Infectado por Malware Adware.MailRu.BatBitRst

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-07-2019 01
Ran by galeo (17-07-2019 01:24:32)
Running from C:\Users\galeo\Desktop
Windows 10 Pro Version 1903 18362.239 (X64) (2019-06-01 04:41:23)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-3519385873-1241429883-2487059262-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3519385873-1241429883-2487059262-503 - Limited - Disabled)
galeo (S-1-5-21-3519385873-1241429883-2487059262-1001 - Administrator - Enabled) => C:\Users\galeo
Invitado (S-1-5-21-3519385873-1241429883-2487059262-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3519385873-1241429883-2487059262-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: Kaspersky Internet Security (Enabled - Up to date) {0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8}
FW: Kaspersky Internet Security (Enabled) {32888857-01C3-7AB6-E095-11CC1854D0A3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.012.20035 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.223 - Adobe)
AIDA64 Extreme v5.99 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 5.99 - FinalWire Ltd.)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.2.2 - ASUS)
ATK Package (ASUS Keyboard Hotkeys) (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0060 - ASUSTeK COMPUTER INC.)
AVG TuneUp (HKLM-x32\...\{949BE04F-D7E8-4C19-9F89-8B304AB4308A}_is1) (Version: 19.1.1158 - AVG Technologies)
Bandizip (HKLM\...\Bandizip) (Version: 6.24 - Bandisoft.com)
CCleaner (HKLM\...\CCleaner) (Version: 5.60 - Piriform)
CrystalDiskMark 6.0.2 (HKLM\...\CrystalDiskMark6_is1) (Version: 6.0.2 - Crystal Dew World)
Desinstalar impresora EPSON SX218 Series (HKLM\...\EPSON SX218 Series) (Version:  - SEIKO EPSON Corporation)
EaseUS Todo Backup Free 11.5 (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 11.5 - CHENGDU YIWO Tech Development Co., Ltd)
EdgeDeflector (HKLM-x32\...\EdgeDeflector) (Version:  - )
GridinSoft Anti-Malware (HKLM\...\GridinSoft Anti-Malware) (Version: 3.0.92 - GridinSoft LLC)
ImDisk Toolkit (HKLM\...\ImDiskApp) (Version: 20190407 - )
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
iTube Studio(Build 7.4.3.1) (HKLM-x32\...\iTube Studio_is1) (Version: 7.4.3.1 - iTube Studio)
Kaspersky Internet Security (HKLM-x32\...\{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab)
Malwarebytes versión 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
NetSpeedMonitor 2.5.4.0 x64 (HKLM\...\{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}) (Version: 2.5.4.0 - Florian Gilles)
OpenOffice 4.1.6 (HKLM-x32\...\{ABA77258-70D6-4A14-9AB7-3FA087C470DB}) (Version: 4.16.9790 - Apache Software Foundation)
Opera Stable 62.0.3331.72 (HKU\S-1-5-21-3519385873-1241429883-2487059262-1001\...\Opera 62.0.3331.72) (Version: 62.0.3331.72 - Opera Software)
Panel de control de NVIDIA 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 391.35 - NVIDIA Corporation) Hidden
RAPID Mode (HKLM\...\{0EBB0FA7-1DBA-4B97-9B44-BD5CC451EEF2}) (Version: 1.0.0.103 - Samsung Electronics Co., Ltd.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0022 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8648 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.1.0 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.1.0 - VS Revo Group, Ltd.)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 5.3.1.2010 - Samsung Electronics)
Sandboxie 5.30 (64-bit) (HKLM\...\Sandboxie) (Version: 5.30 - Sandboxie Holdings, LLC)
USB Charger Plus Service (HKLM-x32\...\{452B3493-18D3-4B36-9F59-78AF7963FFCC}) (Version: 5.0.6 - ASUS)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.7.1 - VideoLAN)
WhatsApp (HKU\S-1-5-21-3519385873-1241429883-2487059262-1001\...\WhatsApp) (Version: 0.3.3793 - WhatsApp)
Win10Pcap (HKLM-x32\...\{B5B58F8A-1984-4F3E-B400-235A6E005002}) (Version: 10.2.5002 - Daiyuu Nobori, University of Tsukuba, Japan)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WizFile v2.06 (HKLM\...\WizFile_is1) (Version: 2.06 - Antibody Software)
WizTree v3.29 (HKLM\...\WizTree_is1) (Version: 3.29 - Antibody Software)

Packages:
=========
Correo y Calendario -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe [2019-07-11] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-07-11] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-07-11] (Microsoft Corporation) [MS Ad]
WhatsApp Desktop -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_0.3.3794.0_x64__cv1g1gvanyjgm [2019-07-11] (WhatsApp Inc.)
WiFi Analyzer -> C:\Program Files\WindowsApps\19965MattHafner.WifiAnalyzer_2.4.1.0_x64__gs5k5vmxr2ste [2019-07-11] (Matt Hafner)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3519385873-1241429883-2487059262-1001_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\Users\galeo\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter.gadget\CoreTempReader.dll (AddGadgets IT -> )
ContextMenuHandlers1: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl64.dll [2019-07-12] (Bandisoft -> Bandisoft.com)
ContextMenuHandlers1: [GridinSoft Anti-Malware] -> {F77F27A6-89F3-471A-AFA8-3B280940A10C} =>  -> No File
ContextMenuHandlers1: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2019-06-30] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers1: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2019-07-01] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers2: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl64.dll [2019-07-12] (Bandisoft -> Bandisoft.com)
ContextMenuHandlers2: [GridinSoft Anti-Malware] -> {F77F27A6-89F3-471A-AFA8-3B280940A10C} =>  -> No File
ContextMenuHandlers2: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2019-06-30] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers2: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2019-07-01] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl64.dll [2019-07-12] (Bandisoft -> Bandisoft.com)
ContextMenuHandlers4: [GridinSoft Anti-Malware] -> {F77F27A6-89F3-471A-AFA8-3B280940A10C} =>  -> No File
ContextMenuHandlers4: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2019-06-30] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers4: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2019-07-01] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers5: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl64.dll [2019-07-12] (Bandisoft -> Bandisoft.com)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2019-05-19] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [GridinSoft Anti-Malware] -> {F77F27A6-89F3-471A-AFA8-3B280940A10C} =>  -> No File
ContextMenuHandlers6: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2019-06-30] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers1_S-1-5-21-3519385873-1241429883-2487059262-1001: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl64.dll [2019-07-12] (Bandisoft -> Bandisoft.com)
ContextMenuHandlers2_S-1-5-21-3519385873-1241429883-2487059262-1001: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl64.dll [2019-07-12] (Bandisoft -> Bandisoft.com)
ContextMenuHandlers4_S-1-5-21-3519385873-1241429883-2487059262-1001: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl64.dll [2019-07-12] (Bandisoft -> Bandisoft.com)
ContextMenuHandlers5_S-1-5-21-3519385873-1241429883-2487059262-1001: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl64.dll [2019-07-12] (Bandisoft -> Bandisoft.com)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2019-06-04 22:38 - 2016-09-12 15:53 - 048936448 _____ () [File not signed] C:\Program Files (x86)\AVG\AVG TuneUp\libcef.dll
2010-04-04 23:08 - 2010-04-04 23:08 - 001253376 _____ (Florian Gilles) [File not signed] C:\Program Files\NetSpeedMonitor\nsm.dll
2017-05-26 19:35 - 2019-07-16 23:00 - 017764816 _____ (Gridinsoft, LLC -> GridinSoft LLC) [File not signed] C:\Program Files\GridinSoft Anti-Malware\gsam.exe
2017-05-17 17:21 - 2017-05-17 17:21 - 001422336 _____ (Igor Pavlov) [File not signed] C:\Program Files\GridinSoft Anti-Malware\7z.dll
2013-11-21 08:31 - 2013-11-21 08:31 - 000499200 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\ISDI2.dll
2013-11-21 08:31 - 2013-11-21 08:31 - 000286720 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\PsiData.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DFServ => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-06-01 07:32 - 2019-07-16 18:12 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1       localhost

2019-06-01 15:22 - 2019-06-04 10:15 - 000000532 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

192.168.71.212 918b143d-0a98-46e8-8c9b-458dfe63240f.mshome.net # 2019 6 2 11 8 15 59 955
192.168.71.209 DESKTOP-VTBCMKI.mshome.net # 2024 6 0 2 8 15 59 955

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3519385873-1241429883-2487059262-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\galeo\AppData\Roaming\Microsoft\Windows Photo Viewer\Papel tapiz de Visualizador de fotos de Windows.jpg
DNS Servers: 80.58.61.250 - 80.58.61.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\StartupFolder: => "Configurar RamDisk.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "RtHDVCpl"
HKLM\...\StartupApproved\Run32: => "Aimersoft Helper Compact.exe"
HKU\S-1-5-21-3519385873-1241429883-2487059262-1001\...\StartupApproved\StartupFolder: => "Sidebar660.lnk"
HKU\S-1-5-21-3519385873-1241429883-2487059262-1001\...\StartupApproved\StartupFolder: => "Sidebar406.lnk"
HKU\S-1-5-21-3519385873-1241429883-2487059262-1001\...\StartupApproved\StartupFolder: => "Sidebar320.lnk"
HKU\S-1-5-21-3519385873-1241429883-2487059262-1001\...\StartupApproved\StartupFolder: => "Sidebar110.lnk"
HKU\S-1-5-21-3519385873-1241429883-2487059262-1001\...\StartupApproved\StartupFolder: => "Sidebar486.lnk"
HKU\S-1-5-21-3519385873-1241429883-2487059262-1001\...\StartupApproved\StartupFolder: => "Sidebar761.lnk"
HKU\S-1-5-21-3519385873-1241429883-2487059262-1001\...\StartupApproved\StartupFolder: => "Sidebar537.lnk"
HKU\S-1-5-21-3519385873-1241429883-2487059262-1001\...\StartupApproved\StartupFolder: => "Sidebar264.lnk"
HKU\S-1-5-21-3519385873-1241429883-2487059262-1001\...\StartupApproved\StartupFolder: => "Sidebar457.lnk"
HKU\S-1-5-21-3519385873-1241429883-2487059262-1001\...\StartupApproved\StartupFolder: => "Sidebar621.lnk"
HKU\S-1-5-21-3519385873-1241429883-2487059262-1001\...\StartupApproved\StartupFolder: => "Sidebar192.lnk"
HKU\S-1-5-21-3519385873-1241429883-2487059262-1001\...\StartupApproved\StartupFolder: => "Sidebar405.lnk"
HKU\S-1-5-21-3519385873-1241429883-2487059262-1001\...\StartupApproved\Run: => "Opera Browser Assistant"
HKU\S-1-5-21-3519385873-1241429883-2487059262-1001\...\StartupApproved\Run: => "Epson Stylus SX218"
HKU\S-1-5-21-3519385873-1241429883-2487059262-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{FBF09C26-4532-4F10-95B4-CA3AD6079757}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
FirewallRules: [{41A40DDF-63BD-4DE4-98AF-BBB20F69A78E}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
FirewallRules: [{3FF19D77-F3B7-484D-969C-4FCA257B4474}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
FirewallRules: [{0206336A-85ED-45EA-B5E7-D82FCBF0C2B5}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
FirewallRules: [{2C6A72A4-BBCD-42A2-88DA-103E6C3822E6}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> )
FirewallRules: [{CE2117CC-C957-454B-B12D-F64FE8BDBE78}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> )
FirewallRules: [{BC06615F-FE7D-4584-A28F-9117B647D962}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> )
FirewallRules: [{F39ABCC4-FEC2-483C-8B85-5E09850F67A1}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> )
FirewallRules: [{A8D99221-EF47-4B27-86FD-F043A8A86CCE}] => (Allow) C:\Users\galeo\AppData\Local\Programs\Opera\62.0.3331.66\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{416703DB-5283-4CDF-B666-0EBD677EBDFC}] => (Allow) C:\Users\galeo\AppData\Local\Programs\Opera\62.0.3331.72\opera.exe (Opera Software AS -> Opera Software)

==================== Restore Points =========================

15-07-2019 20:51:15 Punto de control programado
16-07-2019 23:04:25 Revo Uninstaller's restore point - Cain & Abel 4.9.56
17-07-2019 00:02:01 Revo Uninstaller's restore point - Google Chrome

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/17/2019 12:43:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: MicrosoftEdgeSH.exe, versión: 11.0.18362.1, marca de tiempo: 0x3538007c
Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
Código de excepción: 0xc0000409
Desplazamiento de errores: 0x000000000000008c
Identificador del proceso con errores: 0x26b4
Hora de inicio de la aplicación con errores: 0x01d53c27f0ca0084
Ruta de acceso de la aplicación con errores: C:\WINDOWS\system32\MicrosoftEdgeSH.exe
Ruta de acceso del módulo con errores: unknown
Identificador del informe: 96d2f485-bc92-49e5-a6fd-671789ba4759
Nombre completo del paquete con errores: Microsoft.MicrosoftEdge_44.18362.1.0_neutral__8wekyb3d8bbwe
Identificador de aplicación relativa del paquete con errores: MicrosoftEdge

Error: (07/17/2019 12:17:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: MicrosoftEdgeSH.exe, versión: 11.0.18362.1, marca de tiempo: 0x3538007c
Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
Código de excepción: 0xc0000409
Desplazamiento de errores: 0x000000000000008c
Identificador del proceso con errores: 0x28dc
Hora de inicio de la aplicación con errores: 0x01d53c244328bd87
Ruta de acceso de la aplicación con errores: C:\WINDOWS\system32\MicrosoftEdgeSH.exe
Ruta de acceso del módulo con errores: unknown
Identificador del informe: b12e899b-a4db-4b1e-b9ed-4eef8ae5f3fc
Nombre completo del paquete con errores: Microsoft.MicrosoftEdge_44.18362.1.0_neutral__8wekyb3d8bbwe
Identificador de aplicación relativa del paquete con errores: MicrosoftEdge

Error: (07/17/2019 12:13:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: MicrosoftEdgeSH.exe, versión: 11.0.18362.1, marca de tiempo: 0x3538007c
Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
Código de excepción: 0xc0000409
Desplazamiento de errores: 0x000000000000008c
Identificador del proceso con errores: 0x2a10
Hora de inicio de la aplicación con errores: 0x01d53c23ac8b82b9
Ruta de acceso de la aplicación con errores: C:\WINDOWS\system32\MicrosoftEdgeSH.exe
Ruta de acceso del módulo con errores: unknown
Identificador del informe: df44fa27-2b9d-4180-b70c-b778730b2794
Nombre completo del paquete con errores: Microsoft.MicrosoftEdge_44.18362.1.0_neutral__8wekyb3d8bbwe
Identificador de aplicación relativa del paquete con errores: MicrosoftEdge

Error: (07/17/2019 12:05:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: MicrosoftEdgeSH.exe, versión: 11.0.18362.1, marca de tiempo: 0x3538007c
Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
Código de excepción: 0xc0000409
Desplazamiento de errores: 0x000000000000008c
Identificador del proceso con errores: 0x26d0
Hora de inicio de la aplicación con errores: 0x01d53c2290f5354a
Ruta de acceso de la aplicación con errores: C:\WINDOWS\system32\MicrosoftEdgeSH.exe
Ruta de acceso del módulo con errores: unknown
Identificador del informe: dda89b54-8662-4511-bcdc-a603eda794a1
Nombre completo del paquete con errores: Microsoft.MicrosoftEdge_44.18362.1.0_neutral__8wekyb3d8bbwe
Identificador de aplicación relativa del paquete con errores: MicrosoftEdge

Error: (07/17/2019 12:02:00 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al consultar la interfaz IVssWriterCallback. HR = 0x80070005, Acceso denegado.
.
A menudo ocurre por una configuración de seguridad incorrecta en el proceso de escritura o de solicitud.


Operación:
   Recopilando datos del escritor

Contexto:
   Id. de clase del escritor: {e8132975-6f93-4464-a53e-1050253ae220}
   Nombre del escritor: System Writer
   Id. de instancia del escritor: {e5d0e18e-5017-4109-9560-4b9560d2a703}

Error: (07/16/2019 11:21:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: MicrosoftEdgeSH.exe, versión: 11.0.18362.1, marca de tiempo: 0x3538007c
Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
Código de excepción: 0xc0000409
Desplazamiento de errores: 0x000000000000008c
Identificador del proceso con errores: 0x15c0
Hora de inicio de la aplicación con errores: 0x01d53c1c776b2331
Ruta de acceso de la aplicación con errores: C:\WINDOWS\system32\MicrosoftEdgeSH.exe
Ruta de acceso del módulo con errores: unknown
Identificador del informe: 196357aa-fd2a-480e-b6e6-fac7d118ff81
Nombre completo del paquete con errores: Microsoft.MicrosoftEdge_44.18362.1.0_neutral__8wekyb3d8bbwe
Identificador de aplicación relativa del paquete con errores: MicrosoftEdge

Error: (07/16/2019 11:18:42 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina CoCreateInstance. HR = 0x8007045b, Se está cerrando el sistema.
.

Error: (07/16/2019 11:18:42 PM) (Source: VSS) (EventID: 13) (User: )
Description: Información del Servicio de instantáneas de volumen: el servidor COM con CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} y el nombre CEventSystem no puede iniciarse. [0x8007045b, Se está cerrando el sistema.
]


System errors:
=============
Error: (07/16/2019 07:49:51 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-VTBCMKI)
Description: El servidor {F9717507-6651-4EDB-BFF7-AE615179BCCF} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (07/16/2019 07:49:51 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-VTBCMKI)
Description: El servidor {F9717507-6651-4EDB-BFF7-AE615179BCCF} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (07/16/2019 07:49:51 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-VTBCMKI)
Description: El servidor {F9717507-6651-4EDB-BFF7-AE615179BCCF} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (07/16/2019 07:49:49 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-VTBCMKI)
Description: El servidor Microsoft.Windows.ShellExperienceHost_10.0.18362.145_neutral_neutral_cw5n1h2txyewy!App no se registró con DCOM dentro del tiempo de espera requerido.

