDisk\RamDiskUI.exe [66560 2019-04-07] () [File not signed]
S3 ImDskSvc; C:\WINDOWS\system32\imdsksvc.exe [31544 2018-11-19] (Lagerkvist Teknisk Rådgivning i Borås HB -> Olof Lagerkvist)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [974632 2016-02-19] (Intel(R) Trusted Connect Service -> Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [209184 2016-05-25] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
S3 klvssbridge64_19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\vssbridge64.exe [414352 2019-07-01] (Kaspersky Lab -> AO Kaspersky Lab)
R2 KSDE3.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe [617016 2018-02-28] (Kaspersky Lab -> AO Kaspersky Lab)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15121184 2000-01-01] (NVIDIA Corporation -> NVIDIA Corporation)
R2 SamsungRapidSvc; C:\WINDOWS\System32\RAPID\SamsungRapidSvc.exe [29280 2018-06-20] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [328344 2019-04-22] (Invincea, Inc. -> Sandboxie Holdings, LLC)
S3 USBChargerService; C:\Program Files (x86)\ASUS\USB Charger Plus Service\USBChargerService.exe [120720 2018-07-04] (ASUSTeK Computer Inc. -> ASUSTek COMPUTER INC.)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MsMpEng.exe [109896 2019-06-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugin"

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 AiCharger; C:\WINDOWS\System32\DRIVERS\AiCharger.sys [29312 2017-10-25] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek Computer Inc.)
R1 amsdk; C:\WINDOWS\system32\drivers\amsdk.sys [232792 2019-07-14] (Zemana D.O.O. Sarajevo -> Copyright 2018.)
R3 AsusTP; C:\WINDOWS\System32\drivers\AsusTP.sys [101872 2019-06-14] (ASUSTeK Computer Inc. -> ASUS Corporation)
R3 athr; C:\WINDOWS\System32\drivers\athw10x.sys [4321160 2019-06-14] (Qualcomm Atheros -> Qualcomm Atheros Communications, Inc.)
R1 ATKWMIACPIIO; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [20096 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek Computer Inc.)
S3 ATP; C:\WINDOWS\System32\drivers\AsusTP.sys [101872 2019-06-14] (ASUSTeK Computer Inc. -> ASUS Corporation)
R2 AWEAlloc; C:\WINDOWS\system32\DRIVERS\awealloc.sys [21048 2018-11-19] (Lagerkvist Teknisk Radgivning i Boras HB -> Olof Lagerkvist)
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [243400 2018-01-27] (Kaspersky Lab -> AO Kaspersky Lab)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
R0 EUBKMON; C:\WINDOWS\System32\drivers\EUBKMON.sys [54152 2019-04-22] (CHENGDU YIWO Tech Development Co., Ltd. -> )
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsRadioControl.sys [34184 2019-06-14] (ASUSTeK Computer Inc. -> ASUS)
R2 ImDisk; C:\WINDOWS\system32\DRIVERS\imdisk.sys [48704 2018-11-19] (Lagerkvist Teknisk Radgivning i Boras HB -> Olof Lagerkvist)
S4 IObitUnlocker; C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [48672 2017-06-19] (IObit Information Technology -> IObit)
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [75600 2019-07-01] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [125568 2019-07-01] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [91472 2019-07-01] (Kaspersky Lab -> AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [29208 2017-03-30] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [236672 2019-07-01] (Kaspersky Lab -> AO Kaspersky Lab)
R1 KLHK; C:\WINDOWS\System32\drivers\klhk.sys [1093248 2019-07-01] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP19.0.0\Bases\klids.sys [197464 2019-07-01] (Kaspersky Lab -> AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1168000 2019-07-01] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klim6; C:\WINDOWS\system32\DRIVERS\klim6.sys [58704 2019-07-01] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [60536 2019-07-01] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [60784 2019-07-01] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [50304 2019-07-01] (Kaspersky Lab -> AO Kaspersky Lab)
S3 klpnpflt; C:\WINDOWS\system32\DRIVERS\klpnpflt.sys [46416 2019-07-01] (Kaspersky Lab -> AO Kaspersky Lab)
R3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [48080 2018-02-12] (AnchorFree Inc -> The OpenVPN Project)
R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [245272 2019-07-01] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [99152 2019-07-01] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [302368 2019-07-01] (Kaspersky Lab -> AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [116104 2019-07-01] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [198768 2019-07-01] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [104576 2019-07-01] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [184960 2019-07-01] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [218240 2019-07-01] (Kaspersky Lab -> AO Kaspersky Lab)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2019-07-01] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [224408 2019-07-14] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2019-07-14] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-07-14] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [116112 2019-07-14] (Malwarebytes Corporation -> Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_1474122a0ce2f241\nvlddmkm.sys [17544792 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
R0 nvpciflt; C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_1474122a0ce2f241\nvpciflt.sys [48480 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [69840 2019-05-19] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [76840 2017-04-01] (NVIDIA Corporation -> NVIDIA Corporation)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] (MiniTool Solution Ltd -> )
R0 SamsungRapidDiskFltr; C:\WINDOWS\System32\DRIVERS\SamsungRapidDiskFltr.sys [288864 2018-06-28] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\WINDOWS\System32\DRIVERS\SamsungRapidFSFltr.sys [119400 2018-06-28] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [228616 2019-04-23] (Invincea, Inc. -> Sandboxie Holdings, LLC)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [47496 2019-06-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [337632 2019-06-15] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [53984 2019-06-15] (Microsoft Windows -> Microsoft Corporation)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2019-06-18] (Zemana Ltd. -> Zemana Ltd.)
S3 cpuz140; \??\C:\Users\Yo\AppData\Local\Temp\cpuz140\cpuz140_x64.sys [X] <==== ATTENTION
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-07-14 09:33 - 2019-07-14 09:33 - 000000000 ____D C:\FRST
2019-07-14 08:42 - 2019-07-14 09:21 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-07-14 08:42 - 2019-07-14 09:21 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-07-14 08:42 - 2019-07-14 08:42 - 000224408 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-07-14 08:42 - 2019-07-14 08:42 - 000116112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-07-14 08:33 - 2019-07-14 08:33 - 000232792 _____ (Copyright 2018.) C:\WINDOWS\system32\Drivers\amsdk.sys
2019-07-14 08:33 - 2019-07-14 08:33 - 000003536 _____ C:\WINDOWS\System32\Tasks\AMHelper
2019-07-14 08:33 - 2019-07-14 08:33 - 000002566 _____ C:\WINDOWS\System32\Tasks\AMSkipUAC
2019-07-14 08:33 - 2019-07-14 08:33 - 000001340 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2019-07-14 08:33 - 2019-07-14 08:33 - 000000000 ____D C:\Users\Yo\AppData\Local\Temp\w7uc\Comet.{20D04FE0-3AEA-1069-A2D8-08002B30309D}\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2019-07-14 08:33 - 2019-07-14 08:33 - 000000000 ____D C:\Program Files (x86)\Zemana
2019-07-14 08:32 - 2019-07-14 08:33 - 000000000 ____D C:\Users\Yo\AppData\Local\AMSDK
2019-07-01 23:52 - 2019-07-01 23:52 - 000000000 ____D C:\Users\Yo\AppData\Local\PackageStaging
2019-07-01 19:31 - 2019-07-01 19:31 - 000001082 _____ C:\Users\Yo\Desktop\Registry Editor.lnk
2019-07-01 09:53 - 2019-07-01 09:53 - 000001015 _____ C:\Users\Yo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\regedit.lnk
2019-07-01 07:30 - 2019-07-01 07:30 - 000000000 ____D C:\Program Files\PowerShell
2019-07-01 06:55 - 2019-07-01 06:55 - 000000000 ____D C:\Users\Yo\Desktop\Leona
2019-07-01 06:41 - 2019-07-01 06:41 - 000000000 ____D C:\easeus_tb_cloud
2019-07-01 05:19 - 2019-07-01 05:19 - 000199768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-07-01 05:13 - 2019-07-01 05:13 - 000302368 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klark.sys
2019-07-01 05:03 - 2019-07-01 05:03 - 000245272 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_arkmon.sys
2019-07-01 05:03 - 2019-07-01 05:03 - 000198768 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_mark.sys
2019-07-01 05:03 - 2019-07-01 05:03 - 000116104 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klbg.sys
2019-07-01 05:03 - 2019-07-01 05:03 - 000099152 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_kimul.sys
2019-07-01 05:03 - 2019-07-01 05:03 - 000001274 _____ C:\Users\Public\Desktop\Kaspersky Secure Connection.lnk
2019-07-01 05:02 - 2019-07-01 05:15 - 001168000 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2019-07-01 05:02 - 2019-07-01 05:15 - 001093248 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys
2019-07-01 05:02 - 2019-07-01 05:15 - 000236672 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
2019-07-01 05:02 - 2019-07-01 05:15 - 000152288 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\klhkum.dll
2019-07-01 05:02 - 2019-07-01 05:03 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2019-07-01 05:02 - 2019-07-01 05:02 - 000002268 _____ C:\Users\Public\Desktop\Safe Money.lnk
2019-07-01 05:02 - 2019-07-01 05:02 - 000002220 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2019-07-01 05:02 - 2013-05-06 08:13 - 000110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
2019-07-01 04:44 - 2019-07-01 04:44 - 000001923 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-07-01 04:44 - 2019-07-01 04:44 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-07-01 04:44 - 2019-06-26 13:00 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-07-01 04:44 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-06-25 19:22 - 2019-06-25 19:22 - 000000874 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-06-25 13:11 - 2019-06-25 13:11 - 000003416 _____ C:\WINDOWS\system32\Drivers\etc\hosts.txt
2019-06-25 07:00 - 2019-07-01 04:44 - 000000000 ____D C:\Program Files\Malwarebytes
2019-06-25 06:25 - 2019-06-25 06:25 - 000000731 _____ C:\Users\Yo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\adwcleaner_7.3.lnk
2019-06-25 06:22 - 2019-06-25 05:50 - 007025360 _____ (Malwarebytes) C:\Users\Yo\Desktop\adwcleaner_7.3.exe
2019-06-25 05:51 - 2019-06-25 05:57 - 000000000 ____D C:\AdwCleaner
2019-06-25 04:12 - 2019-06-25 04:12 - 000000000 ____D C:\ProgramData\ASUS
2019-06-25 04:06 - 2019-06-25 04:06 - 000000000 ____D C:\WINDOWS\system32\appmgmt
2019-06-25 03:46 - 2019-06-25 03:46 - 000000000 ____D C:\Program Files\Windows Defender
2019-06-25 03:46 - 2019-06-25 03:46 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2019-06-24 21:08 - 2019-06-24 21:08 - 000001769 _____ C:\Users\Yo\Desktop\USBChargerPlus.exe - Acceso directo.lnk
2019-06-24 20:42 - 2019-06-24 20:42 - 000000000 ____D C:\WINDOWS\Panther
2019-06-24 19:54 - 2019-06-24 19:54 - 000000000 ____D C:\WINDOWS\SysWOW64\GPBAK
2019-06-24 19:54 - 2008-04-14 02:11 - 000295936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appmgr.dll
2019-06-24 19:54 - 2001-08-23 13:00 - 000034871 _____ C:\WINDOWS\SysWOW64\gpedit.msc
2019-06-24 18:09 - 2019-06-24 18:09 - 000002257 _____ C:\Users\Yo\Desktop\WhatsApp.lnk
2019-06-24 18:09 - 2019-06-24 18:09 - 000000000 ____D C:\Users\Yo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2019-06-24 18:09 - 2019-06-24 18:09 - 000000000 ____D C:\Users\Yo\AppData\Local\WhatsApp
2019-06-24 17:31 - 2019-06-24 17:31 - 000001275 _____ C:\Users\Yo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner64.lnk
2019-06-24 16:43 - 2019-07-14 09:34 - 000096463 _____ C:\WINDOWS\ZAM.krnl.trace
2019-06-24 16:43 - 2019-07-14 09:34 - 000061493 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2019-06-24 13:10 - 2019-07-01 09:20 - 000000000 ____D C:\Users\Yo\AppData\Roaming\WhatsApp
2019-06-24 13:10 - 2019-06-24 18:09 - 000000000 ____D C:\Users\Yo\AppData\Local\SquirrelTemp
2019-06-24 08:46 - 2019-06-25 05:26 - 000001752 _____ C:\Users\Yo\Desktop\Descargas Central.lnk
2019-06-24 04:59 - 2019-06-24 04:59 - 000000827 _____ C:\Users\Yo\Desktop\Música del equipo - Acceso directo.lnk
2019-06-22 10:25 - 2019-06-22 10:47 - 000000000 ____D C:\Users\Yo\VirtualBox VMs
2019-06-22 10:21 - 2019-06-22 10:21 - 000000000 ____D C:\ProgramData\VirtualBox
2019-06-22 10:20 - 2019-06-22 10:48 - 000000000 ____D C:\Users\Yo\.VirtualBox
2019-06-20 10:32 - 2019-06-20 10:32 - 000000000 ___RD C:\Users\Yo\3D Objects
2019-06-20 10:21 - 2019-06-20 10:21 - 025902592 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 025445376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 022610944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 019849216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 018006528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 017786368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 009917992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-06-20 10:21 - 2019-06-20 10:21 - 008010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 007887656 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 007831368 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 007802224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 007757312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 007636848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 007275008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 007241800 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 007103488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 007006720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 006536976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 006381568 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 006225832 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 006141440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 006068328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 006036480 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 005939712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 005919744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 005745504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 005499904 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 005083352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 005071360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 005040640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 005014016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 004867584 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 004577280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 004562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-06-20 10:21 - 2019-06-20 10:21 - 004553616 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2019-06-20 10:21 - 2019-06-20 10:21 - 004537344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 004470784 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 004306944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 004128904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 004034048 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 004008960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Service.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 004008448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 003915752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2019-06-20 10:21 - 2019-06-20 10:21 - 003837440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 003771392 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 003734456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 003725824 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-06-20 10:21 - 2019-06-20 10:21 - 003684864 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 003635200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 003590672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-06-20 10:21 - 2019-06-20 10:21 - 003550720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 003525080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 003486208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 003373256 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 003365376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2019-06-20 10:21 - 2019-06-20 10:21 - 003094528 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 002990392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-06-20 10:21 - 2019-06-20 10:21 - 002799616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-06-20 10:21 - 2019-06-20 10:21 - 002769976 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 002763312 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2019-06-20 10:21 - 2019-06-20 10:21 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2019-06-20 10:21 - 2019-06-20 10:21 - 002724352 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-06-20 10:21 - 2019-06-20 10:21 - 002698552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-06-20 10:21 - 2019-06-20 10:21 - 002694144 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 002587328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 002584576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 002550584 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 002494440 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 002449456 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 002443776 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 002398208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 002321408 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 002314440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 002281472 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 002256592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 002178048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaclient.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 002117168 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 002081464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 001999440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 001954952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 001944064 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 001940952 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 001893888 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 001884672 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 001853440 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 001847808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsservices.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 001830416 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 001784832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 001762304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 001754024 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-06-20 10:21 - 2019-06-20 10:21 - 001745408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 001721344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 001697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 001697280 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 001688576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 001657856 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 001647584 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 001635328 _____ (Microsoft Corporation) C:\WINDOWS\system32\TaskFlowDataEngine.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 001633648 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 001608704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 001603584 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 001562640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 001553408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaserver.exe
2019-06-20 10:21 - 2019-06-20 10:21 - 001537024 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 001515008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaclient.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 001510960 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 001509728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-06-20 10:21 - 2019-06-20 10:21 - 001505808 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2019-06-20 10:21 - 2019-06-20 10:21 - 001493944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll

Hola

No lo has descargado y ejecutado desde el escritorio como te indiqué, y si tampoco lo has hecho en la unidad principal de la C:/

Lo vas a mover al escrito de la unidad C:/ y el analizas de nuevo.

Un saludo

Buenos días: El sistema ya es casi incontrolable. Hace cambios por doquier y ayer vi que estoy enviando mucho tráfico inusual a la red. Me avisó Google y otros, pero bueno vamos por partes. Tengo un montón de Scripts y cambios en el registro de una época que se hacía mucho y ya no sé ni donde están. No sé casi nada de informática y se me complicaron las cosas, y por toquetear pago un alto precio. Ayer el foro ya no me dejó seguir escribiendo…por ser el primer día?. Bueno, te mando cosas. Saludos.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-07-2019
Ran by galeo (15-07-2019 04:42:10)
Running from C:\Users\galeo\Desktop
Windows 10 Pro Version 1903 18362.239 (X64) (2019-06-01 04:41:23)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-3519385873-1241429883-2487059262-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3519385873-1241429883-2487059262-503 - Limited - Disabled)
galeo (S-1-5-21-3519385873-1241429883-2487059262-1001 - Administrator - Enabled) => C:\Users\galeo
Invitado (S-1-5-21-3519385873-1241429883-2487059262-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3519385873-1241429883-2487059262-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: Kaspersky Internet Security (Enabled - Up to date) {0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8}
FW: Kaspersky Internet Security (Enabled) {32888857-01C3-7AB6-E095-11CC1854D0A3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.012.20035 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.223 - Adobe)
AIDA64 Extreme v5.99 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 5.99 - FinalWire Ltd.)
Anti-WebMiner version 1.1 (HKLM-x32\...\{F63D1DFD-E9A7-4B86-832E-C7935F218489}_is1) (Version: 1.1 - Greatis Software)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.2.2 - ASUS)
ATK Package (ASUS Keyboard Hotkeys) (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0060 - ASUSTeK COMPUTER INC.)
AVG TuneUp (HKLM-x32\...\{949BE04F-D7E8-4C19-9F89-8B304AB4308A}_is1) (Version: 19.1.1158 - AVG Technologies)
Bandizip (HKLM\...\Bandizip) (Version: 6.24 - Bandisoft.com)
Cain & Abel 4.9.56 (HKLM-x32\...\Cain & Abel 4.9.56) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.59 - Piriform)
CrystalDiskMark 6.0.2 (HKLM\...\CrystalDiskMark6_is1) (Version: 6.0.2 - Crystal Dew World)
Desinstalar impresora EPSON SX218 Series (HKLM\...\EPSON SX218 Series) (Version:  - SEIKO EPSON Corporation)
EaseUS Todo Backup Free 11.5 (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 11.5 - CHENGDU YIWO Tech Development Co., Ltd)
EdgeDeflector (HKLM-x32\...\EdgeDeflector) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 75.0.3770.100 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
ImDisk Toolkit (HKLM\...\ImDiskApp) (Version: 20190407 - )
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
iTube Studio(Build 7.4.3.1) (HKLM-x32\...\iTube Studio_is1) (Version: 7.4.3.1 - iTube Studio)
Kaspersky Internet Security (HKLM-x32\...\{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab)
Malwarebytes versión 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
NetSpeedMonitor 2.5.4.0 x64 (HKLM\...\{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}) (Version: 2.5.4.0 - Florian Gilles)
OpenOffice 4.1.6 (HKLM-x32\...\{ABA77258-70D6-4A14-9AB7-3FA087C470DB}) (Version: 4.16.9790 - Apache Software Foundation)
Opera Stable 62.0.3331.43 (HKU\S-1-5-21-3519385873-1241429883-2487059262-1001\...\Opera 62.0.3331.43) (Version: 62.0.3331.43 - Opera Software)
Panel de control de NVIDIA 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 391.35 - NVIDIA Corporation) Hidden
RAPID Mode (HKLM\...\{0EBB0FA7-1DBA-4B97-9B44-BD5CC451EEF2}) (Version: 1.0.0.103 - Samsung Electronics Co., Ltd.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0022 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8648 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.1.0 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.1.0 - VS Revo Group, Ltd.)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 5.3.1.2010 - Samsung Electronics)
Sandboxie 5.30 (64-bit) (HKLM\...\Sandboxie) (Version: 5.30 - Sandboxie Holdings, LLC)
USB Charger Plus Service (HKLM-x32\...\{452B3493-18D3-4B36-9F59-78AF7963FFCC}) (Version: 5.0.6 - ASUS)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.7.1 - VideoLAN)
WhatsApp (HKU\S-1-5-21-3519385873-1241429883-2487059262-1001\...\WhatsApp) (Version: 0.3.3793 - WhatsApp)
Win10Pcap (HKLM-x32\...\{B5B58F8A-1984-4F3E-B400-235A6E005002}) (Version: 10.2.5002 - Daiyuu Nobori, University of Tsukuba, Japan)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WizFile v2.06 (HKLM\...\WizFile_is1) (Version: 2.06 - Antibody Software)
WizTree v3.29 (HKLM\...\WizTree_is1) (Version: 3.29 - Antibody Software)

Packages:
=========
Correo y Calendario -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe [2019-07-11] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-07-11] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-07-11] (Microsoft Corporation) [MS Ad]
WhatsApp Desktop -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_0.3.3794.0_x64__cv1g1gvanyjgm [2019-07-11] (WhatsApp Inc.)
WiFi Analyzer -> C:\Program Files\WindowsApps\19965MattHafner.WifiAnalyzer_2.4.1.0_x64__gs5k5vmxr2ste [2019-07-11] (Matt Hafner)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3519385873-1241429883-2487059262-1001_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\Users\galeo\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter.gadget\CoreTempReader.dll (AddGadgets IT -> )
CustomCLSID: HKU\S-1-5-21-3519385873-1241429883-2487059262-1001_Classes\CLSID\{0B7AD8D3-094A-44DE-A348-83C6C3FA347C}\InprocServer32 -> C:\Users\galeo\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Clipboarder.gadget\Release\Clipboarder64.dll (Helmut Buhler) [File not signed]
CustomCLSID: HKU\S-1-5-21-3519385873-1241429883-2487059262-1001_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\galeo\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll (Helmut Buhler) [File not signed]
CustomCLSID: HKU\S-1-5-21-3519385873-1241429883-2487059262-1001_Classes\CLSID\{5B69A6B4-393B-459C-8EBB-214237A9E7AC}\InprocServer32 -> C:\Program Files\Bandizip\bdzshl64.dll (Bandisoft -> Bandisoft.com)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl64.dll [2019-07-12] (Bandisoft -> Bandisoft.com)
ContextMenuHandlers1: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2019-06-30] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers1: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2019-07-01] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers2: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl64.dll [2019-07-12] (Bandisoft -> Bandisoft.com)
ContextMenuHandlers2: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2019-06-30] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers2: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2019-07-01] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl64.dll [2019-07-12] (Bandisoft -> Bandisoft.com)
ContextMenuHandlers4: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2019-06-30] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers4: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2019-07-01] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers5: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl64.dll [2019-07-12] (Bandisoft -> Bandisoft.com)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2019-05-19] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2019-06-30] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers1_S-1-5-21-3519385873-1241429883-2487059262-1001: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl64.dll [2019-07-12] (Bandisoft -> Bandisoft.com)
ContextMenuHandlers2_S-1-5-21-3519385873-1241429883-2487059262-1001: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl64.dll [2019-07-12] (Bandisoft -> Bandisoft.com)
ContextMenuHandlers4_S-1-5-21-3519385873-1241429883-2487059262-1001: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl64.dll [2019-07-12] (Bandisoft -> Bandisoft.com)
ContextMenuHandlers5_S-1-5-21-3519385873-1241429883-2487059262-1001: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl64.dll [2019-07-12] (Bandisoft -> Bandisoft.com)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2019-06-04 22:38 - 2016-09-12 15:53 - 048936448 _____ () [File not signed] C:\Program Files (x86)\AVG\AVG TuneUp\libcef.dll
2010-04-04 23:08 - 2010-04-04 23:08 - 001253376 _____ (Florian Gilles) [File not signed] C:\Program Files\NetSpeedMonitor\nsm.dll
2013-11-21 08:31 - 2013-11-21 08:31 - 000499200 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\ISDI2.dll
2013-11-21 08:31 - 2013-11-21 08:31 - 000286720 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\PsiData.dll
2019-06-04 20:59 - 2012-05-19 06:16 - 000083456 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Windows Sidebar\sbdrop.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DFServ => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-06-01 07:32 - 2019-07-14 22:06 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


2019-06-01 15:22 - 2019-06-04 10:15 - 000000532 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

192.168.71.212 918b143d-0a98-46e8-8c9b-458dfe63240f.mshome.net # 2019 6 2 11 8 15 59 955
192.168.71.209 DESKTOP-VTBCMKI.mshome.net # 2024 6 0 2 8 15 59 955

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3519385873-1241429883-2487059262-1001\Control Panel\Desktop\\Wallpaper -> F:\.DESCARGAS DE NUEVO SOFTWARE\rBVaWVzBjqyAF5BJAAukalK2PrE808.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\StartupFolder: => "Configurar RamDisk.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "RtHDVCpl"
HKLM\...\StartupApproved\Run32: => "Aimersoft Helper Compact.exe"
HKU\S-1-5-21-3519385873-1241429883-2487059262-1001\...\StartupApproved\StartupFolder: => "Sidebar660.lnk"
HKU\S-1-5-21-3519385873-1241429883-2487059262-1001\...\StartupApproved\StartupFolder: => "Sidebar406.lnk"
HKU\S-1-5-21-3519385873-1241429883-2487059262-1001\...\StartupApproved\StartupFolder: => "Sidebar320.lnk"
HKU\S-1-5-21-3519385873-1241429883-2487059262-1001\...\StartupApproved\StartupFolder: => "Sidebar110.lnk"
HKU\S-1-5-21-3519385873-1241429883-2487059262-1001\...\StartupApproved\StartupFolder: => "Sidebar486.lnk"
HKU\S-1-5-21-3519385873-1241429883-2487059262-1001\...\StartupApproved\StartupFolder: => "Sidebar761.lnk"
HKU\S-1-5-21-3519385873-1241429883-2487059262-1001\...\StartupApproved\StartupFolder: => "Sidebar537.lnk"
HKU\S-1-5-21-3519385873-1241429883-2487059262-1001\...\StartupApproved\StartupFolder: => "Sidebar264.lnk"
HKU\S-1-5-21-3519385873-1241429883-2487059262-1001\...\StartupApproved\StartupFolder: => "Sidebar457.lnk"
HKU\S-1-5-21-3519385873-1241429883-2487059262-1001\...\StartupApproved\StartupFolder: => "Sidebar621.lnk"
HKU\S-1-5-21-3519385873-1241429883-2487059262-1001\...\StartupApproved\StartupFolder: => "Sidebar192.lnk"
HKU\S-1-5-21-3519385873-1241429883-2487059262-1001\...\StartupApproved\StartupFolder: => "Sidebar405.lnk"
HKU\S-1-5-21-3519385873-1241429883-2487059262-1001\...\StartupApproved\Run: => "Opera Browser Assistant"
HKU\S-1-5-21-3519385873-1241429883-2487059262-1001\...\StartupApproved\Run: => "Epson Stylus SX218"
HKU\S-1-5-21-3519385873-1241429883-2487059262-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E8E76637-FBF3-4B8C-A7A6-7DF98449D32F}] => (Allow) C:\Users\galeo\AppData\Local\Programs\Opera\62.0.3331.18\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{1CE89420-E475-40E0-9B06-7E2A899C35C0}] => (Allow) C:\Users\galeo\AppData\Local\Programs\Opera\62.0.3331.43\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{FBF09C26-4532-4F10-95B4-CA3AD6079757}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
FirewallRules: [{41A40DDF-63BD-4DE4-98AF-BBB20F69A78E}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
FirewallRules: [{3FF19D77-F3B7-484D-969C-4FCA257B4474}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
FirewallRules: [{0206336A-85ED-45EA-B5E7-D82FCBF0C2B5}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
FirewallRules: [{2C6A72A4-BBCD-42A2-88DA-103E6C3822E6}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> )
FirewallRules: [{CE2117CC-C957-454B-B12D-F64FE8BDBE78}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> )
FirewallRules: [{DCC592EE-1403-4BB1-906B-0D20D85847F0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{BC06615F-FE7D-4584-A28F-9117B647D962}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> )
FirewallRules: [{F39ABCC4-FEC2-483C-8B85-5E09850F67A1}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> )

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/15/2019 04:08:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: MicrosoftEdgeSH.exe, versión: 11.0.18362.1, marca de tiempo: 0x3538007c
Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
Código de excepción: 0xc0000409
Desplazamiento de errores: 0x000000000000008c
Identificador del proceso con errores: 0x25cc
Hora de inicio de la aplicación con errores: 0x01d53ab233fc550c
Ruta de acceso de la aplicación con errores: C:\WINDOWS\system32\MicrosoftEdgeSH.exe
Ruta de acceso del módulo con errores: unknown
Identificador del informe: 2a8fb7de-8dc4-4ef5-98db-5d91ca08cbe5
Nombre completo del paquete con errores: Microsoft.MicrosoftEdge_44.18362.1.0_neutral__8wekyb3d8bbwe
Identificador de aplicación relativa del paquete con errores: MicrosoftEdge

Error: (07/14/2019 08:10:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: MicrosoftEdgeSH.exe, versión: 11.0.18362.1, marca de tiempo: 0x3538007c
Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
Código de excepción: 0xc0000409
Desplazamiento de errores: 0x000000000000008c
Identificador del proceso con errores: 0x1324
Hora de inicio de la aplicación con errores: 0x01d53a6f73e7a927
Ruta de acceso de la aplicación con errores: C:\WINDOWS\system32\MicrosoftEdgeSH.exe
Ruta de acceso del módulo con errores: unknown
Identificador del informe: 837f6e57-2376-4fc4-9522-b0e4a637c549
Nombre completo del paquete con errores: Microsoft.MicrosoftEdge_44.18362.1.0_neutral__8wekyb3d8bbwe
Identificador de aplicación relativa del paquete con errores: MicrosoftEdge

Error: (07/14/2019 02:36:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: MicrosoftEdgeSH.exe, versión: 11.0.18362.1, marca de tiempo: 0x3538007c
Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
Código de excepción: 0xc0000409
Desplazamiento de errores: 0x000000000000008c
Identificador del proceso con errores: 0x22ac
Hora de inicio de la aplicación con errores: 0x01d53a40bc8ae24d
Ruta de acceso de la aplicación con errores: C:\WINDOWS\system32\MicrosoftEdgeSH.exe
Ruta de acceso del módulo con errores: unknown
Identificador del informe: 362ee607-1b1a-4f06-b14f-30888a985614
Nombre completo del paquete con errores: Microsoft.MicrosoftEdge_44.18362.1.0_neutral__8wekyb3d8bbwe
Identificador de aplicación relativa del paquete con errores: MicrosoftEdge

Error: (07/14/2019 11:21:23 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina CoCreateInstance. HR = 0x8007045b, Se está cerrando el sistema.
.

Error: (07/14/2019 11:21:23 AM) (Source: VSS) (EventID: 13) (User: )
Description: Información del Servicio de instantáneas de volumen: el servidor COM con CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} y el nombre CEventSystem no puede iniciarse. [0x8007045b, Se está cerrando el sistema.
]

Error: (07/14/2019 02:11:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: MicrosoftEdgeSH.exe, versión: 11.0.18362.1, marca de tiempo: 0x3538007c
Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
Código de excepción: 0xc0000409
Desplazamiento de errores: 0x000000000000008c
Identificador del proceso con errores: 0x514
Hora de inicio de la aplicación con errores: 0x01d539d8b62c3cc8
Ruta de acceso de la aplicación con errores: C:\WINDOWS\system32\MicrosoftEdgeSH.exe
Ruta de acceso del módulo con errores: unknown
Identificador del informe: daabccea-f1e0-4a97-b540-3515c7a82ad2
Nombre completo del paquete con errores: Microsoft.MicrosoftEdge_44.18362.1.0_neutral__8wekyb3d8bbwe
Identificador de aplicación relativa del paquete con errores: MicrosoftEdge

Error: (07/14/2019 01:44:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: MicrosoftEdgeSH.exe, versión: 11.0.18362.1, marca de tiempo: 0x3538007c
Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
Código de excepción: 0xc0000409
Desplazamiento de errores: 0x000000000000008c
Identificador del proceso con errores: 0x18a0
Hora de inicio de la aplicación con errores: 0x01d539d4f1229872
Ruta de acceso de la aplicación con errores: C:\WINDOWS\system32\MicrosoftEdgeSH.exe
Ruta de acceso del módulo con errores: unknown
Identificador del informe: 8d6c1d70-e114-4183-8afb-8382b898087b
Nombre completo del paquete con errores: Microsoft.MicrosoftEdge_44.18362.1.0_neutral__8wekyb3d8bbwe
Identificador de aplicación relativa del paquete con errores: MicrosoftEdge

Error: (07/14/2019 01:11:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: MicrosoftEdgeSH.exe, versión: 11.0.18362.1, marca de tiempo: 0x3538007c
Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
Código de excepción: 0xc0000409
Desplazamiento de errores: 0x000000000000008c
Identificador del proceso con errores: 0x2c24
Hora de inicio de la aplicación con errores: 0x01d539d050cc8926
Ruta de acceso de la aplicación con errores: C:\WINDOWS\system32\MicrosoftEdgeSH.exe
Ruta de acceso del módulo con errores: unknown
Identificador del informe: a568f29b-a5ab-4da5-a95d-aae97f8f9cd6
Nombre completo del paquete con errores: Microsoft.MicrosoftEdge_44.18362.1.0_neutral__8wekyb3d8bbwe
Identificador de aplicación relativa del paquete con errores: MicrosoftEdge


System errors:
=============
Error: (07/14/2019 09:00:07 PM) (Source: DCOM) (EventID: 10000) (User: DESKTOP-VTBCMKI)
Description: No se puede iniciar un servidor DCOM: {0358B920-0AC7-461F-98F4-58E32CD89148}. Error 
"2147942767"
al iniciar este comando:
C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (07/14/2019 09:20:39 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-VTBCMKI)
Description: El servidor {7966B4D8-4FDC-4126-A10B-39A3209AD251} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (07/14/2019 09:20:39 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-VTBCMKI)
Description: El servidor {0002DF02-0000-0000-C000-000000000046} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (07/14/2019 09:20:39 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-VTBCMKI)
Description: El servidor {7966B4D8-4FDC-4126-A10B-39A3209AD251} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (07/14/2019 09:20:39 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-VTBCMKI)
Description: El servidor {0002DF02-0000-0000-C000-000000000046} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (07/13/2019 05:40:22 PM) (Source: DCOM) (EventID: 10000) (User: DESKTOP-VTBCMKI)
Description: No se puede iniciar un servidor DCOM: {0358B920-0AC7-461F-98F4-58E32CD89148}. Error 
"2147942767"
al iniciar este comando:
C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (07/13/2019 03:16:44 AM) (Source: SbieDrv) (EventID: 1412) (User: )
Description: SBIE1412 In text: [DefaultBox] \??\%SystemDrive%\Sandbox\%USER%\%SANDBOX%

Error: (07/13/2019 03:16:44 AM) (Source: SbieDrv) (EventID: 1406) (User: )
Description: SBIE1406 Missing or invalid expansion for SystemDrive:  [C0000189]


Windows Defender:
===================================
Date: 2019-07-06 15:36:43.907
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para más información, consulta lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Cain&threatid=2147680436&enterprise=0
Nombre: HackTool:Win32/Cain
Id.: 2147680436
Gravedad: Alta
Categoría: Herramienta
Ruta de acceso: file:_C:\Users\galeo\Desktop\ca_setup.exe
Origen de detección: Equipo local
Tipo de detección: FastPath
Origen de detección: Protección en tiempo real
Usuario: DESKTOP-VTBCMKI\galeo
Nombre de proceso: C:\Windows\System32\svchost.exe
Versión de inteligencia de seguridad: AV: 1.297.537.0, AS: 1.297.537.0, NIS: 1.297.537.0
Versión de motor: AM: 1.1.16100.4, NIS: 1.1.16100.4

Date: 2019-07-06 15:29:08.850
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para más información, consulta lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Cain&threatid=2147680436&enterprise=0
Nombre: HackTool:Win32/Cain
Id.: 2147680436
Gravedad: Alta
Categoría: Herramienta
Ruta de acceso: file:_C:\Users\galeo\Desktop\ca_setup (2)\ca_setup.exe
Origen de detección: Equipo local
Tipo de detección: FastPath
Origen de detección: Protección en tiempo real
Usuario: DESKTOP-VTBCMKI\galeo
Nombre de proceso: C:\Windows\explorer.exe
Versión de inteligencia de seguridad: AV: 1.297.537.0, AS: 1.297.537.0, NIS: 1.297.537.0
Versión de motor: AM: 1.1.16100.4, NIS: 1.1.16100.4

Date: 2019-07-06 15:28:49.425
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para más información, consulta lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Cain&threatid=2147680436&enterprise=0
Nombre: HackTool:Win32/Cain
Id.: 2147680436
Gravedad: Alta
Categoría: Herramienta
Ruta de acceso: file:_C:\Users\galeo\Desktop\ca_setup (2)\ca_setup.exe
Origen de detección: Equipo local
Tipo de detección: FastPath
Origen de detección: Protección en tiempo real
Usuario: DESKTOP-VTBCMKI\galeo
Nombre de proceso: C:\Windows\explorer.exe
Versión de inteligencia de seguridad: AV: 1.297.537.0, AS: 1.297.537.0, NIS: 1.297.537.0
Versión de motor: AM: 1.1.16100.4, NIS: 1.1.16100.4

Date: 2019-07-06 15:28:43.739
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para más información, consulta lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Cain&threatid=2147680436&enterprise=0
Nombre: HackTool:Win32/Cain
Id.: 2147680436
Gravedad: Alta
Categoría: Herramienta
Ruta de acceso: file:_C:\Users\galeo\Desktop\ca_setup (2)\ca_setup.exe
Origen de detección: Equipo local
Tipo de detección: FastPath
Origen de detección: Protección en tiempo real
Usuario: DESKTOP-VTBCMKI\galeo
Nombre de proceso: C:\Program Files\Bandizip\Bandizip.exe
Versión de inteligencia de seguridad: AV: 1.297.537.0, AS: 1.297.537.0, NIS: 1.297.537.0
Versión de motor: AM: 1.1.16100.4, NIS: 1.1.16100.4

Date: 2019-07-06 15:25:25.315
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para más información, consulta lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Cain&threatid=2147680436&enterprise=0
Nombre: HackTool:Win32/Cain
Id.: 2147680436
Gravedad: Alta
Categoría: Herramienta
Ruta de acceso: file:_C:\Sandbox\galeo\DefaultBox\drive\F\Biblioteca\.DESCARGAS DE NUEVO SOFTWARE\CainAbel\ca_setup\ca_setup.exe
Origen de detección: Equipo local
Tipo de detección: FastPath
Origen de detección: Protección en tiempo real
Usuario: DESKTOP-VTBCMKI\galeo
Nombre de proceso: C:\Windows\explorer.exe
Versión de inteligencia de seguridad: AV: 1.297.537.0, AS: 1.297.537.0, NIS: 1.297.537.0
Versión de motor: AM: 1.1.16100.4, NIS: 1.1.16100.4

Date: 2019-06-30 10:48:40.563
Description: 
La característica Protección en tiempo real de Antivirus de Windows Defender encontró un error:
Característica: Supervisión de comportamiento
Código de error: 0x80508023
Descripción del error: El programa no encontró malware ni otro software potencialmente no deseado en este dispositivo. 
Motivo: La inteligencia de seguridad antimalware dejó de funcionar por motivos desconocidos. En algunos casos, reiniciar el servicio puede que resuelva el problema.