Error: (07/16/2019 07:47:34 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-VTBCMKI)
Description: El servidor Microsoft.WindowsStore_11905.1001.4.0_x64__8wekyb3d8bbwe!App no se registró con DCOM dentro del tiempo de espera requerido.

Error: (07/16/2019 07:47:34 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-VTBCMKI)
Description: El servidor {B9B05098-3E30-483F-87F7-027CA78DA287} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (07/16/2019 07:40:17 PM) (Source: DCOM) (EventID: 10000) (User: DESKTOP-VTBCMKI)
Description: No se puede iniciar un servidor DCOM: {0358B920-0AC7-461F-98F4-58E32CD89148}. Error 
"2147942767"
al iniciar este comando:
C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (07/16/2019 06:27:00 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-VTBCMKI)
Description: El servidor Microsoft.WindowsStore_11905.1001.4.0_x64__8wekyb3d8bbwe!App no se registró con DCOM dentro del tiempo de espera requerido.


Windows Defender:
===================================
Date: 2019-07-06 15:36:43.907
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para más información, consulta lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Cain&threatid=2147680436&enterprise=0
Nombre: HackTool:Win32/Cain
Id.: 2147680436
Gravedad: Alta
Categoría: Herramienta
Ruta de acceso: file:_C:\Users\galeo\Desktop\ca_setup.exe
Origen de detección: Equipo local
Tipo de detección: FastPath
Origen de detección: Protección en tiempo real
Usuario: DESKTOP-VTBCMKI\galeo
Nombre de proceso: C:\Windows\System32\svchost.exe
Versión de inteligencia de seguridad: AV: 1.297.537.0, AS: 1.297.537.0, NIS: 1.297.537.0
Versión de motor: AM: 1.1.16100.4, NIS: 1.1.16100.4

Date: 2019-07-06 15:29:08.850
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para más información, consulta lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Cain&threatid=2147680436&enterprise=0
Nombre: HackTool:Win32/Cain
Id.: 2147680436
Gravedad: Alta
Categoría: Herramienta
Ruta de acceso: file:_C:\Users\galeo\Desktop\ca_setup (2)\ca_setup.exe
Origen de detección: Equipo local
Tipo de detección: FastPath
Origen de detección: Protección en tiempo real
Usuario: DESKTOP-VTBCMKI\galeo
Nombre de proceso: C:\Windows\explorer.exe
Versión de inteligencia de seguridad: AV: 1.297.537.0, AS: 1.297.537.0, NIS: 1.297.537.0
Versión de motor: AM: 1.1.16100.4, NIS: 1.1.16100.4

Date: 2019-07-06 15:28:49.425
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para más información, consulta lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Cain&threatid=2147680436&enterprise=0
Nombre: HackTool:Win32/Cain
Id.: 2147680436
Gravedad: Alta
Categoría: Herramienta
Ruta de acceso: file:_C:\Users\galeo\Desktop\ca_setup (2)\ca_setup.exe
Origen de detección: Equipo local
Tipo de detección: FastPath
Origen de detección: Protección en tiempo real
Usuario: DESKTOP-VTBCMKI\galeo
Nombre de proceso: C:\Windows\explorer.exe
Versión de inteligencia de seguridad: AV: 1.297.537.0, AS: 1.297.537.0, NIS: 1.297.537.0
Versión de motor: AM: 1.1.16100.4, NIS: 1.1.16100.4

Date: 2019-07-06 15:28:43.739
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para más información, consulta lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Cain&threatid=2147680436&enterprise=0
Nombre: HackTool:Win32/Cain
Id.: 2147680436
Gravedad: Alta
Categoría: Herramienta
Ruta de acceso: file:_C:\Users\galeo\Desktop\ca_setup (2)\ca_setup.exe
Origen de detección: Equipo local
Tipo de detección: FastPath
Origen de detección: Protección en tiempo real
Usuario: DESKTOP-VTBCMKI\galeo
Nombre de proceso: C:\Program Files\Bandizip\Bandizip.exe
Versión de inteligencia de seguridad: AV: 1.297.537.0, AS: 1.297.537.0, NIS: 1.297.537.0
Versión de motor: AM: 1.1.16100.4, NIS: 1.1.16100.4

Date: 2019-07-06 15:25:25.315
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para más información, consulta lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Cain&threatid=2147680436&enterprise=0
Nombre: HackTool:Win32/Cain
Id.: 2147680436
Gravedad: Alta
Categoría: Herramienta
Ruta de acceso: file:_C:\Sandbox\galeo\DefaultBox\drive\F\Biblioteca\.DESCARGAS DE NUEVO SOFTWARE\CainAbel\ca_setup\ca_setup.exe
Origen de detección: Equipo local
Tipo de detección: FastPath
Origen de detección: Protección en tiempo real
Usuario: DESKTOP-VTBCMKI\galeo
Nombre de proceso: C:\Windows\explorer.exe
Versión de inteligencia de seguridad: AV: 1.297.537.0, AS: 1.297.537.0, NIS: 1.297.537.0
Versión de motor: AM: 1.1.16100.4, NIS: 1.1.16100.4

Date: 2019-06-30 10:48:40.563
Description: 
La característica Protección en tiempo real de Antivirus de Windows Defender encontró un error:
Característica: Supervisión de comportamiento
Código de error: 0x80508023
Descripción del error: El programa no encontró malware ni otro software potencialmente no deseado en este dispositivo. 
Motivo: La inteligencia de seguridad antimalware dejó de funcionar por motivos desconocidos. En algunos casos, reiniciar el servicio puede que resuelva el problema.

Date: 2019-06-29 15:13:55.087
Description: 
Antivirus de Windows Defender detectó un error al intentar actualizar la inteligencia de seguridad.
Nueva versión de inteligencia de seguridad: 
Versión anterior de inteligencia de seguridad: 1.295.783.0
Origen de actualización: Centro de protección contra malware de Microsoft
Tipo de inteligencia de seguridad: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\Servicio de red
Versión actual del motor: 
Versión anterior del motor: 1.1.16000.6
Código de error: 0x80072ee7
Descripción del error: No se pudo resolver el nombre de servidor o su dirección 

Date: 2019-06-29 15:13:55.086
Description: 
Antivirus de Windows Defender detectó un error al intentar actualizar la inteligencia de seguridad.
Nueva versión de inteligencia de seguridad: 
Versión anterior de inteligencia de seguridad: 1.295.783.0
Origen de actualización: Centro de protección contra malware de Microsoft
Tipo de inteligencia de seguridad: AntiSpyware
Tipo de actualización: Completa
Usuario: NT AUTHORITY\Servicio de red
Versión actual del motor: 
Versión anterior del motor: 1.1.16000.6
Código de error: 0x80072ee7
Descripción del error: No se pudo resolver el nombre de servidor o su dirección 

Date: 2019-06-29 15:13:55.086
Description: 
Antivirus de Windows Defender detectó un error al intentar actualizar la inteligencia de seguridad.
Nueva versión de inteligencia de seguridad: 
Versión anterior de inteligencia de seguridad: 1.295.783.0
Origen de actualización: Centro de protección contra malware de Microsoft
Tipo de inteligencia de seguridad: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\Servicio de red
Versión actual del motor: 
Versión anterior del motor: 1.1.16000.6
Código de error: 0x80072ee7
Descripción del error: No se pudo resolver el nombre de servidor o su dirección 

Date: 2019-06-29 15:13:55.069
Description: 
Antivirus de Windows Defender detectó un error al intentar actualizar la inteligencia de seguridad.
Nueva versión de inteligencia de seguridad: 
Versión anterior de inteligencia de seguridad: 1.295.783.0
Origen de actualización: Centro de protección contra malware de Microsoft
Tipo de inteligencia de seguridad: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\Servicio de red
Versión actual del motor: 
Versión anterior del motor: 1.1.16000.6
Código de error: 0x80072ee7
Descripción del error: No se pudo resolver el nombre de servidor o su dirección 

CodeIntegrity:
===================================

Date: 2019-07-17 00:45:42.097
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.

Date: 2019-07-17 00:45:42.067
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.

Date: 2019-07-17 00:45:39.643
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.

Date: 2019-07-17 00:45:39.609
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.

Date: 2019-07-17 00:45:38.663
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.

Date: 2019-07-17 00:45:38.643
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.

Date: 2019-07-17 00:25:02.295
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.

Date: 2019-07-17 00:25:02.276
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.

==================== Memory info =========================== 

BIOS: American Megatrends Inc. K55VD.411 03/11/2013
Motherboard: ASUSTeK COMPUTER INC. K55VD
Processor: Intel(R) Core(TM) i7-3610QM CPU @ 2.30GHz
Percentage of memory in use: 32%
Total physical RAM: 16269.48 MB
Available physical RAM: 10901.87 MB
Total Virtual: 17293.48 MB
Available Virtual: 11885.86 MB

==================== Drives ================================

Drive c: (Win 10 Pro) (Fixed) (Total:70 GB) (Free:46 GB) NTFS
Drive d: (Win 10 Home) (Fixed) (Total:40 GB) (Free:10.53 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (Biblioteca) (Fixed) (Total:127.71 GB) (Free:16.36 GB) NTFS

\\?\Volume{18481848-0000-0000-0000-100000000000}\ () (Fixed) (Total:0.75 GB) (Free:0.74 GB) NTFS
\\?\Volume{76f14a03-842f-11e9-bec9-806e6f6e6963}\ () (CDROM) (Total:0 GB) (Free:0 GB) 

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 238.5 GB) (Disk ID: 18481848)
Partition 1: (Not Active) - (Size=771 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=40 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=70 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=127.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Listo, enviados los informes. Espero salgan bien.

Espero instrucciones…

Hace días me avisó Google y otro proveedor que estaba generando tráfico inusual desde mi red de ordenadores. Me hicieron la prueba del Captcha para ver si era un robot, la rellené y olvidé. Acabo de hacer un NetStat en la consola Cmd para ver el tráfico que pudiera generar y…sorpresa!. Esto es sin ningún navegador abierto.

Y para colmo, recibo un email de Microsoft diciéndome que me cambian las condiciones del contrato con ellos introduciendo dos cosas: Pago por sus servicios y rescisión de los mismos. No dicen que lo vayan a hacer, pero sí que “lo pueden hacer”.

Con lo cual, tiro la toalla. Es demasiado para mí, y no avanzamos yendo tan despacio. Voy a FORMATEAR todo a bajo nivel, y recomenzar.

Hoy han ganado los Virus y el Malware.

Hola, tuve un caso similar. Lo único que funcionó fue eliminando con FRST mi perfil de Chrome, en el cual tenía la sincronización activada. Después de borrar mi perfil de Chrome con FRST ya no volví a tener problemas. Aclaro que no volví a sincronizar con la misma cuenta pues saldría otra vez el malware.

Te recomiendo que No formatees. Espera las instrucciones y se va a solucionar el tema.

Saludos!!!

Hola

Llevas meses con este problema y quieres que lo solucionemos en un día? :thinking: hay que seguir ciertos pasos de desinfección primeramente, llevamos 51 post con este tema, con lo que hemos utilizado no deberíamos tener más de 15, pero te autorrespondes y realizas pasos que no voy indicando.

Por otro lado, somo VOLUNTARIOS, tenemos otras responsabilidades fuera del foro, como trabajo, familia, dormir, etc … etc …

Has formateado o quieres que continuemos.

Un saludo

1 me gusta

2 mensajes han sido separados a un nuevo tema: Infectado por mail.ru

Hola a todos. En estas horas ha pasado de todo, y os cuento. Primero formateé las dos particiones donde tengo los dos Windows 10. Un Pro y un Home. Le hacía falta pues había muchas cosas que, aparte del tema que nos ocupa aquí, funcionaban regular para la potencia de estos sistemas operativos y del portátil, un i7 con 16 Gb de Ram y un disco sólido. Todo debía volar y había muchos atascos. Despué de casi un año con este Malware, imaginaros. Bien, luego reinstalo los dos sistemas y utilizo dos NUEVOS usuarios. No uso el principal. Y genial, aparentemente…SOLUCIONADO. Pero a costa de renunciar y perder mi usuario, con mil cosas. Bueno el que quiera una solución rápida y no le importe perder su usuario, QUE LO CAMBIE Y ASUNTO ARREGLADO. La semilla del Malware, esa que se reproduce cuando limpiamos el PC, se aloja en el USUARIO de Chrome. No en el Pc, ni en la red, ni en el router, etc, etc. Me pongo en contacto con Google, les cuento y un Staff me comenta que se están dando cientos de casos, y me pasa un Script para limpiar las “Chrome Polities”, las Políticas del Navegador. Los hackers las alteran y puede salir por un sinfín de problemas diferentes. Pero no tienen ni idea de lo que está pasando y se les viene encima, ni como solucionarlo efectiva y rápidamente. “Se acaban de dar cuenta”. Bueno, paso el Script e igual porque antes revisé lo que había en mi usuario y todo estaba ok. No pude volver a dar con ninguno mas. Tentando al diablo, en uno de los usuarios nuevos puse mi dirección de email habitual…y me pilló. Me ha localizado a las diez horas y con otro usuario. Es listo el bicho, si. Con lo cual a ver si seguimos tirando del hilo y vemos donde se esconde, que estamos a punto. Pido disculpas a Daniela si le molestaron mis palabras, me refería a que YO voy lento. Es muy muy de agradecer su labor y dedicación. Gracias por su tesón y meticulosidad. Venga, a por los bichos!!. Saludos.

Esta es la dirección para ver las “políticas establecidas” del navegador, por si alguien tiene dudas de si le han inyectado algún “bicho”: Poner en la barra de direcciones de Chrome: chrome://policy/. Y si alguien quiere la herramienta para limpiarlas que me han dado los de Google, ahí va. Como por seguridad no la puedo subir tal cual (es un archivo .bat), la puesto la extensión .txt, así que la renombráis, ejecutáis y límpios seguro. Espero que no haya ninguna objeción con que la suba, creo que es oro y hay que difundirla. Ya me dirás Daniela, ok?

Editado: No están permitidos estos tipos de archivo en este Foro hasta que no sean analizados y/o indicados por los Miembros del Staff.

SanMar.

Hola @Galeon

No, no se puede poner ese tipo de archivos, lo editó y te comentó la compañera @SanMar

Por lo que que comentas ya se resolvió con el archivo .bat, asi que damos el tema por solucionado.

Un saludo

Hola Daniela. Podríamos continuar con mi caso donde lo dejamos?. Pese a todo el trabajo hecho, el malware ha vuelto, ha entrado otra vez en Chrome, y sigue haciendo de las suyas. Mi caso no está arreglado, solo dió una pequeña tregua…

Gracias por estar ahí. Bueno, te cuento como estamos. Partición 2 del SSD con Windows 10 Home instalado, un usuario nuevo de Google/Chrome, correo nuevo, etc. Perfecto. Partición 1 del SSD con Windows 10 Pro, otro usuario (de “galeo” lo pasé a “galeón”), …EL MISMO CORREO, pues mal. Estoy volviendo a hacer la colección de bichos en cuarentena. Pero el PC va bastante mejor al estar renovado. Algo hemos ganado. Y aquí te paso el relevo y me pongo a lo que digas. Un saludo.

Hola @Galeon

Cómo has formateado el equipo espero que lo tengas bastante limpio y no hayas hecho muchas instalaciones.

Quiero que hagas y utilices el equipo exclusivamente solo para las indicaciones que te de, no hagas nada más, si no daremos un paso adelante y cuatro para atrás.

Realiza lo siguiente:

1.- Desincroniza Chrome de todos los dispositivos que tengas con la misma cuenta, móviles, tablet, equipos, diferentes sistemas operativos, etc.

2.- Desinstala Chrome con RevoUninstaller, elige el modo avanzado de desinstalación. Revisa el manual.

3.- Desactiva temporalmente el Antivirus >> Cómo deshabilitar temporalmente su Antivirus

Descarga Farbar Recovery Scan Tool.en el escritorio, seleccionando la versión adecuada para la arquitectura(32 o 64bits) de tu equipo. :arrow_forward: ¿Cómo saber si mi Windows es de 32 o 64 bits.?

  • Ejecuta FRST.exe.
  • En el mensaje de la ventana del Disclaimer, pulsamos Yes
  • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
  • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

Pon los dos reportes generados.

Debes copiarlos y pegarlos con todo su contenido y usaras varios mensajes si recibes un mensaje de error indicando que es muy largo(mas de 50.000 caracteres aprox.).

Un saludo

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-07-2019 01
Ran by Galeón (18-07-2019 21:43:13)
Running from C:\Users\Galeón\Desktop
Windows 10 Pro Version 1903 18362.239 (X64) (2019-07-17 15:31:06)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-3614753453-3577306082-2466023204-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3614753453-3577306082-2466023204-503 - Limited - Disabled)
Galeón (S-1-5-21-3614753453-3577306082-2466023204-1001 - Administrator - Enabled) => C:\Users\Galeón
Invitado (S-1-5-21-3614753453-3577306082-2466023204-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3614753453-3577306082-2466023204-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: Kaspersky Internet Security (Disabled - Up to date) {0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8}
FW: Kaspersky Internet Security (Disabled) {32888857-01C3-7AB6-E095-11CC1854D0A3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AVG TuneUp (HKLM-x32\...\{949BE04F-D7E8-4C19-9F89-8B304AB4308A}_is1) (Version: 19.1.1158 - AVG Technologies)
Bandizip (HKLM\...\Bandizip) (Version: 6.24 - Bandisoft.com)
CCleaner (HKLM\...\CCleaner) (Version:  - )
CrystalDiskMark 6.0.2 (HKLM\...\CrystalDiskMark6_is1) (Version: 6.0.2 - Crystal Dew World)
Driver Easy 5.6.12 (HKLM\...\DriverEasy_is1) (Version: 5.6.12 - Easeware)
EaseUS Todo Backup Home 11.5 Trial (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 11.5 - CHENGDU YIWO Tech Development Co., Ltd)
FolderIco 6.2.1 (HKLM\...\{22C37D82-6137-40BF-8625-7A846ED65F3A}_is1) (Version:  - teorex)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Kaspersky Internet Security (HKLM-x32\...\{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab)
Malwarebytes versión 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
OpenOffice 4.1.6 (HKLM-x32\...\{ABA77258-70D6-4A14-9AB7-3FA087C470DB}) (Version: 4.16.9790 - Apache Software Foundation)
Opera Stable 62.0.3331.72 (HKU\S-1-5-21-3614753453-3577306082-2466023204-1001\...\Opera 62.0.3331.72) (Version: 62.0.3331.72 - Opera Software)
Panel de control de NVIDIA 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 391.35 - NVIDIA Corporation) Hidden
RAPID Mode (HKLM\...\{0EBB0FA7-1DBA-4B97-9B44-BD5CC451EEF2}) (Version: 1.0.0.103 - Samsung Electronics Co., Ltd.) Hidden
Revo Uninstaller 2.0.6 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.6 - VS Revo Group, Ltd.)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 5.3.1.2010 - Samsung Electronics)
WhatsApp (HKU\S-1-5-21-3614753453-3577306082-2466023204-1001\...\WhatsApp) (Version: 0.3.3793 - WhatsApp)

Packages:
=========
Correo y Calendario -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe [2019-07-17] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-07-17] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-07-17] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.6132.0_x64__8wekyb3d8bbwe [2019-07-17] (Microsoft Studios) [MS Ad]
MSN El Tiempo -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.28.10351.0_x64__8wekyb3d8bbwe [2019-07-17] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3614753453-3577306082-2466023204-1001_Classes\CLSID\{5B69A6B4-393B-459C-8EBB-214237A9E7AC}\InprocServer32 -> C:\Program Files\Bandizip\bdzshl64.dll (Bandisoft -> Bandisoft.com)
CustomCLSID: HKU\S-1-5-21-3614753453-3577306082-2466023204-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel(R) pGFX -> Intel Corporation)
ContextMenuHandlers1: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl64.dll [2019-07-18] (Bandisoft -> Bandisoft.com)
ContextMenuHandlers1: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2019-07-17] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers1: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2019-07-01] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers2: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl64.dll [2019-07-18] (Bandisoft -> Bandisoft.com)
ContextMenuHandlers2: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2019-07-17] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers2: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2019-07-01] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl64.dll [2019-07-18] (Bandisoft -> Bandisoft.com)
ContextMenuHandlers4: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2019-07-17] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers4: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2019-07-01] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers5: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl64.dll [2019-07-18] (Bandisoft -> Bandisoft.com)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2019-06-15] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [Folderico] -> {CC0C45C5-EFDE-4B8A-A8B0-9ED733D9E6AC} => C:\Program Files\FolderIco\FolderIco.dll [2019-02-21] (Maxim Gapchenko -> TeoreX)
ContextMenuHandlers6: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2019-07-17] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers1_S-1-5-21-3614753453-3577306082-2466023204-1001: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl64.dll [2019-07-18] (Bandisoft -> Bandisoft.com)
ContextMenuHandlers2_S-1-5-21-3614753453-3577306082-2466023204-1001: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl64.dll [2019-07-18] (Bandisoft -> Bandisoft.com)
ContextMenuHandlers4_S-1-5-21-3614753453-3577306082-2466023204-1001: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl64.dll [2019-07-18] (Bandisoft -> Bandisoft.com)
ContextMenuHandlers5_S-1-5-21-3614753453-3577306082-2466023204-1001: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl64.dll [2019-07-18] (Bandisoft -> Bandisoft.com)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2019-07-17 22:35 - 2016-09-12 15:53 - 048936448 _____ () [File not signed] C:\Program Files (x86)\AVG\AVG TuneUp\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-07-17 18:23 - 2019-07-18 09:47 - 000000988 ____R C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1         app.drivereasy.com
127.0.0.1         cdn.drivereasy.com
149.202.196.40         dow0.drivereasy.com
149.202.196.40         dow1.drivereasy.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3614753453-3577306082-2466023204-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Galeón\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\chica en la playa.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

18-07-2019 10:21:47 RAPID
18-07-2019 16:48:35 JRT Pre-Junkware Removal
18-07-2019 21:32:29 Revo Uninstaller's restore point - Google Chrome

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/18/2019 09:32:29 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al consultar la interfaz IVssWriterCallback. HR = 0x80070005, Acceso denegado.
.
A menudo ocurre por una configuración de seguridad incorrecta en el proceso de escritura o de solicitud.


Operación:
   Recopilando datos del escritor

Contexto:
   Id. de clase del escritor: {e8132975-6f93-4464-a53e-1050253ae220}
   Nombre del escritor: System Writer
   Id. de instancia del escritor: {3c34eb03-8ec0-412b-98fe-d079449988d1}

Error: (07/18/2019 09:29:52 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1020) (User: NT AUTHORITY)
Description: El tamaño del búfer necesario es mayor que el tamaño del búfer que se llevó a la función Collect del archivo DLL del contador extensible "C:\Windows\System32\perfts.dll" del servicio "LSM". El tamaño del búfer indicado era 29232 y el tamaño necesario es 31200.

Error: (07/18/2019 07:23:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: MicrosoftEdgeSH.exe, versión: 11.0.18362.1, marca de tiempo: 0x3538007c
Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
Código de excepción: 0xc0000409
Desplazamiento de errores: 0x000000000000008c
Identificador del proceso con errores: 0x434
Hora de inicio de la aplicación con errores: 0x01d53d8d7a7d15ac
Ruta de acceso de la aplicación con errores: C:\WINDOWS\system32\MicrosoftEdgeSH.exe
Ruta de acceso del módulo con errores: unknown
Identificador del informe: d78cb099-e409-4099-918e-1e32dbef7579
Nombre completo del paquete con errores: Microsoft.MicrosoftEdge_44.18362.1.0_neutral__8wekyb3d8bbwe
Identificador de aplicación relativa del paquete con errores: MicrosoftEdge

Error: (07/18/2019 07:20:27 PM) (Source: VSS) (EventID: 13) (User: )
Description: Información del Servicio de instantáneas de volumen: el servidor COM con CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} y el nombre CEventSystem no puede iniciarse. [0x8007045b, Se está cerrando el sistema.
]

Error: (07/18/2019 04:24:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: MicrosoftEdgeSH.exe, versión: 11.0.18362.1, marca de tiempo: 0x3538007c
Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
Código de excepción: 0xc0000409
Desplazamiento de errores: 0x000000000000008c
Identificador del proceso con errores: 0x284c
Hora de inicio de la aplicación con errores: 0x01d53d747f46eb1a
Ruta de acceso de la aplicación con errores: C:\WINDOWS\system32\MicrosoftEdgeSH.exe
Ruta de acceso del módulo con errores: unknown
Identificador del informe: dd6b1b0f-df2c-4ee1-8999-37bc1a47ec44
Nombre completo del paquete con errores: Microsoft.MicrosoftEdge_44.18362.1.0_neutral__8wekyb3d8bbwe
Identificador de aplicación relativa del paquete con errores: MicrosoftEdge

Error: (07/18/2019 04:23:18 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: El servicio Windows Search se está deteniendo porque hay un problema con el indizador: The catalog is corrupt.

Detalles:
	El catálogo del índice de contenido está dañado.   0xc0041801 (0xc0041801)

Error: (07/18/2019 04:23:18 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: El servicio de búsqueda detectó archivos de datos dañados en el índice {id=4810 - onecoreuap\base\appmodel\search\search\ytrip\tripoli\inverted\decodinglayerpages.h (441)}. Este servicio intentará corregir este problema automáticamente mediante la nueva generación del índice.

Detalles:
	Datos no válidos.   0x8007000d (0x8007000d)

Error: (07/18/2019 04:23:00 PM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhostw (5528,R,98) WebCacheLocal: Error -1811 (0xfffff8ed) al abrir un archivo de registro C:\Users\Galeón\AppData\Local\Microsoft\Windows\WebCache\V010001C.log.


System errors:
=============
Error: (07/18/2019 06:32:45 PM) (Source: DCOM) (EventID: 10000) (User: DESKTOP-BJN8JE1)
Description: No se puede iniciar un servidor DCOM: {0358B920-0AC7-461F-98F4-58E32CD89148}. Error 
"2147942767"
al iniciar este comando:
C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (07/18/2019 06:21:42 PM) (Source: DCOM) (EventID: 10000) (User: DESKTOP-BJN8JE1)
Description: No se puede iniciar un servidor DCOM: {0358B920-0AC7-461F-98F4-58E32CD89148}. Error 
"2147942767"
al iniciar este comando:
C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (07/18/2019 04:48:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio NVIDIA Display Container LS terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 1000 milisegundos: Reiniciar el servicio.

Error: (07/18/2019 11:58:30 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: Se detectó un daño en la estructura del sistema de archivos del volumen E:.

La tabla maestra de archivos (MFT) contiene un registro de archivo dañado. El número de referencia del archivo es 0x1000000000892. El nombre del archivo es "<no se puede determinar el nombre de archivo>".

Error: (07/18/2019 11:58:28 AM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT AUTHORITY)
Description: E:\Device\HarddiskVolume53

Error: (07/18/2019 11:47:08 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: Se detectó un daño en la estructura del sistema de archivos del volumen E:.

La tabla maestra de archivos (MFT) contiene un registro de archivo dañado. El número de referencia del archivo es 0x1000000000892. El nombre del archivo es "<no se puede determinar el nombre de archivo>".

Error: (07/18/2019 11:47:06 AM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT AUTHORITY)
Description: E:\Device\HarddiskVolume53

Error: (07/18/2019 11:42:54 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: Se detectó un daño en la estructura del sistema de archivos del volumen E:.

La tabla maestra de archivos (MFT) contiene un registro de archivo dañado. El número de referencia del archivo es 0x1000000000892. El nombre del archivo es "<no se puede determinar el nombre de archivo>".


Windows Defender:
===================================
Date: 2019-07-17 17:46:44.170
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para más información, consulta lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Cain!rfn&threatid=2147709125&enterprise=0
Nombre: HackTool:Win32/Cain!rfn
Id.: 2147709125
Gravedad: Alta
Categoría: Herramienta
Ruta de acceso: file:_E:\Cain and Abel ca_setup.exe
Origen de detección: Equipo local
Tipo de detección: Concreto
Origen de detección: Protección en tiempo real
Usuario: DESKTOP-BJN8JE1\Galeón
Nombre de proceso: C:\Windows\explorer.exe
Versión de inteligencia de seguridad: AV: 1.285.74.0, AS: 1.285.74.0, NIS: 1.285.74.0
Versión de motor: AM: 1.1.15600.4, NIS: 1.1.15600.4

CodeIntegrity:
===================================

Date: 2019-07-18 21:16:08.463
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.

Date: 2019-07-18 21:16:08.323
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.

Date: 2019-07-18 21:16:08.243
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.

Date: 2019-07-18 21:15:46.729
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.

Date: 2019-07-18 21:15:46.712
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.

Date: 2019-07-18 21:15:46.643
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.

Date: 2019-07-18 21:15:46.621
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.

Date: 2019-07-18 20:15:26.675
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.

==================== Memory info =========================== 

BIOS: American Megatrends Inc. K55VD.411 03/11/2013
Motherboard: ASUSTeK COMPUTER INC. K55VD
Processor: Intel(R) Core(TM) i7-3610QM CPU @ 2.30GHz
Percentage of memory in use: 34%
Total physical RAM: 16269.48 MB
Available physical RAM: 10695.44 MB
Total Virtual: 19213.48 MB
Available Virtual: 13052.87 MB

==================== Drives ================================

Drive c: (Windows 10 Pro) (Fixed) (Total:70 GB) (Free:32.33 GB) NTFS
Drive d: (Windows 10 Home) (Fixed) (Total:40 GB) (Free:16.04 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (Biblioteca) (Fixed) (Total:127.71 GB) (Free:16.38 GB) NTFS

\\?\Volume{629458e4-0000-0000-0000-010000000000}\ (PortableBaseLayer) (Fixed) (Total:8 GB) (Free:7.6 GB) NTFS
\\?\Volume{18481848-0000-0000-0000-100000000000}\ () (Fixed) (Total:0.75 GB) (Free:0.74 GB) NTFS
\\?\Volume{e02e04e6-a8af-11e9-9f37-806e6f6e6963}\ () (CDROM) (Total:0 GB) (Free:0 GB) 

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 238.5 GB) (Disk ID: 18481848)
Partition 1: (Not Active) - (Size=771 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=40 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=70 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=127.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 8 GB) (Disk ID: 629458E4)
Partition 1: (Not Active) - (Size=8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-07-2019 01
Ran by Galeón (administrator) on DESKTOP-BJN8JE1 (ASUSTeK COMPUTER INC. K55VD) (18-07-2019 21:42:11)
Running from C:\Users\Galeón\Desktop
Loaded Profiles: Galeón (Available Profiles: Galeón)
Platform: Windows 10 Pro Version 1903 18362.239 (X64) Language: Español (España, internacional)
Default browser not detected!
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\WindowsApps\microsoft.windows.photos_2019.19051.16210.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() [File not signed] C:\Program Files\WindowsApps\microsoft.yourphone_1.19062.451.0_x64__8wekyb3d8bbwe\YourPhone.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG TuneUp\TuneupSvc.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG TuneUp\TuneupUI.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avpui.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\microsoft.windowsstore_11905.1001.4.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LsaIso.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vmcompute.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Opera Software AS -> Opera Software) C:\Users\Galeón\AppData\Local\Programs\Opera\62.0.3331.72\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Galeón\AppData\Local\Programs\Opera\62.0.3331.72\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Galeón\AppData\Local\Programs\Opera\62.0.3331.72\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Galeón\AppData\Local\Programs\Opera\62.0.3331.72\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Galeón\AppData\Local\Programs\Opera\62.0.3331.72\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Galeón\AppData\Local\Programs\Opera\62.0.3331.72\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Galeón\AppData\Local\Programs\Opera\62.0.3331.72\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Galeón\AppData\Local\Programs\Opera\62.0.3331.72\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Galeón\AppData\Local\Programs\Opera\62.0.3331.72\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Galeón\AppData\Local\Programs\Opera\62.0.3331.72\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Galeón\AppData\Local\Programs\Opera\62.0.3331.72\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Galeón\AppData\Local\Programs\Opera\62.0.3331.72\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Galeón\AppData\Local\Programs\Opera\62.0.3331.72\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Galeón\AppData\Local\Programs\Opera\62.0.3331.72\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Galeón\AppData\Local\Programs\Opera\62.0.3331.72\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Galeón\AppData\Local\Programs\Opera\62.0.3331.72\opera_crashreporter.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Samsung Electronics Co., Ltd. -> Samsung Electronics Co. Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe
(Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe
(Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe
Failed to access process -> vmmem

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [124000 2018-06-20] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-3614753453-3577306082-2466023204-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [23153344 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.142\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVG TuneUp.lnk [2019-07-17]
ShortcutTarget: AVG TuneUp.lnk -> C:\Program Files (x86)\AVG\AVG TuneUp\TuneupUI.exe (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {13DE86F8-3159-440B-AFDA-734F78F6D322} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-07-17] (Google Inc -> Google LLC)
Task: {2CDFD1FC-3865-4DAA-AE6F-EB3FDFF81398} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-07-17] (Google Inc -> Google LLC)
Task: {3205ECCE-3BFF-4D8F-BD4D-C72B2BD77AEA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner64.exe [23153344 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {780F1E11-12EE-4112-A2E6-C6E14A1E8B97} - System32\Tasks\Opera scheduled Autoupdate 1563437851 => C:\Users\Galeón\AppData\Local\Programs\Opera\launcher.exe [1519640 2019-07-11] (Opera Software AS -> Opera Software)
Task: {964F4B48-44CF-4DCC-AA98-E637BB442A6E} - System32\Tasks\Microsoft\Windows\RetailDemo\CleanupOfflineContent => {61f77d5e-afe9-400b-a5e6-e9e80fc8e601} C:\Windows\System32\RDXTaskFactory.dll [415744 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
Task: {9E2486D6-2396-4A59-A241-44088EB1CB69} - System32\Tasks\AVG TuneUp Update => C:\Program Files (x86)\AVG\AVG TuneUp\TUNEUpdate.exe [1706528 2019-07-17] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
Task: {D171218D-C44D-4FDA-B503-02ED4179FF96} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [1146000 2019-03-14] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co. Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 80.58.61.250 80.58.61.254
Tcpip\..\Interfaces\{f6e520cb-4e5b-4da8-a1f1-dfef513259e6}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{f6e520cb-4e5b-4da8-a1f1-dfef513259e6}: [DhcpNameServer] 80.58.61.250 80.58.61.254

Internet Explorer:
==================

FireFox:
========
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi [2019-07-17]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-07-17] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-07-17] (Google Inc -> Google LLC)