Date: 2019-06-29 15:13:55.087
Description: 
Antivirus de Windows Defender detectó un error al intentar actualizar la inteligencia de seguridad.
Nueva versión de inteligencia de seguridad: 
Versión anterior de inteligencia de seguridad: 1.295.783.0
Origen de actualización: Centro de protección contra malware de Microsoft
Tipo de inteligencia de seguridad: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\Servicio de red
Versión actual del motor: 
Versión anterior del motor: 1.1.16000.6
Código de error: 0x80072ee7
Descripción del error: No se pudo resolver el nombre de servidor o su dirección 

Date: 2019-06-29 15:13:55.086
Description: 
Antivirus de Windows Defender detectó un error al intentar actualizar la inteligencia de seguridad.
Nueva versión de inteligencia de seguridad: 
Versión anterior de inteligencia de seguridad: 1.295.783.0
Origen de actualización: Centro de protección contra malware de Microsoft
Tipo de inteligencia de seguridad: AntiSpyware
Tipo de actualización: Completa
Usuario: NT AUTHORITY\Servicio de red
Versión actual del motor: 
Versión anterior del motor: 1.1.16000.6
Código de error: 0x80072ee7
Descripción del error: No se pudo resolver el nombre de servidor o su dirección 

Date: 2019-06-29 15:13:55.086
Description: 
Antivirus de Windows Defender detectó un error al intentar actualizar la inteligencia de seguridad.
Nueva versión de inteligencia de seguridad: 
Versión anterior de inteligencia de seguridad: 1.295.783.0
Origen de actualización: Centro de protección contra malware de Microsoft
Tipo de inteligencia de seguridad: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\Servicio de red
Versión actual del motor: 
Versión anterior del motor: 1.1.16000.6
Código de error: 0x80072ee7
Descripción del error: No se pudo resolver el nombre de servidor o su dirección 

Date: 2019-06-29 15:13:55.069
Description: 
Antivirus de Windows Defender detectó un error al intentar actualizar la inteligencia de seguridad.
Nueva versión de inteligencia de seguridad: 
Versión anterior de inteligencia de seguridad: 1.295.783.0
Origen de actualización: Centro de protección contra malware de Microsoft
Tipo de inteligencia de seguridad: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\Servicio de red
Versión actual del motor: 
Versión anterior del motor: 1.1.16000.6
Código de error: 0x80072ee7
Descripción del error: No se pudo resolver el nombre de servidor o su dirección 

CodeIntegrity:
===================================

Date: 2019-07-15 04:13:36.690
Description: 
Windows blocked file \Device\HarddiskVolume3\Windows\SysWOW64\scrobj.dll which has been disallowed for protected processes.

Date: 2019-07-15 04:08:58.055
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.

Date: 2019-07-15 04:08:58.018
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.

Date: 2019-07-15 04:08:55.816
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.

Date: 2019-07-15 04:08:55.775
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.

Date: 2019-07-15 04:08:55.219
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.

Date: 2019-07-15 04:08:55.191
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.

Date: 2019-07-15 04:07:21.477
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.

==================== Memory info =========================== 

BIOS: American Megatrends Inc. K55VD.411 03/11/2013
Motherboard: ASUSTeK COMPUTER INC. K55VD
Processor: Intel(R) Core(TM) i7-3610QM CPU @ 2.30GHz
Percentage of memory in use: 39%
Total physical RAM: 16269.48 MB
Available physical RAM: 9797.75 MB
Total Virtual: 17293.48 MB
Available Virtual: 10858.5 MB

==================== Drives ================================

Drive c: (Win 10 Pro) (Fixed) (Total:70 GB) (Free:46.39 GB) NTFS
Drive d: (Win 10 Home) (Fixed) (Total:40 GB) (Free:11.88 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (Biblioteca) (Fixed) (Total:127.71 GB) (Free:16.52 GB) NTFS

\\?\Volume{18481848-0000-0000-0000-100000000000}\ () (Fixed) (Total:0.75 GB) (Free:0.74 GB) NTFS
\\?\Volume{76f14a03-842f-11e9-bec9-806e6f6e6963}\ () (CDROM) (Total:0 GB) (Free:0 GB) 

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 238.5 GB) (Disk ID: 18481848)
Partition 1: (Not Active) - (Size=771 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=40 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=70 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=127.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-07-2019
Ran by galeo (administrator) on DESKTOP-VTBCMKI (ASUSTeK COMPUTER INC. K55VD) (15-07-2019 04:40:45)
Running from C:\Users\galeo\Desktop
Loaded Profiles: galeo (Available Profiles: galeo)
Platform: Windows 10 Pro Version 1903 18362.239 (X64) Language: Español (España, internacional)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\WindowsApps\microsoft.people_10.1902.633.0_x64__8wekyb3d8bbwe\PeopleApp.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1905.28.0_x64__8wekyb3d8bbwe\Calculator.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG TuneUp\TuneupSvc.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG TuneUp\TuneupUI.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avpui.exe
(Lagerkvist Teknisk Rådgivning i Borås HB -> Olof Lagerkvist) C:\Windows\System32\imdsksvc.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxCalendarAppImm.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsStore_11905.1001.4.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Samsung Electronics Co., Ltd. -> Samsung Electronics Co. Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe
(Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe
(Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18390912 2019-06-11] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-11-21] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [124000 2018-06-20] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2138272 2016-10-08] (Shenzhen Jia Xing Investment Co., Ltd. -> AimerSoft)
HKLM-x32\...\Run: [XPE] => C:\Program Files (x86)\XPE Windows 10 DPI Fix\XPEWindows10_DPI.exe [28672 2016-03-14] (XPExplorer.com - 2016) [File not signed]
HKU\S-1-5-21-3519385873-1241429883-2487059262-1001\...\Run: [Opera Browser Assistant] => C:\Users\galeo\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [2299928 2019-07-10] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-3519385873-1241429883-2487059262-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22695280 2019-06-18] (Piriform Software Ltd -> Piriform Software Ltd)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.100\Installer\chrmstp.exe [2019-07-12] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVG TuneUp.lnk [2019-06-04]
ShortcutTarget: AVG TuneUp.lnk -> C:\Program Files (x86)\AVG\AVG TuneUp\TuneupUI.exe (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Configurar RamDisk.lnk [2019-07-02]
ShortcutTarget: Configurar RamDisk.lnk -> C:\Program Files\ImDisk\RamDiskUI.exe () [File not signed]
Startup: C:\Users\galeo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar192.lnk [2019-07-11]
ShortcutTarget: Sidebar192.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) [File not signed]
Startup: C:\Users\galeo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar405.lnk [2019-07-11]
ShortcutTarget: Sidebar405.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) [File not signed]
GroupPolicy: Restriction ? <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0711579E-5D0F-4C5A-BD37-A30B8A647DAD} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [124304 2017-11-23] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {17C072B7-032B-40C7-A726-20532DAE1A2F} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-06-11] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {22F53ED7-AC9D-47F1-9D76-3790B2E72523} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_223_pepper.exe [1453112 2019-07-09] (Adobe Inc. -> Adobe)
Task: {30E66AF8-D3BB-41EE-B782-25FB4080B709} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16667424 2019-06-18] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {562D9E65-178E-4542-88CB-ECCBEF3F2AE4} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-06-11] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {6587C753-B31A-4AF7-9557-1DEAB6FFFCD0} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [124304 2017-11-23] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {78C8452C-085A-405B-89DD-1B08D74FEC04} - System32\Tasks\USBChargerPlusUWP => C:\Program Files (x86)\ASUS\USB Charger Plus Service\StartupUSBChargerPlus.exe [150416 2018-07-04] (ASUSTeK Computer Inc. -> )
Task: {81CA7F1F-91FB-4A1F-BF6D-1D7205D09235} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-07-09] (Adobe Inc. -> Adobe)
Task: {8D5F6776-11A9-4B45-BF6A-20714C10D12F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-07-12] (Google Inc -> Google LLC)
Task: {8F3BC0A0-DC8A-4EB9-83C0-508CEBC7FC95} - System32\Tasks\Opera scheduled assistant Autoupdate 1559673789 => C:\Users\galeo\AppData\Local\Programs\Opera\launcher.exe [1519640 2019-07-03] (Opera Software AS -> Opera Software)
Task: {9022D5BA-A880-4167-BCEB-1902F36226B0} - System32\Tasks\AVG TuneUp Update => C:\Program Files (x86)\AVG\AVG TuneUp\TUNEUpdate.exe [1706528 2019-07-11] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
Task: {A26EBAC9-EC9C-408A-BCFF-AC88BF66BE66} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [1146000 2019-03-14] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co. Ltd.)
Task: {A94B6A4E-A954-46D4-B5BC-797D106B8668} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-07-12] (Google Inc -> Google LLC)
Task: {C6A54E2D-EFB0-47CE-9E6B-C955CBBD3596} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-06-18] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {D53CABD9-386C-4786-99CA-8FC7AF244367} - System32\Tasks\Opera scheduled Autoupdate 1559673782 => C:\Users\galeo\AppData\Local\Programs\Opera\launcher.exe [1519640 2019-07-03] (Opera Software AS -> Opera Software)
Task: {D995D742-8270-44F4-B3A2-26FDC835371B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-17] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 80.58.61.250 80.58.61.254
Tcpip\..\Interfaces\{919910fd-346d-4322-b1b4-00418f5db505}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{919910fd-346d-4322-b1b4-00418f5db505}: [DhcpNameServer] 80.58.61.250 80.58.61.254

Internet Explorer:
==================
BHO: Kaspersky Protection -> {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\IEExt\ie_plugin.dll [2019-06-30] (Kaspersky Lab -> AO Kaspersky Lab)
BHO-x32: Kaspersky Protection -> {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\IEExt\ie_plugin.dll [2019-06-30] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKLM - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\IEExt\ie_plugin.dll [2019-06-30] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\IEExt\ie_plugin.dll [2019-06-30] (Kaspersky Lab -> AO Kaspersky Lab)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi [2019-06-30]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF HKU\S-1-5-21-3519385873-1241429883-2487059262-1001\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Aimersoft\Aimersoft iTube Studio\BrowserPlugin\[email protected]_xpi
FF Extension: (iTube Studio) - C:\Program Files (x86)\Aimersoft\Aimersoft iTube Studio\BrowserPlugin\[email protected]_xpi [2019-07-03] [Legacy]
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-07-12] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-07-12] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-03] (Adobe Inc. -> Adobe Systems Inc.)