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe [619640 2018-02-28] (Kaspersky Lab -> AO Kaspersky Lab)
R2 CleanupPSvc; C:\Program Files (x86)\AVG\AVG TuneUp\TuneupSvc.exe [10300120 2019-07-17] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R2 CmService; C:\WINDOWS\System32\CmService.dll [815632 2019-07-18] (Microsoft Windows -> Microsoft Corporation)
S4 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [40016 2019-07-01] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
S3 gcs; C:\WINDOWS\system32\vmcomputeagent.exe [1381176 2019-07-18] (Microsoft Windows -> Microsoft Corporation)
R3 hns; C:\WINDOWS\System32\HostNetSvc.dll [3380224 2019-07-18] (Microsoft Windows -> Microsoft Corporation)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [316760 2019-06-15] (Intel(R) pGFX -> Intel Corporation)
S3 klvssbridge64_19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\vssbridge64.exe [414352 2019-07-17] (Kaspersky Lab -> AO Kaspersky Lab)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R3 nvagent; C:\WINDOWS\System32\NvAgent.dll [41992 2019-07-18] (Microsoft Windows -> Microsoft Corporation)
R2 SamsungRapidSvc; C:\WINDOWS\System32\RAPID\SamsungRapidSvc.exe [29280 2018-06-20] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5773384 2019-07-09] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 vmcompute; C:\WINDOWS\system32\vmcompute.exe [3488568 2019-07-18] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4098056 2019-03-19] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [113992 2019-03-19] (Microsoft Corporation -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AsusTP; C:\WINDOWS\System32\drivers\AsusTP.sys [110544 2017-12-12] (ASUSTeK Computer Inc. -> ASUS Corporation)
R3 athr; C:\WINDOWS\System32\drivers\athw10x.sys [4321160 2019-07-17] (Qualcomm Atheros -> Qualcomm Atheros Communications, Inc.)
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [243400 2018-01-27] (Kaspersky Lab -> AO Kaspersky Lab)
R0 EUBAKUP; C:\WINDOWS\System32\drivers\eubakup.sys [73448 2018-10-08] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
R0 EUBKMON; C:\WINDOWS\System32\drivers\EUBKMON.sys [53504 2018-10-08] (Microsoft Windows Hardware Compatibility Publisher -> )
R1 EUDSKACS; C:\WINDOWS\system32\drivers\eudskacs.sys [22784 2018-10-08] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
R1 EUFDDISK; C:\WINDOWS\system32\drivers\EuFdDisk.sys [341760 2018-10-08] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsRadioControl.sys [34232 2019-01-16] (ASUSTek Computer Inc. -> ASUS)
R3 hvsocketcontrol; C:\WINDOWS\system32\drivers\hvsocketcontrol.sys [36368 2019-07-18] (Microsoft Windows -> Microsoft Corporation)
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [75600 2019-07-17] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [125568 2019-07-17] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [91472 2019-07-17] (Kaspersky Lab -> AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [29208 2017-03-30] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [236672 2019-07-17] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\System32\drivers\klhk.sys [1093248 2019-07-17] (Kaspersky Lab -> AO Kaspersky Lab)
S3 klids; C:\ProgramData\Kaspersky Lab\AVP19.0.0\Bases\klids.sys [197760 2019-07-18] (Kaspersky Lab -> AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1168000 2019-07-17] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klim6; C:\WINDOWS\system32\DRIVERS\klim6.sys [58704 2019-07-17] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [60536 2019-07-17] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [60784 2019-07-17] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [50304 2019-07-17] (Kaspersky Lab -> AO Kaspersky Lab)
S3 klpnpflt; C:\WINDOWS\system32\DRIVERS\klpnpflt.sys [46416 2019-07-17] (Kaspersky Lab -> AO Kaspersky Lab)
R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [245272 2019-07-17] (Kaspersky Lab -> AO Kaspersky Lab)
S3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [99152 2019-07-17] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [302368 2019-07-17] (Kaspersky Lab -> AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [116104 2019-07-17] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [198768 2019-07-17] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [104576 2019-07-17] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [184960 2019-07-17] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [218240 2019-07-17] (Kaspersky Lab -> AO Kaspersky Lab)
S3 l2bridge; C:\WINDOWS\System32\drivers\l2bridge.sys [58384 2019-07-18] (Microsoft Windows -> Microsoft Corporation)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_disp.inf_amd64_1474122a0ce2f241\nvlddmkm.sys [17544792 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
R0 nvpciflt; C:\WINDOWS\System32\DriverStore\FileRepository\nv_disp.inf_amd64_1474122a0ce2f241\nvpciflt.sys [48480 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1154336 2019-07-17] (Realtek Semiconductor Corp. -> Realtek )
R0 SamsungRapidDiskFltr; C:\WINDOWS\System32\DRIVERS\SamsungRapidDiskFltr.sys [288864 2018-06-28] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\WINDOWS\System32\DRIVERS\SamsungRapidFSFltr.sys [119400 2018-06-28] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 VfpExt; C:\WINDOWS\System32\drivers\vfpext.sys [1409024 2019-07-18] (Microsoft Windows -> Microsoft Corporation)
R0 VMSNPXY; C:\WINDOWS\System32\drivers\VmsProxyHNic.sys [39952 2019-07-18] (Microsoft Windows -> Microsoft Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46472 2019-03-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [333784 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [62432 2019-03-19] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: hns -> C:\Windows\System32\HostNetSvc.dll (Microsoft Corporation)
NETSVC: nvagent -> C:\Windows\System32\NvAgent.dll (Microsoft Corporation)

==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-07-18 21:42 - 2019-07-18 21:42 - 000019006 _____ C:\Users\Galeón\Desktop\FRST.txt
2019-07-18 21:29 - 2019-07-18 21:29 - 000001093 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2019-07-18 21:29 - 2019-07-18 21:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2019-07-18 21:29 - 2019-07-18 21:29 - 000000000 ____D C:\Program Files\VS Revo Group
2019-07-18 21:26 - 2019-07-18 21:26 - 000000102 _____ C:\Users\Galeón\Desktop\Infectado por Malware Adware.MailRu.BatBitRst - Eliminar Malwares - ForoSpyware.url
2019-07-18 21:16 - 2019-07-18 21:16 - 002095104 _____ (Farbar) C:\Users\Galeón\Desktop\FRST64.exe
2019-07-18 19:06 - 2019-07-18 19:12 - 000000000 ___RD C:\Users\Galeón\Desktop\Folderico
2019-07-18 18:59 - 2019-07-18 18:59 - 000000000 ____D C:\ProgramData\Teorex
2019-07-18 18:59 - 2019-07-18 18:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FolderIco
2019-07-18 18:59 - 2019-07-18 18:59 - 000000000 ____D C:\Program Files\FolderIco
2019-07-18 18:57 - 2019-07-18 18:57 - 011145960 _____ (teorex ) C:\Users\Galeón\Downloads\FolderIcoSetup.exe
2019-07-18 17:01 - 2019-07-18 17:01 - 000000000 ____D C:\Users\Galeón\AppData\Local\CrystalDiskMark
2019-07-18 16:22 - 2019-07-18 16:22 - 000295656 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-07-18 16:02 - 2019-07-18 16:02 - 000000255 _____ C:\DelFix.txt
2019-07-18 16:02 - 2019-07-18 16:02 - 000000000 ____D C:\WINDOWS\ERUNT
2019-07-18 15:59 - 2019-07-18 15:59 - 000797760 _____ C:\Users\Galeón\Downloads\delfix.exe
2019-07-18 14:54 - 2019-07-18 14:54 - 000000000 ____D C:\Users\Galeón\Intel
2019-07-18 10:38 - 2019-07-18 10:38 - 000000781 _____ C:\Users\Galeón\Desktop\Descargas - Acceso directo.lnk
2019-07-18 10:37 - 2019-07-18 10:37 - 000004096 ___SH C:\{FEFD8B6B-00C7-4B53-AA90-70C9B82492C1}.CBM
2019-07-18 10:34 - 2019-07-18 10:34 - 000287744 ___SH C:\EUMONBMP.SYS
2019-07-18 10:34 - 2019-07-18 10:34 - 000000000 ____D C:\WINDOWS\system32\config\regsave
2019-07-18 10:32 - 2019-07-18 10:32 - 000000000 ____D C:\Users\Galeón\.QtWebEngineProcess
2019-07-18 10:32 - 2019-07-18 10:32 - 000000000 ____D C:\Users\Galeón\.AdvertisingPopup
2019-07-18 10:22 - 2019-07-18 10:22 - 000000000 ____D C:\WINDOWS\system32\RAPID
2019-07-18 10:22 - 2018-06-28 01:38 - 000288864 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\SamsungRapidDiskFltr.sys
2019-07-18 10:20 - 2019-07-18 10:21 - 000000000 ____D C:\Program Files (x86)\Samsung
2019-07-18 10:20 - 2019-07-18 10:20 - 000003354 _____ C:\WINDOWS\System32\Tasks\SamsungMagician
2019-07-18 10:20 - 2019-07-18 10:20 - 000000000 ____D C:\ProgramData\Samsung
2019-07-18 10:20 - 2019-07-18 10:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Magician
2019-07-18 10:17 - 2019-07-18 10:18 - 000004222 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1563437851
2019-07-18 10:17 - 2019-07-18 10:18 - 000001480 _____ C:\Users\Galeón\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Navegador Opera.lnk
2019-07-18 10:17 - 2019-07-18 10:17 - 000000000 ____D C:\Users\Galeón\AppData\Roaming\Opera Software
2019-07-18 10:17 - 2019-07-18 10:17 - 000000000 ____D C:\Users\Galeón\AppData\Local\Opera Software
2019-07-18 10:15 - 2019-07-18 16:19 - 000000032 _____ C:\WINDOWS\SysWOW64\Eu(12-20190422).OD
2019-07-18 10:15 - 2019-07-18 10:15 - 000000000 ____D C:\ProgramData\SystemAcCrux
2019-07-18 10:14 - 2019-07-18 10:14 - 000001426 _____ C:\Users\Public\Desktop\EaseUS Todo Backup Home 11.5.lnk
2019-07-18 10:14 - 2019-07-18 10:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Todo Backup 11.5
2019-07-18 10:14 - 2018-10-08 17:17 - 000341760 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\WINDOWS\system32\Drivers\EuFdDisk.sys
2019-07-18 10:14 - 2018-10-08 17:17 - 000073448 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\WINDOWS\system32\Drivers\eubakup.sys
2019-07-18 10:14 - 2018-10-08 17:17 - 000053504 _____ C:\WINDOWS\system32\Drivers\EUBKMON.sys
2019-07-18 10:14 - 2018-10-08 17:17 - 000022784 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\WINDOWS\system32\Drivers\eudskacs.sys
2019-07-18 10:13 - 2019-07-18 10:13 - 000000000 ____D C:\Program Files (x86)\EaseUS
2019-07-18 10:13 - 2019-04-22 16:55 - 000026192 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\WINDOWS\system32\fbnative.exe
2019-07-18 09:59 - 2019-07-18 09:59 - 000480176 _____ (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\IntcDAud.sys
2019-07-18 09:56 - 2019-07-18 09:57 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2019-07-18 09:56 - 2019-07-18 09:56 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2019-07-18 09:45 - 2019-07-18 09:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Easy
2019-07-18 09:44 - 2019-07-18 09:44 - 005074168 _____ (Easeware ) C:\Users\Galeón\Downloads\DriverEasy_Setup.exe
2019-07-18 09:43 - 2019-07-18 09:43 - 000000000 ____D C:\Users\Galeón\AppData\Roaming\Easeware
2019-07-18 09:40 - 2019-07-18 09:52 - 000018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2019-07-18 09:40 - 2019-07-18 09:40 - 000063096 _____ (Logitech, Inc.) C:\WINDOWS\system32\LMouFiltCoInst.dll
2019-07-18 09:39 - 2019-07-18 09:40 - 001854072 _____ (Logitech, Inc.) C:\WINDOWS\system32\LkmdfCoInst.dll
2019-07-18 09:39 - 2019-07-18 09:39 - 000086648 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LHidFilt.Sys
2019-07-18 09:39 - 2019-07-18 09:39 - 000069240 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LMouFilt.Sys
2019-07-18 09:39 - 2019-07-18 09:39 - 000048080 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\ICCWDT.sys
2019-07-18 09:35 - 2019-07-18 09:35 - 000632168 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\iaStorA.sys
2019-07-18 09:31 - 2019-07-18 09:45 - 000001026 _____ C:\Users\Public\Desktop\Driver Easy.lnk
2019-07-18 09:31 - 2019-07-18 09:31 - 000000000 ____D C:\Program Files\Easeware
2019-07-18 09:30 - 2019-07-18 09:30 - 000000000 ____D C:\WINDOWS\system32\Drivers\etc\BACKUP
2019-07-18 09:25 - 2019-07-18 09:25 - 000000000 ____D C:\Users\Galeón\AppData\Roaming\Obsidium
2019-07-18 09:09 - 2019-07-18 09:09 - 000000599 _____ C:\Users\Galeón\Downloads\Auto Generated Inline Image 1
2019-07-18 04:36 - 2019-07-18 04:36 - 000002894 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2019-07-18 04:31 - 2019-07-18 04:31 - 000000877 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-07-18 04:31 - 2019-07-18 04:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-07-18 04:31 - 2019-07-18 04:31 - 000000000 ____D C:\Program Files\CCleaner
2019-07-18 04:29 - 2019-07-18 04:29 - 000000000 ____D C:\Users\Galeón\Downloads\CC-PRO-5.60 [MXN9]
2019-07-18 04:24 - 2019-07-18 04:24 - 014701230 _____ C:\Users\Galeón\Downloads\CC-PRO-5.60 [MXN9].rar
2019-07-18 03:52 - 2019-07-18 03:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandizip
2019-07-18 03:52 - 2019-07-18 03:52 - 000000000 ____D C:\Program Files\Bandizip
2019-07-18 03:51 - 2019-07-18 03:51 - 006547368 _____ (Bandisoft) C:\Users\Galeón\Downloads\BANDIZIP-SETUP v6.24.EXE
2019-07-18 03:48 - 2019-07-18 18:35 - 000001899 _____ C:\Users\Galeón\Desktop\CrystalDiskMark 6.lnk
2019-07-18 03:48 - 2019-07-18 03:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskMark6
2019-07-18 03:48 - 2019-07-18 03:48 - 000000000 ____D C:\Program Files\CrystalDiskMark6
2019-07-18 03:25 - 2019-07-18 21:42 - 000000000 ____D C:\FRST
2019-07-18 03:13 - 2019-07-18 15:14 - 000000000 ____D C:\Users\Galeón\AppData\Local\D3DSCache
2019-07-18 02:39 - 2019-07-18 19:20 - 000001134 _____ C:\WINDOWS\system32\config\VSMIDK
2019-07-18 02:39 - 2019-07-18 02:39 - 000000000 ___SD C:\WINDOWS\system32\containers
2019-07-18 01:41 - 2019-07-18 01:41 - 001790024 _____ (Malwarebytes) C:\Users\Galeón\Downloads\JRT.exe
2019-07-18 01:17 - 2019-07-18 01:19 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-07-18 01:17 - 2019-07-18 01:17 - 136618864 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-07-17 22:35 - 2019-07-18 02:17 - 000000000 ____D C:\ProgramData\AVG
2019-07-17 22:35 - 2019-07-18 02:17 - 000000000 ____D C:\Program Files (x86)\AVG
2019-07-17 22:35 - 2019-07-17 22:35 - 000003972 _____ C:\WINDOWS\System32\Tasks\AVG TuneUp Update
2019-07-17 22:35 - 2019-07-17 22:35 - 000001202 _____ C:\Users\Public\Desktop\AVG TuneUp.lnk
2019-07-17 22:35 - 2019-07-17 22:35 - 000000000 ____D C:\Users\Galeón\AppData\Roaming\AVG
2019-07-17 22:35 - 2019-07-17 22:35 - 000000000 ____D C:\Users\Galeón\AppData\Local\CEF
2019-07-17 22:35 - 2019-07-17 22:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Technologies
2019-07-17 22:28 - 2019-07-18 20:33 - 000000000 ____D C:\Users\Galeón\AppData\LocalLow\Mozilla
2019-07-17 22:28 - 2019-07-17 22:28 - 000000927 _____ C:\Users\Galeón\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2019-07-17 22:28 - 2019-07-17 22:28 - 000000879 _____ C:\Users\Galeón\Desktop\Start Tor Browser.lnk
2019-07-17 22:27 - 2019-07-17 22:32 - 000000000 ___RD C:\Users\Galeón\Desktop\Tor Browser
2019-07-17 22:25 - 2019-07-11 03:16 - 057613696 _____ C:\Users\Galeón\torbrowser-install-win64-8.5.4_es-ES.exe
2019-07-17 22:07 - 2019-07-18 18:35 - 000002284 _____ C:\Users\Galeón\Desktop\WhatsApp.lnk
2019-07-17 22:07 - 2019-07-17 22:09 - 000000000 ____D C:\Users\Galeón\AppData\Roaming\WhatsApp
2019-07-17 22:07 - 2019-07-17 22:07 - 000000000 ____D C:\Users\Galeón\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2019-07-17 22:07 - 2019-07-17 22:07 - 000000000 ____D C:\Users\Galeón\AppData\Local\WhatsApp
2019-07-17 22:06 - 2019-07-17 22:07 - 000000000 ____D C:\Users\Galeón\AppData\Local\SquirrelTemp
2019-07-17 21:57 - 2019-07-17 21:57 - 000000000 ____D C:\Users\Galeón\AppData\Roaming\OpenOffice
2019-07-17 21:56 - 2019-07-17 21:56 - 000000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.6
2019-07-17 21:56 - 2019-07-17 21:56 - 000000000 ____D C:\Program Files (x86)\OpenOffice 4
2019-07-17 21:53 - 2019-07-17 21:54 - 130827497 _____ C:\Users\Galeón\Downloads\Apache_OpenOffice_4.1.6_Win_x86_install_es (1).exe
2019-07-17 21:53 - 2019-07-17 21:54 - 012435726 _____ C:\Users\Galeón\Downloads\Apache_OpenOffice_4.1.6_Win_x86_langpack_es.exe
2019-07-17 20:03 - 2019-07-18 21:34 - 000000000 ____D C:\Users\Galeón\AppData\Local\Google
2019-07-17 20:03 - 2019-07-18 21:34 - 000000000 ____D C:\Program Files (x86)\Google
2019-07-17 20:03 - 2019-07-17 20:03 - 000003620 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-07-17 20:03 - 2019-07-17 20:03 - 000003496 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-07-17 18:40 - 2019-07-17 18:40 - 000000000 ____D C:\Users\Galeón\AppData\Local\PeerDistRepub
2019-07-17 18:35 - 2019-07-17 18:35 - 000302368 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klark.sys
2019-07-17 18:33 - 2019-07-17 18:33 - 000245272 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_arkmon.sys
2019-07-17 18:33 - 2019-07-17 18:33 - 000198768 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_mark.sys
2019-07-17 18:33 - 2019-07-17 18:33 - 000116104 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klbg.sys
2019-07-17 18:33 - 2019-07-17 18:33 - 000099152 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_kimul.sys
2019-07-17 18:33 - 2019-07-17 18:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2019-07-17 18:33 - 2019-07-17 18:33 - 000000000 ____D C:\Program Files\Common Files\AV
2019-07-17 18:32 - 2019-07-18 21:32 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2019-07-17 18:32 - 2019-07-17 18:49 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2019-07-17 18:32 - 2019-07-17 18:34 - 001168000 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2019-07-17 18:32 - 2019-07-17 18:34 - 000236672 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
2019-07-17 18:32 - 2013-05-06 08:13 - 000110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
2019-07-17 18:28 - 2019-07-17 18:31 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-07-17 18:28 - 2019-07-17 18:28 - 000000000 ____D C:\Users\Galeón\AppData\Local\mbamtray
2019-07-17 18:28 - 2019-07-17 18:28 - 000000000 ____D C:\Users\Galeón\AppData\Local\mbam
2019-07-17 18:28 - 2019-07-17 18:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-07-17 18:28 - 2019-07-17 18:28 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-07-17 18:28 - 2019-07-17 18:28 - 000000000 ____D C:\Program Files\Malwarebytes
2019-07-17 18:28 - 2019-02-01 11:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-07-17 18:27 - 2019-07-18 01:55 - 000000000 ____D C:\WINDOWS\Panther
2019-07-17 18:26 - 2019-07-17 18:26 - 000000000 ____D C:\ProgramData\SetupTPDriver
2019-07-17 18:25 - 2019-07-18 19:26 - 000753744 _____ C:\WINDOWS\system32\perfh00A.dat
2019-07-17 18:25 - 2019-07-18 19:26 - 000148288 _____ C:\WINDOWS\system32\perfc00A.dat
2019-07-17 18:25 - 2019-07-17 18:25 - 000346834 _____ C:\WINDOWS\system32\perfi00A.dat
2019-07-17 18:25 - 2019-07-17 18:25 - 000043954 _____ C:\WINDOWS\system32\perfd00A.dat
2019-07-17 18:25 - 2019-07-17 18:25 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2019-07-17 18:25 - 2019-07-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2019-07-17 18:25 - 2019-07-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2019-07-17 18:25 - 2019-07-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\sysprep
2019-07-17 18:25 - 2019-07-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2019-07-17 18:25 - 2019-07-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2019-07-17 18:25 - 2019-07-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2019-07-17 18:25 - 2019-07-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\es
2019-07-17 18:25 - 2019-07-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\0409
2019-07-17 18:25 - 2019-07-17 18:25 - 000000000 ____D C:\WINDOWS\system32\winrm
2019-07-17 18:25 - 2019-07-17 18:25 - 000000000 ____D C:\WINDOWS\system32\WCN
2019-07-17 18:25 - 2019-07-17 18:25 - 000000000 ____D C:\WINDOWS\system32\slmgr
2019-07-17 18:25 - 2019-07-17 18:25 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2019-07-17 18:25 - 2019-07-17 18:25 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2019-07-17 18:25 - 2019-07-17 18:25 - 000000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2019-07-17 18:25 - 2019-07-17 18:25 - 000000000 ____D C:\WINDOWS\system32\es
2019-07-17 18:25 - 2019-07-17 18:25 - 000000000 ____D C:\WINDOWS\system32\0409
2019-07-17 18:25 - 2019-07-17 18:25 - 000000000 ____D C:\WINDOWS\Setup
2019-07-17 18:25 - 2019-07-17 18:25 - 000000000 ____D C:\WINDOWS\OCR
2019-07-17 18:25 - 2019-07-17 18:25 - 000000000 ____D C:\WINDOWS\DigitalLocker
2019-07-17 18:25 - 2019-07-17 18:25 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2019-07-17 18:24 - 2019-07-09 03:51 - 000835688 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-07-17 18:24 - 2019-07-09 03:51 - 000179816 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-07-17 18:23 - 2019-07-18 20:13 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-07-17 18:23 - 2019-07-18 19:37 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-07-17 18:23 - 2019-07-18 10:20 - 000000000 ___RD C:\Program Files (x86)
2019-07-17 18:23 - 2019-07-18 03:09 - 000000000 ____D C:\WINDOWS\appcompat
2019-07-17 18:23 - 2019-07-17 21:55 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-07-17 18:23 - 2019-07-17 20:52 - 000000000 ___HD C:\Program Files\WindowsApps
2019-07-17 18:23 - 2019-07-17 18:32 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-07-17 18:23 - 2019-07-17 18:27 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2019-07-17 18:23 - 2019-07-17 18:27 - 000000000 ____D C:\WINDOWS\Containers
2019-07-17 18:23 - 2019-07-17 18:25 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2019-07-17 18:23 - 2019-07-17 18:25 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2019-07-17 18:23 - 2019-07-17 18:25 - 000000000 ___SD C:\WINDOWS\system32\F12
2019-07-17 18:23 - 2019-07-17 18:25 - 000000000 ___SD C:\WINDOWS\system32\dsc
2019-07-17 18:23 - 2019-07-17 18:25 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2019-07-17 18:23 - 2019-07-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2019-07-17 18:23 - 2019-07-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2019-07-17 18:23 - 2019-07-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2019-07-17 18:23 - 2019-07-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2019-07-17 18:23 - 2019-07-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2019-07-17 18:23 - 2019-07-17 18:25 - 000000000 ____D C:\WINDOWS\SystemResources
2019-07-17 18:23 - 2019-07-17 18:25 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2019-07-17 18:23 - 2019-07-17 18:25 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2019-07-17 18:23 - 2019-07-17 18:25 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2019-07-17 18:23 - 2019-07-17 18:25 - 000000000 ____D C:\WINDOWS\system32\setup
2019-07-17 18:23 - 2019-07-17 18:25 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2019-07-17 18:23 - 2019-07-17 18:25 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-07-17 18:23 - 2019-07-17 18:25 - 000000000 ____D C:\WINDOWS\system32\MUI
2019-07-17 18:23 - 2019-07-17 18:25 - 000000000 ____D C:\WINDOWS\system32\migwiz
2019-07-17 18:23 - 2019-07-17 18:25 - 000000000 ____D C:\WINDOWS\system32\Dism
2019-07-17 18:23 - 2019-07-17 18:25 - 000000000 ____D C:\WINDOWS\system32\Com
2019-07-17 18:23 - 2019-07-17 18:25 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2019-07-17 18:23 - 2019-07-17 18:25 - 000000000 ____D C:\WINDOWS\IME
2019-07-17 18:23 - 2019-07-17 18:25 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2019-07-17 18:23 - 2019-07-17 18:25 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2019-07-17 18:23 - 2019-07-17 18:25 - 000000000 ____D C:\Program Files\Windows Defender
2019-07-17 18:23 - 2019-07-17 18:25 - 000000000 ____D C:\Program Files\Common Files\System
2019-07-17 18:23 - 2019-07-17 18:25 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2019-07-17 18:23 - 2019-07-17 18:25 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 __SHD C:\WINDOWS\BitLockerDiscoveryVolumeContents
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 __SHD C:\Program Files\Windows Sidebar
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 __RSD C:\WINDOWS\Media
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 __RHD C:\Users\Public\Libraries
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ___SD C:\WINDOWS\SysWOW64\Nui
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ___SD C:\WINDOWS\system32\UNP
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ___SD C:\WINDOWS\system32\Nui
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ___SD C:\WINDOWS\system32\Configuration
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ___SD C:\WINDOWS\system32\AppV
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ___RD C:\WINDOWS\Offline Web Pages
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ___HD C:\WINDOWS\LanguageOverlayCache
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\Web
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\WaaS
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\Vss
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\tracing
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\TextInput
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\TAPI
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\SysWOW64\SMI
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\SysWOW64\ras
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\SysWOW64\NDF
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\SysWOW64\Msdtc
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\SysWOW64\icsxml
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\SysWOW64\downlevel
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\SystemApps
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\system32\winevt
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\system32\ti-et
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\system32\ta-lk
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\system32\ta-in
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\system32\si-lk
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\system32\ras
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\system32\ProximityToast
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\system32\PointOfService
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\system32\osa-Osge-001
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\system32\my-mm
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\system32\Keywords
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\system32\Ipmi
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\system32\InputMethod
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\system32\IME
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\system32\icsxml
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\system32\ias
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\system32\Hydrogen
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\system32\GroupPolicyUsers
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\system32\GroupPolicy
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\system32\ff-Adlm-SN
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\system32\DriverState
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\system32\Drivers\DriverData
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\system32\downlevel
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\system32\DDFs
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\system32\config\systemprofile
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\system32\config\RegBack
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\system32\config\Journal
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\system32\Bthprops
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\system32\appraiser
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\system32\AppLocker
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\system32\am-et
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\System
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\SKB
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\ShellComponents
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\security
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\schemas
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\SchCache
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\Resources
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\rescache
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\RemotePackages
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\Registration
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\Provisioning
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\PLA
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\Performance
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\ModemLogs
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\L2Schemas
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\InputMethod
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\IdentityCRL
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\Globalization
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\GameBarPresenceWriter
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\DiagTrack
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\Cursors
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\Branding
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\addins
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\ProgramData\WindowsHolographicDevices
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\Program Files\Windows Security
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\Program Files\Windows Portable Devices
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\Program Files\ModifiableWindowsApps
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\Program Files\Common Files\Services
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\Program Files (x86)\Windows NT
2019-07-17 18:23 - 2019-07-17 18:23 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2019-07-17 18:23 - 2019-07-17 18:21 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2019-07-17 18:23 - 2019-07-17 18:21 - 000215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2019-07-17 18:23 - 2019-07-17 18:21 - 000215943 _____ C:\WINDOWS\system32\dssec.dat
2019-07-17 18:23 - 2019-07-17 18:21 - 000207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2019-07-17 18:23 - 2019-07-17 18:21 - 000020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2019-07-17 18:23 - 2019-07-17 18:21 - 000018449 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2019-07-17 18:23 - 2019-07-17 18:21 - 000017635 _____ C:\WINDOWS\system32\Drivers\etc\services
2019-07-17 18:23 - 2019-07-17 18:21 - 000003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2019-07-17 18:23 - 2019-07-17 18:21 - 000003103 _____ C:\WINDOWS\SysWOW64\mmc.exe.config
2019-07-17 18:23 - 2019-07-17 18:21 - 000003103 _____ C:\WINDOWS\system32\mmc.exe.config
2019-07-17 18:23 - 2019-07-17 18:21 - 000001358 _____ C:\WINDOWS\system32\Drivers\etc\protocol
2019-07-17 18:23 - 2019-07-17 18:21 - 000000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2019-07-17 18:23 - 2019-07-17 18:21 - 000000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2019-07-17 18:23 - 2019-07-17 18:21 - 000000741 _____ C:\WINDOWS\system32\NOISE.DAT
2019-07-17 18:23 - 2019-07-17 18:21 - 000000407 _____ C:\WINDOWS\system32\Drivers\etc\networks
2019-07-17 18:23 - 2019-07-17 18:21 - 000000219 _____ C:\WINDOWS\system.ini
2019-07-17 18:23 - 2019-07-17 18:21 - 000000092 _____ C:\WINDOWS\win.ini
2019-07-17 18:23 - 2019-07-17 17:53 - 000000000 ____D C:\ProgramData\USOPrivate
2019-07-17 18:23 - 2019-07-17 17:50 - 000000000 ____D C:\WINDOWS\ServiceState
2019-07-17 18:23 - 2019-07-17 17:38 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2019-07-17 18:23 - 2019-07-17 17:32 - 000000000 ____D C:\WINDOWS\system32\spool
2019-07-17 18:23 - 2019-07-17 17:32 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2019-07-17 18:23 - 2019-07-17 17:30 - 000000000 ____D C:\WINDOWS\CSC
2019-07-17 18:23 - 2019-07-17 17:30 - 000000000 ____D C:\Program Files\Windows NT
2019-07-17 18:23 - 2019-07-17 17:29 - 000000000 ___RD C:\WINDOWS\PrintDialog
2019-07-17 18:23 - 2019-07-17 17:29 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2019-07-17 18:23 - 2019-07-17 17:29 - 000000000 ____D C:\WINDOWS\Help
2019-07-17 18:23 - 2019-07-17 17:28 - 000000000 ____D C:\WINDOWS\system32\config\TxR
2019-07-17 18:23 - 2015-07-30 22:45 - 000069104 _____ (Khronos Group) C:\WINDOWS\SysWOW64\opencl.dll
2019-07-17 18:21 - 2019-07-18 20:13 - 000000000 ____D C:\WINDOWS\INF
2019-07-17 18:18 - 2019-07-18 19:20 - 070516736 _____ C:\WINDOWS\system32\config\SOFTWARE
2019-07-17 18:18 - 2019-07-18 19:20 - 014155776 _____ C:\WINDOWS\system32\config\SYSTEM
2019-07-17 18:18 - 2019-07-18 19:20 - 000524288 _____ C:\WINDOWS\system32\config\DEFAULT
2019-07-17 18:18 - 2019-07-18 19:20 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-07-17 18:18 - 2019-07-18 19:20 - 000131072 _____ C:\WINDOWS\system32\config\SAM
2019-07-17 18:18 - 2019-07-18 19:20 - 000065536 _____ C:\WINDOWS\system32\config\SECURITY
2019-07-17 18:18 - 2019-07-18 02:39 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-07-17 18:18 - 2019-07-18 01:17 - 000000000 ____D C:\WINDOWS\servicing
2019-07-17 18:18 - 2019-07-17 18:33 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-07-17 18:18 - 2019-07-17 18:23 - 000000000 ____D C:\WINDOWS\system32\SMI
2019-07-17 17:52 - 2019-07-17 17:52 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2019-07-17 17:50 - 2019-07-17 18:22 - 000000000 ____D C:\Users\Galeón\AppData\Local\Comms
2019-07-17 17:44 - 2019-07-17 17:44 - 000000000 ____D C:\Users\Galeón\AppData\Local\OneDrive
2019-07-17 17:42 - 2019-07-17 21:13 - 000000000 ____D C:\Users\Galeón\AppData\Local\PlaceholderTileLogoFolder
2019-07-17 17:42 - 2019-07-17 17:49 - 000000000 ___RD C:\Users\Galeón\OneDrive
2019-07-17 17:41 - 2019-07-17 17:41 - 000000000 ___HD C:\Users\Galeón\MicrosoftEdgeBackups
2019-07-17 17:41 - 2019-07-17 17:41 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2019-07-17 17:40 - 2019-07-17 18:26 - 000000000 ____D C:\Users\Galeón\AppData\Local\MicrosoftEdge
2019-07-17 17:39 - 2019-07-18 19:22 - 000000000 __SHD C:\Users\Galeón\IntelGraphicsProfiles
2019-07-17 17:39 - 2019-07-17 20:52 - 000000000 ____D C:\Users\Galeón\AppData\Local\Packages
2019-07-17 17:39 - 2019-07-17 18:51 - 000000000 ____D C:\Users\Galeón\AppData\Local\ConnectedDevicesPlatform
2019-07-17 17:39 - 2019-07-17 18:19 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-07-17 17:39 - 2019-07-17 17:50 - 000000000 ____D C:\ProgramData\Packages
2019-07-17 17:39 - 2019-07-17 17:39 - 000000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-07-17 17:39 - 2019-07-17 17:39 - 000000000 ___RD C:\Users\Galeón\3D Objects
2019-07-17 17:39 - 2019-07-17 17:39 - 000000000 ____D C:\Users\Galeón\AppData\Roaming\Adobe
2019-07-17 17:39 - 2019-07-17 17:39 - 000000000 ____D C:\Users\Galeón\AppData\Local\VirtualStore
2019-07-17 17:39 - 2019-07-17 17:39 - 000000000 ____D C:\Users\Galeón\AppData\Local\Publishers
2019-07-17 17:38 - 2019-07-18 14:54 - 000000000 ____D C:\Users\Galeón
2019-07-17 17:38 - 2019-07-17 17:38 - 000000020 ___SH C:\Users\Galeón\ntuser.ini
2019-07-17 17:38 - 2019-07-17 17:38 - 000000000 _SHDL C:\Users\Galeón\Reciente
2019-07-17 17:38 - 2019-07-17 17:38 - 000000000 _SHDL C:\Users\Galeón\Plantillas
2019-07-17 17:38 - 2019-07-17 17:38 - 000000000 _SHDL C:\Users\Galeón\Mis documentos
2019-07-17 17:38 - 2019-07-17 17:38 - 000000000 _SHDL C:\Users\Galeón\Menú Inicio
2019-07-17 17:38 - 2019-07-17 17:38 - 000000000 _SHDL C:\Users\Galeón\Impresoras
2019-07-17 17:38 - 2019-07-17 17:38 - 000000000 _SHDL C:\Users\Galeón\Entorno de red
2019-07-17 17:38 - 2019-07-17 17:38 - 000000000 _SHDL C:\Users\Galeón\Documents\Mis vídeos
2019-07-17 17:38 - 2019-07-17 17:38 - 000000000 _SHDL C:\Users\Galeón\Documents\Mis imágenes
2019-07-17 17:38 - 2019-07-17 17:38 - 000000000 _SHDL C:\Users\Galeón\Documents\Mi música
2019-07-17 17:38 - 2019-07-17 17:38 - 000000000 _SHDL C:\Users\Galeón\Datos de programa
2019-07-17 17:38 - 2019-07-17 17:38 - 000000000 _SHDL C:\Users\Galeón\Configuración local
2019-07-17 17:38 - 2019-07-17 17:38 - 000000000 _SHDL C:\Users\Galeón\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2019-07-17 17:38 - 2019-07-17 17:38 - 000000000 _SHDL C:\Users\Galeón\AppData\Local\Historial
2019-07-17 17:38 - 2019-07-17 17:38 - 000000000 _SHDL C:\Users\Galeón\AppData\Local\Datos de programa
2019-07-17 17:38 - 2019-07-17 17:38 - 000000000 _SHDL C:\Users\Galeón\AppData\Local\Archivos temporales de Internet
2019-07-17 17:35 - 2019-07-18 19:26 - 001684180 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-07-17 17:32 - 2019-07-17 17:32 - 000000000 ____D C:\ProgramData\USOShared
2019-07-17 17:31 - 2019-07-18 09:58 - 000000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2019-07-17 17:31 - 2019-07-17 17:31 - 000000000 ____D C:\WINDOWS\minidump
2019-07-17 17:30 - 2019-07-17 17:30 - 000000000 _SHDL C:\Users\Public\Documents\Mis vídeos
2019-07-17 17:30 - 2019-07-17 17:30 - 000000000 _SHDL C:\Users\Public\Documents\Mis imágenes
2019-07-17 17:30 - 2019-07-17 17:30 - 000000000 _SHDL C:\Users\Public\Documents\Mi música
2019-07-17 17:30 - 2019-07-17 17:30 - 000000000 _SHDL C:\Users\Default\Reciente
2019-07-17 17:30 - 2019-07-17 17:30 - 000000000 _SHDL C:\Users\Default\Plantillas
2019-07-17 17:30 - 2019-07-17 17:30 - 000000000 _SHDL C:\Users\Default\Mis documentos
2019-07-17 17:30 - 2019-07-17 17:30 - 000000000 _SHDL C:\Users\Default\Menú Inicio
2019-07-17 17:30 - 2019-07-17 17:30 - 000000000 _SHDL C:\Users\Default\Impresoras
2019-07-17 17:30 - 2019-07-17 17:30 - 000000000 _SHDL C:\Users\Default\Entorno de red
2019-07-17 17:30 - 2019-07-17 17:30 - 000000000 _SHDL C:\Users\Default\Documents\Mis vídeos
2019-07-17 17:30 - 2019-07-17 17:30 - 000000000 _SHDL C:\Users\Default\Documents\Mis imágenes
2019-07-17 17:30 - 2019-07-17 17:30 - 000000000 _SHDL C:\Users\Default\Documents\Mi música
2019-07-17 17:30 - 2019-07-17 17:30 - 000000000 _SHDL C:\Users\Default\Datos de programa
2019-07-17 17:30 - 2019-07-17 17:30 - 000000000 _SHDL C:\Users\Default\Configuración local
2019-07-17 17:30 - 2019-07-17 17:30 - 000000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2019-07-17 17:30 - 2019-07-17 17:30 - 000000000 _SHDL C:\Users\Default\AppData\Local\Historial
2019-07-17 17:30 - 2019-07-17 17:30 - 000000000 _SHDL C:\Users\Default\AppData\Local\Datos de programa
2019-07-17 17:30 - 2019-07-17 17:30 - 000000000 _SHDL C:\Users\Default\AppData\Local\Archivos temporales de Internet
2019-07-17 17:30 - 2019-07-17 17:30 - 000000000 _SHDL C:\Users\Default User\Documents\Mis vídeos
2019-07-17 17:30 - 2019-07-17 17:30 - 000000000 _SHDL C:\Users\Default User\Documents\Mis imágenes
2019-07-17 17:30 - 2019-07-17 17:30 - 000000000 _SHDL C:\Users\Default User\Documents\Mi música
2019-07-17 17:30 - 2019-07-17 17:30 - 000000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2019-07-17 17:30 - 2019-07-17 17:30 - 000000000 _SHDL C:\Users\Default User\AppData\Local\Historial
2019-07-17 17:30 - 2019-07-17 17:30 - 000000000 _SHDL C:\Users\Default User\AppData\Local\Datos de programa
2019-07-17 17:30 - 2019-07-17 17:30 - 000000000 _SHDL C:\Users\Default User\AppData\Local\Archivos temporales de Internet
2019-07-17 17:30 - 2019-07-17 17:30 - 000000000 _SHDL C:\Users\Default User
2019-07-17 17:30 - 2019-07-17 17:30 - 000000000 _SHDL C:\Users\All Users
2019-07-17 17:30 - 2019-07-17 17:30 - 000000000 _SHDL C:\ProgramData\Plantillas
2019-07-17 17:30 - 2019-07-17 17:30 - 000000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Programas
2019-07-17 17:30 - 2019-07-17 17:30 - 000000000 _SHDL C:\ProgramData\Menú Inicio
2019-07-17 17:30 - 2019-07-17 17:30 - 000000000 _SHDL C:\ProgramData\Escritorio
2019-07-17 17:30 - 2019-07-17 17:30 - 000000000 _SHDL C:\ProgramData\Documentos
2019-07-17 17:30 - 2019-07-17 17:30 - 000000000 _SHDL C:\ProgramData\Datos de programa
2019-07-17 17:30 - 2019-07-17 17:30 - 000000000 _SHDL C:\Program Files\Archivos comunes
2019-07-17 17:30 - 2019-07-17 17:30 - 000000000 _SHDL C:\Documents and Settings