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.es/advanced_search
CHR StartupUrls: Default -> "hxxp://www.google.com","hxxps://mail.ru/cnt/10445?gp=811570","hxxps://www.google.com/","hxxps://duckduckgo.com/"
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> duckduckgo.com
CHR DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Profile: C:\Users\galeo\AppData\Local\Google\Chrome\User Data\Default [2019-07-15]
CHR Extension: (Traductor de Google) - C:\Users\galeo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2019-07-11]
CHR Extension: (Simple Allow Copy) - C:\Users\galeo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aefehdhdciieocakfobpaaolhipkcpgc [2019-07-14]
CHR Extension: (Web Boost - Wait Less, Browse Faster!) - C:\Users\galeo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahbkhnpmoamidjgbneafjipbmdfpefad [2019-07-14]
CHR Extension: (Universal Bypass) - C:\Users\galeo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aihomhdbhpnpmcnnbckjjcebjoikpihj [2019-07-14]
CHR Extension: (DuckDuckGo) - C:\Users\galeo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2019-07-14]
CHR Extension: (xXNurioXx) - C:\Users\galeo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkpeohkfimdfogdnpcnokjkbpankkmil [2019-07-14]
CHR Extension: (I'm not robot captcha clicker) - C:\Users\galeo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceipnlhmjohemhfpbjdgeigkababhmjc [2019-07-14]
CHR Extension: (Tampermonkey) - C:\Users\galeo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2019-07-14]
CHR Extension: (TSR Ad Skipper) - C:\Users\galeo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fekenfibegpnbagmldepdeajhbgodbae [2019-07-14]
CHR Extension: (AdBlock) - C:\Users\galeo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-07-14]
CHR Extension: (Chrometana - Redirect Bing Somewhere Better) - C:\Users\galeo\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaicbfmipfpfpjmlbpejaoaflfdnabnc [2019-07-14]
CHR Extension: (Classic Blue) - C:\Users\galeo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmgkofhcnndinbbdbaplplnmdalnc [2019-07-14]
CHR Extension: (Prompts by Story Wars) - C:\Users\galeo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndafjiogibbbdghmbijdgncijcloklod [2019-07-14]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\galeo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-07-10]
CHR Extension: (AdFly Skipper) - C:\Users\galeo\AppData\Local\Google\Chrome\User Data\Default\Extensions\obnfifcganohemahpomajbhocfkdgmjb [2019-07-14]
CHR Extension: (Speedtest by Ookla) - C:\Users\galeo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjjikdiikihdfpoppgaidccahalehjh [2019-07-14]
CHR Extension: (Chrome Media Router) - C:\Users\galeo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-07-10]
CHR Extension: (RightToCopy) - C:\Users\galeo\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmcimdddlobkphnofejmeidjblideca [2019-07-14]
CHR Profile: C:\Users\galeo\AppData\Local\Google\Chrome\User Data\System Profile [2019-07-13]
CHR HKLM\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd

Opera: 
=======
OPR Extension: (Adblock Plus - free ad blocker) - C:\Users\galeo\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2019-07-11]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe [619640 2018-02-28] (Kaspersky Lab -> AO Kaspersky Lab)
R2 CleanupPSvc; C:\Program Files (x86)\AVG\AVG TuneUp\TuneupSvc.exe [10300120 2019-07-11] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
S4 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [40016 2019-07-01] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [316760 2019-05-19] (Intel(R) pGFX -> Intel Corporation)
S4 ImDiskRD; C:\Program Files\ImDisk\RamDiskUI.exe [66560 2019-04-07] () [File not signed]
R2 ImDskSvc; C:\WINDOWS\system32\imdsksvc.exe [31544 2018-11-19] (Lagerkvist Teknisk Rådgivning i Borås HB -> Olof Lagerkvist)
S3 klvssbridge64_19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\vssbridge64.exe [414352 2019-06-30] (Kaspersky Lab -> AO Kaspersky Lab)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
R2 SamsungRapidSvc; C:\WINDOWS\System32\RAPID\SamsungRapidSvc.exe [29280 2018-06-20] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [328344 2019-04-22] (Invincea, Inc. -> Sandboxie Holdings, LLC)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5773384 2019-07-10] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 USBChargerService; C:\Program Files (x86)\ASUS\USB Charger Plus Service\USBChargerService.exe [120720 2018-07-04] (ASUSTeK Computer Inc. -> ASUSTek COMPUTER INC.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1906.3-0\NisSrv.exe [2455544 2019-07-10] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1906.3-0\MsMpEng.exe [110104 2019-07-10] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WsDrvInst; C:\ProgramData\iTube Studio\TransferProcess\DriverInstall.exe [94208 2018-10-10] (Wondershare) [File not signed]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 AiCharger; C:\WINDOWS\System32\DRIVERS\AiCharger.sys [31032 2018-07-04] (WDKTestCert Jie,131315143419111253 -> ASUSTek Computer Inc.)
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [73976 2015-06-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 AsusTP; C:\WINDOWS\System32\drivers\AsusTP.sys [110544 2017-12-12] (ASUSTeK Computer Inc. -> ASUS Corporation)
R3 athr; C:\WINDOWS\System32\drivers\athw10x.sys [4321160 2019-05-14] (Qualcomm Atheros -> Qualcomm Atheros Communications, Inc.)
R1 ATKWMIACPIIO; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [20096 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek Computer Inc.)
R2 AWEAlloc; C:\WINDOWS\system32\DRIVERS\awealloc.sys [21048 2018-11-19] (Lagerkvist Teknisk Radgivning i Boras HB -> Olof Lagerkvist)
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [243400 2018-01-27] (Kaspersky Lab -> AO Kaspersky Lab)
S3 dg_ssudbus; C:\WINDOWS\System32\drivers\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
R0 EUBAKUP; C:\WINDOWS\System32\drivers\eubakup.sys [73448 2019-06-28] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
R0 EUBKMON; C:\WINDOWS\System32\drivers\EUBKMON.sys [53504 2019-06-28] (Microsoft Windows Hardware Compatibility Publisher -> )
R1 EUDSKACS; C:\WINDOWS\system32\drivers\eudskacs.sys [22784 2019-06-28] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
R1 EUFDDISK; C:\WINDOWS\system32\drivers\EuFdDisk.sys [341760 2019-06-28] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
R0 FlashBoot; C:\WINDOWS\System32\drivers\FlashBoot.sys [17616 2019-05-19] (Challenger Backup Solutions, LLC -> Challenger Backup Solutions, LLC)
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsRadioControl.sys [34232 2019-01-16] (ASUSTek Computer Inc. -> ASUS)
R2 ImDisk; C:\WINDOWS\system32\DRIVERS\imdisk.sys [48704 2018-11-19] (Lagerkvist Teknisk Radgivning i Boras HB -> Olof Lagerkvist)
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [75600 2019-06-30] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [125568 2019-06-30] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [91472 2019-06-30] (Kaspersky Lab -> AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [29208 2017-03-30] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [236672 2019-06-30] (Kaspersky Lab -> AO Kaspersky Lab)
R1 KLHK; C:\WINDOWS\System32\drivers\klhk.sys [1093248 2019-06-30] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP19.0.0\Bases\klids.sys [197760 2019-07-14] (Kaspersky Lab -> AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1168000 2019-06-30] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klim6; C:\WINDOWS\system32\DRIVERS\klim6.sys [58704 2019-06-30] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [60536 2019-06-30] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [60784 2019-06-30] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [50304 2019-06-30] (Kaspersky Lab -> AO Kaspersky Lab)
S3 klpnpflt; C:\WINDOWS\system32\DRIVERS\klpnpflt.sys [46416 2019-06-30] (Kaspersky Lab -> AO Kaspersky Lab)
R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [245272 2019-06-30] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [99152 2019-06-30] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [302368 2019-06-30] (Kaspersky Lab -> AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [116104 2019-06-30] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [198768 2019-06-30] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [104576 2019-06-30] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [184960 2019-06-30] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [218240 2019-06-30] (Kaspersky Lab -> AO Kaspersky Lab)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2019-07-12] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [224408 2019-07-15] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2019-07-15] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-07-15] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [116112 2019-07-15] (Malwarebytes Corporation -> Malwarebytes)
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_1474122a0ce2f241\nvlddmkm.sys [17544792 2018-03-25] (NVIDIA Corporation -> NVIDIA Corporation)
R0 nvpciflt; C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_1474122a0ce2f241\nvpciflt.sys [48480 2018-03-25] (NVIDIA Corporation -> NVIDIA Corporation)
S3 rdacpi; C:\WINDOWS\System32\drivers\rdacpi.sys [41784 2019-05-19] (EA Excelsior Hang Tong Computer Technology Limited -> )
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1141744 2019-05-14] (Realtek Semiconductor Corp. -> Realtek )
R0 SamsungRapidDiskFltr; C:\WINDOWS\System32\DRIVERS\SamsungRapidDiskFltr.sys [288864 2018-06-28] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\WINDOWS\System32\DRIVERS\SamsungRapidFSFltr.sys [119400 2018-06-28] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [228616 2019-04-23] (Invincea, Inc. -> Sandboxie Holdings, LLC)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [50832 2019-05-19] (Synaptics Incorporated -> Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [51352 2019-05-19] (Synaptics Incorporated -> Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64912 2017-05-18] (Samsung Electronics Co., Ltd. -> QUALCOMM Incorporated)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [47704 2019-07-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2019-05-19] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [367032 2019-07-10] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54200 2019-07-10] (Microsoft Windows -> Microsoft Corporation)
R1 Win10Pcap; C:\WINDOWS\system32\DRIVERS\Win10Pcap.sys [50304 2015-10-07] (SoftEther Corporation -> Daiyuu Nobori, University of Tsukuba, Japan)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2019-06-11] (Zemana Ltd. -> Zemana Ltd.)
S1 amsdk; \??\C:\WINDOWS\system32\drivers\amsdk.sys [X]
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-07-15 04:40 - 2019-07-15 04:41 - 000030501 _____ C:\Users\galeo\Desktop\FRST.txt
2019-07-15 04:40 - 2019-07-15 04:40 - 000000000 ____D C:\FRST
2019-07-15 04:40 - 2019-07-15 04:38 - 002095104 _____ (Farbar) C:\Users\galeo\Desktop\FRST64.exe
2019-07-15 04:07 - 2019-07-15 04:07 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-07-15 04:06 - 2019-07-15 04:06 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-07-15 04:06 - 2019-07-15 04:06 - 000224408 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-07-15 04:06 - 2019-07-15 04:06 - 000116112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-07-14 20:58 - 2019-07-14 20:58 - 000000873 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-07-14 02:00 - 2019-07-14 02:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anti-WebMiner
2019-07-14 02:00 - 2019-07-14 02:00 - 000000000 ____D C:\Program Files (x86)\AntiWebMiner
2019-07-14 02:00 - 2019-07-14 00:11 - 000001025 _____ C:\WINDOWS\system32\Drivers\etc\hosts.old
2019-07-14 01:45 - 2019-07-14 02:13 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2019-07-14 00:45 - 2019-07-14 01:09 - 000295656 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-07-14 00:01 - 2019-07-15 04:34 - 000000000 ____D C:\Users\galeo\AppData\Roaming\ZHP
2019-07-14 00:01 - 2019-07-14 00:01 - 000000000 ____D C:\Users\galeo\AppData\Local\ZHP
2019-07-13 01:08 - 2019-07-13 01:08 - 000000000 ____D C:\Program Files\FolderPainter
2019-07-13 00:36 - 2019-07-13 00:36 - 000004096 ___SH C:\{397730BD-2520-4E63-8D90-5273178CDB52}.CBM
2019-07-12 21:26 - 2019-07-14 00:29 - 000002144 _____ C:\Users\galeo\Desktop\Windows10 DPI Fix.lnk
2019-07-12 21:26 - 2019-07-12 21:26 - 000000000 ____D C:\Program Files (x86)\XPE Windows 10 DPI Fix
2019-07-12 17:36 - 2019-07-12 17:36 - 000002385 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-07-12 17:36 - 2019-07-12 17:36 - 000000000 ____D C:\Program Files (x86)\Google
2019-07-12 17:19 - 2019-07-12 17:19 - 000001422 _____ C:\Users\Public\Desktop\EaseUS Todo Backup Free 11.5.lnk
2019-07-12 17:19 - 2019-07-12 17:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Todo Backup 11.5
2019-07-12 17:18 - 2019-07-01 16:09 - 000026192 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\WINDOWS\system32\fbnative.exe
2019-07-12 16:53 - 2019-07-13 18:54 - 000000020 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-07-12 15:11 - 2019-07-13 00:42 - 000000000 ___RD C:\Users\galeo\Desktop\Alerta
2019-07-12 11:44 - 2019-07-12 11:44 - 000000000 ___RD C:\Users\galeo\Desktop\Folderico
2019-07-12 02:16 - 2019-07-12 11:03 - 000199768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-07-11 21:05 - 2019-07-11 21:05 - 000000080 ___SH C:\bootTel.dat
2019-07-11 21:01 - 2019-07-11 21:01 - 000000000 ____D C:\Users\galeo\AppData\Local\AWL