2019-07-17 17:30 - 2019-07-17 17:30 - 000000000 _SHDL C:\Archivos de programa
2019-07-17 17:30 - 2019-07-09 03:47 - 002874368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2019-07-17 17:29 - 2019-07-17 17:29 - 000000000 ____D C:\Program Files\Intel
2019-07-17 17:29 - 2019-07-17 17:29 - 000000000 ____D C:\Intel
2019-07-17 17:29 - 2019-06-15 04:49 - 000072592 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2019-07-17 17:29 - 2018-03-24 01:02 - 005952392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2019-07-17 17:29 - 2018-03-24 01:02 - 002596320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2019-07-17 17:29 - 2018-03-24 01:02 - 001767824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2019-07-17 17:29 - 2018-03-24 01:02 - 000633224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2019-07-17 17:29 - 2018-03-24 01:02 - 000451040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2019-07-17 17:29 - 2018-03-24 01:02 - 000123840 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2019-07-17 17:29 - 2018-03-24 01:02 - 000083072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2019-07-17 17:29 - 2018-03-21 13:22 - 008114212 _____ C:\WINDOWS\system32\nvcoproc.bin
2019-07-17 17:28 - 2019-07-18 20:56 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-07-17 17:28 - 2019-07-18 19:21 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-07-17 17:28 - 2019-07-18 19:21 - 000000000 ____D C:\ProgramData\NVIDIA
2019-07-17 17:28 - 2019-07-17 17:29 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2019-07-17 17:28 - 2019-07-17 17:28 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-07-17 17:28 - 2019-07-17 17:28 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2019-07-17 17:28 - 2019-07-17 17:28 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2019-07-17 17:28 - 2019-07-17 17:28 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2019-07-17 17:28 - 2018-03-24 01:50 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2019-07-17 16:16 - 2019-07-17 16:16 - 030727676 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2019-07-17 16:16 - 2019-07-17 16:16 - 006849624 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2019-07-17 16:15 - 2019-07-17 16:15 - 009900032 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RsCRIcon.dll
2019-07-17 16:15 - 2019-07-17 16:15 - 004321160 _____ (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\Drivers\athw10x.sys
2019-07-17 16:15 - 2019-07-17 16:15 - 001154336 _____ (Realtek ) C:\WINDOWS\system32\Drivers\rt640x64.sys
2019-07-17 16:15 - 2019-07-17 16:15 - 000348096 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RtsBaStor.sys
2019-07-17 16:15 - 2019-07-17 16:15 - 000059960 _____ C:\WINDOWS\system32\ASGCoInstaller_x64.dll
2019-07-17 16:13 - 2019-07-17 16:13 - 000186424 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\TeeDriverW8x64.sys
2019-07-17 08:44 - 2019-06-18 13:27 - 000048407 _____ C:\WINDOWS\system32\nvinfo.pb
2019-07-17 08:44 - 2019-06-18 13:08 - 004633920 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2019-07-17 08:44 - 2017-12-12 20:33 - 000504328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvstusb.sys
2019-07-17 08:44 - 2017-12-12 20:32 - 001630216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvir3dgenco64.dll
2019-07-09 03:48 - 2019-07-18 02:38 - 003488568 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmcompute.exe
2019-07-09 03:48 - 2019-07-18 02:38 - 003380224 _____ (Microsoft Corporation) C:\WINDOWS\system32\HostNetSvc.dll
2019-07-09 03:48 - 2019-07-18 02:38 - 002426536 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmwp.exe
2019-07-09 03:48 - 2019-07-18 02:38 - 000902456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsSandbox.exe
2019-07-09 03:48 - 2019-07-18 02:38 - 000815632 _____ (Microsoft Corporation) C:\WINDOWS\system32\CmService.dll
2019-07-09 03:48 - 2019-07-18 02:38 - 000676664 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmcompute.dll
2019-07-09 03:48 - 2019-07-18 02:38 - 000457016 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmusrv.dll
2019-07-09 03:48 - 2019-07-18 02:38 - 000292056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationVdev.dll
2019-07-09 03:48 - 2019-07-18 02:38 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\madrid.dll
2019-07-09 03:48 - 2019-07-18 02:38 - 000119096 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdp4vs.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 025902080 ____N (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 025444864 ____N (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 022625280 ____N (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 019849216 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 019811328 ____N (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 018017792 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 014816256 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 009917752 ____N (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-07-09 03:48 - 2019-07-09 03:48 - 008011776 ____N (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 007802224 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 007758336 ____N (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 007636616 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 007242312 ____N (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 007175168 ____N (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 007008768 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 006534712 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 006381568 ____N (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 006218752 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 006068840 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 006036480 ____N (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 005939712 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 005919744 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 005745504 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 005500416 ____N (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 005083352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 005071360 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 005040640 ____N (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 005014016 ____N (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 004863488 ____N (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 004578816 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 004562920 ____N (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-07-09 03:48 - 2019-07-09 03:48 - 004537344 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 004481536 ____N (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 004348408 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 004306432 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 004129416 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 004034048 ____N (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 003914480 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2019-07-09 03:48 - 2019-07-09 03:48 - 003837440 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 003771392 ____N (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 003748864 ____N (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 003734456 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 003654656 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 003635200 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 003550720 ____N (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 003525592 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 003487232 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 003372952 ____N (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 003243080 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 002990608 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-07-09 03:48 - 2019-07-09 03:48 - 002956984 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 002876416 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 002871824 ____N (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2019-07-09 03:48 - 2019-07-09 03:48 - 002798592 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-07-09 03:48 - 2019-07-09 03:48 - 002771008 ____N (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 002763552 ____N (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 002755584 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2019-07-09 03:48 - 2019-07-09 03:48 - 002755584 ____N (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2019-07-09 03:48 - 2019-07-09 03:48 - 002698552 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-07-09 03:48 - 2019-07-09 03:48 - 002697728 ____N (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 002587328 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 002576384 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 002561536 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 002494232 ____N (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 002490712 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 002398208 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 002314440 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 002306048 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 002258336 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 002235936 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 002216448 ____N (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 002190648 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 002081976 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 002072152 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 001999440 ____N (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 001954960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 001940952 ____N (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 001893888 ____N (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 001866064 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 001856000 ____N (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 001856000 ____N (Microsoft Corporation) C:\WINDOWS\system32\ConstraintIndex.Search.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 001847808 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsservices.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 001815040 ____N (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 001754232 ____N (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-07-09 03:48 - 2019-07-09 03:48 - 001721344 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 001721144 ____N (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 001715000 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 001697792 ____N (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 001697280 ____N (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 001690624 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 001657856 ____N (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 001651848 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 001647280 ____N (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 001633648 ____N (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 001611576 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 001608192 ____N (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 001587712 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 001562640 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 001555688 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 001539584 ____N (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 001535288 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 001515008 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaclient.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 001510960 ____N (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 001509936 ____N (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-07-09 03:48 - 2019-07-09 03:48 - 001501496 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 001493944 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 001473488 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 001458176 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 001437184 ____N (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe
2019-07-09 03:48 - 2019-07-09 03:48 - 001413632 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 001395600 ____N (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 001393960 ____N (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 001391416 ____N (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-07-09 03:48 - 2019-07-09 03:48 - 001383736 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 001375232 ____N (Microsoft Corporation) C:\WINDOWS\system32\APMon.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 001366528 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 001366128 ____N (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-07-09 03:48 - 2019-07-09 03:48 - 001362432 ____N (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 001356800 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 001345024 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 001321472 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 001319936 ____N (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 001311744 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 001304888 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContentDeliveryManager.Utilities.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 001283384 ____N (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-07-09 03:48 - 2019-07-09 03:48 - 001282560 ____N (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 001273344 ____N (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 001273176 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 001262864 ____N (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 001261568 ____N (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 001260032 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpsharercom.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 001248256 ____N (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2019-07-09 03:48 - 2019-07-09 03:48 - 001244728 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 001214976 ____N (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 001213456 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 001192096 ____N (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2019-07-09 03:48 - 2019-07-09 03:48 - 001182232 ____N (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-07-09 03:48 - 2019-07-09 03:48 - 001151816 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 001124864 ____N (Microsoft Corporation) C:\WINDOWS\system32\CBDHSvc.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 001105776 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 001101312 ____N C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 001098712 ____N (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 001080832 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 001071928 ____N (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-07-09 03:48 - 2019-07-09 03:48 - 001067008 ____N (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 001065984 ____N (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 001063944 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 001062912 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaserver.exe
2019-07-09 03:48 - 2019-07-09 03:48 - 001060352 ____N (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 001043768 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 001039872 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2019-07-09 03:48 - 2019-07-09 03:48 - 001012792 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 001007160 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 001007104 ____N (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 001006592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 001000960 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000986112 ____N (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2019-07-09 03:48 - 2019-07-09 03:48 - 000984376 ____N (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000957240 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000952416 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000950784 ____N (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000947712 ____N (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2019-07-09 03:48 - 2019-07-09 03:48 - 000947200 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000928776 ____N (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2019-07-09 03:48 - 2019-07-09 03:48 - 000923136 ____N (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000919040 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000913408 ____N (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000912896 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000911360 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\MiracastReceiver.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000892696 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000889656 ____N (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000888056 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000882688 ____N (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000879792 ____N (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000875008 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000864768 ____N (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000861696 ____N (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000858112 ____N (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000843776 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000840192 ____N (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000836608 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000833536 ____N (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000830976 ____N (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000829544 ____N (Microsoft Corporation) C:\WINDOWS\system32\BioIso.exe
2019-07-09 03:48 - 2019-07-09 03:48 - 000827192 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000822072 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000821696 ____N (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-07-09 03:48 - 2019-07-09 03:48 - 000818656 ____N (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000816440 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000813568 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000811192 ____N C:\WINDOWS\SysWOW64\locale.nls
2019-07-09 03:48 - 2019-07-09 03:48 - 000811192 ____N C:\WINDOWS\system32\locale.nls
2019-07-09 03:48 - 2019-07-09 03:48 - 000810512 ____N (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000806400 ____N (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000801592 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2019-07-09 03:48 - 2019-07-09 03:48 - 000797112 ____N (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000784896 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000782120 ____N (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-07-09 03:48 - 2019-07-09 03:48 - 000774152 ____N (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-07-09 03:48 - 2019-07-09 03:48 - 000773168 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000772656 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000771584 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2019-07-09 03:48 - 2019-07-09 03:48 - 000769336 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2019-07-09 03:48 - 2019-07-09 03:48 - 000751256 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-07-09 03:48 - 2019-07-09 03:48 - 000744248 ____N (Microsoft Corporation) C:\WINDOWS\system32\WMADMOE.DLL
2019-07-09 03:48 - 2019-07-09 03:48 - 000743424 ____N (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000741176 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000740664 ____N (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000739328 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2019-07-09 03:48 - 2019-07-09 03:48 - 000737552 ____N (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2019-07-09 03:48 - 2019-07-09 03:48 - 000705536 ____N (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000701440 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000700928 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000696320 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000689152 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000684544 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000682744 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOE.DLL
2019-07-09 03:48 - 2019-07-09 03:48 - 000680760 ____N (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000680448 ____N (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000679368 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000678400 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000674816 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2019-07-09 03:48 - 2019-07-09 03:48 - 000674072 ____N (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2019-07-09 03:48 - 2019-07-09 03:48 - 000673152 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-07-09 03:48 - 2019-07-09 03:48 - 000673080 ____N (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000669496 ____N (Microsoft Corporation) C:\WINDOWS\system32\computecore.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000667272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000667136 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000666280 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2019-07-09 03:48 - 2019-07-09 03:48 - 000665912 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000663552 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000649016 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000645632 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000637968 ____N (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000628616 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000621568 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000613904 ____N (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000612352 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000611328 ____N (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000602432 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscms.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000595968 ____N (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000594944 ____N (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-07-09 03:48 - 2019-07-09 03:48 - 000592896 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000588464 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000586552 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2019-07-09 03:48 - 2019-07-09 03:48 - 000578560 ____N (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2019-07-09 03:48 - 2019-07-09 03:48 - 000574976 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_9.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000568336 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000562176 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000551824 ____N (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000537608 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000537088 ____N (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000537088 ____N (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000531968 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000531464 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000530432 ____N (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000529408 ____N (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2019-07-09 03:48 - 2019-07-09 03:48 - 000523912 ____N (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000516752 ____N (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000515896 ____N (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2019-07-09 03:48 - 2019-07-09 03:48 - 000513336 ____N (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000511288 ____N (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000510768 ____N (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2019-07-09 03:48 - 2019-07-09 03:48 - 000509440 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000505856 ____N (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000500224 ____N (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2019-07-09 03:48 - 2019-07-09 03:48 - 000499200 ____N (Microsoft Corporation) C:\WINDOWS\system32\rdpshell.exe
2019-07-09 03:48 - 2019-07-09 03:48 - 000496128 ____N (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000494904 ____N (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000491520 ____N (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000480768 ____N (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000477496 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2019-07-09 03:48 - 2019-07-09 03:48 - 000472576 ____N (Microsoft Corporation) C:\WINDOWS\system32\SharedRealitySvc.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000467968 ____N (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000466624 ____N (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000464696 ____N (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000463272 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000462848 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000462352 ____N (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000460288 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000457016 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2019-07-09 03:48 - 2019-07-09 03:48 - 000456192 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2019-07-09 03:48 - 2019-07-09 03:48 - 000455680 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2019-07-09 03:48 - 2019-07-09 03:48 - 000451896 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2019-07-09 03:48 - 2019-07-09 03:48 - 000450048 ____N (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2019-07-09 03:48 - 2019-07-09 03:48 - 000443904 ____N (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000435200 ____N (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000429568 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000423936 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000422912 ____N (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000422008 ____N (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000420864 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2019-07-09 03:48 - 2019-07-09 03:48 - 000420360 ____N (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000415544 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000415232 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2019-07-09 03:48 - 2019-07-09 03:48 - 000406528 ____N (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000404392 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000401416 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2019-07-09 03:48 - 2019-07-09 03:48 - 000401408 ____N (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000400896 ____N (Microsoft Corporation) C:\WINDOWS\system32\DispBroker.Desktop.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000394040 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000390456 ____N (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000388608 ____N (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000387584 ____N (Microsoft Corporation) C:\WINDOWS\system32\provplatformdesktop.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000386016 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000382976 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000381240 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000379192 ____N (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000376320 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000375808 ____N (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000368128 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskcomp.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000366184 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000363008 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000358944 ____N (Microsoft Corporation) C:\WINDOWS\system32\winsta.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000357376 ____N (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000353960 ____N (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000353280 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000353280 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000350208 ____N (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000344064 ____N (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000342528 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000341504 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000337408 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2019-07-09 03:48 - 2019-07-09 03:48 - 000336928 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000336384 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2019-07-09 03:48 - 2019-07-09 03:48 - 000333824 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapibase.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000327680 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000324624 ____N (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000324608 ____N (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000324096 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2019-07-09 03:48 - 2019-07-09 03:48 - 000323584 ____N (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000321024 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.FileExplorer.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000317952 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000316216 _____ (Microsoft Corporation) C:\WINDOWS\system32\computestorage.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000311296 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2019-07-09 03:48 - 2019-07-09 03:48 - 000309760 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2019-07-09 03:48 - 2019-07-09 03:48 - 000308736 ____N (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000307712 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000307200 ____N (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000300184 ____N (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000299520 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000295424 ____N (Microsoft Corporation) C:\WINDOWS\system32\cscobj.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000294400 ____N (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_AnalogShell.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000284536 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000283136 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000279624 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\winsta.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000278528 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000270336 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000269824 ____N (Microsoft Corporation) C:\WINDOWS\system32\DesktopSwitcherDataModel.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000268216 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000267528 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000261016 ____N (Microsoft Corporation) C:\WINDOWS\system32\ProximityUxHost.exe
2019-07-09 03:48 - 2019-07-09 03:48 - 000257848 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppVFileSystemMetadata.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000257536 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\provplatformdesktop.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000256000 ____N (Microsoft Corporation) C:\WINDOWS\system32\RdpRelayTransport.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000251904 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000248088 ____N (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000246784 ____N (Microsoft Corporation) C:\WINDOWS\system32\BitLockerCsp.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000241152 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000237056 ____N (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000237056 ____N (Microsoft Corporation) C:\WINDOWS\system32\JpnServiceDS.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000233984 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000231432 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2019-07-09 03:48 - 2019-07-09 03:48 - 000231424 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000228664 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamMap.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000227840 ____N (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000227328 ____N (Microsoft Corporation) C:\WINDOWS\system32\schtasks.exe
2019-07-09 03:48 - 2019-07-09 03:48 - 000226816 ____N (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000224768 ____N (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2019-07-09 03:48 - 2019-07-09 03:48 - 000220680 ____N (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2019-07-09 03:48 - 2019-07-09 03:48 - 000218624 ____N (Microsoft Corporation) C:\WINDOWS\system32\wdigest.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000211968 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFilterHost.exe
2019-07-09 03:48 - 2019-07-09 03:48 - 000210440 ____N (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000205112 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winquic.sys
2019-07-09 03:48 - 2019-07-09 03:48 - 000202752 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscobj.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000202552 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamingUX.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000202040 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2019-07-09 03:48 - 2019-07-09 03:48 - 000199176 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2019-07-09 03:48 - 2019-07-09 03:48 - 000197632 ____N (Microsoft Corporation) C:\WINDOWS\system32\Win32CompatibilityAppraiserCSP.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000194176 ____N (Microsoft Corporation) C:\WINDOWS\system32\winquic.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000193800 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000187920 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ifsutil.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000187392 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\schtasks.exe
2019-07-09 03:48 - 2019-07-09 03:48 - 000186880 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2019-07-09 03:48 - 2019-07-09 03:48 - 000183808 ____N (Microsoft Corporation) C:\WINDOWS\system32\ResetEngOnline.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000181560 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppVDllSurrogate.exe
2019-07-09 03:48 - 2019-07-09 03:48 - 000179712 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000179712 ____N (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000179512 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-07-09 03:48 - 2019-07-09 03:48 - 000178192 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2019-07-09 03:48 - 2019-07-09 03:48 - 000177664 ____N (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000175616 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000172856 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppVNice.exe
2019-07-09 03:48 - 2019-07-09 03:48 - 000164152 ____N (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2019-07-09 03:48 - 2019-07-09 03:48 - 000161848 ____N (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000160768 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000159232 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\BitLockerCsp.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000155136 ____N (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000149512 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ulib.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000146744 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2019-07-09 03:48 - 2019-07-09 03:48 - 000142544 ____N (Microsoft Corporation) C:\WINDOWS\system32\LicensingUI.exe
2019-07-09 03:48 - 2019-07-09 03:48 - 000141312 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2019-07-09 03:48 - 2019-07-09 03:48 - 000139776 ____N (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000139472 ____N (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000138752 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000136720 ____N (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-kernel-processor-power-events.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000134760 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000133632 ____N (Microsoft Corporation) C:\WINDOWS\system32\appvetwclientres.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000130560 ____N (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000129848 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mup.sys
2019-07-09 03:48 - 2019-07-09 03:48 - 000129088 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000125952 ____N (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000123912 ____N (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000122368 ____N (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000120352 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000117248 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000116184 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000115200 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleprn.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000115120 ____N (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe
2019-07-09 03:48 - 2019-07-09 03:48 - 000114176 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2019-07-09 03:48 - 2019-07-09 03:48 - 000113664 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Taskbar.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000113152 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssitlb.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000109568 ____N (Microsoft Corporation) C:\WINDOWS\system32\umpoext.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000107008 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\GraphicsCapture.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000105472 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000102216 ____N (Microsoft Corporation) C:\WINDOWS\system32\changepk.exe
2019-07-09 03:48 - 2019-07-09 03:48 - 000099712 ____N (Microsoft Corporation) C:\WINDOWS\system32\FsIso.exe
2019-07-09 03:48 - 2019-07-09 03:48 - 000099328 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mapistub.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000099328 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mapi32.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000098816 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\GameChatTranscription.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000098816 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000093696 ____N (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2019-07-09 03:48 - 2019-07-09 03:48 - 000093496 ____N (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000093312 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys
2019-07-09 03:48 - 2019-07-09 03:48 - 000091136 ____N (Microsoft Corporation) C:\WINDOWS\system32\CompMgmtLauncher.exe
2019-07-09 03:48 - 2019-07-09 03:48 - 000090624 ____N (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000090112 ____N (Microsoft Corporation) C:\WINDOWS\system32\srmlib.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000089544 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000088064 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000087552 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3api.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000087040 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3msm.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000084280 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhvr.sys
2019-07-09 03:48 - 2019-07-09 03:48 - 000084280 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-07-09 03:48 - 2019-07-09 03:48 - 000078848 ____N (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000072704 ____N (Microsoft Corporation) C:\WINDOWS\system32\efsext.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000071720 ____N (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000071168 ____N (Microsoft Corporation) C:\WINDOWS\system32\dwm.exe
2019-07-09 03:48 - 2019-07-09 03:48 - 000070656 ____N (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000070144 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000069120 ____N (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2019-07-09 03:48 - 2019-07-09 03:48 - 000066560 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000066360 ____N (Microsoft Corporation) C:\WINDOWS\system32\cryptdll.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000065536 ____N (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000064512 ____N (Microsoft Corporation) C:\WINDOWS\system32\pcadm.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000064000 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ApiSetHost.AppExecutionAlias.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000063488 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\iemigplugin.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000062976 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaproxystub.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000060928 ____N (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000060416 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssprxy.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000058880 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000058825 ____N C:\WINDOWS\system32\srms.dat
2019-07-09 03:48 - 2019-07-09 03:48 - 000056008 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptdll.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000055296 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\efsext.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000053760 ____N (Microsoft Corporation) C:\WINDOWS\system32\BdeUISrv.exe
2019-07-09 03:48 - 2019-07-09 03:48 - 000051200 ____N (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2019-07-09 03:48 - 2019-07-09 03:48 - 000046080 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscntrs.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000045568 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000044544 ____N (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000043520 ____N (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2019-07-09 03:48 - 2019-07-09 03:48 - 000043008 ____N (Microsoft Corporation) C:\WINDOWS\system32\UpgradeResultsUI.exe
2019-07-09 03:48 - 2019-07-09 03:48 - 000042296 ____N (Microsoft Corporation) C:\WINDOWS\system32\SysResetErr.exe
2019-07-09 03:48 - 2019-07-09 03:48 - 000038912 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000037904 ____N (Microsoft Corporation) C:\WINDOWS\system32\SyncAppvPublishingServer.exe
2019-07-09 03:48 - 2019-07-09 03:48 - 000037888 ____N C:\WINDOWS\system32\usocoreps.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000036152 ____N (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2019-07-09 03:48 - 2019-07-09 03:48 - 000034816 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
2019-07-09 03:48 - 2019-07-09 03:48 - 000033280 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000033280 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2019-07-09 03:48 - 2019-07-09 03:48 - 000033280 ____N (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000026112 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimsg.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000026112 ____N (Microsoft Corporation) C:\WINDOWS\system32\msimsg.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000022024 ____N (Microsoft Corporation) C:\WINDOWS\system32\ScriptRunner.exe
2019-07-09 03:48 - 2019-07-09 03:48 - 000021304 ____N (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000016384 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\fixmapi.exe
2019-07-09 03:48 - 2019-07-09 03:48 - 000014336 ____N (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000013824 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDJPN.DLL
2019-07-09 03:48 - 2019-07-09 03:48 - 000013824 ____N (Microsoft Corporation) C:\WINDOWS\system32\appvetwstreamingux.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000012800 ____N (Microsoft Corporation) C:\WINDOWS\system32\pcaevts.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000012288 ____N (Microsoft Corporation) C:\WINDOWS\system32\pacjsworker.exe
2019-07-09 03:48 - 2019-07-09 03:48 - 000011776 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000011264 ____N (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.exe
2019-07-09 03:48 - 2019-07-09 03:48 - 000008192 ____N (Microsoft Corporation) C:\WINDOWS\system32\msimg32.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000007168 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimg32.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000003584 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCertResources.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000003072 ____N (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000002560 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000002560 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6r.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000002560 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3r.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000002560 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000002560 ____N (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000002560 ____N (Microsoft Corporation) C:\WINDOWS\system32\tier2punctuations.dll
2019-07-09 03:48 - 2019-07-09 03:48 - 000002560 ____N (Microsoft Corporation) C:\WINDOWS\system32\msxml3r.dll
2019-07-09 03:47 - 2019-07-18 02:38 - 000166200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpcivsp.sys
2019-07-09 03:47 - 2019-07-09 03:48 - 000516608 ____N (Microsoft Corporation) C:\WINDOWS\system32\usosvc.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 017786368 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 007887440 ____N (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 007831368 ____N (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 007275008 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 006224296 ____N (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 004552336 ____N (Microsoft Corporation) C:\WINDOWS\explorer.exe
2019-07-09 03:47 - 2019-07-09 03:47 - 004470784 ____N (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 004012032 ____N (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 004008960 ____N (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Service.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 003947520 ____N (Microsoft Corporation) C:\WINDOWS\system32\tellib.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 003725312 ____N (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-07-09 03:47 - 2019-07-09 03:47 - 003698176 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 003590968 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-07-09 03:47 - 2019-07-09 03:47 - 003327256 ____N (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 003263488 ____N (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 003261440 ____N (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 003106304 ____N (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 003084800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 002870784 ____N (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 002725376 ____N (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-07-09 03:47 - 2019-07-09 03:47 - 002656768 ____N (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 002550584 ____N (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 002449456 ____N (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 002443264 ____N (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 002321408 ____N (The ICU Project) C:\WINDOWS\system32\icu.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 002281984 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 002232960 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 002178048 ____N (Microsoft Corporation) C:\WINDOWS\system32\mmgaclient.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 002117160 ____N (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 001979392 ____N (Microsoft Corporation) C:\WINDOWS\system32\WpcDesktopMonSvc.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 001945600 ____N (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 001918976 ____N (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 001884672 ____N (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 001841152 ____N C:\WINDOWS\system32\TextInputMethodFormatter.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 001830416 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 001784832 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 001781248 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 001761792 ____N (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 001745920 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 001743672 ____N (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 001717560 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 001687552 ____N (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 001635328 ____N (Microsoft Corporation) C:\WINDOWS\system32\TaskFlowDataEngine.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 001608704 ____N (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 001553408 ____N (Microsoft Corporation) C:\WINDOWS\system32\mmgaserver.exe
2019-07-09 03:47 - 2019-07-09 03:47 - 001505808 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 001480704 ____N (Microsoft Corporation) C:\WINDOWS\system32\rdpsharercom.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 001422848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2019-07-09 03:47 - 2019-07-09 03:47 - 001413704 ____N (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 001337656 ____N (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 001333248 ____N (Microsoft Corporation) C:\WINDOWS\system32\MiracastReceiver.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 001313792 ____N (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 001282048 ____N (Microsoft Corporation) C:\WINDOWS\system32\tsf3gip.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 001250432 ____N (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2019-07-09 03:47 - 2019-07-09 03:47 - 001159680 ____N (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 001149928 ____N (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-07-09 03:47 - 2019-07-09 03:47 - 001146880 ____N (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 001092096 ____N (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 001068856 ____N (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 001062912 ____N (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 001062912 ____N (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 001042944 ____N (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2019-07-09 03:47 - 2019-07-09 03:47 - 001040896 ____N (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 001010176 ____N (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000939504 ____N (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000916480 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000910272 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000900608 ____N (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000878080 ____N (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2019-07-09 03:47 - 2019-07-09 03:47 - 000876856 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-07-09 03:47 - 2019-07-09 03:47 - 000862720 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000858112 ____N (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2019-07-09 03:47 - 2019-07-09 03:47 - 000824832 ____N (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000817152 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys
2019-07-09 03:47 - 2019-07-09 03:47 - 000804880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2019-07-09 03:47 - 2019-07-09 03:47 - 000765440 ____N (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2019-07-09 03:47 - 2019-07-09 03:47 - 000735232 ____N (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000727040 ____N (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000726328 ____N (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000722072 ____N (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000706544 ____N (Microsoft Corporation) C:\WINDOWS\system32\mscms.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000702464 ____N (Microsoft Corporation) C:\WINDOWS\system32\agentactivationruntime.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000701952 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2019-07-09 03:47 - 2019-07-09 03:47 - 000675328 ____N (Microsoft Corporation) C:\WINDOWS\system32\agentactivationruntimewindows.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000668160 ____N (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000644096 ____N (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000642008 ____N (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000601088 ____N (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000594944 ____N (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_9.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000589592 ____N (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2019-07-09 03:47 - 2019-07-09 03:47 - 000562176 ____N (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000550400 ____N (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2019-07-09 03:47 - 2019-07-09 03:47 - 000539136 ____N (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2019-07-09 03:47 - 2019-07-09 03:47 - 000532992 ____N (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.UserService.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000531976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2019-07-09 03:47 - 2019-07-09 03:47 - 000481592 ____N (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2019-07-09 03:47 - 2019-07-09 03:47 - 000474112 ____N (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000472064 ____N (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000467456 ____N (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2019-07-09 03:47 - 2019-07-09 03:47 - 000461824 ____N (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000456192 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.ConversationalAgent.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000441144 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-07-09 03:47 - 2019-07-09 03:47 - 000435000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2019-07-09 03:47 - 2019-07-09 03:47 - 000427008 ____N (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000425264 ____N (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000420152 ____N (Microsoft Corporation) C:\WINDOWS\system32\wmicmiplugin.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000415800 ____N (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000401408 ____N (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2019-07-09 03:47 - 2019-07-09 03:47 - 000392192 ____N (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000368128 ____N (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000363624 ____N (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000358912 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\MbbCx.sys
2019-07-09 03:47 - 2019-07-09 03:47 - 000344576 ____N (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000339520 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000337408 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000336752 ____N (Microsoft Corporation) C:\WINDOWS\system32\AudioSrvPolicyManager.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000312320 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000301568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000296976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2019-07-09 03:47 - 2019-07-09 03:47 - 000296448 ____N (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000283152 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssecflt.sys
2019-07-09 03:47 - 2019-07-09 03:47 - 000280576 ____N (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000274128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2019-07-09 03:47 - 2019-07-09 03:47 - 000271872 ____N (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2019-07-09 03:47 - 2019-07-09 03:47 - 000268288 ____N (Microsoft Corporation) C:\WINDOWS\system32\dot3svc.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000265216 ____N (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000257536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbaudio2.sys
2019-07-09 03:47 - 2019-07-09 03:47 - 000256000 ____N (Microsoft Corporation) C:\WINDOWS\system32\UpdateDeploymentProvider.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000250880 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2019-07-09 03:47 - 2019-07-09 03:47 - 000242688 ____N (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000240640 ____N (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2019-07-09 03:47 - 2019-07-09 03:47 - 000231936 ____N (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000226816 ____N (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000223248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys
2019-07-09 03:47 - 2019-07-09 03:47 - 000214032 ____N (Microsoft Corporation) C:\WINDOWS\system32\ifsutil.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2019-07-09 03:47 - 2019-07-09 03:47 - 000208184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\processr.sys
2019-07-09 03:47 - 2019-07-09 03:47 - 000204800 ____N (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000201728 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000201256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdppm.sys
2019-07-09 03:47 - 2019-07-09 03:47 - 000199688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdk8.sys
2019-07-09 03:47 - 2019-07-09 03:47 - 000199184 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2019-07-09 03:47 - 2019-07-09 03:47 - 000193848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2019-07-09 03:47 - 2019-07-09 03:47 - 000184320 ____N (Microsoft Corporation) C:\WINDOWS\system32\AarSvc.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000182072 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys
2019-07-09 03:47 - 2019-07-09 03:47 - 000180536 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2019-07-09 03:47 - 2019-07-09 03:47 - 000180024 ____N (Microsoft Corporation) C:\WINDOWS\system32\ulib.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000169472 ____N (Microsoft Corporation) C:\WINDOWS\system32\SpatialAudioLicenseSrv.exe
2019-07-09 03:47 - 2019-07-09 03:47 - 000155136 ____N (Microsoft Corporation) C:\WINDOWS\system32\mmgaproxystub.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000151040 ____N (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000147456 ____N (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000146920 ____N (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000144384 ____N (Microsoft Corporation) C:\WINDOWS\system32\oleprn.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000144384 ____N (Microsoft Corporation) C:\WINDOWS\system32\GraphicsCapture.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000142136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2019-07-09 03:47 - 2019-07-09 03:47 - 000138752 ____N (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000132096 ____N (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2019-07-09 03:47 - 2019-07-09 03:47 - 000129024 ____N (Microsoft Corporation) C:\WINDOWS\system32\GameChatTranscription.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000128512 ____N (Microsoft Corporation) C:\WINDOWS\system32\mssitlb.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000127296 ____N (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000125440 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000122368 ____N (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinAUG.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000120320 ____N (Microsoft Corporation) C:\WINDOWS\system32\mapistub.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000120320 ____N (Microsoft Corporation) C:\WINDOWS\system32\mapi32.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000117048 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
2019-07-09 03:47 - 2019-07-09 03:47 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2019-07-09 03:47 - 2019-07-09 03:47 - 000108032 ____N (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000107520 ____N (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000103936 ____N (Microsoft Corporation) C:\WINDOWS\system32\dot3msm.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2019-07-09 03:47 - 2019-07-09 03:47 - 000092160 ____N (Microsoft Corporation) C:\WINDOWS\system32\dot3api.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000088560 ____N (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000087040 ____N (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000087040 ____N (Microsoft Corporation) C:\WINDOWS\system32\ApiSetHost.AppExecutionAlias.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000077824 ____N (Microsoft Corporation) C:\WINDOWS\system32\CustomInstallExec.exe
2019-07-09 03:47 - 2019-07-09 03:47 - 000076288 ____N (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000070656 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\monitor.sys
2019-07-09 03:47 - 2019-07-09 03:47 - 000065064 ____N (Microsoft Corporation) C:\WINDOWS\system32\WindowsManagementServiceWinRt.ProxyStub.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000060416 ____N (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000057856 ____N (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000057344 ____N (Microsoft Corporation) C:\WINDOWS\system32\audioresourceregistrar.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000055608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2019-07-09 03:47 - 2019-07-09 03:47 - 000047000 ____N (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2019-07-09 03:47 - 2019-07-09 03:47 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2019-07-09 03:47 - 2019-07-09 03:47 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys
2019-07-09 03:47 - 2019-07-09 03:47 - 000043008 ____N (Microsoft Corporation) C:\WINDOWS\system32\WiredNetworkCSP.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000041472 ____N (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000041472 ____N (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000040960 ____N (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000036864 ____N (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthMini.SYS
2019-07-09 03:47 - 2019-07-09 03:47 - 000031232 ____N (Microsoft Corporation) C:\WINDOWS\system32\FaxPrinterInstaller.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000030720 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\KNetPwrDepBroker.sys
2019-07-09 03:47 - 2019-07-09 03:47 - 000028936 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmbuspipe.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000025088 ____N (Microsoft Corporation) C:\WINDOWS\system32\autopilotdiag.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000023040 ____N (Microsoft Corporation) C:\WINDOWS\system32\wci.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000021504 ____N (Microsoft Corporation) C:\WINDOWS\system32\fixmapi.exe
2019-07-09 03:47 - 2019-07-09 03:47 - 000017920 ____N (Microsoft Corporation) C:\WINDOWS\system32\bindflt.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000016896 ____N (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000003584 ____N (Microsoft Corporation) C:\WINDOWS\system32\TpmCertResources.dll
2019-07-09 03:47 - 2019-07-09 03:47 - 000002560 ____N (Microsoft Corporation) C:\WINDOWS\system32\msxml6r.dll
2019-06-18 13:41 - 2019-06-18 13:41 - 013571520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2019-06-18 13:40 - 2019-06-18 13:40 - 011132384 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2019-06-18 13:39 - 2019-06-18 13:39 - 019855144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2019-06-18 13:38 - 2019-06-18 13:38 - 016496776 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2019-06-18 13:27 - 2019-06-18 13:27 - 001985112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6439135.dll
2019-06-18 13:27 - 2019-06-18 13:27 - 001683712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6439135.dll
2019-06-18 13:27 - 2019-06-18 13:27 - 001153744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2019-06-18 13:27 - 2019-06-18 13:27 - 000902096 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2019-06-18 13:19 - 2019-06-18 13:19 - 004318112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2019-06-18 13:18 - 2019-06-18 13:18 - 012967056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2019-06-18 13:18 - 2019-06-18 13:18 - 003719096 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2019-06-18 13:17 - 2019-06-18 13:17 - 011001504 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2019-06-18 13:16 - 2019-06-18 13:16 - 040278608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2019-06-18 13:12 - 2019-06-18 13:12 - 035188992 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2019-06-18 13:07 - 2019-06-18 13:07 - 003939624 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2019-06-18 13:05 - 2019-06-18 13:05 - 001138720 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2019-06-18 13:05 - 2019-06-18 13:05 - 001065888 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2019-06-18 13:05 - 2019-06-18 13:05 - 000998424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2019-06-18 13:05 - 2019-06-18 13:05 - 000950016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2019-06-18 12:42 - 2019-06-18 12:42 - 002495744 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiVAD64.exe
2019-06-18 12:42 - 2019-06-18 12:42 - 000872320 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiWinNextAgent64.dll
2019-06-18 12:42 - 2019-06-18 12:42 - 000431960 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiUMS64.exe
2019-06-18 12:42 - 2019-06-18 12:42 - 000357760 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiSilenceFilter64.dll
2019-06-18 12:41 - 2019-06-18 12:41 - 004024192 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiAAC64.dll
2019-06-18 12:41 - 2019-06-18 12:41 - 000659328 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiAudioFilter64.dll
2019-06-18 12:41 - 2019-06-18 12:41 - 000616832 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiMux64.dll
2019-06-18 12:41 - 2019-06-18 12:41 - 000223616 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiUtils64.dll
2019-06-18 12:41 - 2019-06-18 12:41 - 000190848 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiDDEAgent64.dll
2019-06-18 12:41 - 2019-06-18 12:41 - 000107392 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiLogServer64.dll
2019-06-18 12:40 - 2019-06-18 12:40 - 001469824 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiSecureSourceFilter64.dll
2019-06-18 12:40 - 2019-06-18 12:40 - 000141696 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiMCUMD64.dll
2019-06-18 12:21 - 2019-06-18 12:21 - 000202128 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\IntelOpenCL32.dll