2019-07-11 20:00 - 2019-07-14 00:11 - 000000000 ____D C:\Users\galeo\AppData\Roaming\IObit
2019-07-11 20:00 - 2019-07-11 20:00 - 000000000 ____D C:\WINDOWS\Tasks\ImCleanDisabled
2019-07-11 19:59 - 2019-07-14 00:11 - 000000000 ____D C:\Users\galeo\AppData\LocalLow\IObit
2019-07-11 19:58 - 2019-07-14 00:34 - 000000000 ____D C:\ProgramData\IObit
2019-07-11 19:58 - 2019-07-11 20:00 - 000000000 ____D C:\ProgramData\ProductData
2019-07-11 19:58 - 2019-07-11 19:58 - 000000000 ____D C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}
2019-07-11 18:04 - 2019-07-13 00:54 - 000000000 ___RD C:\Users\galeo\Desktop\Para Chrome
2019-07-11 13:38 - 2019-07-15 04:41 - 000065684 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2019-07-11 13:38 - 2019-07-12 16:42 - 000160044 _____ C:\WINDOWS\ZAM.krnl.trace
2019-07-11 03:17 - 2019-07-11 13:38 - 000000000 ____D C:\Users\galeo\Tor Browser
2019-07-11 02:58 - 2019-07-11 02:58 - 000000000 ____D C:\easeus_tb_cloud
2019-07-11 02:04 - 2018-11-25 05:06 - 000053880 _____ (Olof Lagerkvist) C:\WINDOWS\SysWOW64\imdisk.exe
2019-07-11 02:04 - 2018-11-25 04:42 - 000053368 _____ (Olof Lagerkvist) C:\WINDOWS\system32\imdisk.exe
2019-07-11 02:04 - 2018-11-19 06:55 - 000133968 _____ (Olof Lagerkvist) C:\WINDOWS\system32\imdisk.cpl
2019-07-11 02:04 - 2018-11-19 06:55 - 000123216 _____ (Olof Lagerkvist) C:\WINDOWS\SysWOW64\imdisk.cpl
2019-07-11 02:04 - 2016-08-23 23:57 - 000001547 _____ C:\WINDOWS\system32\uninstall_imdisk.cmd
2019-07-10 23:53 - 2019-07-10 23:53 - 025444864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2019-07-10 23:53 - 2019-07-10 23:53 - 019849216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-07-10 23:53 - 2019-07-10 23:53 - 019811328 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll
2019-07-10 23:53 - 2019-07-10 23:53 - 018017792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-07-10 23:53 - 2019-07-10 23:53 - 008011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2019-07-10 23:53 - 2019-07-10 23:53 - 007008768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2019-07-10 23:53 - 2019-07-10 23:53 - 005919744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-07-10 23:53 - 2019-07-10 23:53 - 004129416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-07-10 23:53 - 2019-07-10 23:53 - 003837440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-07-10 23:53 - 2019-07-10 23:53 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2019-07-10 23:53 - 2019-07-10 23:53 - 001715000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2019-07-10 23:53 - 2019-07-10 23:53 - 001608192 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2019-07-10 23:53 - 2019-07-10 23:53 - 001080832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2019-07-10 23:53 - 2019-07-10 23:53 - 000986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2019-07-10 23:53 - 2019-07-10 23:53 - 000843776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-07-10 23:53 - 2019-07-10 23:53 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2019-07-10 23:53 - 2019-07-10 23:53 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2019-07-10 23:53 - 2019-07-10 23:53 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-07-10 23:53 - 2019-07-10 23:53 - 000562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-07-10 23:53 - 2019-07-10 23:53 - 000472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedRealitySvc.dll
2019-07-10 23:53 - 2019-07-10 23:53 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2019-07-10 23:53 - 2019-07-10 23:53 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2019-07-10 23:53 - 2019-07-10 23:53 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2019-07-10 23:53 - 2019-07-10 23:53 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2019-07-10 23:53 - 2019-07-10 23:53 - 000093312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys
2019-07-10 23:53 - 2019-07-10 23:53 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2019-07-10 23:53 - 2019-07-10 23:53 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\srmlib.dll
2019-07-10 23:53 - 2019-07-10 23:53 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2019-07-10 23:53 - 2019-07-10 23:53 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 025902080 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 022625280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 009917752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-07-10 23:52 - 2019-07-10 23:52 - 007887440 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 007758336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 007636616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 007242312 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 006534712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 006068840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 005745504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 004863488 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 004562920 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-07-10 23:52 - 2019-07-10 23:52 - 004012032 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 003725312 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-07-10 23:52 - 2019-07-10 23:52 - 003698176 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 003372952 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 003084800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 002798592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-07-10 23:52 - 2019-07-10 23:52 - 002763552 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2019-07-10 23:52 - 2019-07-10 23:52 - 002725376 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-07-10 23:52 - 2019-07-10 23:52 - 002656768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 002587328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 002576384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 002449456 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 002281984 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 002117160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 002081976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 001954960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 001945600 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 001884672 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 001754232 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-07-10 23:52 - 2019-07-10 23:52 - 001745920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 001717560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 001697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 001697280 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 001657856 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 001647280 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 001633648 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 001539584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 001535288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 001509936 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-07-10 23:52 - 2019-07-10 23:52 - 001480704 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpsharercom.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 001458176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 001413704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 001413632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 001391416 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-07-10 23:52 - 2019-07-10 23:52 - 001366128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-07-10 23:52 - 2019-07-10 23:52 - 001337656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 001321472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 001319936 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 001273344 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 001261568 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 001260032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpsharercom.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 001182232 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-07-10 23:52 - 2019-07-10 23:52 - 001149928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-07-10 23:52 - 2019-07-10 23:52 - 001146880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 001071928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-07-10 23:52 - 2019-07-10 23:52 - 001067008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 001062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 001007104 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 000947200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 000928776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2019-07-10 23:52 - 2019-07-10 23:52 - 000923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 000910272 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 000889656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 000879792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 000830976 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 000829544 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioIso.exe
2019-07-10 23:52 - 2019-07-10 23:52 - 000821696 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-07-10 23:52 - 2019-07-10 23:52 - 000818656 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 000817152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys
2019-07-10 23:52 - 2019-07-10 23:52 - 000813568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 000782120 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-07-10 23:52 - 2019-07-10 23:52 - 000774152 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-07-10 23:52 - 2019-07-10 23:52 - 000769336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2019-07-10 23:52 - 2019-07-10 23:52 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2019-07-10 23:52 - 2019-07-10 23:52 - 000751256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-07-10 23:52 - 2019-07-10 23:52 - 000735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 000705536 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 000701952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2019-07-10 23:52 - 2019-07-10 23:52 - 000679368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 000673152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-07-10 23:52 - 2019-07-10 23:52 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 000667272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 000589592 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2019-07-10 23:52 - 2019-07-10 23:52 - 000588464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2019-07-10 23:52 - 2019-07-10 23:52 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2019-07-10 23:52 - 2019-07-10 23:52 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 000523912 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 000481592 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2019-07-10 23:52 - 2019-07-10 23:52 - 000472064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 000427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 000425264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 000415800 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 000386016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 000350208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 000344064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 000339520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 000337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 000336928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2019-07-10 23:52 - 2019-07-10 23:52 - 000316216 _____ (Microsoft Corporation) C:\WINDOWS\system32\computestorage.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 000301568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 000300184 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 000296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 000283152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssecflt.sys
2019-07-10 23:52 - 2019-07-10 23:52 - 000278528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 000268216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 000250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2019-07-10 23:52 - 2019-07-10 23:52 - 000248088 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 000220680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2019-07-10 23:52 - 2019-07-10 23:52 - 000210440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 000202040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2019-07-10 23:52 - 2019-07-10 23:52 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 000199176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2019-07-10 23:52 - 2019-07-10 23:52 - 000193800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatialAudioLicenseSrv.exe
2019-07-10 23:52 - 2019-07-10 23:52 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 000146920 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 000132096 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2019-07-10 23:52 - 2019-07-10 23:52 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 000127296 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 000125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 000123912 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 000120352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 000089544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 000088560 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\CustomInstallExec.exe
2019-07-10 23:52 - 2019-07-10 23:52 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\audioresourceregistrar.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 000038912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 000016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6r.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3r.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6r.dll
2019-07-10 23:52 - 2019-07-10 23:52 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3r.dll
2019-07-10 22:20 - 2019-07-14 02:09 - 000000000 ____D C:\Program Files (x86)\Cain
2019-07-10 22:20 - 2019-07-14 00:18 - 000000000 ____D C:\Users\galeo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cain
2019-07-10 22:14 - 2019-07-10 22:14 - 000000000 ____D C:\Program Files (x86)\Win10Pcap
2019-07-10 22:14 - 2013-03-01 03:49 - 000370424 _____ (Riverbed Technology, Inc.) C:\WINDOWS\system32\wpcap.dll.bak
2019-07-10 22:14 - 2013-03-01 03:49 - 000282360 _____ (Riverbed Technology, Inc.) C:\WINDOWS\SysWOW64\wpcap.dll.bak
2019-07-10 22:14 - 2013-03-01 03:49 - 000107768 _____ (Riverbed Technology, Inc.) C:\WINDOWS\system32\Packet.dll.bak
2019-07-10 22:14 - 2013-03-01 03:49 - 000098040 _____ (Riverbed Technology, Inc.) C:\WINDOWS\SysWOW64\Packet.dll.bak
2019-07-10 16:19 - 2019-07-10 16:21 - 000000000 ____D C:\Users\galeo\AppData\Local\NPE
2019-07-10 16:19 - 2019-07-10 16:19 - 000000000 ____D C:\ProgramData\Norton
2019-07-10 03:33 - 2019-07-13 01:44 - 000000000 ____D C:\Users\galeo\AppData\LocalLow\Mozilla
2019-07-10 03:33 - 2019-07-11 03:17 - 000001089 _____ C:\Users\galeo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2019-07-10 03:32 - 2019-07-10 03:33 - 000000000 ____D C:\Users\galeo\Browser
2019-07-10 01:19 - 2016-08-13 13:22 - 018271589 _____ C:\Users\galeo\Desktop\Obteniendo credenciales de paginas con HTTPS con evil foca y wireshark (Redes sociales).mp4
2019-07-10 01:16 - 2019-07-10 01:16 - 000000000 ____D C:\Users\galeo\.cache
2019-07-09 05:03 - 2019-07-09 06:34 - 000000000 ____D C:\AdwCleaner
2019-07-09 04:44 - 2019-07-09 04:44 - 000000000 ____D C:\ProgramData\GridinSoft
2019-07-09 03:34 - 2019-07-10 21:22 - 000290304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\subinacl.exe
2019-07-09 03:34 - 2019-07-09 03:34 - 000000000 ____D C:\Program Files (x86)\Adware Removal Tool by TSA
2019-07-08 16:47 - 2019-07-12 17:36 - 000003620 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-07-08 16:47 - 2019-07-12 17:36 - 000003496 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-07-08 12:17 - 2019-07-08 12:17 - 000000000 ____D C:\Users\galeo\AppData\LocalLow\Adobe
2019-07-06 23:14 - 2019-07-14 00:29 - 000001485 _____ C:\Users\galeo\Desktop\CCleaner 64.lnk
2019-07-06 20:15 - 2019-07-06 20:15 - 000000000 ____D C:\Users\galeo\.QtWebEngineProcess
2019-07-06 20:15 - 2019-07-06 20:15 - 000000000 ____D C:\Users\galeo\.AdvertisingPopup
2019-07-06 15:44 - 2019-07-10 22:09 - 000000000 ____D C:\Program Files (x86)\WinPcap
2019-07-06 15:44 - 2019-07-06 15:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2019-07-06 15:12 - 2019-07-13 01:10 - 000000898 _____ C:\Users\galeo\Desktop\.DESCARGAS DE NUEVO SOFTWARE - Acceso directo.lnk
2019-07-06 15:12 - 2019-07-06 15:12 - 000001053 _____ C:\Users\galeo\Desktop\.DESCARGAS DE NUEVO SOFTWARE - Acceso directo (2).lnk
2019-07-06 07:04 - 2019-07-11 13:38 - 000000000 ____D C:\Users\galeo\AppData\Roaming\vlc
2019-07-06 01:33 - 2019-07-15 04:14 - 000004220 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{ACDC18F7-ACC8-47C1-B362-541960B7E9BC}
2019-07-06 01:32 - 2019-07-06 01:32 - 000000000 ____D C:\Users\galeo\AppData\Local\Engelmann_Software
2019-07-06 01:32 - 2019-07-06 01:32 - 000000000 ____D C:\ProgramData\Engelmann Software
2019-07-05 16:15 - 2019-07-05 16:15 - 000000000 ____D C:\Users\galeo\AppData\Local\ASHelper
2019-07-04 16:15 - 2019-07-04 16:15 - 014816256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 007175168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 006218752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 005500416 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 004578816 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 004481536 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 004348408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 004306432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 003914480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2019-07-04 16:15 - 2019-07-04 16:15 - 003748864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 003525592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 003487232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 003243080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 002956984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 002876416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 002771008 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 002697728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 002561536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 002494232 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 002490712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 002398208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 002306048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 002258336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 002235936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 002216448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 002190648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 002072152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 001866064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 001856000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 001815040 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 001721344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 001690624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 001651848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 001611576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 001555688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 001501496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 001383736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 001375232 _____ (Microsoft Corporation) C:\WINDOWS\system32\APMon.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 001366528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 001345024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 001304888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContentDeliveryManager.Utilities.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 001273176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 001214976 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 001192096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2019-07-04 16:15 - 2019-07-04 16:15 - 001151816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 001124864 _____ (Microsoft Corporation) C:\WINDOWS\system32\CBDHSvc.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 001101312 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 001063944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 001043768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 001012792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 001006592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 001000960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000957240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2019-07-04 16:15 - 2019-07-04 16:15 - 000919040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000912896 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000892696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000875008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000833536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000827192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000816440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000801592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2019-07-04 16:15 - 2019-07-04 16:15 - 000772656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000743424 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000741176 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000739328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2019-07-04 16:15 - 2019-07-04 16:15 - 000700928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000680448 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000674816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2019-07-04 16:15 - 2019-07-04 16:15 - 000673080 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000665912 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000649016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll

2019-07-04 16:15 - 2019-07-04 16:15 - 000645632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000611328 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000602432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscms.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000568336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000531464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000516752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000510768 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2019-07-04 16:15 - 2019-07-04 16:15 - 000509440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2019-07-04 16:15 - 2019-07-04 16:15 - 000494904 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000460288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000455680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2019-07-04 16:15 - 2019-07-04 16:15 - 000443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2019-07-04 16:15 - 2019-07-04 16:15 - 000415544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\DispBroker.Desktop.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000394040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\provplatformdesktop.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000382976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000366184 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000363008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000357376 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2019-07-04 16:15 - 2019-07-04 16:15 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapibase.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000327680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000317952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000307200 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscobj.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000294400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_AnalogShell.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000283136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000267528 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000257848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVFileSystemMetadata.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000257536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\provplatformdesktop.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerCsp.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000231432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2019-07-04 16:15 - 2019-07-04 16:15 - 000231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000228664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamMap.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000211968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFilterHost.exe
2019-07-04 16:15 - 2019-07-04 16:15 - 000202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscobj.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000202552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamingUX.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000187920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ifsutil.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngOnline.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000181560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVDllSurrogate.exe
2019-07-04 16:15 - 2019-07-04 16:15 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000172856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVNice.exe
2019-07-04 16:15 - 2019-07-04 16:15 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000159232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BitLockerCsp.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000149512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ulib.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\appvetwclientres.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleprn.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000114176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2019-07-04 16:15 - 2019-07-04 16:15 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssitlb.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000099712 _____ (Microsoft Corporation) C:\WINDOWS\system32\FsIso.exe
2019-07-04 16:15 - 2019-07-04 16:15 - 000093496 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3api.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3msm.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000084280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-07-04 16:15 - 2019-07-04 16:15 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\efsext.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iemigplugin.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssprxy.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000058825 _____ C:\WINDOWS\system32\srms.dat
2019-07-04 16:15 - 2019-07-04 16:15 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efsext.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeUISrv.exe
2019-07-04 16:15 - 2019-07-04 16:15 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscntrs.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000042296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysResetErr.exe
2019-07-04 16:15 - 2019-07-04 16:15 - 000037904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncAppvPublishingServer.exe
2019-07-04 16:15 - 2019-07-04 16:15 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
2019-07-04 16:15 - 2019-07-04 16:15 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimsg.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimsg.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000022024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScriptRunner.exe
2019-07-04 16:15 - 2019-07-04 16:15 - 000021304 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\appvetwstreamingux.dll
2019-07-04 16:15 - 2019-07-04 16:15 - 000011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.exe
2019-07-04 16:15 - 2019-07-04 16:15 - 000003584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCertResources.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 017786368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 006224296 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 004552336 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2019-07-04 16:14 - 2019-07-04 16:14 - 004470784 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 004008960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Service.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 003590968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-07-04 16:14 - 2019-07-04 16:14 - 003550720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 003327256 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 003263488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 003261440 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 003106304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 002990608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-07-04 16:14 - 2019-07-04 16:14 - 002871824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2019-07-04 16:14 - 2019-07-04 16:14 - 002870784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 002550584 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 002443264 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 002232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 001999440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 001979392 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcDesktopMonSvc.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 001918976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 001856000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConstraintIndex.Search.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 001841152 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 001781248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 001761792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 001743672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 001721144 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 001687552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 001635328 _____ (Microsoft Corporation) C:\WINDOWS\system32\TaskFlowDataEngine.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 001608704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 001437184 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe
2019-07-04 16:14 - 2019-07-04 16:14 - 001393960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 001362432 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 001262864 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 001250432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2019-07-04 16:14 - 2019-07-04 16:14 - 001092096 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 001062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 001042944 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2019-07-04 16:14 - 2019-07-04 16:14 - 001040896 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 000984376 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 000878080 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2019-07-04 16:14 - 2019-07-04 16:14 - 000876856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-07-04 16:14 - 2019-07-04 16:14 - 000862720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 000858112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2019-07-04 16:14 - 2019-07-04 16:14 - 000810512 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 000771584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2019-07-04 16:14 - 2019-07-04 16:14 - 000740664 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 000706544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mscms.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 000702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\agentactivationruntime.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 000680760 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\agentactivationruntimewindows.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 000674072 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2019-07-04 16:14 - 2019-07-04 16:14 - 000644096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 000642008 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 000637968 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-07-04 16:14 - 2019-07-04 16:14 - 000586552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2019-07-04 16:14 - 2019-07-04 16:14 - 000531976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2019-07-04 16:14 - 2019-07-04 16:14 - 000516608 _____ (Microsoft Corporation) C:\WINDOWS\system32\usosvc.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 000513336 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 000511288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 000477496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2019-07-04 16:14 - 2019-07-04 16:14 - 000474112 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 000467456 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2019-07-04 16:14 - 2019-07-04 16:14 - 000464696 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.ConversationalAgent.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 000441144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-07-04 16:14 - 2019-07-04 16:14 - 000435200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 000435000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2019-07-04 16:14 - 2019-07-04 16:14 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2019-07-04 16:14 - 2019-07-04 16:14 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 000390456 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 000388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 000353960 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 000336752 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSrvPolicyManager.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 000324624 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 000309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2019-07-04 16:14 - 2019-07-04 16:14 - 000296976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2019-07-04 16:14 - 2019-07-04 16:14 - 000280576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2019-07-04 16:14 - 2019-07-04 16:14 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3svc.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 000257536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbaudio2.sys
2019-07-04 16:14 - 2019-07-04 16:14 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateDeploymentProvider.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 000242688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2019-07-04 16:14 - 2019-07-04 16:14 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 000214032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ifsutil.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Win32CompatibilityAppraiserCSP.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 000193848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2019-07-04 16:14 - 2019-07-04 16:14 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AarSvc.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 000182072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys
2019-07-04 16:14 - 2019-07-04 16:14 - 000180536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2019-07-04 16:14 - 2019-07-04 16:14 - 000180024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ulib.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 000164152 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2019-07-04 16:14 - 2019-07-04 16:14 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleprn.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 000142544 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingUI.exe
2019-07-04 16:14 - 2019-07-04 16:14 - 000142136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2019-07-04 16:14 - 2019-07-04 16:14 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 000129848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mup.sys
2019-07-04 16:14 - 2019-07-04 16:14 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssitlb.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinAUG.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 000117048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
2019-07-04 16:14 - 2019-07-04 16:14 - 000115120 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe
2019-07-04 16:14 - 2019-07-04 16:14 - 000108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 000103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3msm.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 000102216 _____ (Microsoft Corporation) C:\WINDOWS\system32\changepk.exe
2019-07-04 16:14 - 2019-07-04 16:14 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3api.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 000071720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 000069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\monitor.sys
2019-07-04 16:14 - 2019-07-04 16:14 - 000065064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsManagementServiceWinRt.ProxyStub.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcadm.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2019-07-04 16:14 - 2019-07-04 16:14 - 000047000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2019-07-04 16:14 - 2019-07-04 16:14 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiredNetworkCSP.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpgradeResultsUI.exe
2019-07-04 16:14 - 2019-07-04 16:14 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 000036152 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2019-07-04 16:14 - 2019-07-04 16:14 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\KNetPwrDepBroker.sys
2019-07-04 16:14 - 2019-07-04 16:14 - 000028936 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmbuspipe.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilotdiag.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\bindflt.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaevts.dll
2019-07-04 16:14 - 2019-07-04 16:14 - 000012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\pacjsworker.exe
2019-07-04 16:14 - 2019-07-04 16:14 - 000003584 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCertResources.dll
2019-07-04 16:04 - 2019-07-04 16:04 - 000000000 ____D C:\Program Files (x86)\EdgeDeflector
2019-07-04 15:27 - 2019-07-04 15:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-07-04 15:27 - 2019-06-26 13:00 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-07-04 15:27 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-07-04 12:04 - 2019-07-12 16:42 - 000000000 ____D C:\Users\galeo\AppData\Local\AMSDK
2019-07-04 01:34 - 2019-07-04 01:34 - 000000000 ____D C:\Users\galeo\AppData\Roaming\TransferSupport
2019-07-04 01:34 - 2019-07-04 01:34 - 000000000 ____D C:\Users\galeo\.android
2019-07-03 20:55 - 2019-07-03 20:55 - 000001489 _____ C:\Users\Public\Desktop\iTube Studio.lnk
2019-07-03 20:55 - 2019-07-03 20:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTube Studio
2019-07-03 20:55 - 2019-07-03 20:55 - 000000000 ____D C:\Program Files (x86)\Aimersoft
2019-07-03 19:41 - 2019-07-10 03:58 - 000000000 ____D C:\ProgramData\iTube Studio
2019-07-03 19:41 - 2019-07-10 03:55 - 000000000 ____D C:\Users\galeo\AppData\Roaming\iTube Studio
2019-07-03 19:41 - 2019-07-03 19:42 - 000000000 ____D C:\ProgramData\Aimersoft
2019-07-03 19:41 - 2019-07-03 19:41 - 000000000 ____D C:\Users\galeo\AppData\Local\iTube Studio
2019-07-03 19:41 - 2019-07-03 19:41 - 000000000 ____D C:\Users\galeo\AppData\Local\Aimersoft
2019-07-03 19:40 - 2019-07-03 20:55 - 000000000 ____D C:\Users\Public\Documents\Aimersoft
2019-07-03 18:05 - 2019-07-09 14:28 - 000004584 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2019-07-03 18:05 - 2019-07-09 14:28 - 000004388 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2019-07-03 11:15 - 2005-04-15 19:58 - 001351392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.ocx
2019-07-03 02:21 - 2019-07-03 03:14 - 000000032 _____ C:\WINDOWS\SysWOW64\Eu(13-20190422).OD
2019-07-03 02:21 - 2019-07-03 02:21 - 000000000 ____D C:\ProgramData\EaseUS
2019-07-03 01:35 - 2019-07-03 01:56 - 000000032 _____ C:\WINDOWS\SysWOW64\Eu(13-20181015).OD
2019-07-02 23:57 - 2019-07-14 00:29 - 000000989 _____ C:\Users\galeo\Desktop\Configurar RamDisk.lnk
2019-07-02 23:57 - 2019-07-11 13:38 - 000000000 ____D C:\Users\galeo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ImDisk
2019-07-02 23:57 - 2019-07-11 13:38 - 000000000 ____D C:\Program Files\ImDisk
2019-07-02 23:57 - 2018-11-19 06:55 - 000048704 _____ (Olof Lagerkvist) C:\WINDOWS\system32\Drivers\imdisk.sys
2019-07-02 23:57 - 2018-11-19 06:55 - 000031544 _____ (Olof Lagerkvist) C:\WINDOWS\system32\imdsksvc.exe
2019-07-02 23:57 - 2018-11-19 06:55 - 000021048 _____ (Olof Lagerkvist) C:\WINDOWS\system32\Drivers\awealloc.sys
2019-07-02 15:57 - 2019-07-11 00:35 - 000000000 ____D C:\Users\galeo\AppData\Local\ElevatedDiagnostics
2019-07-01 15:28 - 2019-07-14 00:29 - 000002275 _____ C:\Users\galeo\Desktop\WhatsApp.lnk
2019-07-01 15:28 - 2019-07-08 18:14 - 000000000 ____D C:\Users\galeo\AppData\Local\WhatsApp
2019-07-01 15:28 - 2019-07-01 15:28 - 000000000 ____D C:\Users\galeo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2019-07-01 15:28 - 2019-07-01 15:28 - 000000000 ____D C:\Users\galeo\AppData\Local\SquirrelTemp
2019-07-01 14:59 - 2019-07-09 11:34 - 000000000 ____D C:\Users\galeo\AppData\Roaming\WhatsApp
2019-07-01 02:25 - 2019-07-01 03:01 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2019-06-30 21:33 - 2019-06-30 21:33 - 000302368 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klark.sys
2019-06-30 21:23 - 2019-07-12 16:40 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2019-06-30 21:23 - 2019-06-30 21:39 - 001168000 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2019-06-30 21:23 - 2019-06-30 21:39 - 001093248 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys
2019-06-30 21:23 - 2019-06-30 21:39 - 000236672 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
2019-06-30 21:23 - 2019-06-30 21:39 - 000152288 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\klhkum.dll
2019-06-30 21:23 - 2019-06-30 21:23 - 000245272 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_arkmon.sys
2019-06-30 21:23 - 2019-06-30 21:23 - 000198768 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_mark.sys
2019-06-30 21:23 - 2019-06-30 21:23 - 000116104 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klbg.sys
2019-06-30 21:23 - 2019-06-30 21:23 - 000099152 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_kimul.sys
2019-06-30 21:23 - 2019-06-30 21:23 - 000002219 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2019-06-30 21:23 - 2019-06-30 21:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2019-06-30 21:23 - 2013-05-06 08:13 - 000110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
2019-06-30 20:17 - 2019-07-13 00:41 - 000000000 ___RD C:\Users\galeo\Desktop\Leona
2019-06-30 12:25 - 2019-07-14 20:59 - 000000000 ____D C:\Program Files\CCleaner
2019-06-30 12:25 - 2019-07-14 20:58 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-06-30 12:25 - 2019-07-06 19:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-06-30 10:52 - 2019-06-30 10:54 - 000000000 ____D C:\Users\galeo\AppData\Roaming\Easeware
2019-06-30 10:38 - 2019-07-14 00:07 - 000001089 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2019-06-30 10:38 - 2019-07-14 00:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2019-06-30 10:38 - 2019-06-30 10:38 - 000000000 ____D C:\Program Files\VS Revo Group
2019-06-15 12:40 - 2019-07-14 01:45 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-06-15 12:40 - 2019-06-15 12:40 - 000000000 ____D C:\Program Files\Malwarebytes
2019-06-15 12:21 - 2019-06-30 21:23 - 000000000 ____D C:\Program Files\Common Files\AV
2019-06-15 12:20 - 2019-07-15 04:36 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2019-06-15 12:06 - 2019-06-15 12:06 - 000000000 ____D C:\Users\galeo\AppData\Local\mbamtray
2019-06-15 12:06 - 2019-06-15 12:06 - 000000000 ____D C:\Users\galeo\AppData\Local\mbam
2019-06-15 01:27 - 2019-06-15 01:27 - 000000966 __RSH C:\ProgramData\ntuser.pol
2019-06-15 00:25 - 2019-06-15 00:25 - 000000000 ____D C:\WINDOWS\pss

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-07-15 04:42 - 2019-06-14 13:26 - 000000000 ____D C:\Users\galeo\AppData\Roaming\NetSpeedMonitor
2019-07-15 04:13 - 2019-06-01 07:32 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-07-15 04:11 - 2019-06-01 07:34 - 000790868 _____ C:\WINDOWS\system32\perfh00A.dat
2019-07-15 04:11 - 2019-06-01 07:34 - 000156620 _____ C:\WINDOWS\system32\perfc00A.dat
2019-07-15 04:11 - 2019-06-01 07:30 - 000000000 ____D C:\WINDOWS\INF
2019-07-15 04:11 - 2019-06-01 06:45 - 001776860 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-07-15 04:08 - 2019-06-11 07:14 - 000000000 ____D C:\Users\galeo\AppData\Local\CrashDumps
2019-07-15 04:06 - 2019-06-01 06:39 - 000000000 ____D C:\ProgramData\NVIDIA
2019-07-15 04:06 - 2019-06-01 06:38 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-07-14 22:52 - 2019-06-01 07:27 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-07-14 20:29 - 2019-06-01 07:27 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-07-14 00:29 - 2019-06-04 23:49 - 000001262 _____ C:\Users\galeo\Desktop\AIDA64 Extreme.lnk
2019-07-14 00:29 - 2019-06-03 21:03 - 000001073 _____ C:\Users\galeo\Desktop\Navegador Web Aislado en una Sandbox.lnk
2019-07-14 00:29 - 2019-06-01 15:48 - 000001895 _____ C:\Users\galeo\Desktop\CrystalDiskMark 6.lnk
2019-07-14 00:18 - 2019-06-01 15:27 - 000000000 ____D C:\Users\galeo\AppData\Local\D3DSCache
2019-07-13 18:20 - 2019-06-01 06:52 - 000000000 __SHD C:\Users\galeo\IntelGraphicsProfiles
2019-07-13 17:57 - 2019-06-01 06:38 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-07-13 03:12 - 2019-06-03 21:03 - 000001744 _____ C:\WINDOWS\Sandboxie.ini
2019-07-13 00:33 - 2019-06-03 15:02 - 000287744 ___SH C:\EUMONBMP.SYS
2019-07-13 00:33 - 2019-06-03 15:02 - 000000000 ____D C:\WINDOWS\system32\config\regsave
2019-07-12 21:28 - 2019-06-03 15:58 - 000000000 ____D C:\Program Files\Bandizip
2019-07-12 20:36 - 2019-06-01 07:32 - 000000000 ___HD C:\Program Files\WindowsApps
2019-07-12 20:36 - 2019-06-01 07:32 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-07-12 17:18 - 2019-06-03 14:50 - 000000000 ____D C:\Program Files (x86)\EaseUS
2019-07-12 16:42 - 2019-06-11 02:30 - 000000000 ____D C:\Users\galeo\AppData\Local\Zemana
2019-07-12 16:16 - 2019-06-01 07:27 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-07-12 03:08 - 2019-06-14 11:51 - 000000000 ____D C:\Program Files (x86)\epson
2019-07-12 03:06 - 2019-06-14 11:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2019-07-11 20:55 - 2019-06-14 19:35 - 000002238 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2019-07-11 18:50 - 2019-06-11 08:44 - 000002406 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_ListenToDevice
2019-07-11 18:50 - 2019-06-11 08:44 - 000002362 _____ C:\WINDOWS\System32\Tasks\RTKCPL
2019-07-11 18:47 - 2019-06-04 20:43 - 000003828 _____ C:\WINDOWS\System32\Tasks\Opera scheduled assistant Autoupdate 1559673789
2019-07-11 18:47 - 2019-06-04 20:43 - 000003672 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1559673782
2019-07-11 13:56 - 2019-06-04 22:38 - 000004246 _____ C:\WINDOWS\System32\Tasks\AVG TuneUp Update
2019-07-11 13:38 - 2019-06-01 07:32 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2019-07-11 13:38 - 2019-06-01 07:32 - 000000000 ____D C:\WINDOWS\Containers
2019-07-11 13:38 - 2019-06-01 07:32 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-07-11 13:38 - 2019-06-01 07:32 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2019-07-11 13:38 - 2019-06-01 07:27 - 000000000 ____D C:\WINDOWS\servicing
2019-07-11 13:38 - 2019-06-01 06:52 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-07-11 13:38 - 2019-06-01 06:52 - 000000000 ___RD C:\Users\galeo\3D Objects
2019-07-11 13:37 - 2019-06-01 07:32 - 000000000 ___SD C:\WINDOWS\system32\AppV
2019-07-11 13:37 - 2019-06-01 07:32 - 000000000 ____D C:\WINDOWS\SystemResources
2019-07-11 13:37 - 2019-06-01 07:32 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2019-07-11 13:37 - 2019-06-01 07:32 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-07-11 13:36 - 2019-06-01 07:32 - 000000000 ____D C:\WINDOWS\registration
2019-07-11 03:17 - 2019-06-01 06:48 - 000000000 ____D C:\Users\galeo
2019-07-11 00:47 - 2019-06-01 06:55 - 000000000 ____D C:\Users\galeo\AppData\Local\PlaceholderTileLogoFolder
2019-07-11 00:14 - 2019-06-01 06:52 - 000000000 ____D C:\Users\galeo\AppData\Local\Packages
2019-07-11 00:14 - 2019-06-01 06:52 - 000000000 ____D C:\ProgramData\Packages
2019-07-11 00:03 - 2019-06-04 20:28 - 000003542 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2019-07-10 23:56 - 2019-06-01 09:01 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-07-10 23:54 - 2019-06-01 09:01 - 136618864 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-07-10 23:02 - 2019-06-01 06:57 - 000741432 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2019-07-10 23:02 - 2019-06-01 06:38 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-07-10 02:27 - 2019-06-01 07:32 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-07-09 14:28 - 2019-06-01 07:32 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-07-09 14:28 - 2019-06-01 07:32 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-07-08 13:55 - 2019-06-01 06:52 - 000000000 ____D C:\Users\galeo\AppData\Local\VirtualStore
2019-07-08 12:17 - 2019-06-04 20:27 - 000000000 ____D C:\Users\galeo\AppData\Local\Adobe
2019-07-08 12:17 - 2019-06-01 06:52 - 000000000 ____D C:\Users\galeo\AppData\Roaming\Adobe
2019-07-06 04:00 - 2019-06-01 07:32 - 000000000 ___SD C:\Program Files (x86)\Windows Sidebar
2019-07-05 14:43 - 2019-06-04 20:43 - 000001413 _____ C:\Users\galeo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Navegador Opera.lnk
2019-07-04 16:21 - 2019-06-01 07:32 - 000000000 ____D C:\WINDOWS\system32\migwiz
2019-07-04 16:21 - 2019-06-01 07:32 - 000000000 ____D C:\WINDOWS\system32\appraiser
2019-07-04 16:21 - 2019-06-01 07:32 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-07-04 15:27 - 2019-06-01 07:32 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-07-03 22:27 - 2019-06-01 06:53 - 000000000 ____D C:\Users\galeo\AppData\Local\Comms
2019-07-03 02:05 - 2019-06-03 14:52 - 000000032 _____ C:\WINDOWS\SysWOW64\Eu(12-20190422).OD
2019-06-30 21:39 - 2019-02-19 05:44 - 000184960 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klwtp.sys
2019-06-30 21:39 - 2019-02-19 05:44 - 000125568 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klbackupflt.sys
2019-06-30 21:39 - 2019-02-19 05:44 - 000091472 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\kldisk.sys
2019-06-30 21:39 - 2019-02-19 05:44 - 000075600 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klbackupdisk.sys
2019-06-30 21:39 - 2019-02-19 05:44 - 000046416 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klpnpflt.sys
2019-06-30 21:39 - 2018-02-24 05:17 - 000218240 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\kneps.sys
2019-06-30 21:39 - 2018-02-17 02:50 - 000104576 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klwfp.sys
2019-06-30 21:39 - 2018-02-12 04:17 - 000058704 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klim6.sys
2019-06-30 21:39 - 2018-01-15 05:13 - 000060536 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klkbdflt.sys
2019-06-30 21:39 - 2017-12-11 11:49 - 000060784 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klmouflt.sys
2019-06-30 21:39 - 2017-05-30 18:51 - 000050304 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klpd.sys
2019-06-30 11:20 - 2019-06-01 15:19 - 000001134 _____ C:\WINDOWS\system32\config\VSMIDK
2019-06-30 10:46 - 2019-06-11 02:52 - 000000000 ____D C:\Users\galeo\AppData\Local\Avg
2019-06-30 10:46 - 2019-06-04 22:39 - 000000000 ____D C:\Users\galeo\AppData\Roaming\AVG
2019-06-30 10:46 - 2019-06-04 22:38 - 000000000 ____D C:\ProgramData\AVG
2019-06-30 07:44 - 2019-06-14 19:40 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2019-06-30 07:44 - 2019-06-11 07:20 - 000002534 _____ C:\WINDOWS\System32\Tasks\SamsungMagician
2019-06-28 11:09 - 2019-06-03 14:52 - 000341760 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\WINDOWS\system32\Drivers\EuFdDisk.sys
2019-06-28 11:09 - 2019-06-03 14:52 - 000073448 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\WINDOWS\system32\Drivers\eubakup.sys
2019-06-28 11:09 - 2019-06-03 14:52 - 000053504 _____ C:\WINDOWS\system32\Drivers\EUBKMON.sys
2019-06-28 11:09 - 2019-06-03 14:52 - 000022784 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\WINDOWS\system32\Drivers\eudskacs.sys
2019-06-15 01:23 - 2019-06-01 07:32 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================