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-07-18 02:38 - 2019-03-19 06:58 - 000058384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\l2bridge.sys
2019-07-18 02:38 - 2019-03-19 06:58 - 000041992 _____ (Microsoft Corporation) C:\WINDOWS\system32\NvAgent.dll
2019-07-18 02:38 - 2019-03-19 06:57 - 002399760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmswitch.sys
2019-07-18 02:38 - 2019-03-19 06:57 - 001409024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vfpext.sys
2019-07-18 02:38 - 2019-03-19 06:57 - 000490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\gns.dll
2019-07-18 02:38 - 2019-03-19 06:57 - 000346936 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsmb.dll
2019-07-18 02:38 - 2019-03-19 06:57 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\vfpctrl.exe
2019-07-18 02:38 - 2019-03-19 06:57 - 000217104 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetMgmtIF.dll
2019-07-18 02:38 - 2019-03-19 06:57 - 000199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmclient.dll
2019-07-18 02:38 - 2019-03-19 06:57 - 000193064 _____ (Microsoft Corporation) C:\WINDOWS\system32\nvspinfo.exe
2019-07-18 02:38 - 2019-03-19 06:57 - 000140304 _____ C:\WINDOWS\system32\nmscrub.exe
2019-07-18 02:38 - 2019-03-19 06:57 - 000129552 _____ (Microsoft Corporation) C:\WINDOWS\system32\nmbind.exe
2019-07-18 02:38 - 2019-03-19 06:57 - 000114176 _____ (Microsoft Corporation) C:\WINDOWS\system32\hnsdiag.exe
2019-07-18 02:38 - 2019-03-19 06:57 - 000112952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2019-07-18 02:38 - 2019-03-19 06:57 - 000083472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcsetupagent.exe
2019-07-18 02:38 - 2019-03-19 06:57 - 000070160 _____ C:\WINDOWS\system32\cmdiag.exe
2019-07-18 02:38 - 2019-03-19 06:57 - 000067584 _____ C:\WINDOWS\system32\cmimageworker.exe
2019-07-18 02:38 - 2019-03-19 06:57 - 000061240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pvhdparser.sys
2019-07-18 02:38 - 2019-03-19 06:57 - 000048656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\VmsProxy.sys
2019-07-18 02:38 - 2019-03-19 06:57 - 000047120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdparser.sys
2019-07-18 02:38 - 2019-03-19 06:57 - 000039952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\VmsProxyHNic.sys
2019-07-18 02:38 - 2019-03-19 06:57 - 000038712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\passthruparser.sys
2019-07-18 02:38 - 2019-03-19 06:57 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\vfpapi.dll
2019-07-18 02:38 - 2019-03-19 06:57 - 000014336 _____ C:\WINDOWS\system32\hnsproxy.dll
2019-07-18 02:38 - 2019-03-19 06:57 - 000012600 _____ (Microsoft Corporation) C:\WINDOWS\system32\d4d78066-e6db-44b7-b5cd-2eb82dce620c_HyperV-ComputeLegacy.dll
2019-07-18 02:38 - 2019-03-19 06:57 - 000012600 _____ (Microsoft Corporation) C:\WINDOWS\system32\c4d66f00-b6f0-4439-ac9b-c5ea13fe54d7_HyperV-ComputeCore.dll
2019-07-18 02:38 - 2019-03-19 06:57 - 000012088 _____ (Microsoft Corporation) C:\WINDOWS\system32\f989b52d-f928-44a3-9bf1-bf0c1da6a0d6_HyperV-DeviceVirtualization.dll
2019-07-18 02:38 - 2019-03-19 06:57 - 000012088 _____ (Microsoft Corporation) C:\WINDOWS\system32\c28c7a4e-a619-4463-82b7-0fc9cc7187f5_HyperV-ComputeStorage.dll
2019-07-18 02:38 - 2019-03-19 06:57 - 000012088 _____ (Microsoft Corporation) C:\WINDOWS\system32\07409496-a423-4a3e-b620-2cfb01a9318d_HyperV-ComputeNetwork.dll
2019-07-18 02:38 - 2019-03-19 06:56 - 006518072 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmchipset.dll
2019-07-18 02:38 - 2019-03-19 06:56 - 001381176 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmComputeAgent.exe
2019-07-18 02:38 - 2019-03-19 06:56 - 000663568 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmuidevices.dll
2019-07-18 02:38 - 2019-03-19 06:56 - 000503304 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmserial.dll
2019-07-18 02:38 - 2019-03-19 06:56 - 000478216 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmpmem.dll
2019-07-18 02:38 - 2019-03-19 06:56 - 000417296 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmSynthNic.dll
2019-07-18 02:38 - 2019-03-19 06:56 - 000415784 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmprox.dll
2019-07-18 02:38 - 2019-03-19 06:56 - 000408080 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsynthstor.dll
2019-07-18 02:38 - 2019-03-19 06:56 - 000305160 _____ C:\WINDOWS\system32\vp9fs.dll
2019-07-18 02:38 - 2019-03-19 06:56 - 000298512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsif.dll
2019-07-18 02:38 - 2019-03-19 06:56 - 000294952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmdynmem.dll
2019-07-18 02:38 - 2019-03-19 06:56 - 000286216 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmiccore.dll
2019-07-18 02:38 - 2019-03-19 06:56 - 000281104 _____ (Microsoft Corporation) C:\WINDOWS\system32\hcsdiag.exe
2019-07-18 02:38 - 2019-03-19 06:56 - 000270648 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmCrashDump.dll
2019-07-18 02:38 - 2019-03-19 06:56 - 000243512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbusr.sys
2019-07-18 02:38 - 2019-03-19 06:56 - 000239928 _____ (Microsoft Corporation) C:\WINDOWS\system32\CExecSvc.exe
2019-07-18 02:38 - 2019-03-19 06:56 - 000231224 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmflexio.dll
2019-07-18 02:38 - 2019-03-19 06:56 - 000209208 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpupvdev.dll
2019-07-18 02:38 - 2019-03-19 06:56 - 000205624 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmbusvdev.dll
2019-07-18 02:38 - 2019-03-19 06:56 - 000157728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storvsp.sys
2019-07-18 02:38 - 2019-03-19 06:56 - 000118584 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsifcore.dll
2019-07-18 02:38 - 2019-03-19 06:56 - 000105272 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmwpevents.dll
2019-07-18 02:38 - 2019-03-19 06:56 - 000078856 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmwpctrl.dll
2019-07-18 02:38 - 2019-03-19 06:56 - 000076816 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmvirtio.dll
2019-07-18 02:38 - 2019-03-19 06:56 - 000036600 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbresources.dll
2019-07-18 02:38 - 2019-03-19 06:56 - 000036368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocketcontrol.sys
2019-07-18 02:38 - 2019-03-19 06:56 - 000031544 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmcomputeeventlog.dll
2019-07-18 02:38 - 2019-03-19 06:56 - 000028688 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsifproxystub.dll
2019-07-18 02:38 - 2019-03-19 06:56 - 000027664 _____ (Microsoft Corporation) C:\WINDOWS\system32\VrdUmed.dll
2019-07-18 02:38 - 2019-03-19 06:56 - 000024888 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmbuspiper.dll
2019-07-18 02:38 - 2019-03-19 06:56 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmComputeProxy.dll
2019-07-18 02:38 - 2019-03-19 06:56 - 000006658 _____ C:\WINDOWS\system32\VmChipset Third-Party Notices.txt
2019-07-17 18:34 - 2019-02-19 05:44 - 000184960 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klwtp.sys
2019-07-17 18:34 - 2019-02-19 05:44 - 000125568 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klbackupflt.sys
2019-07-17 18:34 - 2019-02-19 05:44 - 000091472 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\kldisk.sys
2019-07-17 18:34 - 2019-02-19 05:44 - 000075600 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klbackupdisk.sys
2019-07-17 18:34 - 2019-02-19 05:44 - 000046416 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klpnpflt.sys
2019-07-17 18:34 - 2018-02-24 05:17 - 000218240 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\kneps.sys
2019-07-17 18:34 - 2018-02-17 02:50 - 000104576 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klwfp.sys
2019-07-17 18:34 - 2018-02-12 04:17 - 000058704 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klim6.sys
2019-07-17 18:34 - 2018-01-15 05:13 - 000060536 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klkbdflt.sys
2019-07-17 18:34 - 2017-12-11 11:49 - 000060784 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klmouflt.sys
2019-07-17 18:34 - 2017-05-30 18:51 - 000050304 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klpd.sys
2019-07-17 15:51 - 2019-02-19 05:44 - 001093248 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys
2019-07-17 15:51 - 2019-02-19 05:44 - 000152288 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\klhkum.dll

==================== Files in the root of some directories ================

2019-07-17 22:25 - 2019-07-11 03:16 - 057613696 _____ () C:\Users\Galeón\torbrowser-install-win64-8.5.4_es-ES.exe

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================

Había dado de alta otro usuario y te había empezado a enviar informes, pero …me los anularon y ocultaron. No quería contestarte desde este porque Galeón es el posiblemente infectado, y quería aislarlo como me pediste. Bueno, a ver cómo ves estos informes